session: add a new session v2 token

Session Token v2 solves the delegation, power of attorney, and chain-of-trust
problems. It enables:
- Account-based authority (direct or NNS-based indirect)
- Multi-account subjects (multiple entities can use same token)
- Multi-verb operations (GET, PUT, DELETE in single token)
- Delegation chains (verifiable like X.509 certificates)
- Indirect accounts (NeoFS Name Service resolution)

Refs #241.

Signed-off-by: Andrey Butusov <[email protected]>

Author: End-rey

session/service.proto

@@ -27,7 +27,7 @@ service SessionService {
   // - **OK** (0, SECTION_SUCCESS):
   // session token v2 has been successfully created;
   // - Common failures (SECTION_FAILURE_COMMON).
-  rpc CreateV2(CreateRequestV2) returns (CreateResponseV2);
+  rpc CreateV2(CreateV2Request) returns (CreateV2Response);
 }
 
 // Information necessary for opening a session.
@@ -76,8 +76,8 @@ message CreateResponse {
   neo.fs.v2.session.ResponseVerificationHeader verify_header = 3;
 }
 
-// CreateRequestV2 is information necessary for creating a session token v2.
-message CreateRequestV2 {
+// CreateV2Request is information necessary for creating a session token v2.
+message CreateV2Request {
   // Session creation request v2 body
   message Body {
     // Issuer of the session token
@@ -91,12 +91,6 @@ message CreateRequestV2 {
 
     // Session creation time
     int64 created_at = 4 [json_name = "createdAt"];
-
-    // Authorization context
-    oneof context {
-      neo.fs.v2.session.ObjectSessionContextV2 object = 5 [json_name = "object"];
-      neo.fs.v2.session.ContainerSessionContextV2 container = 6 [json_name = "container"];
-    }
   }
 
   // Body of create session token v2 request message
@@ -112,8 +106,8 @@ message CreateRequestV2 {
   neo.fs.v2.session.RequestVerificationHeader verify_header = 3;
 }
 
-// CreateResponseV2 is information about a newly created session token v2.
-message CreateResponseV2 {
+// CreateV2Response is information about a newly created session token v2.
+message CreateV2Response {
   // Session creation response v2 body
   message Body {
     // The session token v2 with delegation and chain-of-trust support

session/types.proto

@@ -239,6 +239,7 @@ message ResponseVerificationHeader {
 // Account represents an identity in NeoFS.
 // It can be either direct (OwnerID) or indirect (NNS domain).
 message Account {
+  // Account identifier
   oneof identifier {
     // Direct account reference via OwnerID (hash of public key)
     neo.fs.v2.refs.OwnerID owner_id = 1 [json_name = "ownerID"];
@@ -271,14 +272,30 @@ message DelegationInfo {
 // ObjectSessionContextV2 carries context for ObjectService requests.
 // Extended version supporting multiple verbs and targets.
 message ObjectSessionContextV2 {
+  // Object request verbs
   enum Verb {
+    // Unknown verb
     VERB_UNSPECIFIED = 0;
+
+    // Refers to object.Put RPC call
     PUT = 1;
+
+    // Refers to object.Get RPC call
     GET = 2;
+
+    // Refers to object.Head RPC call
     HEAD = 3;
+
+    // Refers to object.Search RPC call
     SEARCH = 4;
+
+    // Refers to object.Delete RPC call
     DELETE = 5;
+
+    // Refers to object.GetRange RPC call
     RANGE = 6;
+
+    // Refers to object.GetRangeHash RPC call
     RANGEHASH = 7;
   }
 
@@ -302,10 +319,18 @@ message ObjectSessionContextV2 {
 // ContainerSessionContextV2 carries context for ContainerService requests.
 // Extended version supporting multiple verbs.
 message ContainerSessionContextV2 {
+  // Container request verbs
   enum Verb {
+    // Unknown verb
     VERB_UNSPECIFIED = 0;
+
+    // Refers to container.Put RPC call
     PUT = 1;
+
+    // Refers to container.Delete RPC call
     DELETE = 2;
+
+    // Refers to container.SetExtendedACL RPC call
     SETEACL = 3;
   }