graphql-alt: validate type and field for available range (#24486)

## Description 

Check that types and fields passed into `AvailableRange` queries are in
the schema registry.

## Test plan 

```
cargo nextest run -p sui-indexer-alt-e2e-tests -- graphql/
cargo nextest run -p sui-indexer-alt-e2e-tests -- graphql/available_range
```

---

## Release notes

Check each box that your changes affect. If none of the boxes relate to
your changes, release notes aren't required.

For each box you select, include information after the relevant heading
that describes the impact of your changes that a user might notice and
any actions they must take to implement updates.

- [ ] Protocol: 
- [ ] Nodes (Validators and Full nodes): 
- [ ] gRPC:
- [ ] JSON-RPC: 
- [x] GraphQL: Validate types and fields passed into AvailableRange
queries.
- [ ] CLI: 
- [ ] Rust SDK:
- [ ] Indexing Framework:

---------

Co-authored-by: Ashok Menon <[email protected]>

Author: henryachen

crates/sui-indexer-alt-e2e-tests/tests/graphql/available_range/available_range_errors.move

@@ -0,0 +1,68 @@
+// Copyright (c) Mysten Labs, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
+//# init --protocol-version 51 --simulator --objects-snapshot-min-checkpoint-lag 2
+
+//# run-graphql
+{
+  happyPath: serviceConfig {
+    availableRange(type: "Query", field: "checkpoints") {
+      first {
+        digest
+        sequenceNumber
+      }
+      last {
+        digest
+        sequenceNumber
+      }
+    }
+  }
+}
+
+//# run-graphql
+{
+  typeNotFound: serviceConfig {
+    availableRange(type: "InvalidType", field: "checkpoints") {
+      first {
+        digest
+        sequenceNumber
+      }
+    }
+  }
+}
+
+//# run-graphql
+{
+  fieldNotFound: serviceConfig {
+    availableRange(type: "Query", field: "invalidField") {
+      first {
+        digest
+        sequenceNumber
+      }
+    }
+  }
+}
+
+//# run-graphql
+{
+  invalidTypeAndField: serviceConfig {
+    availableRange(type: "InvalidType", field: "invalidField") {
+      first {
+        digest
+        sequenceNumber
+      }
+    }
+  }
+}
+
+//# run-graphql
+{
+  notAnObjectOrInterface: serviceConfig {
+    availableRange(type: "ZkLoginIntentScope", field: "invalidField") {
+      first {
+        digest
+        sequenceNumber
+      }
+    }
+  }
+}

crates/sui-indexer-alt-e2e-tests/tests/graphql/available_range/available_range_errors.snap

@@ -0,0 +1,119 @@
+---
+source: external-crates/move/crates/move-transactional-test-runner/src/framework.rs
+---
+processed 6 tasks
+
+task 1, lines 6-20:
+//# run-graphql
+Response: {
+  "data": {
+    "happyPath": {
+      "availableRange": {
+        "first": {
+          "digest": "ZQawQqeikA4pRqKnkcuHuMnGZuKJTSt3V3EVmMjG56k",
+          "sequenceNumber": 0
+        },
+        "last": {
+          "digest": "ZQawQqeikA4pRqKnkcuHuMnGZuKJTSt3V3EVmMjG56k",
+          "sequenceNumber": 0
+        }
+      }
+    }
+  }
+}
+
+task 2, lines 22-32:
+//# run-graphql
+Response: {
+  "data": null,
+  "errors": [
+    {
+      "message": "Type 'InvalidType' not found in schema.",
+      "locations": [
+        {
+          "line": 3,
+          "column": 5
+        }
+      ],
+      "path": [
+        "typeNotFound",
+        "availableRange"
+      ],
+      "extensions": {
+        "code": "BAD_USER_INPUT"
+      }
+    }
+  ]
+}
+
+task 3, lines 34-44:
+//# run-graphql
+Response: {
+  "data": null,
+  "errors": [
+    {
+      "message": "Field 'invalidField' not found in type 'Query'.",
+      "locations": [
+        {
+          "line": 3,
+          "column": 5
+        }
+      ],
+      "path": [
+        "fieldNotFound",
+        "availableRange"
+      ],
+      "extensions": {
+        "code": "BAD_USER_INPUT"
+      }
+    }
+  ]
+}
+
+task 4, lines 46-56:
+//# run-graphql
+Response: {
+  "data": null,
+  "errors": [
+    {
+      "message": "Type 'InvalidType' not found in schema.",
+      "locations": [
+        {
+          "line": 3,
+          "column": 5
+        }
+      ],
+      "path": [
+        "invalidTypeAndField",
+        "availableRange"
+      ],
+      "extensions": {
+        "code": "BAD_USER_INPUT"
+      }
+    }
+  ]
+}
+
+task 5, lines 58-68:
+//# run-graphql
+Response: {
+  "data": null,
+  "errors": [
+    {
+      "message": "'ZkLoginIntentScope' is not an Object or Interface.",
+      "locations": [
+        {
+          "line": 3,
+          "column": 5
+        }
+      ],
+      "path": [
+        "notAnObjectOrInterface",
+        "availableRange"
+      ],
+      "extensions": {
+        "code": "BAD_USER_INPUT"
+      }
+    }
+  ]
+}

crates/sui-indexer-alt-graphql/src/api/types/available_range.rs

@@ -2,17 +2,32 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use anyhow::anyhow;
-use async_graphql::{Context, Object};
+use async_graphql::{
+    Context, Object,
+    registry::{MetaType, Registry},
+};
 use std::{collections::BTreeSet, sync::Arc};
 
 use crate::{
-    error::{RpcError, feature_unavailable},
+    error::{RpcError, bad_user_input, feature_unavailable, upcast},
     scope::Scope,
     task::watermark::Watermarks,
 };
 
 use super::checkpoint::Checkpoint;
 
+#[derive(thiserror::Error, Debug)]
+pub enum Error {
+    #[error("'{0}' is not an Object or Interface.")]
+    NotAnObjectOrInterface(String),
+
+    #[error("Type '{0}' not found in schema.")]
+    TypeNotFound(String),
+
+    #[error("Field '{1}' not found in type '{0}'.")]
+    FieldNotFound(String, String),
+}
+
 /// Identifies a GraphQL query component that is used to determine the range of checkpoints for which data is available (for data that can be tied to a particular checkpoint).
 ///
 /// Provides retention information for the type and optional field and filters. If field or filters are not provided we fall back to the available range for the type.
@@ -60,9 +75,10 @@ impl AvailableRange {
         ctx: &Context<'_>,
         scope: &Scope,
         available_range_key: AvailableRangeKey,
-    ) -> Result<Self, RpcError> {
+    ) -> Result<Self, RpcError<Error>> {
+        available_range_key.validate(&ctx.schema_env.registry)?;
         let watermarks: &Arc<Watermarks> = ctx.data()?;
-        let first = available_range_key.reader_lo(watermarks)?;
+        let first = available_range_key.reader_lo(watermarks).map_err(upcast)?;
 
         Ok(Self {
             scope: scope.clone(),
@@ -84,6 +100,32 @@ impl AvailableRangeKey {
                 .map(|wm| acc.max(wm.checkpoint()))
         })
     }
+
+    /// Validates that this key references valid types and fields in the GraphQL schema.
+    fn validate(&self, registry: &Registry) -> Result<(), RpcError<Error>> {
+        let fields = match registry.types.get(&self.type_) {
+            Some(MetaType::Object { fields, .. } | MetaType::Interface { fields, .. }) => fields,
+            Some(_) => {
+                return Err(bad_user_input(Error::NotAnObjectOrInterface(
+                    self.type_.to_string(),
+                )));
+            }
+            None => {
+                return Err(bad_user_input(Error::TypeNotFound(self.type_.to_string())));
+            }
+        };
+
+        if let Some(field_name) = &self.field {
+            fields.get(field_name).ok_or_else(|| {
+                bad_user_input(Error::FieldNotFound(
+                    self.type_.to_string(),
+                    field_name.to_string(),
+                ))
+            })?;
+        }
+
+        Ok(())
+    }
 }
 
 /// Return the appropriate error for the query or filter if the pipeline is not available.

crates/sui-indexer-alt-graphql/src/api/types/service_config.rs

@@ -4,7 +4,7 @@
 use async_graphql::{Context, Object, Result};
 
 use crate::{
-    api::types::available_range::{AvailableRange, AvailableRangeKey},
+    api::types::available_range::{AvailableRange, AvailableRangeKey, Error},
     config::Limits,
     error::RpcError,
     pagination::{PaginationConfig, is_connection},
@@ -212,7 +212,7 @@ impl ServiceConfig {
         type_: String,
         field: Option<String>,
         filters: Option<Vec<String>>,
-    ) -> Result<AvailableRange, RpcError> {
+    ) -> Result<AvailableRange, RpcError<Error>> {
         AvailableRange::new(
             ctx,
             &self.scope,