feat: Move GraphQL claims operations to backend API

[jrhoads]

Purpose

This PR moves the GraphQL calls for creating, deleting, and fetching claims from the frontend to the backend. This improves security and centralization of data handling.

Approach

Instead of making direct GraphQL requests from the frontend using Apollo Client, this PR introduces new API routes in Next.js (/claims and /claims/[id]) that act as intermediaries. These backend routes now handle the communication with the DataCite GraphQL API.

The cypressFetchMock.cjs file has been updated to mock these new backend API routes, ensuring that Cypress tests continue to function correctly.

The frontend components have been updated to use React Query (@tanstack/react-query) for managing API calls and caching, replacing the previous Apollo Client implementation for claim-related data.

Key Modifications

• New API Routes:
  • src/app/(main)/claims/route.ts: Handles GET (fetch claims) and POST (create claim) requests.
  • src/app/(main)/claims/[id]/route.ts: Handles DELETE (delete claim) requests.
• Mocking GraphQL in Cypress:
  • cypressFetchMock.cjs: Updated to mock the new backend API routes instead of direct GraphQL calls.
• Frontend Data Fetching:
  • src/data/queries/claimQuery.ts: Rewritten to use @tanstack/react-query hooks (useQuery, useMutation) and fetch data from the new backend API routes.
• Authentication Utility:
  • src/utils/auth.ts: New utility to abstract the retrieval of the authentication token from cookies.
  • src/utils/apolloClient/apolloClient.ts: Updated to use the new getAuthToken utility.
• GraphQL Utility:
  • src/utils/dataciteGraphql.ts: New utility to handle generic GraphQL requests to the DataCite API.
• Layout Component:
  • src/app/(main)/layout.tsx: Updated to use the new getAuthToken utility.
• Claim Component:
  • src/components/Claim/Claim.tsx: Updated to use the new React Query hooks and interact with the backend API routes.

Important Technical Details

• Backend API Design: The new API routes follow a RESTful pattern for simplicity, with POST for creation, GET for retrieval, and DELETE for removal.
• React Query Integration: The frontend now leverages React Query for state management, caching, and background refetching (e.g., for claims with a 'waiting' state). This provides a more robust and efficient data fetching experience.
• Cypress Mocking Strategy: The shift from mocking GraphQL directly to mocking frontend API calls simplifies the Cypress setup and aligns it with the new backend architecture.
• Authentication Token Handling: The getAuthToken utility centralizes the logic for retrieving the access token, making it reusable across different parts of the application.

Types of changes

• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Breaking change (fix or feature that would cause existing functionality to change)

Reviewer, please remember our guidelines:

• Be humble in the language and feedback you give, ask don't tell.
• Consider using positive language as opposed to neutral when offering feedback. This is to avoid the negative bias that can occur with neutral language appearing negative.
• Offer suggestions on how to improve code e.g. simplification or expanding clarity.
• Ensure you give reasons for the changes you are proposing.

Summary by CodeRabbit

• New Features

  • Public endpoints to create, retrieve, and delete claims; UI polls while claims are pending.
  • Action buttons now reflect in-progress state (disabled during submission).

• Bug Fixes

  • Improved error reporting and request timeout handling for claim operations.

• Refactor

  • Centralized authentication retrieval and unified claim data fetching/mutation flow.

• Tests

  • Updated test mocks to simulate claim operations (get/create/delete).

[coderabbitai]

Walkthrough

Migrates claim operations from Apollo/GraphQL to REST with TanStack Query hooks, centralizes auth token retrieval, adds DataCite GraphQL helper and Next.js GET/POST/DELETE routes, updates the Claim component to use new hooks, and adjusts Cypress GraphQL mocks.

Changes

Claims REST and React Query Migration

Layer / File(s)	Summary
Auth token extraction & Apollo builder src/utils/auth.ts, src/utils/apolloClient/apolloClient.ts, src/utils/apolloClient/builder.ts, src/app/(main)/layout.tsx	Introduce getAuthToken() to read _datacite cookie; update apolloClient to import it; widen apolloClientBuilder token type and make auth link async; layout awaits token for Providers.
DataCite GraphQL helper src/utils/dataciteGraphql.ts	Export GraphQL strings GET_CLAIM_QUERY, CREATE_CLAIM_MUTATION, DELETE_CLAIM_MUTATION, response types, and dataciteGraphql() with AbortController-based timeout and optional Bearer authorization.
Next.js route handlers (GET/POST/DELETE) src/app/(main)/claims/route.ts, src/app/(main)/claims/[id]/route.ts	Add GET and POST handlers for /claims and DELETE for /claims/[id]; validate inputs, call dataciteGraphql, and return structured JSON including GraphQL errors and appropriate HTTP status codes.
React Query hooks & REST requests src/data/queries/claimQuery.ts	Add claimKeys, REST helpers (fetchClaim, createClaimRequest, deleteClaimRequest), updateClaimInCache, useClaimQuery with conditional 10s polling while claim is waiting, and useCreateClaimMutation/useDeleteClaimMutation that update cache on success.
Claim component integration src/components/Claim/Claim.tsx	Replace Apollo usage with useClaimQuery and mutation hooks; compute claim, state, isClaimed, and claimError; use HELP_CONTENT mapping for help text; disable actions during mutation.
Cypress GraphQL mock fixtures cypressFetchMock.cjs	Parse GraphQL query and variables from request bodies and return mocked GraphQL-shaped responses for getDoiClaimQuery, createClaim, and deleteClaim; parsing failures bypass mock matching.

Sequence Diagrams

sequenceDiagram
  participant Component as Claim component
  participant Hooks as useClaimQuery / useCreate/DeleteMutation
  participant QueryClient
  participant REST as REST Endpoints (/claims)
  Component->>Hooks: useClaimQuery(doi)
  Hooks->>REST: GET /claims?doi=...
  REST-->>Hooks: { claim, ... }
  Hooks->>QueryClient: set claimKeys.detail(doi)
  QueryClient-->>Component: claim data
  Component->>Hooks: createClaimMutation()
  Hooks->>REST: POST /claims
  REST-->>Hooks: { claim, ... }
  Hooks->>QueryClient: updateClaimInCache()
  Component->>Hooks: deleteClaimMutation()
  Hooks->>REST: DELETE /claims/[id]
  REST-->>Hooks: { claim, ... }
  Hooks->>QueryClient: updateClaimInCache()

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• datacite/akita#506: Overlaps with changes to src/components/Claim/Claim.tsx around claim error extraction and help messaging.

Suggested reviewers

• codycooperross
• bklaing2
• wendelfabianchinsamy

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.76% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: Move GraphQL claims operations to backend API' directly and accurately describes the main objective of the PR, which is migrating GraphQL operations from the frontend to backend API routes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claims-function

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cypress]

akita    Run #2062

Run Properties:   Passed #2062  •  efece1bbcf ℹ️: Merge c0447c80d4178a5a925204c55304b99d1adcd68a into 7827281c312c65bf223cedb30e1f...

Project	akita
Branch Review	claims-function
Run status	Passed #2062
Run duration	01m 41s
Commit	efece1bbcf ℹ️: Merge c0447c80d4178a5a925204c55304b99d1adcd68a into 7827281c312c65bf223cedb30e1f...
Committer	Joseph Rhoads
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	1
Pending	0
Skipped	0
Passing	45
View all changes introduced in this branch ↗︎

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/utils/apolloClient/builder.ts (1)

23-26: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Omit authorization header when unauthenticated instead of sending an empty value.

Line 25 currently sends authorization: '', which can trigger stricter auth middleware differently than a missing header.

Suggested fix

     return {
       headers: {
         ...headers,
-        authorization: token ? `Bearer ${token}` : ''
+        ...(token ? { authorization: `Bearer ${token}` } : {})
       }
     }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/utils/apolloClient/builder.ts` around lines 23 - 26, The headers object
in src/utils/apolloClient/builder.ts is currently setting authorization to an
empty string when token is falsy; change the headers construction so the
authorization header is only added when token is present (use a conditional
spread or conditional property addition around the authorization value based on
token) so that when unauthenticated the header is omitted entirely instead of
sending authorization: ''. Target the headers creation logic and the token
variable in builder.ts to implement this conditional addition.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/app/`(main)/claims/route.ts:
- Around line 57-67: The POST JSON parsing must guard against non-object values
(e.g., null) before destructuring: after awaiting request.json() in route.ts
assign to body, verify that typeof body === 'object' && body !== null (and
optionally Array.isArray(body) === false) and if that check fails return
NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 }); only then
destructure const { doi, sourceId } = body and continue — update the code around
the body variable and the destructuring to perform this shape validation to
avoid throwing when body is null or not an object.

In `@src/components/Claim/Claim.tsx`:
- Around line 45-63: The current onCreate and onDelete handlers only set
claimError from successful mutation payloads and ignore mutation failures; add
onError handlers to both createClaim and deleteClaim calls (in onCreate and
onDelete) that call setClaimError with a user-facing message derived from the
mutation error (e.g., error.message or a parsed error body) so network/server
failures surface in the existing error UI; preserve the existing onSuccess
behavior that reads result.claim?.errorMessages?.[0]?.title.
- Around line 37-38: The add/remove buttons allow double submissions because the
code only extracts mutate ({ mutate: createClaim } and { mutate: deleteClaim })
and doesn't guard in-flight; update the calls to also pull the mutation status
(e.g., { mutate: createClaim, isLoading: isCreating } =
useCreateClaimMutation(doi_id) and { mutate: deleteClaim, isLoading: isDeleting
} = useDeleteClaimMutation(doi_id)) or introduce a local boolean (e.g.,
isSubmitting) set true before calling mutate and false in onSuccess/onError,
then use the combined guard (isCreating || isDeleting || isSubmitting) to set
the buttons' disabled prop (also apply the same change for the other buttons
referenced around lines 99-119) so further clicks are ignored while a request is
in flight.

In `@src/data/queries/claimQuery.ts`:
- Around line 53-55: Replace usage of json.errors[0].message with the mutation
error title field when constructing thrown errors in claimQuery.ts; update the
two sites (the block at the shown if (json.errors?.length) and the similar block
around lines 70-72) to use json.errors[0].title (with a sensible fallback like
the existing 'Failed to create claim' or json.errors[0].message if present) so
the thrown Error includes the backend's title string.

In `@src/utils/auth.ts`:
- Around line 4-6: The session cookie JSON parsing in utils/auth.ts is unguarded
and can throw on malformed '_datacite' data; wrap the JSON.parse of ((cookies()
as unknown as UnsafeUnwrappedCookies).get('_datacite')?.value || '{}') in a
try/catch (or use a safeParse helper) so that parse errors are caught and the
code falls back to an empty object (or logs and returns an unauthenticated
result) instead of letting the request crash; update the reference variable
sessionCookie and any downstream logic to handle the fallback shape.
- Around line 1-5: The getAuthToken function currently uses the deprecated
UnsafeUnwrappedCookies and sync cookies() call; change getAuthToken to be async,
call and await cookies() (removing UnsafeUnwrappedCookies usage), parse the
'_datacite' cookie value safely and return the token (string | undefined), and
then update all callers of getAuthToken to await the function; reference
getAuthToken and the cookies() call to locate and update the code.

In `@src/utils/dataciteGraphql.ts`:
- Around line 95-99: The fetch to `${DATACITE_API_URL}/graphql` is made without
a timeout and can hang; wrap the POST fetch call with an AbortController and a
timer: create an AbortController, pass its signal to fetch, start a setTimeout
that calls controller.abort() after a configurable timeout (e.g., 5s), and clear
the timer on successful response; update the code around the fetch invocation
(the fetch call that builds response, the variables DATACITE_API_URL and
headers/body usage remain the same) and ensure aborted requests are
handled/translated into a clear error/timeout response instead of hanging.

---

Outside diff comments:
In `@src/utils/apolloClient/builder.ts`:
- Around line 23-26: The headers object in src/utils/apolloClient/builder.ts is
currently setting authorization to an empty string when token is falsy; change
the headers construction so the authorization header is only added when token is
present (use a conditional spread or conditional property addition around the
authorization value based on token) so that when unauthenticated the header is
omitted entirely instead of sending authorization: ''. Target the headers
creation logic and the token variable in builder.ts to implement this
conditional addition.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b17da6b4-1970-4bb1-8890-9a8127e92674

📥 Commits

Reviewing files that changed from the base of the PR and between 7827281 and d72eb4e.

📒 Files selected for processing (10)

• cypressFetchMock.cjs
• src/app/(main)/claims/[id]/route.ts
• src/app/(main)/claims/route.ts
• src/app/(main)/layout.tsx
• src/components/Claim/Claim.tsx
• src/data/queries/claimQuery.ts
• src/utils/apolloClient/apolloClient.ts
• src/utils/apolloClient/builder.ts
• src/utils/auth.ts
• src/utils/dataciteGraphql.ts

[coderabbitai]

♻️ Duplicate comments (1)

src/components/Claim/Claim.tsx (1)

46-64: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Surface mutation failures in claimError via onError.

onCreate and onDelete only update claimError in onSuccess. If the mutation request fails, users get no actionable feedback. Add onError handlers and map the thrown error message into setClaimError.

Proposed patch

   const onCreate = () => {
     createClaim(
       { doi: doi_id, sourceId: 'orcid_search' },
       {
         onSuccess: (result) => {
           setClaimError(result.claim?.errorMessages?.[0]?.title || null)
         },
+        onError: (error) => {
+          setClaimError(error instanceof Error ? error.message : 'Failed to create claim')
+        },
       }
     )
   }
@@
     deleteClaim(claim.id, {
       onSuccess: (result) => {
         setClaimError(result.claim?.errorMessages?.[0]?.title || null)
       },
+      onError: (error) => {
+        setClaimError(error instanceof Error ? error.message : 'Failed to delete claim')
+      },
     })
   }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/Claim/Claim.tsx` around lines 46 - 64, onCreate and onDelete
only set claimError on successful mutation; add onError handlers to both
createClaim and deleteClaim calls to surface failures into UI by calling
setClaimError with the thrown error message. Update the createClaim invocation
in onCreate and the deleteClaim invocation in onDelete to include an onError:
(error) => setClaimError(error?.message || (error?.response?.data?.message) ||
String(error)) handler (preserving the existing onSuccess behavior), so both
mutation paths update claimError when they fail.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@src/components/Claim/Claim.tsx`:
- Around line 46-64: onCreate and onDelete only set claimError on successful
mutation; add onError handlers to both createClaim and deleteClaim calls to
surface failures into UI by calling setClaimError with the thrown error message.
Update the createClaim invocation in onCreate and the deleteClaim invocation in
onDelete to include an onError: (error) => setClaimError(error?.message ||
(error?.response?.data?.message) || String(error)) handler (preserving the
existing onSuccess behavior), so both mutation paths update claimError when they
fail.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5d0e33a0-af28-4960-b8ab-6b5eb614a80d

📥 Commits

Reviewing files that changed from the base of the PR and between d72eb4e and 9a2f6b4.

📒 Files selected for processing (8)

• src/app/(main)/claims/[id]/route.ts
• src/app/(main)/claims/route.ts
• src/app/(main)/layout.tsx
• src/components/Claim/Claim.tsx
• src/data/queries/claimQuery.ts
• src/utils/apolloClient/builder.ts
• src/utils/auth.ts
• src/utils/dataciteGraphql.ts

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/components/Claim/Claim.tsx (1)

132-134: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Delete mutation errors are not displayed when already claimed.

When isClaimed is true and the delete fails, claimError is populated but this paragraph won't render because !isClaimed is false. The user sees no feedback.

Widen the condition so errors surface regardless of claim state:

Proposed fix

-      {!isClaimed && (
+      {(!isClaimed || errorMessage) && (
         <p className='secondary px-4 mt-2'>{getHelpContent(user, errorMessage)}</p>
       )}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/Claim/Claim.tsx` around lines 132 - 134, The current
conditional rendering uses !isClaimed so when a delete fails (claimError set) no
message is shown; update the condition around the paragraph that calls
getHelpContent(user, errorMessage) so it renders if the claim is not active OR
there is a delete/claim error (e.g. (!isClaimed || claimError) or similar),
ensuring getHelpContent still receives the existing user and errorMessage
values; locate the JSX that contains isClaimed, claimError, errorMessage, and
getHelpContent in Claim (Claim.tsx) to make this change.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@src/components/Claim/Claim.tsx`:
- Around line 132-134: The current conditional rendering uses !isClaimed so when
a delete fails (claimError set) no message is shown; update the condition around
the paragraph that calls getHelpContent(user, errorMessage) so it renders if the
claim is not active OR there is a delete/claim error (e.g. (!isClaimed ||
claimError) or similar), ensuring getHelpContent still receives the existing
user and errorMessage values; locate the JSX that contains isClaimed,
claimError, errorMessage, and getHelpContent in Claim (Claim.tsx) to make this
change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b1c7aad3-c3e1-4479-a425-42b9b1fdf713

📥 Commits

Reviewing files that changed from the base of the PR and between 9a2f6b4 and 20cbaf9.

📒 Files selected for processing (1)

• src/components/Claim/Claim.tsx

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/components/Claim/Claim.tsx`:
- Around line 132-133: The help <p> is being rendered whenever (!isClaimed ||
errorMessage) even if getHelpContent(user, errorMessage) returns null; compute
the help content once (call getHelpContent(user, errorMessage) into a local
variable inside the Claim component) and change the render condition to only
render the <p className='secondary px-4 mt-2'> when that variable is
non-null/defined (i.e., render when helpContent exists), referencing
getHelpContent, isClaimed, and errorMessage to locate the code.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: da3d3a24-4a92-40f8-bdea-4952d97c1e22

📥 Commits

Reviewing files that changed from the base of the PR and between 20cbaf9 and c0447c8.

📒 Files selected for processing (1)

• src/components/Claim/Claim.tsx

[cypress]

akita    Run #2072

Run Properties:   Failed #2072  •  f53b5c09cd: Merge pull request #626 from datacite/claims-function

Project	akita
Branch Review	master
Run status	Failed #2072
Run duration	03m 53s
Commit	f53b5c09cd: Merge pull request #626 from datacite/claims-function
Committer	Joseph Rhoads
View all properties for this run ↗︎

---

Test results
Failures	2
Flaky	0
Pending	0
Skipped	0
Passing	43
View all changes introduced in this branch ↗︎

---

Tests for review

  cypress/e2e/personContainer.test.ts • 2 failed tests • Tests

View Output

Test		Artifacts
PersonContainer > facetlist-group		Test Replay Screenshots
PersonContainer > production chart		Test Replay Screenshots