Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add supports for multiple security schemes in http server #1070

Merged
merged 5 commits into from
Sep 8, 2023

Conversation

relu91
Copy link
Member

@relu91 relu91 commented Sep 5, 2023

This PR improves the exposing process of the http-server. In particular, it focuses on the ability to handle multiple security schemes per http-server instance. For example, now the http-server can be configure to be able to hosts Things without security and Things with basic schemes:

const td1 = { } // automatically filled with nosec scheme
const td2 = {securityDefinitions: { basic: {scheme: "basic"}}, security: "basic" }

await (await WoT.produce(td1)).expose();
await (await WoT.produce(td2)).expose();
// ok 

Note that this does not mean that now we can use multiple security schemes in the security field or the combo SecurityScheme`. For multiple security schemas, I think we can avoid implementing that feature, mainly because it is already deprecated in TD 1.1. On the other hand, the combo scheme will require some additional work. Moreover, this does not introduce support for form-level security fields. It is quite tricky to achieve and we need first to support form templating in the expose method properly.

Note that this means that the server is able to expose Things with different
security requirements. For example, it is possibile to now have a Thing
with `nosec` security scheme and one with `basic` security scheme. As a
side effect, the OAuth example now works as explained in eclipse-thingweb#873.

Fix eclipse-thingweb#204 eclipse-thingweb#873
@codecov
Copy link

codecov bot commented Sep 5, 2023

Codecov Report

Patch coverage: 68.29% and project coverage change: -0.17% ⚠️

Comparison is base (67f3a44) 75.33% compared to head (26bf72e) 75.16%.
Report is 3 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #1070      +/-   ##
==========================================
- Coverage   75.33%   75.16%   -0.17%     
==========================================
  Files          80       80              
  Lines       15452    15577     +125     
  Branches     1477     1495      +18     
==========================================
+ Hits        11641    11709      +68     
- Misses       3775     3832      +57     
  Partials       36       36              
Files Changed Coverage Δ
packages/binding-http/src/routes/event.ts 18.01% <16.66%> (-0.51%) ⬇️
...ckages/binding-http/src/routes/property-observe.ts 17.85% <16.66%> (-0.50%) ⬇️
packages/binding-http/src/http-server.ts 83.65% <66.32%> (+0.34%) ⬆️
packages/binding-http/src/routes/properties.ts 64.70% <71.42%> (+1.29%) ⬆️
packages/binding-http/src/routes/common.ts 60.00% <75.00%> (+3.20%) ⬆️
packages/binding-http/src/routes/action.ts 60.90% <83.33%> (+3.48%) ⬆️
packages/binding-http/src/http.ts 100.00% <100.00%> (ø)
packages/binding-http/src/routes/property.ts 68.80% <100.00%> (+2.42%) ⬆️
...kages/binding-http/src/routes/thing-description.ts 47.48% <100.00%> (ø)
packages/binding-http/src/routes/things.ts 69.56% <100.00%> (+0.67%) ⬆️

... and 8 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@danielpeintner
Copy link
Member

Thanks for your work @relu91 👍

No real review yet, just a note...
changing the HTTP configuration from string to array is somewhat a breaking change but I can live with it ;-)

security?: TD.SecurityScheme;
to
security?: TD.SecurityScheme[];

@relu91
Copy link
Member Author

relu91 commented Sep 5, 2023

Yes, I forgot to mention that important note. It sort of needed if we wanted to fix #873.

@danielpeintner
Copy link
Member

Yes, I forgot to mention that important note. It sort of needed if we wanted to fix #873.

You might want to add "fixes #873" to the first comment.

Copy link
Member

@danielpeintner danielpeintner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have some very minor questions/proposal... I can live with the current state also.

I just have one question/concern. Since we want to publish a release soon. Do you think we will see issues/regressions? I mean.. a lot has been changed and moved around... If you feel comfortable I am OK as well 👍

packages/binding-http/src/http-server.ts Outdated Show resolved Hide resolved
packages/binding-http/src/http-server.ts Show resolved Hide resolved
packages/binding-http/src/routes/common.ts Outdated Show resolved Hide resolved
packages/binding-http/src/routes/common.ts Outdated Show resolved Hide resolved
@relu91
Copy link
Member Author

relu91 commented Sep 6, 2023

I just have one question/concern. Since we want to publish a release soon. Do you think we will see issues/regressions? I mean.. a lot has been changed and moved around... If you feel comfortable I am OK as well 👍

About this point, I was worried too. What I know is:

  • OAuth2 example now is working
  • All the tests are green
  • Tried counter and other examples and they are all working (coffee machine has problems unrelated coming from URI variables)

Copy link
Member

@danielpeintner danielpeintner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the PR is fine. I added some minor comments..

We just need to decide whether we want to merge it before or after the upcoming release

@egekorkan
Copy link
Member

Some notes:

  • I definitely support this since it was a missing feature.
  • I do not see issues to include it in the release. Is the main worry about not noticing an impact?
  • Even though multiple security is deprecated, it will most probably come back in TD 2.0 the way it is done in OpenAPI atm. We will not have combo and different combinations of keywords will imply AND or OR combination.

@relu91
Copy link
Member Author

relu91 commented Sep 8, 2023

Even though multiple security is deprecated, it will most probably come back in TD 2.0 the way it is done in OpenAPI atm. We will not have combo and different combinations of keywords will imply AND or OR combination.

Didn't know about this, I thought the tendency was to favor combo scheme. Well let's talk about this in the future. Btw I am also ok to merge given my comment above. @danielpeintner I leave to you the final choice.

@danielpeintner danielpeintner merged commit c3c468f into eclipse-thingweb:master Sep 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants