-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(remix-server-runtime): make Cookie
& CreateCookieFunction
more type-safe
#3224
Conversation
@MichaelDeBoey I don't know if I need to request a review after I resolve these changes or if you get notified anyway, let me know if it's spamming you and I'll stop 👍 |
Cookie
& CreateCookieFunction
more type-safe
@MichaelDeBoey Should the serialise function also allow null? This way, you can serialise null as a form of deleting the cookie, because parsing the cookie would return null, same as if it didn't exist. |
Sorry @MichaelDeBoey I missed your response to this, all makes sense 😄 |
@MichaelDeBoey I have done the work to make sessions work with a default value of unknown. Am I okay to rebase the patch-5 branch onto the dev branch and then commit those changes? |
|
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
Co-authored-by: Michaël De Boey <info@michaeldeboey.be>
@MichaelDeBoey Is there anything I can do to get this PR merged? From my point of view it looks ready, but it hasn't been included in any of the releases since sign off and it's not in the Roadmap so I don't know this PR's status. |
@sergiodxa has raised a good point in this discussion that cookies are user input and therefore could be different from what we expect. This shouldn't be a problem with encrypted cookies, so I'm going to try to update this PR to only type the cookie if a secret value is set. |
I've tried to do this over the weekend but I'm not able to work out how to do it because the function is returned by the factory function, rather than being its own named function. Perhaps someone with more Typescript knowledge may have better luck? |
My suggestion is to create a wrapper for import {
createCookie as remixCreateCookie,
type CookieOptions,
type CookieParseOptions,
} from "@remix-run/node";
interface ValidatedCookieValue {
whatever: string;
}
export function createCookie(
name: string,
cookieOptions?: CookieOptions
) {
let cookie = remixCreateCookie(name, cookieOptions);
return {
...cookie,
async parse(
cookieHeader: string | null,
parseOptions?: CookieParseOptions
): Promise<ValidatedCookieValue> {
let parsed = await cookie.parse(cookieHeader, parseOptions);
assertValidCookieValue(parsed);
return parsed;
},
};
} This could also be done in a more flexible way, say if |
Okay, thanks @chaance, @sergiodxa echoed the same concerns and you're both right, we should be validating this cookie and not relying on false types 👍 |
Maybe i'm missing something but can the result of |
Testing Strategy:
I'm not really sure about how to automate testing this because it only adds an optional type.
npm run lint
andyarn test
run with no issues with my code. I don't see a way to run a specific type check.I can use Typescript Intellisense in VS Code to see that the type is correctly applied when it is specified using the generic parameter for createCookie and the type is set to any when it is not (current behaviour).
e.g.
fix note:
Adding type safety to the serialise function produced an error in the function.
This condition will always return 'false' since the types 'Type' and 'string' have no overlap.
I fixed it by adding a type assertion to the value to make it read as "any". I don't know why the error occurred, to me it looks like a shortcoming with Typescript rather than an actual bug, but I think this should be double checked.