Added option to validate incoming URL query parameters

optimade/server/routers/utils.py

@@ -1,5 +1,6 @@
 # pylint: disable=import-outside-toplevel,too-many-locals
 import re
+from warnings import warn
 import urllib.parse
 from datetime import datetime
 from typing import Any, Dict, List, Set, Union
@@ -22,6 +23,8 @@
 from optimade.server.exceptions import BadRequest, InternalServerError
 from optimade.server.query_params import EntryListingQueryParams, SingleEntryQueryParams
 from optimade.utils import mongo_id_for_database, get_providers, PROVIDER_LIST_URLS
+from optimade.server.mappers import BaseResourceMapper
+from optimade.server.warnings import UnknownProviderQueryParameter
 
 __all__ = (
     "BASE_URL_PREFIXES",
@@ -235,6 +238,7 @@ def get_entries(
     """Generalized /{entry} endpoint getter"""
     from optimade.server.routers import ENTRY_COLLECTIONS
 
+    check_params(request, params)
     (
         results,
         data_returned,
@@ -284,6 +288,7 @@ def get_single_entry(
 ) -> EntryResponseOne:
     from optimade.server.routers import ENTRY_COLLECTIONS
 
+    check_params(request, params)
     params.filter = f'id="{entry_id}"'
     (
         results,
@@ -319,3 +324,25 @@ def get_single_entry(
         ),
         included=included,
     )
+
+
+def check_params(
+    request: Request, params: Union[EntryListingQueryParams, SingleEntryQueryParams]
+):
+    for param in request.query_params.keys():
+        if not hasattr(params, param):
+            split_param = param.split("_")
+            if param.startswith("_") and len(split_param) > 2:
+                if split_param[1] not in BaseResourceMapper.KNOWN_PROVIDER_PREFIXES:
+                    warn(
+                        f"The Query parameter '{param}' has an unknown provider prefix: '{split_param[1]}'. This query parameter has been ignored.",
+                        UnknownProviderQueryParameter,
+                    )
+                elif split_param[1] in BaseResourceMapper.SUPPORTED_PREFIXES:
+                    raise BadRequest(
+                        detail=f"The query parameter '{param}' has a prefix that is supported by this server, yet the parameter is not known."
+                    )
+            else:
+                raise BadRequest(
+                    detail=f"The query parameter '{param}' is not known by this entry point."
+                )

optimade/server/warnings.py

@@ -56,3 +56,10 @@ class UnknownProviderProperty(OptimadeWarning):
     recognised by this implementation.
 
     """
+
+
+class UnknownProviderQueryParameter(OptimadeWarning):
+    """A provider-specific query parameter has been requested in the query who's prefix is not
+    recognised by this implementation.
+
+    """

tests/server/query_params/test_filter.py

@@ -597,3 +597,49 @@ def test_filter_on_unknown_fields(check_response, check_error_response):
     request = "/structures?filter=_optimade_random_field = 1"
     expected_ids = []
     check_response(request, expected_ids=expected_ids)
+
+
+def test_wrong_query_param(check_error_response):
+    request = "/structures?_exmpl_filter=nelements=2"
+    check_error_response(
+        request,
+        expected_status=400,
+        expected_title="Bad Request",
+        expected_detail="The query parameter '_exmpl_filter' has a prefix that is supported by this server, yet the parameter is not known.",
+    )
+
+    request = "/structures?filer=nelements=2"
+    check_error_response(
+        request,
+        expected_status=400,
+        expected_title="Bad Request",
+        expected_detail="The query parameter 'filer' is not known by this entry point.",
+    )
+
+    request = "/structures/mpf_3819?filter=nelements=2"
+    check_error_response(
+        request,
+        expected_status=400,
+        expected_title="Bad Request",
+        expected_detail="The query parameter 'filter' is not known by this entry point.",
+    )
+
+
+def test_handling_prefixed_query_param(check_response):
+    request = "/structures?_odbx_filter=nelements=2&filter=elements LENGTH >= 9"
+    expected_ids = ["mpf_3819"]
+    check_response(request, expected_ids)
+
+    request = (
+        "/structures?_unknown_filter=elements HAS 'Si'&filter=elements LENGTH >= 9"
+    )
+    expected_ids = ["mpf_3819"]
+    expected_warnings = [
+        {
+            "title": "UnknownProviderQueryParameter",
+            "detail": "The Query parameter '_unknown_filter' has an unknown provider prefix: 'unknown'. This query parameter has been ignored.",
+        }
+    ]
+    check_response(
+        request, expected_ids=expected_ids, expected_warnings=expected_warnings
+    )