Conversation
#isInCurrentNamespace() method (for #2050)1ab6529 to
6fcaed0
Compare
base-controller] Enforce that RestrictedControllerMessenger is not initialized with internal actions/events in allow lists
4fd01b5 to
6542f62
Compare
86c09a7 to
1f64016
Compare
mcmire
left a comment
There was a problem hiding this comment.
Is there any harm in allowlisting internal events/actions? What do you think about showing a warning instead?
|
@mcmire I agree that this should probably be done at the type level rather than throwing an error at runtime. Will update with new approach. |
…time error handling (#2058) ## Explanation - Previously, error handling branches for `RestrictedControllerMessenger` methods were not being tested on the basis of compile-time checks: "Branches unreachable with valid types". - However, given that these methods are being called by our JavaScript clients, we also need assurances on runtime error-handling behavior. - This PR adds jest tests for the previously ignored error handling branches: coverage is brought up to 100%. - `@ts-expect-error` is used to suppress the compile-time type errors to simulate a JavaScript environment. ## References - Closes #2059 - See #2051 (comment) ## Changelog ### `@metamask/base-controller` ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've highlighted breaking changes using the "BREAKING" category above as appropriate --------- Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
|
What is considered "internal action/event"? In the Snap Controller, we subscribe to events fired from the Snap Controller. Would this no longer be allowed? |
|
@Mrtenz No worries, this PR won't affect the snap controller event subscriptions you linked to. It doesn't restrict any event subscriptions or action handler registrations in general. Internal actions/events for a controller are those with type names that are in the controller's namespace (e.g. These internal actions/events should always be allowed for usage by its controller, but previously they needed to be explicitly specified in This PR is a follow-up to that enforcing that internal actions/events are not redundantly included in the allowlists at all. So it only affects how |
2101516 to
65b6827
Compare
Thanks for the clarification! |
65b6827 to
54aab73
Compare
…arameters in the `ControllerMessenger.getRestricted()` method and the `RestrictedControllerMessenger` constructor do not include actions/events that are in the messenger's namespace
54aab73 to
8343b17
Compare
8343b17 to
c96a214
Compare
mcmire
left a comment
There was a problem hiding this comment.
Sorry this took so long to review. I realized that all I really needed to do was look at the changes here and see if they made sense on their own, which they do. I still think that the types in RestrictedControllerMessenger are super confusing, but this PR doesn't make them more confusing, it just narrows what's already there.
…ot initialized with internal actions/events in allow lists (#2051) ## Explanation - `RestrictedControllerMessenger` constructor and `ControllerMessenger.getRestricted()` method now raise a type error if an internal action is passed into `allowedActions`, or an internal event into `allowedEvents`. - ` Type 'string' is not assignable to type 'never'.` - `Type '"SomeController:internalAction"' is not assignable to type '"OtherController:externalAction1" | "OtherController:externalAction2"'.` - Fixes breaking tests in downstream controllers in core repo. ## Impact - The `allowed{Actions,Events}` arrays in `ControllerMessenger.getRestricted()` now align with the `Allowed{Actions,Events}` generic params of `RestrictedControllerMessenger`: Both only enumerate external actions/events. - This commit disallows `allowed{Actions,Events}` arrays that contain an incomplete list of internal actions/events. - A partial list doesn't provide any useful information as all internal actions/events will be available to the messenger regardless of whether any of them are allowlisted. - A partial list also gives the confusing impression that some internal actions/events can be *disallowed* through omission, which is not true as of #2050. --------- Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
…wareMessenger` pattern, fix `any` (#1970) ## Explanation ### Apply controller-messenger pattern - Defines `QueuedRequestMiddlewareMessenger`, `SelectedNetworkMiddlewareMessenger` types to represent external controller messengers in the middleware chain. - Reserved for internal use and not exported at package level. - Defines separate allow lists for `QueuedRequest{Controller,Middleware}Messenger` and `SelectedNetwork{Controller,Middleware}Messenger`. ### Type fixes - Defines and exports `QueuedRequestMiddlewareJsonRpcRequest`, `SelectedNetworkMiddlewareJsonRpcRequest` types. - Fix `any` usage in `createSelectedNetworkMiddleware` ### Tests - Fixes `any`, `as any` usage in `QueuedRequestController`, `QueuedRequestMiddleware` tests. - Moves util functions for building test messengers into individual test files. - For context: #1970 (comment) ## References - Follow-up from #1806 - Builds on #2051 - Closes #2038 ## Changelog ### `@metamask/queued-request-controller` - **ADDED**: Add `QueuedRequestMiddlewareJsonRpcRequest` typee - **BREAKING:** `QueuedRequestControllerMessenger` can no longer be defined with any allowed actions or events. - **CHANGED**: Move `@metamask/approval-controller` from devDeps to deps. ### `@metamask/selected-network-controller` - **ADDED**: Add `SelectedNetworkMiddlewareJsonRpcRequest` type - **BREAKING:** Rename `SelectedNetworkControllerAction` to `SelectedNetworkControllerActions` and `SelectedNetworkControllerEvent` to `SelectedNetworkControllerEvents` for consistency with corresponding type exports from other controllers. - **BREAKING:** `createSelectedNetworkMiddleware` return type is constrained to satisfy `JsonRpcMiddleware<JsonRpcParams, Json>`, and the `req` parameter needs to satisfy `SelectedNetworkMiddlewareJsonRpcRequest`. ## Checklist - [x] I've updated the test suite for new or updated code as appropriate - [x] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've highlighted breaking changes using the "BREAKING" category above as appropriate --------- Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
Explanation
RestrictedControllerMessengerconstructor andControllerMessenger.getRestricted()method now raise a type error if an internal action is passed intoallowedActions, or an internal event intoallowedEvents.Type 'string' is not assignable to type 'never'.Type '"SomeController:internalAction"' is not assignable to type '"OtherController:externalAction1" | "OtherController:externalAction2"'.Impact
allowed{Actions,Events}arrays inControllerMessenger.getRestricted()now align with theAllowed{Actions,Events}generic params ofRestrictedControllerMessenger: Both only enumerate external actions/events.allowed{Actions,Events}arrays that contain an incomplete list of internal actions/events.References
base-controller] Enforce thatRestrictedControllerMessengeris not initialized with internal actions/events in allow lists #2057Changelog
@metamask/base-controllerRestrictedControllerMessengerconstructor andControllerMessenger.getRestricted()method raise a type error if internal actions or events are passed intoallowedActionsorallowedEvents.Checklist