search

CK-Yong / gaip-net

Library for implementing Google Api Improvement Proposals in C#
MIT License
2 stars 1 forks source link

Add checks against "query of death" #11

Open CK-Yong opened 2 years ago

CK-Yong commented 2 years ago

AIP-160 specifies the following:

Limitations A service may specify further structure or limitations for filter queries, above what is defined here. For example, a service may support the logical operators but only permit a certain number of them (to avoid "queries of death" or other performance concerns).

Further structure or limitations must be clearly documented, must not violate requirements set forth in this document, and a non-compliant filter query must error with INVALID_ARGUMENT.

We should be able to either limit or inform the consumers of the package which operators or comparables were parsed.

For example, by wrapping the build result before it can be used, we can do some validation.

BuildResult<FilterDefinition<MyDocument>> result = FilterBuilder
    .FromString("MyProperty=bar")
    .UseAdapter(new MongoFilterAdapter<MyDocument>())
    .Build();

result.HasOperator("=") == true;
result.HasOperator("=", myDoc => myDoc.MyProperty) == true;
result.HasOperator(">=", myDoc => myDoc.MyProperty) == false;

result.HasComparable(myDoc => myDoc.MyProperty) == true;
result.HasComparable("MyProperty") == true;

myCollection.FindAsync(result.Filter);

// Another way to validate:
result.ThrowIfOperation("=");
CK-Yong commented 2 years ago

We could also use a whitelist, like this:

BuildResult<FilterDefinition<MyDocument>> result = FilterBuilder
    .FromString("MyProperty=bar")
    .UseAdapter(new MongoFilterAdapter<MyDocument>())
    .UseWhiteList(x => x.Foo, x => x.Bar, x => x.FooBar)
    .Build();

Where the parameters would just be a list of properties to allow querying on.

CK-Yong commented 2 years ago

Should still add functionality for blocking operators.