From b8fb7c2ebaa93fec7d1d6d7b98c3b6d21631e2c3 Mon Sep 17 00:00:00 2001
From: Jerko Steiner <jerko.steiner@gmail.com>
Date: Fri, 30 Aug 2019 16:26:27 +0700
Subject: [PATCH] Add warning message about JSONRPC

---
 packages/jsonrpc/src/jsonrpc.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/jsonrpc/src/jsonrpc.ts b/packages/jsonrpc/src/jsonrpc.ts
index 2916a91..4e12505 100644
--- a/packages/jsonrpc/src/jsonrpc.ts
+++ b/packages/jsonrpc/src/jsonrpc.ts
@@ -157,6 +157,10 @@ export const createRpcService = <T, M extends FunctionPropertyNames<T>>(
 
       await validateServiceContext(id, service, method, context)
 
+      // FIXME TODO if user specified too many parameters in the request,
+      // they might override the context argument! this is dangerous as it
+      // could allow them to set any userId they would like. We should compare
+      // method arguments length before invoking this function.
       let retValue = (rpcService[method] as any)(...params, context)
 
       if (typeof retValue === 'function') {