adds validation for entity preview requests

Signed-off-by: Max Thonagel <12283268+thoniTUB@users.noreply.github.com>

backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java

@@ -56,6 +56,7 @@
 import com.bakdata.conquery.models.datasets.SecondaryIdDescription;
 import com.bakdata.conquery.models.datasets.concepts.Connector;
 import com.bakdata.conquery.models.error.ConqueryError;
+import com.bakdata.conquery.models.exceptions.ValidatorHelper;
 import com.bakdata.conquery.models.execution.ExecutionState;
 import com.bakdata.conquery.models.execution.ManagedExecution;
 import com.bakdata.conquery.models.i18n.I18n;
@@ -84,6 +85,7 @@
 import com.google.common.collect.MutableClassToInstanceMap;
 import jakarta.inject.Inject;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.Validator;
 import jakarta.ws.rs.BadRequestException;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.UriBuilder;
@@ -102,6 +104,8 @@ public class QueryProcessor {
 	private MetaStorage storage;
 	@Inject
 	private ConqueryConfig config;
+	@Inject
+	private Validator validator;
 
 
 
@@ -339,6 +343,9 @@ public FullExecutionStatus getSingleEntityExport(Subject subject, UriBuilder uri
 		final EntityPreviewForm form =
 				EntityPreviewForm.create(entity, idKind, dateRange, sources, previewConfig.getSelects(), previewConfig.getTimeStratifiedSelects(), datasetRegistry);
 
+		// Validate our own form because we provide it directly to the processor, which does not validate.
+		ValidatorHelper.failOnError(log, validator.validate(form));
+
 		// TODO make sure that subqueries are also system
 		// TODO do not persist system queries
 		final EntityPreviewExecution execution = (EntityPreviewExecution) postQuery(dataset, form, subject, true);

backend/src/main/java/com/bakdata/conquery/models/query/preview/EntityPreviewForm.java

@@ -40,6 +40,7 @@
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.collect.ClassToInstanceMap;
+import jakarta.validation.Valid;
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
@@ -68,7 +69,9 @@ public class EntityPreviewForm extends Form implements InternalForm {
 	public static final String VALUES_QUERY_NAME = "VALUES";
 
 
+	@Valid
 	private final AbsoluteFormQuery infoCardQuery;
+	@Valid
 	private final TableExportQuery valuesQuery;
 
 

backend/src/main/java/com/bakdata/conquery/resources/api/DatasetQueryResource.java

@@ -57,7 +57,7 @@ public class DatasetQueryResource {
 
 	@POST
 	@Path("/entity")
-	public FullExecutionStatus getEntityData(@Auth Subject subject, EntityPreviewRequest query, @Context HttpServletRequest request) {
+	public FullExecutionStatus getEntityData(@Auth Subject subject, @Valid EntityPreviewRequest query, @Context HttpServletRequest request) {
 		subject.authorize(dataset, Ability.READ);
 		subject.authorize(dataset, Ability.PRESERVE_ID);
 

backend/src/main/java/com/bakdata/conquery/resources/api/EntityPreviewRequest.java

@@ -7,6 +7,7 @@
 import com.bakdata.conquery.models.common.Range;
 import com.bakdata.conquery.models.datasets.concepts.Connector;
 import com.fasterxml.jackson.annotation.JsonCreator;
+import jakarta.validation.constraints.NotEmpty;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 
@@ -17,6 +18,7 @@ public class EntityPreviewRequest {
 	private final String entityId;
 	private final Range<LocalDate> time;
 	@NsIdRefCollection
+	@NotEmpty
 	private final List<Connector> sources;
 
 	//TODO uncomment, when frontend is adapted to support this