From 1d3ffeb841b4fe1d1d594e038cc4210cfc877061 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 18 Jun 2020 10:58:11 +0300 Subject: [PATCH] service: add Bearer token message to RequestVerificationHeader --- proto-docs/service.md | 29 +++++++++++++++++++++++++++++ service/verify.proto | 26 ++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/proto-docs/service.md b/proto-docs/service.md index 423599b..d492ccd 100644 --- a/proto-docs/service.md +++ b/proto-docs/service.md @@ -13,6 +13,8 @@ - [service/verify.proto](#service/verify.proto) - Messages + - [BearerTokenMsg](#service.BearerTokenMsg) + - [BearerTokenMsg.Info](#service.BearerTokenMsg.Info) - [RequestVerificationHeader](#service.RequestVerificationHeader) - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) - [Token](#service.Token) @@ -75,6 +77,32 @@ ResponseMetaHeader contains meta information based on request processing by serv + + +### Message BearerTokenMsg +BearerTokenMsg carries information about request ACL rules with limited lifetime + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| TokenInfo | [BearerTokenMsg.Info](#service.BearerTokenMsg.Info) | | TokenInfo is a grouped information about token | +| OwnerKey | [bytes](#bytes) | | OwnerKey is a public key of the token owner | +| Signature | [bytes](#bytes) | | Signature is a signature of token information | + + + + +### Message BearerTokenMsg.Info + + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| ACLRules | [bytes](#bytes) | | ACLRules is an ACL rules represented in bytes | +| OwnerID | [bytes](#bytes) | | OwnerID is an owner of token | +| ValidUntil | [uint64](#uint64) | | ValidUntil carries a last epoch of token lifetime | + + ### Message RequestVerificationHeader @@ -86,6 +114,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces | ----- | ---- | ----- | ----------- | | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node | | Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent | +| Bearer | [BearerTokenMsg](#service.BearerTokenMsg) | | Bearer is a Bearer token of the request | diff --git a/service/verify.proto b/service/verify.proto index a6619a6..c78a732 100644 --- a/service/verify.proto +++ b/service/verify.proto @@ -23,6 +23,9 @@ message RequestVerificationHeader { // Token is a token of the session within which the request is sent Token Token = 2; + + // Bearer is a Bearer token of the request + BearerTokenMsg Bearer = 3; } // User token granting rights for object manipulation @@ -91,3 +94,26 @@ message TokenLifetime { // uint32 Version = 2; // bytes Data = 3; // } + +// BearerTokenMsg carries information about request ACL rules with limited lifetime +message BearerTokenMsg { + message Info { + // ACLRules is an ACL rules represented in bytes + bytes ACLRules = 1; + + // OwnerID is an owner of token + bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; + + // ValidUntil carries a last epoch of token lifetime + uint64 ValidUntil = 3; + } + + // TokenInfo is a grouped information about token + Info TokenInfo = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; + + // OwnerKey is a public key of the token owner + bytes OwnerKey = 2; + + // Signature is a signature of token information + bytes Signature = 3; +}