NgRx 4 released

New version of NgRx finally released with new cool features 
19 July 2017   2979
JavaScript

Lightweight interpreted or JIT-compiled programming language with first-class functions.

NgRx 4 is finally out. This is reported by the Angular Blog.

Main features are: 

  • Official support for lazy loading
  • Simplified testing
  • Redesigned router integration

Let's take a better look on it and figure out, what developers brought to user.

Support for Lazy Loading

Earlier it was not very comfy to use lazy loading with NgRx. Coders faced manual loading management and unloading reducers. With this release developers added official support for lazy loading.

@NgModule({
  imports: [
    StoreModule.forRoot(appReducers),
    EffectsModule.forRoot([SourceA, SourceB]),
    RouterModule.forRoot([
      { path: ‘lazy’, loadModule: ‘./lazy.module#LazyModule’ }
    ])
  ]
})
export class AppModule { }
@NgModule({
  imports: [
    StoreModule.forFeature(‘lazy’, lazyReducers),
    EffectsModule.forFeature([SourceC]),
    RouterModule.forChild(childRoutes)
  ]
})
export class LazyModule { }

Improved Testing

NgRx now clearly separates the UI, state management, and side effects. This alone makes testing more straightforward and enjoyable.

Since reducers are synchronous pure functions, testing them was always as easy. But testing effects classes, which heavily rely on RxJS, was tricky.

The RxJS community came up with a great solution to simplify testing RxJS observables — marble testing, which makes tests visual and easy to read. Previously it was not easy to use marbles for testing effects classes, but it has changed with NgRx 4.

describe(‘My Effects’, () => {
  let effects: MyEffects;
  let actions: Observable<any>;

  beforeEach(() => {
    TestBed.configureTestingModule({
      providers: [
        MyEffects,
        provideMockActions(() => actions),
        // other providers
      ],
    });

    effects = TestBed.get(MyEffects);
  });

  it(‘should work’, () => {
    actions = hot(‘—a-’, { a: SomeAction,  … });
    const expected = cold(‘—b’, { b: AnotherAction });
    expect(effects.someSource$).toBeObservable(expected);
  });
});

Redesigned Router Integration

NgRx help coders to solve one of the most difficulty development issues - state management. But it is not the only part of the state management story. The other one is the router. And, that is why, making sure that NgRx and the router work well together was a high priority for NgRx team.

Main issue of NgRx 2 router integration was that the store and the router were synchronized after that fact. This meant that resolvers and guards could not access the new state, which made them less useful. This also meant that the store could not cancel the navigation.

In order to fix it, developers had to make the Angular router more pluggable.

Learn more at Angular Blog

Supra Smart Cloud TV to be Hacked

Now hacker can replace video being watched with own content
04 June 2019   298

A vulnerability has been identified on the Supra Smart Cloud TV (CVE-2019-12477). It makes possible to replace the transmission currently being watched for the content of the attacker. As an example, the output of a bogus emergency warning is shown.

To attack, just send a specially designed network request that does not require authentication. In particular, hacker can contact the handler "/ remote / media_control? Action = setUri & uri =" by specifying the URL of the m3u8 file with the video parameters, for example "http://192.168.1.155/remote/media_control?action=setUri&uri=http://attacker .com / fake_broadcast_message.m3u8 ".

In most cases, access to the IP address of the TV is limited to the internal network, but since the request is sent via HTTP, it is possible to use methods to access internal resources when the user opens a specially designed external page (for example, under the request of a picture or using the DNS rebinding method).