[AC-2278] [BEEEP] Typesafe Angular DI

[eliykat]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

A proposal for making our Angular DI configuration typesafe. I recommend checking this out locally and breaking stuff to convince yourself that it provides the safety I think it does.

The basic outline is:

• instead of registering providers using object literals (e.g. {provide: myAbstractClass, useClass: myClass, deps: []}), which can quickly become out of date or incorrect, we now use factory functions that correspond to each method of registering a dependency: useClass, useValue, etc.
• these factory functions are pass-through functions that perform type checking. For example, they ensure that the implementation actually implements the abstraction, and that the deps array matches what the implementation needs in its constructor.
• to make people use these, the return type of the factory functions is SafeProvider. jslib-services.module now requires that the providers array be of this type, so you can no longer use object literals.

Code changes

• file.ext: Description of what was changed and why

Screenshots

Before you submit

• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team
• Ensure that all UI additions follow WCAG AA requirements

[codecov]

Codecov Report

Attention: Patch coverage is 43.75000% with 18 lines in your changes are missing coverage. Please review.

Project coverage is 25.70%. Comparing base (8f8385d) to head (dd750d4).

Files	Patch %	Lines
libs/angular/src/services/jslib-services.module.ts	0.00%	12 Missing ⚠️
apps/desktop/src/app/services/services.module.ts	0.00%	2 Missing ⚠️
...r/src/platform/services/theming/theming.service.ts	0.00%	2 Missing ⚠️
libs/angular/src/platform/utils/safe-provider.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8206   +/-   ##
=======================================
  Coverage   25.70%   25.70%           
=======================================
  Files        2267     2268    +1     
  Lines       66307    66310    +3     
  Branches    12454    12452    -2     
=======================================
+ Hits        17045    17046    +1     
- Misses      47912    47914    +2     
  Partials     1350     1350           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 8b7b9ac9-1a16-4f94-92ef-d49f4a2982f4

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Client_Password_In_Comment	/libs/angular/src/platform/utils/safe-provider.ts: 83	Attack Vector

[MGibson1]

I think this is freaking awesome. The only downside is having to user factories for our provide objects, but the safety is totally worth that.

[eliykat]

This class used both injectable decorators (to inject its dependencies) and the providers array (to match the abstraction to the implementation). This is the only class that mixes these approaches and I think it's confusing. In any case, it couldn't be reconciled with this PR, so I've changed it to only use the providers array.

[eliykat]

SafeProvider is defined as Opaque<Provider> in the helpers file. It's the type returned by all our helper functions, and it's an attempt to make people use them rather than continue to add object literals.

It's a bit awkward and I'm not entirely happy with it but I think it's the simplest solution compared to writing an eslint rule or something. However, any suggestions for how this can be improved are welcome - particularly so that other team members can understand what we're doing here.

[eliykat]

This file is reviewable if you use the "Hide whitespace" option in Github. And you should review this - I did have to change (fix) some dependencies. (My favourite is where we were injecting LoginService instead of LogService)

[eliykat]

I've committed @MGibson1' contribution, which combines the factory functions into a single factory function (thanks Matt!), and I've made some further changes. The commit history is relatively clean if you prefer to review that way.

I moved this new work under Platform ownership - it fits their responsibilities and I also want a clear owner that people can bug with questions or change requests. (You're welcome ;) )

I can extend this pattern to our other services modules in a separate PR after this is merged.

[eliykat]

I've tightened up the type check here by removing Partial.

This is because I decided that our current practice was wrong. We should register the Internal version of each service first, and then use useExisting to register the more restricted (non-internal) interface. That way we can guarantee that the implementation type extends the abstraction type in the useExisting declaration. See 10d4250

[MGibson1]

I agree that we were doing it backwards, but I think even better would be to, for example

safeProvider({
  provide: OrganizationService,
  useClass: OrganizationService,
  deps: [StateServiceAbstraction, StateProvider],
}),
safeProvider({
  provide: InternalOrganizationServiceAbstraction,
  useExisting: OrganizationService,
}),
safeProvider({
  provide: OrganizationServiceAbstraction,
  useExisting: OrganizationService,
}),

The hope here is that we don't actually need the InternalOrganizationService to extend OrganizationService so we could implement arbitrary interfaces and we can use the single class to provide a slew of non-interlocking interfaces.

[eliykat]

I have split SafeFactoryProvider into 2 separate types, 1 where an InjectionToken is used, and 1 where an Abstract class is used. This means the types are kept dead simple with no conditional extends logic. The drawback is that we add yet more types to the safeProvider function. I thought this was an acceptable tradeoff but I'm open to other views here.

[MGibson1]

I'm fine with either. The only drawback is more generics on safeProvider and realistically that ship has sailed. If you ever need to specify types on that thing this isn't going to work.

[eliykat]

Some of the types here are duplicates, but I think it's preferable to keep them clearly separated (if duplicative) so that they can easily be updated in step with any changes to the underlying types.

[MGibson1]

I believe the two comments I have are blocking the alternate internal interface usage I described as prefferrable to me, but this is clearly an improvement and seems ready to go to me.

[MGibson1]

Isn't it valid to use a non-abstract constructor here, too?

[MGibson1]

Isn't it valid to use a non-abstract constructor here, too?