chore: release @credo-ts/rest 0.10.0

[github-actions]

🤖 I have created a release *beep* *boop*

0.10.0 (2024-03-31)

⚠ BREAKING CHANGES

• rest: openid4vc (feat: openid4vc #260)
• rest: Signed-off-by: Matthew Dean [email protected] Signed-off-by: Timo Glastra [email protected] Co-authored-by: Matthew Dean [email protected] Co-authored-by: Ariel Gentile [email protected]
• update to credo 0.5 (chore!: update to credo 0.5 #239)

Features

• rest: auth improvements (#263) (791d6ee)
• rest: openid4vc (#260) (e3e4026)
• rest: upgrade to credo 0.5 (#256) (3849aec)

Bug Fixes

• rest: app setup config (#262) (d09b153)

Miscellaneous Chores

• update to credo 0.5 (#239) (16e44ec)

---

This PR was generated with Release Please. See documentation.

[TimoGlastra]

First need to update to Credo 0.5

[genaris]

The only thing I don't like is the 'trick' of using @Security decorators to use authorization headers for tenants when they aren't actually meant for auth, but I guess it's something we should live with due to Swagger/TSOA (or their combination) limitations, right?

[TimoGlastra]

I think implementing it as auth in TSOA is fine as it's really only internal. Or do you also dislike that?

Or is it the header? I do think a header is the simplest approach but I'm open to other solutions.

Please let me know which parts you don't like (x-tenant-id header, using tsoa authentication logic for this (which is used internally), or the security mention in the swagger UI). Because all of them can be solved independently of the others

[genaris]

I think implementing it as auth in TSOA is fine as it's really only internal. Or do you also dislike that?

Or is it the header? I do think a header is the simplest approach but I'm open to other solutions.

Please let me know which parts you don't like (x-tenant-id header, using tsoa authentication logic for this (which is used internally), or the security mention in the swagger UI). Because all of them can be solved independently of the others

Yeah using the parameter from the header is absolutely fine. I was referring mostly to the fact of calling it 'auth' because it can lead to some confusions, like the question raised by Warren when you presented this in last Credo contributors call.

In practice, as you say, it is just something noticeable in Swagger UI, so it's not that important. Maybe the tenants header could be handled by a @Middleware, but I don't know if it will be easily possible to specify the header parameter in all routes as it is when using securityDefinitions.

[TimoGlastra]

@genaris I've made improvements in #263, please let me know what you think! I can make ammendments in a follow up version if you would like to see it differently. The behaviour in general stays the same: x-tenant-id header to specify which tenant. But we can tweak how it's shown in SwaggerUI/openapi.json as well as how it works internally (kept it as authentication for now as it applies perfectly for what we're trying to do)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 57.95%. Comparing base (658cadc) to head (2aa6451).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #240   +/-   ##
=======================================
  Coverage   57.95%   57.95%           
=======================================
  Files          95       95           
  Lines        2528     2528           
  Branches      513      513           
=======================================
  Hits         1465     1465           
  Misses        983      983           
  Partials       80       80           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

🤖 Release is at https://github.com/openwallet-foundation/credo-ts-ext/releases/tag/rest-v0.10.0 🌻

[genaris]

Nicely done, @TimoGlastra !