syntax = "proto3";
package service;
option go_package = "github.com/nspcc-dev/neofs-api-go/service";
option csharp_namespace = "NeoFS.API.Service";

import "refs/types.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";

option (gogoproto.stable_marshaler_all) = true;

// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
// (should be embedded into message).
message RequestVerificationHeader {
    message Signature {
        // Sign is signature of the request or session key.
        bytes Sign = 1;
        // Peer is compressed public key used for signature.
        bytes Peer = 2;
    }

    // Signatures is a set of signatures of every passed NeoFS Node
    repeated Signature Signatures = 1;

    // Token is a token of the session within which the request is sent
    Token Token = 2;

    // Bearer is a Bearer token of the request
    BearerTokenMsg Bearer = 3;
}

// User token granting rights for object manipulation
message Token {
    message Info {
        // ID is a token identifier. valid UUIDv4 represented in bytes
        bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];

        // OwnerID is an owner of manipulation object
        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];

        // Verb is an enumeration of session request types
        enum Verb {
            // Put refers to object.Put RPC call
            Put = 0;
            // Get refers to object.Get RPC call
            Get = 1;
            // Head refers to object.Head RPC call
            Head = 2;
            // Search refers to object.Search RPC call
            Search = 3;
            // Delete refers to object.Delete RPC call
            Delete = 4;
            // Range refers to object.GetRange RPC call
            Range = 5;
            // RangeHash refers to object.GetRangeHash RPC call
            RangeHash = 6;
        }

        // Verb is a type of request for which the token is issued
        Verb verb = 3 [(gogoproto.customname) = "Verb"];

        // Address is an object address for which token is issued
        refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];

        // Lifetime is a lifetime of the session
        TokenLifetime Lifetime = 5 [(gogoproto.embed) = true, (gogoproto.nullable) = false];

        // SessionKey is a public key of session key
        bytes SessionKey = 6;

        // OwnerKey is a public key of the token owner
        bytes OwnerKey = 7;
    }

    // TokenInfo is a grouped information about token
    Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];

    // Signature is a signature of session token information
    bytes Signature = 8;
}

// TokenLifetime carries a group of lifetime parameters of the token
message TokenLifetime {
    // Created carries an initial epoch of token lifetime
    uint64 Created = 1;

    // ValidUntil carries a last epoch of token lifetime
    uint64 ValidUntil = 2;
}

// TODO: for variable token types and version redefine message
// Example:
// message Token {
//     TokenType TokenType = 1;
//     uint32 Version = 2;
//     bytes Data = 3;
// }

// BearerTokenMsg carries information about request ACL rules with limited lifetime
message BearerTokenMsg {
    message Info {
        // ACLRules carries a binary representation of the table of extended ACL rules
        bytes ACLRules = 1;

        // OwnerID is an owner of token
        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];

        // ValidUntil carries a last epoch of token lifetime
        uint64 ValidUntil = 3;
    }

    // TokenInfo is a grouped information about token
    Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];

    // OwnerKey is a public key of the token owner
    bytes OwnerKey = 2;

    // Signature is a signature of token information
    bytes Signature = 3;
}