Added option to validate incoming URL query parameters

[JPBergsma]

After the discussion in #1120 I have made this function that checks whether the query parameters are known to the server or have a known prefix. If not, an appropriate error/warning is given.
I now perform this check fairly early in the process, If you want I could extract the query parameters at a later stage from the URL string. Although this would be a bit of double work as fastAPI has already done this for us.

[codecov]

Codecov Report

Merging #1122 (59933df) into master (0fb4423) will increase coverage by 0.03%.
The diff coverage is 94.28%.

@@            Coverage Diff             @@
##           master    #1122      +/-   ##
==========================================
+ Coverage   92.33%   92.37%   +0.03%     
==========================================
  Files          68       68              
  Lines        3849     3881      +32     
==========================================
+ Hits         3554     3585      +31     
- Misses        295      296       +1     

Flag	Coverage Δ
project	92.37% <94.28%> (+0.03%)	⬆️
validator	92.37% <94.28%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
optimade/server/warnings.py	88.88% <50.00%> (+0.65%)	⬆️
optimade/server/query_params.py	98.03% <96.66%> (-1.97%)	⬇️
optimade/server/config.py	91.39% <100.00%> (+0.09%)	⬆️
optimade/server/routers/utils.py	98.13% <100.00%> (+0.03%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0fb4423...59933df. Read the comment docs.

[ml-evs]

Looks good @JPBergsma, thanks! It would be nice to move this logic in to the query params classes themselves, but as I mentioned, I couldn't find a clean way to do this.

We should remember to add a note in the docs about how to add custom query parameters. I also realise the config-only extensions I added for provider fields have not yet been documented, so I will raise an issue to track this separately.

A couple of comments below:

[ml-evs]

I would unify the error messages for the second and third cases (I'm not sure telling the client that the prefix is supported is that much more useful). This should allow the code to be simplified quite a bit (especially wrt. my other comment).

[ml-evs]

Only issue I can foresee is if an implementation is already using a custom query parameter without registering it in the query param model. Maybe this param check should be toggle-able and off by default (for now)?

[ml-evs]

Personally I would suggest looping over all the parameters and accumulating all the errors and warnings before emitting them.

It would probably be fine to just raise one error for all unrecognised fields, e.g.

"The query parameter(s) ['fitler', '_exmpl_test'] are not recognised by this entrypoint."

Something like:

for param in request.query_params.keys():
    errors = []
    warnings = []
    if not hasattr(params, param):
        split_param = params.split("_")
        if param.startswith("_") and len(split_param) > 2:
            prefix = split_param[1]
            if prefix in BaseResourceMapper.SUPPORTED_PREFIXES:
                errors.append(param)
            elif prefix not in BaseResourceMapper.KNOWN_PROVIDER_PREFIXES:
                warnings.append(param)
        else:
            errors.append(param)

    if warnings:
         warn(f"The query parameter(s) '{warnings}' are unrecognised and have been ignored.")
 
    if errors:
         raise BadRequest(f"The query parameter(s) '{errors}' are not recognised by this endpoint.")

[JPBergsma]

The function has been moved to query_params.py and is part of a new BaseQueryParam class, from which the EntryListingQueryParams and SingleEntryQueryParams classes inherit it.
I hope you find this clean enough, and I wonder if we could also move the query parameters that belong to both these classes to this common base class.

I mostly used your suggestion, so the errors and warnings are now collected.
I have also defined a flag in config.py which can be used to turn the test off. I think it is good that servers perform this test, so I have set the default to True. As this may break things for servers that have implemented their own query parameters without properly declaring them in the EntryListingQueryParams and SingleEntryQueryParams, we should probably bump the OPTIMADE python tools version to 0.17.1 when this change is released.

[ml-evs]

Looking good now @JPBergsma, couple of minor comments below!

[ml-evs]

Suggested change

	description="If True, the code will check whether the query parameters given in the URL string are correct.",
	description="If True, the server will each request whether the query parameters given in the request are correct.",

[ml-evs]

This should be made an abstract class

Suggested change

	class BaseQueryParams:
	from abc import ABC
	@ABC
	class BaseQueryParams:

[ml-evs]

Very minor changes to the docstrings so they look good in the rendered docs, otherwise LGTM!

[JPBergsma]

I processed your changes and used getattr to get the value of validate_query_parameters. This way, things won't break if they use their own config file.

[ml-evs]

I processed your changes and used getattr to get the value of validate_query_parameters. This way, things won't break if they use their own config file.

I see what you are going for, but not sure how many people have written a custom config class that doesn't inherit from our one (or if we should encourage this). Seems like a harmless change to leave in though.

I'm happy with this if you are, thanks again @JPBergsma!

[ml-evs]

I'm just going to rename the PR and the linked issue to make the changelog clearer. Feel free to squash merge once that's done.