feat: change default search pattern to only include environment files (#82)

BREAKING CHANGE: In order to improve security (and apply `Secure by default`), the default for `searchPattern` has been changed to  `{sourceRoot}/**/environments/environment*.ts` (from `{sourceRoot}/**/!(*server*).ts`). If your project uses environment variables in other files, update the `searchPattern` entry in your `ngsscbuild` block in your angular.json.

Author: kyubisation

README.md

@@ -20,6 +20,13 @@ Starting with version 13, there are experimental builders for the `build` and `s
 To install the experimental builders run `ng add angular-server-side-configuration` and answer
 `Would you like to use the experimental builders for build and serve?` with `y(es)`.
 
+## Changes with version 16
+
+In order to better follow `Secure by default`, the default for `searchPattern` has been changed
+to `{sourceRoot}/**/environments/environment*.ts` (from `{sourceRoot}/**/!(*server*).ts`).
+If your project uses environment variables in other files, update the `searchPattern` entry
+in your `ngsscbuild` block in your angular.json.
+
 ## Changes with version 15.1
 
 With the change in version 15 to search all files for environment variables, a potential
@@ -35,17 +42,18 @@ This should have little to no impact, if you only have a simple angular.json wor
 a backend component.
 
 With 15.1 this risk is mitigated, as the lookup path is restricted by adding an option
-`searchPattern` which defaults to `{sourceRoot}/**/!(*server*).ts` (only search `sourceRoot`
-of the related angular.json project and exclude files with `server` in the name).
+`searchPattern` which defaults to ~~`{sourceRoot}/**/!(*server*).ts` (only search `sourceRoot`
+of the related angular.json project and exclude files with `server` in the name)~~
+`{sourceRoot}/**/environments/environment*.ts` with version 16.
 
 ## Changes with version 15
 
 With version 15 of the Angular CLI, environment files are no longer generated by default. In
 order to adapt, using `ng add angular-server-side-configuration` will try to add the import in
 either `environment.prod.ts`, `environment.ts`, `app.module.ts`, `app.components.ts` or `main.ts`
-depending on availability. The ngssc builder will also now search all files for environment
+depending on availability. ~~The ngssc builder will also now search all files for environment
 variable usages instead of just the defined environment file. Due to this, the
-`ngsscEnvironmentFile` option can be removed.
+`ngsscEnvironmentFile` option can be removed.~~
 
 ## Getting Started
 
@@ -94,8 +102,8 @@ used environment variables and generate an [ngssc.json](#ngsscjson) in the defin
             // Optional
             // (Defaults to the basename of the index option of the browser target)
             "filePattern": "index.html",
-            // (Defaults to {sourceRoot}/**/!(*server*).ts)
-            "searchPattern": "src/environments/environment*.ts"
+            // (Defaults to {sourceRoot}/**/environments/environment*.ts)
+            "searchPattern": "src/environments/environment.ts"
           },
           "configurations": {
             "production": {

projects/angular-server-side-configuration/builders/ngsscbuild/index.ts

@@ -59,7 +59,9 @@ export async function detectVariables(
 
   const projectMetadata = await context.getProjectMetadata(projectName);
   const sourceRoot = projectMetadata.sourceRoot as string | undefined;
-  const defaultSearchPattern = sourceRoot ? `${sourceRoot}/**/!(*server*).ts` : '**/!(*server*).ts';
+  const defaultSearchPattern = sourceRoot
+    ? `${sourceRoot}/**/environments/environment*.ts`
+    : '**/environments/environment*.ts';
 
   const detector = new VariableDetector(context.logger);
   const typeScriptFiles = await glob(searchPattern || defaultSearchPattern, {

projects/angular-server-side-configuration/builders/ngsscbuild/schema.json

@@ -17,7 +17,7 @@
     },
     "searchPattern": {
       "type": "string",
-      "description": "The search pattern to use when searching for environment variable occurrences (Defaults to {sourceRoot}/**/!(*server*).ts)",
+      "description": "The search pattern to use when searching for environment variable occurrences (Defaults to {sourceRoot}/**/environments/environment*.ts)",
       "default": ""
     }
   }

projects/angular-server-side-configuration/schematics/ng-add/index.ts

@@ -8,7 +8,6 @@ import {
 } from '@angular-devkit/schematics';
 import { InsertChange } from '@schematics/angular/utility/change';
 import { getWorkspace, updateWorkspace } from '@schematics/angular/utility/workspace';
-import type { FileReplacement } from '@angular-devkit/build-angular';
 import { Schema } from './schema';
 
 export function ngAdd(options: Schema): Rule {

test/hello-world-app/src/app/app.component.ts

@@ -7,12 +7,13 @@
  */
 
 import { Component } from '@angular/core';
+import { environment } from '../environments/environment';
 
 @Component({
   selector: 'app-root',
   templateUrl: './app.component.html',
   styleUrls: ['./app.component.css'],
 })
 export class AppComponent {
-  title = process.env.TEST;
+  title = environment.title;
 }

test/hello-world-app/src/environments/environment.development.ts

@@ -0,0 +1,3 @@
+export const environment = {
+  title: 'dev',
+};

test/hello-world-app/src/environments/environment.ts

@@ -0,0 +1,5 @@
+import 'angular-server-side-configuration/process';
+
+export const environment = {
+  title: process.env.TEST,
+};

test/hello-world-app/tsconfig.json

@@ -1,6 +1,10 @@
 {
   "compileOnSave": false,
   "compilerOptions": {
+    "paths": {
+      "angular-server-side-configuration": ["../../dist/angular-server-side-configuration"],
+      "angular-server-side-configuration/*": ["../../dist/angular-server-side-configuration/*"]
+    },
     "baseUrl": "./",
     "outDir": "./dist/out-tsc",
     "sourceMap": true,