Migrate to TypeScript by mikesposito · Pull Request #161 · MetaMask/eth-trezor-keyring

mikesposito · 2023-02-09T15:32:09Z

This PR converts the package from JavaScript to TypeScript, adding needed devDependencies and configurations to make it work. The linting pipeline has also been updated, bringing some changes to the code to make it compliant with the latest module template version.

Typed TrezorKeyring class
Typed TrezorKeyring class tests
Changed TrezorKeyring private methods from underscore to sharp notation - needed after eslint config update
Changed eslint config
Changed prettier config
Added typedoc and updated github workflow to use it for publish docs
Added depcheck and related package.json scripts
Added resolution on @types/web in order to use 0.0.69 (>0.0.69 seems incompatible with @types/node. See: AbortSignal conflict issue between @types/web@0.0.70 and @types/node@18.6.1 microsoft/TypeScript-DOM-lib-generator#1368)
Patched @trezor/connect@9.0.6 package as it uses a type import from a module that is now private, throwing an error while building (Types taken from here: https://github.com/trezor/trezor-suite/blob/develop/packages/connect-analytics/src/types/events.ts) - Existing issue on Trezor monorepo: Building in typescript app throws errors with tsc trezor/trezor-suite#7593

Resolves #156
Resolves #166

socket-security · 2023-02-16T16:20:00Z

Socket Security Pull Request Report

👍 No new dependency issues detected in pull request

Pull request report summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Powered by socket.dev

src/TrezorKeyring.ts

andrewpeters9 · 2023-02-17T13:10:56Z

src/TrezorKeyring.ts

+  private async _signTransaction(
+    address: string,
+    chainId: number,
+    tx: TypedTransaction | OldEthJsTransaction,


Although it will be a bit verbose, this looks like a good spot for a function overload

@andrewpeters9 what do you think about a solution with type generics?

async #signTransaction<T extends TypedTransaction | OldEthJsTransaction>( address: string, chainId: number, tx: T, handleSigning: (tx: EthereumSignedTx) => T, ): Promise<T>

tsconfig.json

Gudahtt

Looks great! Still not finished, I have a bit more left to review. Really appreciate the detailed comments

scripts/prepack.sh

Gudahtt · 2023-02-23T22:10:58Z

package.json

    "@metamask/eslint-config": "^8.0.0",
    "@metamask/eslint-config-mocha": "^8.0.0",
    "@metamask/eslint-config-nodejs": "^8.0.0",
+    "@metamask/eslint-config-typescript": "^11.1.0",


This version of the package has a peerDependencies conflict; it is asking for a different version of eslint than the other config packages are. Generally it's better to keep these in sync with each other so that they all work more predictably.

To bring this in-line with the other configs, you'd want to change this to ^8.0.0 and downgrade the @typescript-eslint packages to ^4.20.0. We can update the configs together in a separate PR.

Hmm. I see that this problem goes deeper. The version of ESLint we're using isn't compatible with any TypeScript version beyond v4.4.4, so we'd need to downgrade TypeScript as well, and that would force us to downgrade typedoc.

Maybe we can leave this as-is and update the ESLint configs to resolve this peer dependency conflict in a later PR.

package.json

tsconfig.json

src/TrezorKeyring.ts

src/TrezorKeyring.test.ts

package.json

src/TrezorKeyring.test.ts

package.json

src/TrezorKeyring.test.ts

src/TrezorKeyring.ts

Gudahtt · 2023-02-25T01:45:57Z

src/TrezorKeyring.ts

-        to: this._normalize(tx.to),
-      };
+        to: this.#normalize(tx.to as unknown as Buffer),
+      } as EthereumTransaction | EthereumTransactionEIP1559;


Huh, interesting. This cast seems to be necessary because tx.toJSON claims that a bunch of things are potentially undefined even though they aren't. I looked at the source for toJSON, and this is what it returns:

{ nonce: string; gasPrice: string; gasLimit: string; to?: string; value: string; data: string; v?: string; r?: string; s?: string; }

I tried casting the return value of toJSON to that value directly, and then the cast on this line wasn't needed. So what we're doing here should be type-safe, if the return value of toJSON was correct.

.github/workflows/publish-docs.yml

context: MetaMask/metamask-module-template#176

package.json

Gudahtt

Great work! One outstanding question on pinning that trezor dep, but everything else looks good to me!

Gudahtt

LGTM!

mcmire

LGTM as well, aside from one thing.

mcmire · 2023-02-27T17:42:11Z

src/trezor-keyring.ts

+      path: this.#pathFromAddress(address),
      data: {
-        types: { EIP712Domain, ...otherTypes },
+        types: { EIP712Domain, ...otherTypes } as T,


Forgive me if this has been asked already, but is there any way that we can avoid this typecasting?

@mcmire TS complains that the object might be instantiated with a different subset of MessageTypes, as we destructure dataWithHashes.types to give default values.
We can maybe avoid the cast and assign default values anyway in this way:

const { types, message = {}, domain = {}, primaryType, domain_separator_hash, message_hash, } = dataWithHashes; // ... data: { types: { ...types, EIP712Domain: types.EIP712Domain ?? [] },

What do you think?

Yeah I think that would make sense!

src/trezor-keyring.ts

andrewpeters9 · 2023-02-28T02:44:01Z

src/trezor-keyring.ts

   */
-  async _signTransaction(address, chainId, tx, handleSigning) {
-    let transaction;
+  async #signTransaction<T extends TypedTransaction | OldEthJsTransaction>(


Hmm, we can use extends here for tersity, but it's technically incorrect (unless we want to be allowing input that's an extension of those objects?) And we would be returning a less narrow type.

The way to overload this would be:

async #signTransaction( address: string, chainId: number, tx: OldEthJsTransaction, handleSigning: ( tx: EthereumSignedTx ) => (OldEthJsTransaction ) ): Promise<OldEthJsTransaction>; async #signTransaction( address: string, chainId: number, tx: TypedTransaction, handleSigning: ( tx: EthereumSignedTx, ) => (TypedTransaction) ): Promise<TypedTransaction>; async #signTransaction( address: string, chainId: number, tx: OldEthJsTransaction | TypedTransaction, handleSigning: ( tx: EthereumSignedTx, ) => (OldEthJsTransaction | TypedTransaction) ): Promise<OldEthJsTransaction | TypedTransaction> {

but it's technically incorrect (unless we want to be allowing input that's an extension of those objects?

Hmm, it sounds like you're misunderstanding this keyword. It really doesn't imply any sort of OOP-style inheritance. Nothing about using extends with a type union is incorrect. This is a conventional and effective way to ensure that a generic parameter is one of two types.

This is a conventional and effective way to ensure that a generic parameter is one of two types.

Yes, but it allows for a different type that happens to extend OldEthJsTransaction | TypedTransaction to be passed in too - which I don't think we want to allow. E.g.:

type Tx1 = { name1: string; } type Tx2 = { name2: number; } const test = <A extends Tx1 | Tx2>(a:A, fn: (x: any) => A): A => { return a; } test({name1: "test", extraKey: "test"}, (x) => ({name1: "test", extraKey: "test"})); // ✅ test({name1: "test", name2: "test"}, (x) => ({name1: "test", name2: "test"})); // ✅

Whereas if we use overloads:

type Tx1 = { name1: string; } type Tx2 = { name2: number; } function test (a: Tx1, fn: (x: any) => Tx1): Tx1; function test (a: Tx2, fn: (x: any) => Tx2): Tx2; function test (a: any, fn: (x: any) => any): any { // last overload is ignored, so we can use 'any' for the type return a; } test({name1: "test", extraKey: "test"}, (x) => ({name1: "test", extraKey: "test"})); // ❌ test({name1: "test", name2: "test"}, (x) => ({name1: "test", name2: "test"})); // ❌ test({name1: "test"}, (x) => ({name1: "test"})); // ✅ test({name2: 4}, (x) => ({name2: 4})); // ✅

Ahh I see. Interesting, good point.

Using any in the implementation does effectively disable type checking though, which isn't ideal. We should at least use the type union there, getting us at least as much type safety as we had before.

Thinking about this further though, this seems based on the false assumption that we're expecting exact transaction objects here. The keyring interface we're using doesn't demand that, it allows additional properties. That is, the old type union seems more-correct even with the surprising behavior you've demonstrated in this code snippet.

Using any in the implementation does effectively disable type checking though

When using overloads, the last type definition is ignored completely, so any doesn't disable type-checking here

Regarding extended types - ok good point. I'll take a brief look into this today

@Gudahtt I had a look into the code today. Given that the tx objects are being created within the keyring itself, and not publically, is there a scenario where we would want to allow the extension of the types?

I've found another benefit to using overloads here, as old transactions should be passing through a Buffer instead of a number. (See my comment on the overload)

@andrewpeters9 see my comment regarding the chainId coming from the old tx.
Moreover, recently a Keyring type has been added to utils (See https://github.com/MetaMask/utils/blob/main/src/keyring.ts#L137) so we should refactor this package to use that interface in a separate PR, which uses just the TypedTransaction - this should simplify a lot the implementation too as we will not expect an old tx anymore.

Do you think we could maybe track the object extensibility problem you are highlighting in a separate issue?

Given that the tx objects are being created within the keyring itself, and not publically

They're currently being created in the transaction controllers (in the core repo for mobile, and in metamask-extension for the extension).

andrewpeters9

LGTM, only change I can think of is the function overload change for #signTransaction (see thread with @Gudahtt )

andrewpeters9 · 2023-03-05T21:39:57Z

src/trezor-keyring.ts

   */
-  async _signTransaction(address, chainId, tx, handleSigning) {
-    let transaction;
+  async #signTransaction<T extends TypedTransaction | OldEthJsTransaction>(


@Gudahtt I had a look into the code today. Given that the tx objects are being created within the keyring itself, and not publically, is there a scenario where we would want to allow the extension of the types?

I've found another benefit to using overloads here, as old transactions should be passing through a Buffer instead of a number. (See my comment on the overload)

andrewpeters9 · 2023-03-05T21:46:37Z

src/trezor-keyring.ts

-function wait(ms) {
+export interface TrezorControllerOptions {
+  hdPath?: string;
+  accounts?: string[];


Nit: this could be readonly too

andrewpeters9 · 2023-03-05T21:47:07Z

src/trezor-keyring.ts

@@ -90,7 +151,7 @@ class TrezorKeyring extends EventEmitter {
    TrezorConnect.dispose();


Potentially out of scope for this PR, but TrezorConnect.dispose() returns a promise, so making this promise access to outside the class might be handy. E.g.:

dispose(): Promise<void> { return TrezorConnect.dipose(): }

Good catch! Doing it in a subsequent PR would probably be best. Tracked here: #170

andrewpeters9 · 2023-03-05T21:47:24Z

src/trezor-keyring.ts

+        // this function return value as Buffer, but the actual
+        // Transaction._chainId will always be a number.
+        // See https://github.com/ethereumjs/ethereumjs-tx/blob/v1.3.7/index.js#L126
+        tx.getChainId() as unknown as number,


We can remove as unknown as number and let the type pass through as a Buffer - see overload comment.

andrewpeters9 · 2023-03-05T21:47:58Z

src/trezor-keyring.ts

+
+  async #signTransaction(
+    address: string,
+    chainId: number,


we can change this to chainId: Buffer,

@Gudahtt This is the other benefit I was mentioning regarding overloads. The chainIds for old tx's have to be Buffers instead of numbers

@andrewpeters9 that getChainId() method is documented to return a Buffer, but it actually will return always a Number (see https://github.com/ethereumjs/ethereumjs-tx/blob/v1.3.7/index.js#L126).

This cast should be safe and we could leave this #signTransaction method as-is.

andrewpeters9 · 2023-03-05T21:48:18Z

src/trezor-keyring.ts

+
+  async #signTransaction(
+    address: string,
+    chainId: number,


This would then have to become chainId: any,

andrewpeters9 · 2023-03-05T21:51:32Z

src/trezor-keyring.ts

-        to: this._normalize(tx.to),
-      };
+        to: this.#normalize(ethUtil.toBuffer(tx.to)),
+      } as EthereumTransaction | EthereumTransactionEIP1559;


I just checked, maybe my TS engine is playing up, but it looks like we can remove as EthereumTransaction | EthereumTransactionEIP1559 here too

andrewpeters9 · 2023-03-05T21:57:33Z

.gitignore

+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+


Nit: but if you want to ignore IDE generated files you can add these lines (these are included in metamask-extension too):

# IDEs .idea .sublime-project

Gudahtt

LGTM!

andrewpeters9 reviewed Feb 17, 2023

View reviewed changes

andrewpeters9 reviewed Feb 21, 2023

View reviewed changes

tsconfig.json Outdated Show resolved Hide resolved

mikesposito force-pushed the feat/migrate-to-typescript branch from fd0d11e to 75306c8 Compare February 23, 2023 09:44

mikesposito marked this pull request as ready for review February 23, 2023 10:13

mikesposito requested a review from a team as a code owner February 23, 2023 10:13

Gudahtt reviewed Feb 24, 2023

View reviewed changes