npm command line tool: Add option to rename the injected Angular HttpClient variable name (static code scanner issue)

[montelyno]

Hi all,

first of all thanks for your great project, helps a lot!

Since we are using the typescript code generation (npm command line tool) for setting up our service proxies including all dependent models in production environments, there is the mandatory requirement from our company, that we have to code scan the entire source code. In our case Fortify on Demand.

Since the injected HttpClient coming from angular is named "http" (just the variable name, not the protocol used by the service!), the code scanner identifies all usings with the HttpClient as "Insecure Transport" vulnerabilities.

Do you have the chance to parameterize the name of the injected HttpClient to not have the service instance variable called "http" and maybe use some custom variable name?

In my case i have a few hundred findings which i have to talk about with our IT risk gus, which is very intense and a really painful job!

Please let me know, what you think about that idea.

Thanks in advance Michael

[krzyhan]

You can easily change this.

Just create and use template AngularClient.liquid https://github.com/RicoSuter/NSwag/blob/116c636fb7491623eb6c70725b8fb20c450ec96c/src/NSwag.CodeGeneration.TypeScript/Templates/AngularClient.liquid#L23C179-L23C179

change http @Inject({{ Framework.Angular.HttpClass }}) http: {{ Framework.Angular.HttpClass }}, to whatever you want, eq httpClient:

constructor({% if HasConfigurationClass %}@Inject({{ ConfigurationClass }}) configuration: {{ ConfigurationClass }}, {% endif %}@Inject({{ Framework.Angular.HttpClass }}) httpClient: {{ Framework.Angular.HttpClass }}, @Optional() @Inject({{ Framework.Angular.BaseUrlTokenName }}) baseUrl?: string)

and in config file, use your template

"codeGenerators" : {
   "openApiToTypeScriptClient": {
       ...restProperties
      "template": "Angular",
      "templateDirectory": "path/to/your/template",
   }
}