DaxServer · DaxServer · Sep 28, 2025 · Sep 27, 2025 · Sep 28, 2025 · coderabbitai
diff --git a/backend/src/api/wikibase/index.ts b/backend/src/api/wikibase/index.ts
@@ -1,5 +1,6 @@
 import {
   InstanceId,
+  OAuthCredentials,
   PropertySearchResultSchema,
   QuerySchema,
   Term,
@@ -10,7 +11,7 @@ import { wikibasePlugin } from '@backend/plugins/wikibase'
 import { constraintValidationService } from '@backend/services/constraint-validation.service'
 import { ApiErrorHandler } from '@backend/types/error-handler'
 import { ApiErrors } from '@backend/types/error-schemas'
-import { PropertyId, WikibaseDataType, ItemId } from '@backend/types/wikibase-schema'
+import { ItemId, PropertyId, WikibaseDataType } from '@backend/types/wikibase-schema'
 import { cors } from '@elysiajs/cors'
 import { Elysia, t } from 'elysia'
 
@@ -27,6 +28,33 @@ export const wikibaseEntitiesApi = new Elysia({ prefix: '/api/wikibase' })
     }),
   })
 
+  .post(
+    '/:instanceId/csrf-token',
+    async ({ params: { instanceId }, body: { credentials }, wikibase }) => {
+      const {
+        query: {
+          tokens: { csrftoken },
+        },
+      } = await wikibase.getCsrfToken(instanceId, credentials)
+      return {
+        token: csrftoken,
+      }
+    },
+    {
+      body: t.Object({
+        credentials: OAuthCredentials,
+      }),
+      response: t.Object({
+        token: t.String(),
+      }),
+      detail: {
+        summary: 'Get CSRF token',
+        description: 'Get a CSRF token for a Wikibase instance using OAuth credentials',
+        tags: ['Wikibase'],
+      },
+    },
+  )
+
   .post(
     '/:instanceId/properties/fetch',
     async ({ params: { instanceId }, wikibase, db }) => {

diff --git a/backend/src/api/wikibase/schemas.ts b/backend/src/api/wikibase/schemas.ts
@@ -1,6 +1,31 @@
 import { WikibaseDataType } from '@backend/types/wikibase-schema'
 import { t } from 'elysia'
 
+export const OAuthCredentials = t.Object({
+  consumerKey: t.String({
+    description: 'Consumer key',
+  }),
+  consumerSecret: t.String({
+    description: 'Consumer secret',
+  }),
+  accessToken: t.String({
+    description: 'Access token',
+  }),
+  accessTokenSecret: t.String({
+    description: 'Access secret',
+  }),
+})
+export type OAuthCredentials = typeof OAuthCredentials.static
+
+export const CSRFTokenResponse = t.Object({
+  query: t.Object({
+    tokens: t.Object({
+      csrftoken: t.String(),
+    }),
+  }),
+})
+export type CSRFTokenResponse = typeof CSRFTokenResponse.static
+
 export const Term = t.Union([t.Literal('label'), t.Literal('alias'), t.Literal('description')])
 export type Term = typeof Term.static
 
@@ -20,10 +45,8 @@ export const PropertySearchResultSchema = t.Object({
 })
 export type PropertySearchResult = typeof PropertySearchResultSchema.static
 
-export const InstanceId = t.String({
-  description: 'Wikibase instance ID',
-  default: 'wikidata',
-})
+export const InstanceId = t.Union([t.Literal('wikidata'), t.Literal('commons')])
+export type InstanceId = typeof InstanceId.static
 
 export const QuerySchema = t.Object({
   q: t.String({

diff --git a/backend/src/services/constraint-validation.service.ts b/backend/src/services/constraint-validation.service.ts
@@ -1,3 +1,4 @@
+import type { InstanceId } from '@backend/api/wikibase/schemas'
 import { wikibaseService } from '@backend/services/wikibase.service'
 import type {
   ConstraintViolation,
@@ -15,7 +16,7 @@ export class ConstraintValidationService {
    * Get constraints for a property using MediaWiki API
    */
   async getPropertyConstraints(
-    instanceId: string,
+    instanceId: InstanceId,
     propertyId: PropertyId,
   ): Promise<PropertyConstraint[]> {
     const cacheKey = `${instanceId}:${propertyId}`
@@ -394,7 +395,7 @@ export class ConstraintValidationService {
    * Validate a property value against its constraints
    */
   async validateProperty(
-    instanceId: string,
+    instanceId: InstanceId,
     propertyId: PropertyId,
     values: any[],
   ): Promise<ValidationResult> {
@@ -484,7 +485,7 @@ export class ConstraintValidationService {
    * Validate an entire schema against property constraints
    */
   async validateSchema(
-    instanceId: string,
+    instanceId: InstanceId,
     schema: Record<string, unknown[]>,
   ): Promise<ValidationResult> {
     const allViolations: ConstraintViolation[] = []

diff --git a/backend/src/services/mediawiki-api.service.ts b/backend/src/services/mediawiki-api.service.ts
@@ -1,7 +1,7 @@
 import type { ApiResponse, LoginResponse, MediaWikiConfig } from '@backend/types/mediawiki-api'
 
 export class MediaWikiApiService {
-  private config: MediaWikiConfig
+  public config: MediaWikiConfig
   private tokens = new Map<string, string>()
 
   constructor(config: MediaWikiConfig) {
@@ -58,8 +58,7 @@ export class MediaWikiApiService {
     const options: RequestInit = {
       method,
       headers: {
-        'User-Agent':
-          this.config.userAgent || 'DataForge/1.0 (https://github.com/DaxServer/dataforge)',
+        'User-Agent': this.config.userAgent,
       },
     }
 

diff --git a/backend/src/services/wikibase-clients.ts b/backend/src/services/wikibase-clients.ts
@@ -1,43 +1,84 @@
+import { type CSRFTokenResponse, InstanceId, OAuthCredentials } from '@backend/api/wikibase/schemas'
 import { MediaWikiApiService } from '@backend/services/mediawiki-api.service'
-import type { MediaWikiConfig } from '@backend/types/mediawiki-api'
+import OAuth from 'oauth'
 
 export class WikibaseClient {
-  private clients: Record<string, MediaWikiApiService> = {
+  private readonly endpoints: Record<InstanceId, string> = {
+    wikidata: 'https://www.wikidata.org/w/api.php',
+    commons: 'https://commons.wikimedia.org/w/api.php',
+  }
+
+  private clients: Record<InstanceId, MediaWikiApiService> = {
     wikidata: new MediaWikiApiService({
-      endpoint: 'https://www.wikidata.org/w/api.php',
+      endpoint: this.endpoints.wikidata,
+      userAgent: 'DataForge/1.0 (https://github.com/DaxServer/dataforge)',
+      timeout: 30000,
+    }),
+    commons: new MediaWikiApiService({
+      endpoint: this.endpoints.commons,
       userAgent: 'DataForge/1.0 (https://github.com/DaxServer/dataforge)',
       timeout: 30000,
     }),
   }
 
-  createClient(id: string, config: MediaWikiConfig): MediaWikiApiService {
-    const client = new MediaWikiApiService({
-      endpoint: config.endpoint,
-      userAgent: config.userAgent,
-      timeout: config.timeout,
-      token: config.token,
-    })
-
-    this.clients[id] = client
+  private credentials: Partial<Record<InstanceId, OAuthCredentials>> = {}
+  private authenticatedClients: Partial<Record<InstanceId, OAuth.OAuth>> = {}
 
-    return client
-  }
-
-  getClient(instanceId: string): MediaWikiApiService {
+  getClient(instanceId: InstanceId): MediaWikiApiService {
     const client = this.clients[instanceId]
     if (!client) {
       throw new Error(`No client found for instance: ${instanceId}`)
     }
     return client
   }
 
-  hasClient(instanceId: string): boolean {
-    return this.clients[instanceId] !== undefined
+  getAuthenticatedClient(instanceId: InstanceId, credentials: OAuthCredentials): OAuth.OAuth {
+    if (!(instanceId in this.authenticatedClients)) {
+      const client = this.getClient(instanceId)
+      this.credentials[instanceId] = credentials
+      this.authenticatedClients[instanceId] = new OAuth.OAuth(
+        this.endpoints[instanceId],
+        this.endpoints[instanceId],
-      this.authenticatedClients[instanceId] = new OAuth.OAuth(
-        this.endpoints[instanceId],
-        this.endpoints[instanceId],
+      const base = new URL(this.endpoints[instanceId]).origin
+      const requestTokenUrl = `${base}/w/index.php?title=Special:OAuth/initiate`
+      const accessTokenUrl  = `${base}/w/index.php?title=Special:OAuth/token`
+      const oa = new OAuth.OAuth(
+        requestTokenUrl,
+        accessTokenUrl,
+        credentials.consumerKey,
+        credentials.consumerSecret,
+        '1.0',
+        null,
+        'HMAC-SHA1',
+        undefined,
+        {
+          'User-Agent': client.config.userAgent,
+        },
+      )
+      // Ensure outbound calls don’t hang indefinitely
+      oa.setClientOptions?.({ timeout: 30000 })
+      this.authenticatedClients[instanceId] = oa
-      this.authenticatedClients[instanceId] = new OAuth.OAuth(
-        this.endpoints[instanceId],
-        this.endpoints[instanceId],
+      const base = new URL(this.endpoints[instanceId]).origin
+      const requestTokenUrl = `${base}/w/index.php?title=Special:OAuth/initiate`
+      const accessTokenUrl  = `${base}/w/index.php?title=Special:OAuth/token`
+      const oa = new OAuth.OAuth(
+        requestTokenUrl,
+        accessTokenUrl,
+        credentials.consumerKey,
+        credentials.consumerSecret,
+        '1.0',
+        null,
+        'HMAC-SHA1',
+        undefined,
+        {
+          'User-Agent': client.config.userAgent,
+        },
+      )
+      // Ensure outbound calls don’t hang indefinitely
+      oa.setClientOptions?.({ timeout: 30000 })
+      this.authenticatedClients[instanceId] = oa
+        credentials.consumerKey,
+        credentials.consumerSecret,
+        '1.0',
+        null,
+        'HMAC-SHA1',
+        undefined,
+        {
+          'User-Agent': client.config.userAgent,
+        },
+      )
+    }
+    return this.authenticatedClients[instanceId] as OAuth.OAuth
   }
 
-  removeClient(instanceId: string): boolean {
-    const clientRemoved = this.clients[instanceId] !== undefined
-    delete this.clients[instanceId]
-    return clientRemoved
+  async getCsrfToken(
+    instanceId: InstanceId,
+    credentials: OAuthCredentials,
+  ): Promise<CSRFTokenResponse> {
+    const authService = this.getAuthenticatedClient(instanceId, credentials)
+
+    return new Promise((resolve, reject) => {
+      authService.get(
+        this.endpoints[instanceId] +
+          '?' +
+          new URLSearchParams({
+            action: 'query',
+            meta: 'tokens',
+            format: 'json',
+          }).toString(),
+        credentials.accessToken,
+        credentials.accessTokenSecret,
+        (err, data) => {
+          if (err) {
+            console.error(err)
+            reject(err)
+            return
+          }
+          resolve(JSON.parse(data as string) as CSRFTokenResponse)
+        },
+      )
+    })
   }
-  async getCsrfToken(
-    instanceId: InstanceId,
-    credentials: OAuthCredentials,
-  ): Promise<CSRFTokenResponse> {
-    const authService = this.getAuthenticatedClient(instanceId, credentials)
-
-    return new Promise((resolve, reject) => {
-      authService.get(
-        this.endpoints[instanceId] +
-          '?' +
-          new URLSearchParams({
-            action: 'query',
-            meta: 'tokens',
-            format: 'json',
-          }).toString(),
-        credentials.accessToken,
-        credentials.accessTokenSecret,
-        (err, data) => {
-          if (err) {
-            console.error(err)
-            reject(err)
-            return
-          }
-          resolve(JSON.parse(data as string) as CSRFTokenResponse)
-        },
-      )
-    })
-  }
+  async getCsrfToken(
+    instanceId: InstanceId,
+    credentials: OAuthCredentials,
+  ): Promise<CSRFTokenResponse> {
+    const authService = this.getAuthenticatedClient(instanceId, credentials)
+
+    return new Promise((resolve, reject) => {
+      authService.get(
+        this.endpoints[instanceId] +
+          '?' +
+          new URLSearchParams({
+            action: 'query',
+            meta: 'tokens',
+            type: 'csrf',
+            format: 'json',
+          }).toString(),
+        credentials.accessToken,
+        credentials.accessTokenSecret,
+        (err, data) => {
+          if (err) {
+            console.error(err)
+            reject(err)
+            return
+          }
+          try {
+            const parsed = JSON.parse(data as string) as CSRFTokenResponse
+            if (!parsed?.query?.tokens?.csrftoken) {
+              return reject(new Error('Missing csrftoken in response'))
+            }
+            resolve(parsed)
+          } catch (e) {
+            reject(e)
+          }
+        },
+      )
+    })
+  }
-  async getCsrfToken(
-    instanceId: InstanceId,
-    credentials: OAuthCredentials,
-  ): Promise<CSRFTokenResponse> {
-    const authService = this.getAuthenticatedClient(instanceId, credentials)
-
-    return new Promise((resolve, reject) => {
-      authService.get(
-        this.endpoints[instanceId] +
-          '?' +
-          new URLSearchParams({
-            action: 'query',
-            meta: 'tokens',
-            format: 'json',
-          }).toString(),
-        credentials.accessToken,
-        credentials.accessTokenSecret,
-        (err, data) => {
-          if (err) {
-            console.error(err)
-            reject(err)
-            return
-          }
-          resolve(JSON.parse(data as string) as CSRFTokenResponse)
-        },
-      )
-    })
-  }
+  async getCsrfToken(
+    instanceId: InstanceId,
+    credentials: OAuthCredentials,
+  ): Promise<CSRFTokenResponse> {
+    const authService = this.getAuthenticatedClient(instanceId, credentials)
+
+    return new Promise((resolve, reject) => {
+      authService.get(
+        this.endpoints[instanceId] +
+          '?' +
+          new URLSearchParams({
+            action: 'query',
+            meta: 'tokens',
+            type: 'csrf',
+            format: 'json',
+          }).toString(),
+        credentials.accessToken,
+        credentials.accessTokenSecret,
+        (err, data) => {
+          if (err) {
+            console.error(err)
+            reject(err)
+            return
+          }
+          try {
+            const parsed = JSON.parse(data as string) as CSRFTokenResponse
+            if (!parsed?.query?.tokens?.csrftoken) {
+              return reject(new Error('Missing csrftoken in response'))
+            }
+            resolve(parsed)
+          } catch (e) {
+            reject(e)
+          }
+        },
+      )
+    })
+  }
 }
diff --git a/backend/src/services/wikibase.service.ts b/backend/src/services/wikibase.service.ts
@@ -1,4 +1,4 @@
-import type { PropertySearchResult } from '@backend/api/wikibase/schemas'
+import type { InstanceId, PropertySearchResult } from '@backend/api/wikibase/schemas'
 import { WikibaseClient } from '@backend/services/wikibase-clients'
 import type {
   WikibaseGetEntitiesResponse,
@@ -32,7 +32,7 @@ interface AllPagesResponse {
 
 export class WikibaseService extends WikibaseClient {
   async fetchAllProperties(
-    instanceId: string,
+    instanceId: InstanceId,
     db: DuckDBConnection,
   ): Promise<{ total: number; inserted: number }> {
     let total = 0
@@ -95,7 +95,7 @@ export class WikibaseService extends WikibaseClient {
    * Search for properties in the specified Wikibase instance
    */
   async searchProperties(
-    instanceId: string,
+    instanceId: InstanceId,
     query: string,
     options: SearchOptions,
   ): Promise<SearchResponse<PropertySearchResult>> {
@@ -140,7 +140,10 @@ export class WikibaseService extends WikibaseClient {
   /**
    * Get property details by ID
    */
-  async getProperty(instanceId: string, propertyId: PropertyId): Promise<PropertyDetails | null> {
+  async getProperty(
+    instanceId: InstanceId,
+    propertyId: PropertyId,
+  ): Promise<PropertyDetails | null> {
     const client = this.getClient(instanceId)
 
     const params = {
@@ -190,7 +193,7 @@ export class WikibaseService extends WikibaseClient {
    * Search for items in the specified Wikibase instance
    */
   async searchItems(
-    instanceId: string,
+    instanceId: InstanceId,
     query: string,
     options: SearchOptions,
   ): Promise<SearchResponse<ItemSearchResult>> {
@@ -243,7 +246,7 @@ export class WikibaseService extends WikibaseClient {
   /**
    * Get item details by ID
    */
-  async getItem(instanceId: string, itemId: ItemId): Promise<ItemDetails | null> {
+  async getItem(instanceId: InstanceId, itemId: ItemId): Promise<ItemDetails | null> {
     const client = this.getClient(instanceId)
 
     const params = {

diff --git a/backend/src/types/mediawiki-api.ts b/backend/src/types/mediawiki-api.ts
@@ -11,7 +11,7 @@ import { t } from 'elysia'
 // Base API Configuration
 export interface MediaWikiConfig {
   endpoint: string
-  userAgent?: string
+  userAgent: string
   timeout?: number
   username?: string
   password?: string

diff --git a/backend/tests/api/project/project.wikibase.test.ts b/backend/tests/api/project/project.wikibase.test.ts
@@ -4,6 +4,7 @@ import {
   type Label,
   type WikibaseCreateSchema,
 } from '@backend/api/project/project.wikibase'
+import type { InstanceId } from '@backend/api/wikibase/schemas'
 import { closeDb, databasePlugin, getDb, initializeDb } from '@backend/plugins/database'
 import type { ItemId } from '@backend/types/wikibase-schema'
 import { treaty } from '@elysiajs/eden'
@@ -385,7 +386,7 @@ describe('Wikibase API', () => {
       })
 
       const updateData = {
-        wikibase: 'commons',
+        wikibase: 'commons' as InstanceId,
         schema: schema,
       }
 

diff --git a/frontend/src/features/data-processing/composables/useDataTypeCompatibility.ts b/frontend/src/features/data-processing/composables/useDataTypeCompatibility.ts
@@ -1,4 +1,3 @@
-import type { WikibaseDataType } from '@backend/types/wikibase-schema'
 import { useColumnDataTypeIndicators } from '@frontend/features/data-processing/composables/useColumnDataTypeIndicators'
 import type { ColumnInfo } from '@frontend/shared/types/wikibase-schema'
 import { readonly, ref } from 'vue'