Add supports for multiple security schemes in http server

[relu91]

This PR improves the exposing process of the http-server. In particular, it focuses on the ability to handle multiple security schemes per http-server instance. For example, now the http-server can be configure to be able to hosts Things without security and Things with basic schemes:

const td1 = { } // automatically filled with nosec scheme
const td2 = {securityDefinitions: { basic: {scheme: "basic"}}, security: "basic" }

await (await WoT.produce(td1)).expose();
await (await WoT.produce(td2)).expose();
// ok 

Note that this does not mean that now we can use multiple security schemes in the security field or the combo SecurityScheme`. For multiple security schemas, I think we can avoid implementing that feature, mainly because it is already deprecated in TD 1.1. On the other hand, the combo scheme will require some additional work. Moreover, this does not introduce support for form-level security fields. It is quite tricky to achieve and we need first to support form templating in the expose method properly.

[codecov]

Codecov Report

Patch coverage: 68.29% and project coverage change: -0.17% ⚠️

Comparison is base (67f3a44) 75.33% compared to head (26bf72e) 75.16%.
Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1070      +/-   ##
==========================================
- Coverage   75.33%   75.16%   -0.17%     
==========================================
  Files          80       80              
  Lines       15452    15577     +125     
  Branches     1477     1495      +18     
==========================================
+ Hits        11641    11709      +68     
- Misses       3775     3832      +57     
  Partials       36       36              

Files Changed	Coverage Δ
packages/binding-http/src/routes/event.ts	18.01% <16.66%> (-0.51%)	⬇️
...ckages/binding-http/src/routes/property-observe.ts	17.85% <16.66%> (-0.50%)	⬇️
packages/binding-http/src/http-server.ts	83.65% <66.32%> (+0.34%)	⬆️
packages/binding-http/src/routes/properties.ts	64.70% <71.42%> (+1.29%)	⬆️
packages/binding-http/src/routes/common.ts	60.00% <75.00%> (+3.20%)	⬆️
packages/binding-http/src/routes/action.ts	60.90% <83.33%> (+3.48%)	⬆️
packages/binding-http/src/http.ts	100.00% <100.00%> (ø)
packages/binding-http/src/routes/property.ts	68.80% <100.00%> (+2.42%)	⬆️
...kages/binding-http/src/routes/thing-description.ts	47.48% <100.00%> (ø)
packages/binding-http/src/routes/things.ts	69.56% <100.00%> (+0.67%)	⬆️

... and 8 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[danielpeintner]

Thanks for your work @relu91 👍

No real review yet, just a note...
changing the HTTP configuration from string to array is somewhat a breaking change but I can live with it ;-)

security?: TD.SecurityScheme;
to
security?: TD.SecurityScheme[];

[relu91]

Yes, I forgot to mention that important note. It sort of needed if we wanted to fix #873.

[danielpeintner]

Yes, I forgot to mention that important note. It sort of needed if we wanted to fix #873.

You might want to add "fixes #873" to the first comment.

[danielpeintner]

I have some very minor questions/proposal... I can live with the current state also.

I just have one question/concern. Since we want to publish a release soon. Do you think we will see issues/regressions? I mean.. a lot has been changed and moved around... If you feel comfortable I am OK as well 👍

[relu91]

I just have one question/concern. Since we want to publish a release soon. Do you think we will see issues/regressions? I mean.. a lot has been changed and moved around... If you feel comfortable I am OK as well 👍

About this point, I was worried too. What I know is:

• OAuth2 example now is working
• All the tests are green
• Tried counter and other examples and they are all working (coffee machine has problems unrelated coming from URI variables)

[danielpeintner]

I think the PR is fine. I added some minor comments..

We just need to decide whether we want to merge it before or after the upcoming release

[egekorkan]

Some notes:

• I definitely support this since it was a missing feature.
• I do not see issues to include it in the release. Is the main worry about not noticing an impact?
• Even though multiple security is deprecated, it will most probably come back in TD 2.0 the way it is done in OpenAPI atm. We will not have combo and different combinations of keywords will imply AND or OR combination.

[relu91]

Even though multiple security is deprecated, it will most probably come back in TD 2.0 the way it is done in OpenAPI atm. We will not have combo and different combinations of keywords will imply AND or OR combination.

Didn't know about this, I thought the tendency was to favor combo scheme. Well let's talk about this in the future. Btw I am also ok to merge given my comment above. @danielpeintner I leave to you the final choice.