tryretool / retoolrpc

MIT License
6 stars 5 forks source link

Lack of typesafety #32

Open goleary opened 5 months ago

goleary commented 5 months ago

We have a Retool RPC endpoint that looks like this:

rpc.register({
  name: "function",
  arguments: {
    projectId: { type: "string", description: "A string input", required: false },
  },
  implementation: async (args, context) => {
    console.log('args.projectId', args.projectId);
  },
});

The problem is that Retool seems to be allowing passing of non string values via RPC. You can see how we are passing a variable here:

image

But this variable is nullable

image

Nothing in Retool indicates an issue and we can call the function with this value.

Also the retool rpc package doesn't seem to parse the values coming in, so now our types are wrong:

image

Which has resulted in some nasty runtime errors, partially defeating the purpose of using something like Retool RPC + Typescript.

To avoid any more issues of this nature I'm considering using zod to parse the arguments that come from Retool RPC, but this is cumbersome because it will require defining the types multiple times, once for retool and once for zod.

Doing some sort of parsing or validation either in the rpc package or in the retool dashboard would make this feature much safer to use.