Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Make session private for Base class, add getter #690

Merged
merged 6 commits into from
Jan 27, 2023
Merged

Make session private for Base class, add getter #690

merged 6 commits into from
Jan 27, 2023

Conversation

mkevinosullivan
Copy link
Contributor

@mkevinosullivan mkevinosullivan commented Jan 24, 2023
edited
Loading

WHY are these changes introduced?

Fixes Shopify/first-party-library-planning#519
Fixes #685

WHAT is this pull request doing?

To prevent session leaking via the REST resource objects, change this.session to this.#session and add a getter to allow this.session to continue to work within the derived resource classes.

Type of change

  • Patch: Bug (non-breaking change which fixes an issue)
  • Minor: New feature (non-breaking change which adds functionality)
  • Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

  • I have added a changelog entry, prefixed by the type of change noted above
  • I have added/updated tests for this change
  • I have documented new APIs/updated the documentation for modified APIs (for public APIs)

mkevinosullivan
mkevinosullivan commented Jan 24, 2023
View reviewed changes
rest/load-rest-resources.ts
Comment on lines +28 to +47
class NewResource extends resource {}

NewResource.setClassProperties({
CLIENT: RestClient,
CONFIG: config,
});

Object.entries(NewResource.HAS_ONE).map(([_attribute, klass]) => {
(klass as typeof Base).setClassProperties({
CLIENT: RestClient,
CONFIG: config,
});
});

Object.entries(NewResource.HAS_MANY).map(([_attribute, klass]) => {
(klass as typeof Base).setClassProperties({
CLIENT: RestClient,
CONFIG: config,
});
});
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to add configuration to each resource (and sub-resource) so that we can call the deprecated method inside the Base class (if needed).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any this also fixes any other requests that depend on a client, like

product.variants[1].save();

which would fail due to the lack of a client before.

mkevinosullivan
mkevinosullivan commented Jan 24, 2023
View reviewed changes
tsconfig.json
Comment on lines +9 to +10
"module": "commonjs",
"target": "es2015",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needed for tsc to output CommonJS module format...

    "module": "commonjs",

Needed for JavaScript private properties (e.g., #session)...

    "target": "es2015",

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't necessarily know if this will affect any apps importing this package, but support for es2015 should be mostly there for node 14 (which is going EOL soon and is our latest supported version), so I don't expect the target will be a big problem.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When "target" is "es5" (our previous setting), the .js output was commonjs.

Changing "target" to "es2015" resulted in ES Module output (es2015 or es6) ... explicitly changing "module" to be "commonjs" results in the output being "commonjs" again, resulting in virtually no impact to any apps updating to this version of the package.

@mkevinosullivan mkevinosullivan marked this pull request as ready for review January 25, 2023 22:38
@mkevinosullivan mkevinosullivan requested a review from a team as a code owner January 25, 2023 22:38
paulomarg
paulomarg reviewed Jan 26, 2023
View reviewed changes
lib/clients/rest/__tests__/resources/base.test.ts Show resolved Hide resolved
rest/base.ts Show resolved Hide resolved
rest/load-rest-resources.ts
Comment on lines +28 to +47
class NewResource extends resource {}

NewResource.setClassProperties({
CLIENT: RestClient,
CONFIG: config,
});

Object.entries(NewResource.HAS_ONE).map(([_attribute, klass]) => {
(klass as typeof Base).setClassProperties({
CLIENT: RestClient,
CONFIG: config,
});
});

Object.entries(NewResource.HAS_MANY).map(([_attribute, klass]) => {
(klass as typeof Base).setClassProperties({
CLIENT: RestClient,
CONFIG: config,
});
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any this also fixes any other requests that depend on a client, like

product.variants[1].save();

which would fail due to the lack of a client before.

tsconfig.json
Comment on lines +9 to +10
"module": "commonjs",
"target": "es2015",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't necessarily know if this will affect any apps importing this package, but support for es2015 should be mostly there for node 14 (which is going EOL soon and is our latest supported version), so I don't expect the target will be a big problem.

@mkevinosullivan mkevinosullivan merged commit bbb8acd into main Jan 27, 2023
@mkevinosullivan mkevinosullivan deleted the kos/make_session_private_in_base_object branch January 27, 2023 17:26
@mkevinosullivan mkevinosullivan mentioned this pull request Jan 27, 2023
Merged
@shopify-shipit shopify-shipit bot temporarily deployed to production February 15, 2023 16:49 Inactive
@mkevinosullivan mkevinosullivan mentioned this pull request Apr 24, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@paulomarg paulomarg paulomarg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Rest resources exposes shop session to the frontend
2 participants
@mkevinosullivan @paulomarg