It is often said that we should choose the right tool for the job. When we want a language that doesn’t crash at runtime, we often think of Rust or Haskell.
When we want the language to enable speedy delivery, JavaScript comes to mind. But what to choose if we want both type-safety and speedy delivery?
This talk will show that in such a scenario TypeScript is an excellent bet. Over the years, TypeScript has developed a very powerful type system. One that is on par with languages like Rust, without sacrificing the speedy delivery of JavaScript. It’s still fast to develop the code we want and it’s easy to make it type-safe.
I will show how we’ve used TypeScript to match Rust in making programs type-safe and how a form of dependent types (type operators) can even express some constraints that are difficult to express in other languages.
This talk will cover
*What is so unique about TypeScript
*How it allows to make programs type-safe
*How easy it is to do so
*What the limitations are
3. Agenda
Quick TypeScript Introduction
What makes TypeScript different
Use Case 1: Type-Safe Input Validation
Use Case 2: Type-Safe REST API
Use Case 3: Type-Safe Access Control
Evaluation
1
2
3
4
5
6
7. Composing Types
➔ Type Alias
➔ Object types
◆ ~ object literals
➔ Union types
◆ string | number
➔ Array types
◆ number[]
◆ Array<number>
➔ Function
◆ Arrow notation
8. Generics
➔ Abstracting over
types
➔ Example: Array
◆ ⇒ Array<number>
➔ Box is generic
➔ A box can contain
◆ a number
◆ a string
◆ a Person
➔ numberBox.setValu
e(“a string”) will fail
11. No Reflection!
➔ Most languages
◆ Get type of variable at compile time (e.g. Java Annotation Processor
/ Rust Macros)
◆ Get type of variable at run time (e.g. Reflection)
➔ TypeScript
◆ No knowledge of types at run time
◆ Typeof in type-land
◆ Computing types from other types
◆ ⇒ Type-level programming
12. Type-level programming
➔ At type-level
◆ Generics are
functions
◆ Take one or more
types as argument
◆ Returns a new type
◆ <T1, T2, …> → TReturn
20. Type-level programming
➔ Idea
◆ Program with types
◆ More complex types
➔ Combination = Game Changer
◆ Inferring types from values
◆ + Conditional types
◆ + mapped types/recursion
➔ Turing Complete
➔ New paradigm but easier than macros
◆ Syntax is not ideal
21. Type-level programming
➔ TypeScript is spectrum
◆ JavaScript
◆ JavaScript + Types
● Similar to e.g. python, ruby, …
◆ Extremely Type Safe APIs
26. Type-Safe Rest API
➔ Share types between server and frontend
➔ Solution
◆ Infer API from server / schema
◆ Libraries
● tRPC
● api-ts (internal)
◆ Rust:
● Rocket.rs servers as typed functions
27. api-ts
➔ Advantage
◆ No type mismatch
◆ Thinking in domain terms
◆ Free API-client
◆ Free OpenAPI / Swagger schema
➔ Disadvantage
◆ Library implementation is untyped
31. Type-Safe Rest API: api-ts 2 years in
➔ Just changed it ~5 times to add features
➔ TypeScript removes level of thinking
◆ Team can focus on adding value, not API problems
➔ Type-level implementation hard to read
◆ But not touching it…
◆ It’s a trade-off
◆ Good naming, Small “functions”, …
➔ Run-time implementation not type-safe
◆ Too hard to type-check
◆ Unit tested
◆ Trade-off for huge type gains in usage
33. Access Control
➔ Goal: Who is allowed to take which action
➔ Where to check?
◆ Controller
◆ Service Classes
34. Access Control
➔ Goal: Who is allowed to take which action
➔ Where to check?
◆ Controller
◆ Service Classes
➔ Risk
◆ Bugs → security issues
◆ Check in both → performance 🔻
◆ Only controller → security 🔻 → development speed 🔻
● Accidentally calling service without permission
◆ Only services → development speed 🔻
● unclear which permissions you need for API