-
-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix dangerous destructuration in typescript-nestjs services #20157
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add an example resource that shows this behavior and ideally also fails the type check if this is ever broken again? I think this is quite fragile and from time to time people might destructure without thinking about reserved names, so it would be good to cover it with a resource that has some reserved words as parameters?
@joscha I've updated with a new sample that should break in case of destructuration. Let me know if there's more to add/change 😃 |
* @type {string} | ||
* @memberof DefaultServiceTestReservedParamNames | ||
*/ | ||
readonly from: string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these not expected to be quoted? I think some other models also use a sanitized name prefixed with a _
- @macjohnny ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure to understand what you mean by quoted here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, like this: https://stackoverflow.com/questions/43124403/is-there-a-way-to-escape-and-use-reserved-words-in-typescript-class-definitions
And an example of the (automatically added) prefix: https://github.com/planet-a-ventures/affinity-node/blob/main/src%2Fv2%2Fgenerated%2Fmodels%2FEmail.ts#L33
You can see that the properties in the typescript generator are also all quoted by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added the quotes.
I saw how sanitized names works with the reservedWords
Set, I'm not sure from
should be considered as a reserved word here as it's not a problem anymore after the modifications. But if you confirm you want it added to the reservedWords
I can add it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in general its better to add to the reserved keywords instead of the modifications you suggest, since there are many places where variables are used, so the code change is rather extensive and complicates the templates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the reserved keyword would be instead of the quotes, which will prefix the variable with an underscore, e.g. _from
. however, for the model this makes it differ from what the server actually sends, so probably for the model the quotes are fine. i would suggest to keep this PR as small as possible and only fix one thing at a time, to make it easier to review
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I understand if we add it to the reserved keywords it will be changed in the model too. Or there is a way to get a non-sanitized name in the model ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you are right, adding to the reserved keywords changes it for the model as well. you could apply the same as in
Line 20 in ed21105
{{#isReadOnly}}readonly {{/isReadOnly}}{{#hasSanitizedName}}'{{{baseName}}}'{{/hasSanitizedName}}{{^hasSanitizedName}}{{{name}}}{{/hasSanitizedName}}{{^required}}?{{/required}}: {{#isEnum}}{{{datatypeWithEnum}}}{{/isEnum}}{{^isEnum}}{{{dataType}}}{{/isEnum}}{{#isNullable}} | null{{/isNullable}}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok thank you ! I will adapt my changes as soon as possible
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be better now 😃
@@ -106,7 +106,7 @@ export class {{classname}} { | |||
{{#useSingleRequestParameter}} | |||
const { | |||
{{#allParams}} | |||
{{paramName}}, | |||
{{#hasSanitizedName}}'{{{baseName}}}': {{/hasSanitizedName}}{{paramName}}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is not an object, but destructuring the request parameters, please revert this change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know, it's to keep the request parameter with the original names while renaming the params in this method to avoid conflicts with existing properties.
In the end it looks like this :
const {
notReserved,
'from': _from,
'headers': _headers,
} = requestParameters;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah i see, i didnt know this is possible
@@ -265,6 +269,34 @@ private boolean isLanguageGenericType(String type) { | |||
return false; | |||
} | |||
|
|||
@Override | |||
public List<CodegenParameter> fromRequestBodyToFormParameters(RequestBody body, Set<String> imports) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please separate this change of parameters into a separate PR. also, is there an easier way than to extends CodegenParameter
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was inpired by the typescript-fetch generator. If you know a better way to do it I can make the changes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah i see. the risk is just that whenever new properties are added to the CodegenParameter, we will probably forget to add them here. can this be automated/avoided somehow?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see uses of param.vendorExtensions
in others generators:
Line 204 in ed21105
param.vendorExtensions.putIfAbsent("x-php-param-type", "array"); |
Do you think it would be a better approach as it doesn't require to extend CodegenParameter
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh that sounds compelling, yes please try if that works!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done ! It works as well 😃
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
are you motivated to also do that for the typescript-fetch generator in a separate PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean using vendorExtensions
instead of extending CodegenParameter
? Or keeping original names in requestParameters interfaces ? Or both maybe ? 😃
bf1102b
to
d87f086
Compare
Closes #20156
PR checklist
Commit all changed files.
This is important, as CI jobs will verify all generator outputs of your HEAD commit as it would merge with master.
These must match the expectations made by your contribution.
You may regenerate an individual generator by passing the relevant config(s) as an argument to the script, for example
./bin/generate-samples.sh bin/configs/java*
.IMPORTANT: Do NOT purge/delete any folders/files (e.g. tests) when regenerating the samples as manually written tests may be removed.
master
(upcoming7.x.0
minor release - breaking changes with fallbacks),8.0.x
(breaking changes without fallbacks)TypeScript committee members: @TiFu (2017/07) @taxpon (2017/07) @sebastianhaas (2017/07) @kenisteward (2017/07) @Vrolijkx (2017/09) @macjohnny (2018/01) @topce (2018/10) @akehir (2019/07) @petejohansonxo (2019/11) @amakhrov (2020/02) @davidgamero (2022/03) @mkusaka (2022/04) @joscha (2024/10)