You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+24Lines changed: 24 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -369,6 +369,8 @@ You can customize additional settings in your `.env` file:
369
369
|`USE_DATETIME_NANOS`| Enables nanosecond precision handling for `datetime` field searches as per the `date_nanos` type. When `False`, it uses 3 millisecond precision as per the type `date`. |`true`| Optional |
370
370
|`EXCLUDED_FROM_QUERYABLES`| Comma-separated list of fully qualified field names to exclude from the queryables endpoint and filtering. Use full paths like `properties.auth:schemes,properties.storage:schemes`. Excluded fields and their nested children will not be exposed in queryables. | None | Optional |
371
371
|`EXCLUDED_FROM_ITEMS`| Specifies fields to exclude from STAC item responses. Supports comma-separated field names and dot notation for nested fields (e.g., `private_data,properties.confidential,assets.internal`). |`None`| Optional |
372
+
|`VALIDATE_QUERYABLES`| Enable validation of query parameters against the collection's queryables. If set to `true`, the API will reject queries containing fields that are not defined in the collection's queryables. |`false`| Optional |
373
+
|`QUERYABLES_CACHE_TTL`| Time-to-live (in seconds) for the queryables cache. Used when `VALIDATE_QUERYABLES` is enabled. |`3600`| Optional |
- Excluded fields and their nested children will be skipped during field traversal
425
427
- Both the field itself and any nested properties will be excluded
426
428
429
+
## Queryables Validation
430
+
431
+
SFEOS supports validating query parameters against the collection's defined queryables. This ensures that users only query fields that are explicitly exposed and indexed.
432
+
433
+
**Configuration:**
434
+
435
+
To enable queryables validation, set the following environment variables:
436
+
437
+
```bash
438
+
VALIDATE_QUERYABLES=true
439
+
QUERYABLES_CACHE_TTL=3600 # Optional, defaults to 3600 seconds (1 hour)
440
+
```
441
+
442
+
**Behavior:**
443
+
444
+
- When enabled, the API maintains a cache of all queryable fields across all collections.
445
+
- Search requests (both GET and POST) are checked against this cache.
446
+
- If a request contains a query parameter or filter field that is not in the list of allowed queryables, the API returns a `400 Bad Request` error with a message indicating the invalid field(s).
447
+
- The cache is automatically refreshed based on the `QUERYABLES_CACHE_TTL` setting.
448
+
449
+
This feature helps prevent queries on unindexed fields which could lead to poor performance or unexpected results.
0 commit comments