(#199) Return 400 Bad Request on a client-side evaluation.

Adrian Hall · Adrian Hall · commit 296e8910bb95 · 2025-01-30T09:07:43.000-08:00
diff --git a/src/CommunityToolkit.Datasync.Server/Controllers/TableController.Query.cs b/src/CommunityToolkit.Datasync.Server/Controllers/TableController.Query.cs
@@ -76,15 +76,31 @@ public virtual async Task<IActionResult> QueryAsync(CancellationToken cancellati
         IQueryable<TEntity> filteredDataset = dataset.ApplyODataFilter(queryOptions.Filter, querySettings);
 
         // Count the number of items within the filtered dataset - this is used when $count is requested.
-        int filteredCount = await Repository.CountAsync(filteredDataset, cancellationToken).ConfigureAwait(false);
+        int filteredCount;
+        try
+        {
+            filteredCount = await Repository.CountAsync(filteredDataset, cancellationToken).ConfigureAwait(false);
+        }
+        catch (Exception ex) when (ex is InvalidOperationException or NotSupportedException)
+        {
+            throw new HttpException(400, "Client-side evaluation is not supported. Please ensure that the query can be translated to a server-side query.");
+        }
 
         // Now apply the OrderBy, Skip, and Top options to the dataset.
         IQueryable<TEntity> orderedDataset = filteredDataset
             .ApplyODataOrderBy(queryOptions.OrderBy, querySettings)
             .ApplyODataPaging(queryOptions, querySettings);
 
         // Get the list of items within the dataset that need to be returned.
-        IList<TEntity> entitiesInResultSet = await Repository.ToListAsync(orderedDataset, cancellationToken).ConfigureAwait(false);
+        IList<TEntity> entitiesInResultSet;
+        try
+        {
+            entitiesInResultSet = await Repository.ToListAsync(orderedDataset, cancellationToken).ConfigureAwait(false);
+        }
+        catch (Exception ex) when (ex is InvalidOperationException or NotSupportedException)
+        {
+            throw new HttpException(400, "Client-side evaluation is not supported. Please ensure that the query can be translated to a server-side query.");
+        }
 
         // Produce the paged result.
         PagedResult result = BuildPagedResult(queryOptions, entitiesInResultSet.ApplyODataSelect(queryOptions.SelectExpand, querySettings), filteredCount);
diff --git a/src/CommunityToolkit.Datasync.Server/Models/TableControllerOptions.cs b/src/CommunityToolkit.Datasync.Server/Models/TableControllerOptions.cs
@@ -29,6 +29,10 @@ public class TableControllerOptions
     /// will get a 500 Internal Server Error if they attempt to use a query that cannot
     /// be evaluated by the database.
     /// </summary>
+    /// <remarks>
+    /// This option is no longer used (since v9.0.0)
+    /// </remarks>
+    [Obsolete("Client-side evaluation is no longer supported.  This option will be removed in a future release.")]
     public bool DisableClientSideEvaluation { get; set; }
 
     /// <summary>
@@ -44,7 +48,7 @@ public class TableControllerOptions
     public int MaxTop
     {
         get => this._maxTop;
-        set 
+        set
         {
             ArgumentOutOfRangeException.ThrowIfLessThan(value, 1, nameof(MaxTop));
             ArgumentOutOfRangeException.ThrowIfGreaterThan(value, MAX_TOP, nameof(MaxTop));
@@ -58,11 +62,11 @@ public int MaxTop
     public int PageSize
     {
         get => this._pageSize;
-        set 
+        set
         {
             ArgumentOutOfRangeException.ThrowIfLessThan(value, 1, nameof(PageSize));
             ArgumentOutOfRangeException.ThrowIfGreaterThan(value, MAX_PAGESIZE, nameof(PageSize));
-            this._pageSize = value; 
+            this._pageSize = value;
         }
     }
 
diff --git a/tests/CommunityToolkit.Datasync.Server.Test/Helpers/LiveControllerTests.cs b/tests/CommunityToolkit.Datasync.Server.Test/Helpers/LiveControllerTests.cs
@@ -51,7 +51,7 @@ public abstract class LiveControllerTests<TEntity> : BaseTest where TEntity : cl
     /// <summary>
     /// The Movie Endpoint to put into the controller context.
     /// </summary>
-    private const string MovieEndpoint = "http://localhost/tables/movies";
+    protected const string MovieEndpoint = "http://localhost/tables/movies";
 
     /// <summary>
     /// The number of movies in the dataset.
@@ -80,21 +80,6 @@ protected virtual async Task CreateControllerAsync(HttpMethod method = null, str
         this.tableController.ControllerContext.HttpContext = CreateHttpContext(method ?? HttpMethod.Get, uri);
     }
 
-    private async Task<List<TEntity>> GetListOfEntitiesAsync(IEnumerable<string> ids)
-    {
-        List<TEntity> entities = [];
-        foreach (string id in ids)
-        {
-            TEntity entity = await GetEntityAsync(id);
-            if (entity != null)
-            {
-                entities.Add(entity);
-            }
-        }
-
-        return entities;
-    }
-
     /// <summary>
     /// This is the base test for the individual query tests.
     /// </summary>
diff --git a/tests/CommunityToolkit.Datasync.Server.Test/Live/Cosmos_Controller_Tests.cs b/tests/CommunityToolkit.Datasync.Server.Test/Live/Cosmos_Controller_Tests.cs
@@ -4,8 +4,10 @@
 
 using CommunityToolkit.Datasync.Server.EntityFrameworkCore;
 using CommunityToolkit.Datasync.Server.Test.Helpers;
+using CommunityToolkit.Datasync.TestCommon;
 using CommunityToolkit.Datasync.TestCommon.Databases;
 using Microsoft.EntityFrameworkCore;
+using System;
 using Xunit.Abstractions;
 
 namespace CommunityToolkit.Datasync.Server.Test.Live;
@@ -59,4 +61,22 @@ protected override Task<IRepository<CosmosEntityMovie>> GetPopulatedRepositoryAs
     protected override Task<string> GetRandomEntityIdAsync(bool exists)
         => Task.FromResult(exists ? this.movies[this.random.Next(this.movies.Count)].Id : Guid.NewGuid().ToString());
     #endregion
+
+    /// <summary>
+    /// We test the 400 Bad Request client-side evaluation error here because Cosmos has more restrictions than most,
+    /// so it's easier to test the code path.
+    /// </summary>
+    [Fact]
+    public async Task ClientSideEvaluation_Produces_400BadRequest()
+    {
+        Skip.IfNot(CanRunLiveTests());
+
+        IRepository<CosmosEntityMovie> repository = await GetPopulatedRepositoryAsync();
+        TableController<CosmosEntityMovie> tableController = new(repository);
+        tableController.ControllerContext.HttpContext = CreateHttpContext(HttpMethod.Get, $"{MovieEndpoint}?$filter=((year div 1000.5) eq 2)");
+
+        Func<Task> act = async () => _ = await tableController.QueryAsync();
+
+        (await act.Should().ThrowAsync<HttpException>()).WithStatusCode(400);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,10 @@ public class TableControllerOptions`
`29`	`29`	`/// will get a 500 Internal Server Error if they attempt to use a query that cannot`
`30`	`30`	`/// be evaluated by the database.`
`31`	`31`	`/// </summary>`
	`32`	`+ /// <remarks>`
	`33`	`+ /// This option is no longer used (since v9.0.0)`
	`34`	`+ /// </remarks>`
	`35`	`+ [Obsolete("Client-side evaluation is no longer supported. This option will be removed in a future release.")]`
`32`	`36`	`public bool DisableClientSideEvaluation { get; set; }`
`33`	`37`
`34`	`38`	`/// <summary>`
`@@ -44,7 +48,7 @@ public class TableControllerOptions`
`44`	`48`	`public int MaxTop`
`45`	`49`	`{`
`46`	`50`	`get => this._maxTop;`
`47`		`- set`
	`51`	`+ set`
`48`	`52`	`{`
`49`	`53`	`ArgumentOutOfRangeException.ThrowIfLessThan(value, 1, nameof(MaxTop));`
`50`	`54`	`ArgumentOutOfRangeException.ThrowIfGreaterThan(value, MAX_TOP, nameof(MaxTop));`
`@@ -58,11 +62,11 @@ public int MaxTop`
`58`	`62`	`public int PageSize`
`59`	`63`	`{`
`60`	`64`	`get => this._pageSize;`
`61`		`- set`
	`65`	`+ set`
`62`	`66`	`{`
`63`	`67`	`ArgumentOutOfRangeException.ThrowIfLessThan(value, 1, nameof(PageSize));`
`64`	`68`	`ArgumentOutOfRangeException.ThrowIfGreaterThan(value, MAX_PAGESIZE, nameof(PageSize));`
`65`		`- this._pageSize = value;`
	`69`	`+ this._pageSize = value;`
`66`	`70`	`}`
`67`	`71`	`}`
`68`	`72`