feat: validate queries according to query language

fix: add selection set to query validation

Fixes STU-218

Signed-off-by: Gustavo Inacio <[email protected]>

feat: share functionality across sql- and non-sql gateways

test: ensure nested sql fields are not rejected

Author: gusinacio

graph-gateway/src/client_query.rs

@@ -58,6 +58,7 @@ use crate::{
     block_constraints::{resolve_block_requirements, rewrite_query, BlockRequirements},
     indexer_client::{check_block_error, IndexerClient, ResponsePayload},
     reports::{self, serialize_attestation},
+    sql_constraints::{validate_query, SqlFieldBehavior},
     unattestable_errors::{miscategorized_attestable, miscategorized_unattestable},
 };
 
@@ -283,6 +284,9 @@ async fn handle_client_query_inner(
         .unwrap_or_default();
     let mut context = AgoraContext::new(&payload.query, &variables)
         .map_err(|err| Error::BadQuery(anyhow!("{err}")))?;
+
+    validate_query(&context, SqlFieldBehavior::RejectSql)?;
+
     tracing::info!(
         target: CLIENT_REQUEST_TARGET,
         query = %payload.query,

graph-gateway/src/lib.rs

@@ -5,5 +5,6 @@ pub mod indexer_client;
 pub mod indexers;
 pub mod indexings_blocklist;
 pub mod reports;
+pub mod sql_constraints;
 pub mod subgraph_studio;
 pub mod unattestable_errors;