refactor: remove duplicate security definitions and remove obsolete s…

…ecurity schemes
eclipse-thingweb · May 5, 2022 · f19aa65 · f19aa65
1 parent 41bfc81
commit f19aa65
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 53 deletions.
diff --git a/packages/binding-http/src/http-server.ts b/packages/binding-http/src/http-server.ts
@@ -428,7 +428,7 @@ export default class HttpServer implements ProtocolServer {
                 const oAuthScheme = thing.securityDefinitions[thing.security[0] as string] as OAuth2SecurityScheme;
 
                 // TODO: Support security schemes defined at affordance level
-                const scopes = oAuthScheme.scopes ?? [];
+                const scopes = Helpers.toStringArray(oAuthScheme.scopes); // validate call requires array of strings while oAuthScheme.scopes can be string or array of strings
                 let valid = false;
 
                 try {

diff --git a/packages/binding-http/src/oauth-manager.ts b/packages/binding-http/src/oauth-manager.ts
@@ -14,6 +14,7 @@
  ********************************************************************************/
 
 import { OAuth2SecurityScheme } from "@node-wot/td-tools";
+import { Helpers } from "@node-wot/core";
 import ClientOAuth2 from "client-oauth2";
 import { request, RequestOptions } from "https";
 import { OAuthCredential } from "./credential";
@@ -80,7 +81,7 @@ export default class OAuthManager {
                 clientId: credentials.clientId,
                 clientSecret: credentials.clientSecret,
                 accessTokenUri: securityScheme.token,
-                scopes: securityScheme.scopes,
+                scopes: Helpers.toStringArray(securityScheme.scopes),
                 body: {
                     // TODO: some server implementation may require client_id and secret inside
                     // the request body
@@ -103,7 +104,7 @@ export default class OAuthManager {
                 clientId: credentials.clientId,
                 clientSecret: credentials.clientSecret,
                 accessTokenUri: securityScheme.token,
-                scopes: securityScheme.scopes,
+                scopes: Helpers.toStringArray(securityScheme.scopes),
             },
             createRequestFunction(false)
         );

diff --git a/packages/core/src/helpers.ts b/packages/core/src/helpers.ts
@@ -136,6 +136,18 @@ export default class Helpers implements Resolver {
         }
     }
 
+    public static toStringArray(input: string[] | string): string[] {
+        if (input) {
+            if (typeof input === "string") {
+                return [input];
+            } else {
+                return input;
+            }
+        } else {
+            return [];
+        }
+    }
+
     // TODO: specialize fetch to retrieve just thing descriptions
     public fetch(uri: string): Promise<unknown> {
         return new Promise<unknown>((resolve, reject) => {

diff --git a/packages/td-tools/src/thing-description.ts b/packages/td-tools/src/thing-description.ts
@@ -140,87 +140,51 @@ export interface NullSchema extends BaseSchema {
     type: "null";
 }
 
+// TODO AutoSecurityScheme
+// TODO ComboSecurityScheme
 export type SecurityType =
     | NoSecurityScheme
     | BasicSecurityScheme
     | DigestSecurityScheme
     | BearerSecurityScheme
-    | CertSecurityScheme
-    | PoPSecurityScheme
     | APIKeySecurityScheme
     | OAuth2SecurityScheme
-    | PSKSecurityScheme
-    | PublicSecurityScheme;
+    | PSKSecurityScheme;
 
 export interface SecurityScheme {
     scheme: string;
-    description?: string;
-    proxy?: string;
+    description?: TDT.Description;
+    descriptions?: TDT.Descriptions;
+    proxy?: TDT.AnyUri;
+    [k: string]: unknown;
 }
 
-export interface NoSecurityScheme extends SecurityScheme {
+export interface NoSecurityScheme extends SecurityScheme, TDT.NoSecurityScheme {
     scheme: "nosec";
 }
 
-export interface BasicSecurityScheme extends SecurityScheme {
+export interface BasicSecurityScheme extends SecurityScheme, TDT.BasicSecurityScheme {
     scheme: "basic";
-    in?: string;
-    name?: string;
 }
 
-export interface DigestSecurityScheme extends SecurityScheme {
+export interface DigestSecurityScheme extends SecurityScheme, TDT.DigestSecurityScheme {
     scheme: "digest";
-    name?: string;
-    in?: string;
-    qop?: string;
 }
 
-export interface APIKeySecurityScheme extends SecurityScheme {
+export interface APIKeySecurityScheme extends SecurityScheme, TDT.ApiKeySecurityScheme {
     scheme: "apikey";
-    in?: string;
-    name?: string;
 }
 
-export interface BearerSecurityScheme extends SecurityScheme {
+export interface BearerSecurityScheme extends SecurityScheme, TDT.BearerSecurityScheme {
     scheme: "bearer";
-    in?: string;
-    alg?: string;
-    format?: string;
-    name?: string;
-    authorization?: string;
-}
-
-export interface CertSecurityScheme extends SecurityScheme {
-    scheme: "cert";
-    identity?: string;
 }
 
-export interface PSKSecurityScheme extends SecurityScheme {
+export interface PSKSecurityScheme extends SecurityScheme, TDT.PskSecurityScheme {
     scheme: "psk";
-    identity?: string;
 }
 
-export interface PublicSecurityScheme extends SecurityScheme {
-    scheme: "public";
-    identity?: string;
-}
-
-export interface PoPSecurityScheme extends SecurityScheme {
-    scheme: "pop";
-    format?: string;
-    authorization?: string;
-    alg?: string;
-    name?: string;
-    in?: string;
-}
-
-export interface OAuth2SecurityScheme extends SecurityScheme {
+export interface OAuth2SecurityScheme extends SecurityScheme, TDT.OAuth2SecurityScheme {
     scheme: "oauth2";
-    authorization?: string;
-    flow?: string; // one of implicit, password, client, or code
-    token?: string;
-    refresh?: string;
-    scopes?: Array<string>;
 }
 
 /** Implements the Thing Property description */