Feat/phishing controller hotlist timestamp #5621
Conversation
…w type update for c2Blocklist having lastFetchedAt being a number now rather than string Signed-off-by: Ohm <[email protected]>
Signed-off-by: Ohm <[email protected]>
…shingControllerHotlistTimestamp
| }); | ||
|
|
||
| // Mock a successful response with lastFetchedAt at the root level similar to the example | ||
| nock(PHISHING_CONFIG_BASE_URL) |
There was a problem hiding this comment.
With nock we also want to ensure that the request was actually done and the mock was hit. You can do that by using the isDone (https://github.com/nock/nock?tab=readme-ov-file#isdone) expecation from nock:
const scope = nock(...);
...
expect(scope.isDone()).toBe(true);|
|
||
| // Verify the timestamp wasn't changed | ||
| expect(controller.state.hotlistLastSuccessTimestamp).toBe(1744213500); | ||
| }); |
There was a problem hiding this comment.
Here it seems that we are actually doing 3 tests:
- mock successfull response with lastFetchedAt
- mock successfull response without lastFetchedAt
- mock failed response
Each of those should be its own test (an it descriptor for each case). You can read more about testing best practices in the contributor docs:
- Overall best practices: https://github.com/nock/nock?tab=readme-ov-file#isdone
- Unit test best practices: https://github.com/MetaMask/contributor-docs/blob/main/docs/testing/unit-testing.md
…shingControllerHotlistTimestamp
Signed-off-by: Ohm <[email protected]>
Signed-off-by: Ohm <[email protected]>
Signed-off-by: Ohm <[email protected]>
…ags, reduced linting errors across other files Signed-off-by: Ohm <[email protected]>
Signed-off-by: Ohm <[email protected]>
| @@ -148,10 +148,16 @@ export type HotlistDiff = { | |||
| isRemoval?: boolean; | |||
| }; | |||
|
|
|||
| // TODO: Either fix this lint violation or explain why it's necessary to ignore. | |||
| // eslint-disable-next-line @typescript-eslint/naming-convention | |||
| /** | |||
There was a problem hiding this comment.
here is explicitly the new JSDoc tags
| @@ -792,7 +812,7 @@ export class PhishingController extends BaseController< | |||
| const newPhishingLists = this.state.phishingLists.map((phishingList) => { | |||
| const updatedList = applyDiffs( | |||
| phishingList, | |||
| [], | |||
| [], // Proper Hotlist object with empty data array | |||
| eth_phishing_detect_config: { | ||
| allowlist: [allowlistedHostname], | ||
| blocklist: [], | ||
| fuzzylist: [], | ||
| }, | ||
| // eslint-disable-next-line @typescript-eslint/naming-convention |
There was a problem hiding this comment.
why removing these throughout the entire file?
| @@ -714,19 +724,20 @@ export class PhishingController extends BaseController< | |||
| * this function that prevents redundant configuration updates. | |||
| */ | |||
| async #updateHotlist() { | |||
| if (this.state.hotlistLastSuccessTimestamp === 0) { | |||
There was a problem hiding this comment.
Why does the updateHotlist() function need to update the stalelist?
My concern is that in the controller's default state, this value is set to 0. AFAIK, the controller should already be fetching the stalelist in that scenario. But then updateHotlist would then be called, potentially causing a duplicate request to update the stalelist. Let me know if I am missing something here
There was a problem hiding this comment.
Should run this locally to ensure there are not duplicate stalelist requests being made since that is a heavy request
There was a problem hiding this comment.
Yes, I agree with @mindofmar.. not sure why we are calling updateStalelist in this scenario. If the stale list is out of date, the updateHotlist method will not be called. So not sure why we are doing this.
There was a problem hiding this comment.
The idea was to force a Stalelist refresh on update to this version.
…st updates Signed-off-by: Ohm <[email protected]>
| @@ -673,6 +683,7 @@ export class PhishingController extends BaseController< | |||
| this.update((draftState) => { | |||
| draftState.stalelistLastFetched = timeNow; | |||
| draftState.hotlistLastFetched = timeNow; | |||
| draftState.hotlistLastSuccessTimestamp = timeNow; | |||
There was a problem hiding this comment.
Before we were relying on the staleList lastUpdated field for querying the hotList and now we are replacing it with the hotlistLastSuccessTimestamp. However as you can see here, the lastUpdated is a property of the staleList response while the hotlistLastSuccessTimestamp is computed in the client. This can cause multiple issues:
- The staleList might have been computed sometime into the past. We should not assume that the list returned represents the latest available values at the time that the client receives it.
- Using a computed property in the client, will not allow us to capture any items added to the list in between the request being handled by the API and the client computing the timestamp value.
I might be missing something, but I don't think that this implementation is quite right. I believe it should change to something like:
draftState.hotlistLastSuccessTimestamp = hotlistDiffsResponse?.lastFetchedAt || this.state.hotlistLastSuccessTimestamp| hotlistResponse = await this.#queryConfig<DataResultWrapper<Hotlist>>( | ||
| `${METAMASK_HOTLIST_DIFF_URL}/${lastDiffTimestamp}`, | ||
| `${METAMASK_HOTLIST_DIFF_URL}/${this.state.hotlistLastSuccessTimestamp}`, |
There was a problem hiding this comment.
What if the hotlistLastSuccessTimestamp is still set to 0? Shouldn't we use the state.phishingLists[].lastUpdated?
| this.update((draftState) => { | ||
| // We've already verified that hotlistResponse is not null above | ||
| draftState.hotlistLastSuccessTimestamp = | ||
| hotlistResponse?.lastFetchedAt || | ||
| draftState.hotlistLastSuccessTimestamp; | ||
| }); |
There was a problem hiding this comment.
Should we prevent updating it to the same value as before? (there's no value in that operation). We could update the code here to something like:
if (hotlistResponse?.lastFetchedAt) {
this.update((draftState) => {
draftState.hotlistLastSuccessTimestamp = hotlistResponse.lastFetchedAt;
});
}Also I don't think that we need the code comments added. You can drop those as the code is quite readable here.
Explanation
References
Are there any issues that this pull request is tied to? Issue
Are there other links that reviewers should consult to understand these changes better? Michael Hahn and Jacob Lebowitz
Changelog
Checklist