GQL: Validate Property ID arg on statements and qualifiers

Bug: T404834
Change-Id: Ic1f0a1b25ac81c09148878e8b2a11fd6679689d1

Author: dima koushha

repo/domains/reuse/src/Infrastructure/GraphQL/Schema/PropertyIdType.php

@@ -0,0 +1,58 @@
+<?php declare( strict_types=1 );
+
+namespace Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema;
+
+use GraphQL\Error\Error;
+use GraphQL\Error\InvariantViolation;
+use GraphQL\Language\AST\Node;
+use GraphQL\Language\AST\StringValueNode;
+use GraphQL\Type\Definition\ScalarType;
+use GraphQL\Utils\Utils;
+use InvalidArgumentException;
+use Wikibase\DataModel\Entity\NumericPropertyId;
+
+/**
+ * @license GPL-2.0-or-later
+ */
+class PropertyIdType extends ScalarType {
+	public function serialize( mixed $value ): string {
+		if ( !$this->isValidPropertyId( $value ) ) {
+			throw new InvariantViolation( 'Could not serialize the following value as Property ID: ' . Utils::printSafe( $value ) );
+		}
+
+		return $value;
+	}
+
+	public function parseValue( mixed $value ): string {
+		if ( !$this->isValidPropertyId( $value ) ) {
+			throw new Error( 'Cannot represent the following value as Property ID: ' . Utils::printSafeJson( $value ) );
+		}
+
+		return $value;
+	}
+
+	public function parseLiteral( Node $valueNode, ?array $variables = null ): string {
+		if ( !$valueNode instanceof StringValueNode ) {
+			throw new Error( 'Query error: Can only parse strings got: ' . $valueNode->kind, [ $valueNode ] );
+		}
+
+		if ( !$this->isValidPropertyId( $valueNode->value ) ) {
+			throw new Error( 'Not a valid Property ID: ' . Utils::printSafeJson( $valueNode->value ), [ $valueNode ] );
+		}
+
+		return $valueNode->value;
+	}
+
+	private function isValidPropertyId( mixed $id ): bool {
+		if ( !is_string( $id ) ) {
+			return false;
+		}
+
+		try {
+			new NumericPropertyId( $id ); // @phan-suppress-current-line PhanNoopNew
+			return true;
+		} catch ( InvalidArgumentException ) {
+			return false;
+		}
+	}
+}

repo/domains/reuse/src/Infrastructure/GraphQL/Schema/Schema.php

@@ -26,6 +26,7 @@ public function __construct(
 		private readonly PropertyValuePairType $propertyValuePairType,
 		private readonly ValueType $valueType,
 		private readonly ValueTypeType $valueTypeType,
+		private readonly PropertyIdType $propertyIdType
 	) {
 		parent::__construct( [
 			'query' => new ObjectType( [
@@ -99,7 +100,7 @@ private function itemType(): ObjectType {
 					// @phan-suppress-next-line PhanUndeclaredInvokeInCallable
 					'type' => Type::nonNull( Type::listOf( $this->statementType() ) ),
 					'args' => [
-						'propertyId' => Type::nonNull( Type::string() ),
+						'propertyId' => Type::nonNull( $this->propertyIdType ),
 					],
 					'resolve' => fn( Item $item, array $args ) => $item->statements
 						->getStatementsByPropertyId( new NumericPropertyId( $args[ 'propertyId' ] ) ),
@@ -124,7 +125,7 @@ private function statementType(): ObjectType {
 					// @phan-suppress-next-line PhanUndeclaredInvokeInCallable
 					'type' => Type::nonNull( Type::listOf( $this->propertyValuePairType ) ),
 					'args' => [
-						'propertyId' => Type::nonNull( Type::string() ),
+						'propertyId' => Type::nonNull( $this->propertyIdType ),
 					],
 					'resolve' => fn( Statement $statement, $args ) => $statement->qualifiers
 						->getQualifiersByPropertyId( new NumericPropertyId( $args[ 'propertyId' ] ) ),

repo/domains/reuse/src/Infrastructure/GraphQL/schema.graphql

@@ -10,7 +10,7 @@ type Item {
   description(languageCode: LanguageCode!): String
   aliases(languageCode: LanguageCode!): [String]!
   sitelink(siteId: SiteId!): Sitelink
-  statements(propertyId: String!): [Statement]!
+  statements(propertyId: PropertyId!): [Statement]!
 }
 
 scalar LanguageCode
@@ -22,10 +22,12 @@ type Sitelink {
   url: String!
 }
 
+scalar PropertyId
+
 type Statement {
   id: String!
   rank: Rank!
-  qualifiers(propertyId: String!): [PropertyValuePair]!
+  qualifiers(propertyId: PropertyId!): [PropertyValuePair]!
   references: [Reference]!
   property: PredicateProperty!
   value: Value

repo/domains/reuse/src/WbReuse.ServiceWiring.php

@@ -14,6 +14,7 @@
 use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\ItemIdType;
 use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\LanguageCodeType;
 use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\PredicatePropertyType;
+use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\PropertyIdType;
 use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\PropertyValuePairType;
 use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\Schema;
 use Wikibase\Repo\Domains\Reuse\Infrastructure\GraphQL\Schema\SiteIdType;
@@ -58,7 +59,8 @@
 			$predicatePropertyType,
 			new PropertyValuePairType( $predicatePropertyType, $valueType, $valueTypeType ),
 			$valueType,
-			$valueTypeType
+			$valueTypeType,
+			new PropertyIdType()
 		);
 	},
 	'WbReuse.GraphQLService' => function( MediaWikiServices $services ): GraphQLService {

repo/domains/reuse/tests/phpunit/Infrastructure/GraphQL/GraphQLServiceTest.php

@@ -590,6 +590,27 @@ public static function errorsProvider(): Generator {
 				"Not a valid language code: \"$languageCode\"",
 			];
 		}
+
+		$propertyId = 'not-a-valid-property-id';
+		yield 'validates property ID' => [
+			"{ item(id: \"$itemId\") {
+			statements(propertyId: \"$propertyId\") { id }
+		 } }",
+			"Not a valid Property ID: \"$propertyId\"",
+		];
+
+		$qualifierPropertyId = 'not-a-valid-property-id';
+		$validPropertyId = 'P123';
+		yield 'validates property ID for qualifiers' => [
+			"{ item(id: \"$itemId\") {
+			statements(propertyId: \"$validPropertyId\") {
+				qualifiers(propertyId: \"$qualifierPropertyId\") {
+					valueType
+				} 
+			 }
+		 } }",
+			"Not a valid Property ID: \"$propertyId\"",
+		];
 	}
 
 	private function newGraphQLService(