@sap/cds 1.15.1 → 1.18.2

package/_hdbext/lib/client-session.js

@@ -0,0 +1,96 @@
+'use strict';
+
+var _ = require('lodash');
+var async = require('async');
+var util = require('util');
+var constants = require('./constants');
+var debug = require('debug')('hdbext:client-session');
+var safeSql = require('./safe-sql');
+
+exports.setSchema = setSchema;
+exports.getSchema = getSchema;
+exports.setLocale = setLocale;
+exports.setIsolationLevel = setIsolationLevel;
+exports.updateConnectionOptions = updateConnectionOptions;
+exports.unsetSessionVariables = unsetSessionVariables;
+
+function setSchema(client, schema, cb) {
+  if (typeof schema !== 'string') {
+    return cb(new Error('Schema name must be a string'));
+  }
+  var sql = 'SET SCHEMA ' + safeSql.identifier(schema);
+  debug('Setting schema: %s', sql);
+  client.exec(sql, cb);
+}
+
+function getSchema(client, cb) {
+  client.exec('SELECT CURRENT_SCHEMA FROM DUMMY', function (err, rs) {
+    if (err) {
+      return cb(err);
+    }
+    return cb(null, rs[0].CURRENT_SCHEMA);
+  });
+}
+
+function setLocale(client, locale, cb) {
+  client._connection.getClientInfo().setProperty('LOCALE', locale);
+  cb();
+}
+
+function setSessionVariable(client, key, value, cb) {
+  if (_.isNil(value)) {
+    return cb();
+  }
+  var sql = util.format('SET %s = %s', safeSql.stringLiteral(key), safeSql.stringLiteral(value));
+  client.exec(sql, cb);
+}
+
+function unsetSessionVariable(client, key, cb) {
+  var sql = 'UNSET ' + safeSql.stringLiteral(key);
+  client.exec(sql, cb);
+}
+
+function setIsolationLevel(client, isolationLevel, cb) {
+  var level = constants.isolationLevelValues[isolationLevel];
+  if (typeof level !== 'string') {
+    return cb(new Error('Invalid isolation level: ' + isolationLevel));
+  }
+  client.exec('SET TRANSACTION ISOLATION LEVEL ' + level, cb);
+}
+
+function setSessionVariables(client, vars, cb) {
+  if (!vars) {
+    return cb();
+  }
+
+  async.each(Object.keys(vars), function (key, callback) {
+    setSessionVariable(client, key, vars[key], callback);
+  }, cb);
+}
+
+function unsetSessionVariables(client, vars, cb) {
+  if (!vars) {
+    return cb();
+  }
+
+  async.each(Object.keys(vars), function (key, callback) {
+    unsetSessionVariable(client, key, callback);
+  }, cb);
+}
+
+function updateConnectionOptions(client, options, callback) {
+  if (!_.isNil(options.autoCommit)) {
+    client.setAutoCommit(Boolean(options.autoCommit));
+  }
+
+  async.parallel([function (cb) {
+    options.schema ? setSchema(client, options.schema, cb) : cb();
+  }, function (cb) {
+    options.session ? setSessionVariables(client, options.session, cb) : cb();
+  }, function (cb) {
+    options.locale ? setLocale(client, options.locale.replace(/-/g, '_'), cb) : cb();
+  }, function (cb) {
+    options.isolationLevel ? setIsolationLevel(client, options.isolationLevel, cb) : cb();
+  }], callback);
+}
+

package/_hdbext/lib/conn-options.js

@@ -0,0 +1,84 @@
+'use strict';
+
+var AcceptLanguageParser = require('accept-language');
+var fs = require('fs');
+var os = require('os');
+var SAPPassport = require('@sap/e2e-trace').Passport;
+var internalConsts = require('./internal-constants');
+var debug = require('debug')('hdbext:conn-options');
+
+exports.getGlobalOptions = getGlobalOptions;
+exports.getRequestOptions = getRequestOptions;
+
+function getRequestOptions(req) {
+  var opt = { session: {} };
+
+  var authInfo = req.authInfo;
+
+  if (authInfo && authInfo.getGrantType && authInfo.getGrantType() !== internalConsts.GRANTTYPE_CLIENTCREDENTIAL) {
+    if (authInfo.getHdbToken) {
+      opt.session.XS_APPLICATIONUSER = authInfo.getHdbToken();
+    } else if (authInfo.getToken) {
+      opt.session.XS_APPLICATIONUSER = authInfo.getToken(internalConsts.SYSTEM, internalConsts.HDB);
+    }
+  }
+
+  if (req.headers[SAPPassport.HEADER_NAME]) {
+    var passport = new SAPPassport(req.headers[SAPPassport.HEADER_NAME]);
+    passport.update({
+      connectionID: '00000000000000000000000000000000',
+      connectionCounter: 0
+    });
+    passport.compact();
+    opt.session.SAP_PASSPORT = passport.serialize();
+  }
+
+  opt.locale = resolveRequestLanguage(req);
+
+  return opt;
+}
+
+function resolveRequestLanguage(req) {
+  var sapLang = req.headers['x-sap-request-language'];
+  if (sapLang) {
+    return sapLang;
+  }
+
+  var acceptLanguage = req.headers['accept-language'];
+  if (acceptLanguage) {
+    var languagesByPreference = AcceptLanguageParser.parse(acceptLanguage);
+    if (languagesByPreference.length) {
+      return languagesByPreference[0].value;
+    }
+  }
+}
+
+function getGlobalOptions() {
+  return {
+    session: {
+      APPLICATION: getApplicationName(),
+      APPLICATIONVERSION: getApplicationVersion()
+    }
+  };
+}
+
+function getApplicationName() {
+  if (process.env.VCAP_APPLICATION) {
+    var app = JSON.parse(process.env.VCAP_APPLICATION);
+    var components = [app.application_name, app.space_name, app.organization_name]
+      .filter(Boolean);
+    if (components.length > 0) {
+      return components.join('/');
+    }
+  }
+  return process.pid + '@' + os.hostname();
+}
+
+function getApplicationVersion() {
+  try {
+    var pkg = JSON.parse(fs.readFileSync('./package.json', 'utf8'));
+    return pkg.name + '@' + pkg.version;
+  } catch (err) {
+    debug(err);
+  }
+}

package/_hdbext/lib/constants.js

@@ -0,0 +1,79 @@
+'use strict';
+
+// From SAP HANA SQL Command Network Protocol Reference, 2.6 Type Codes
+exports.types = {
+  TINYINT: 1,
+  SMALLINT: 2,
+  INT: 3,
+  INTEGER: 3,
+  BIGINT: 4,
+  DECIMAL: 5,
+  REAL: 6,
+  DOUBLE: 7,
+  CHAR: 8,
+  VARCHAR: 9,
+  NCHAR: 10,
+  NVARCHAR: 11,
+  BINARY: 12,
+  VARBINARY: 13,
+  DATE: 14,
+  TIME: 15,
+  TIMESTAMP: 16,
+  CLOB: 25,
+  NCLOB: 26,
+  BLOB: 27,
+  BOOLEAN: 28,
+  STRING: 29,
+  NSTRING: 30,
+  BLOCATOR: 31,
+  NLOCATOR: 32,
+  BSTRING: 33,
+  TABLE: 45,
+  SMALLDECIMAL: 47,
+  ABAPITAB: 48,
+  ABAPSTRUCT: 49,
+  ARRAY: 50,
+  TEXT: 51,
+  SHORTTEXT: 52,
+  ALPHANUM: 55,
+  LONGDATE: 61,
+  SECONDDATE: 62,
+  DAYDATE: 63,
+  SECONDTIME: 64
+};
+
+exports.typeKeys = invert(exports.types);
+
+exports.isolation = {
+  /**
+   * @type {number}
+   * @constant
+   */
+  READ_COMMITTED: 2,
+
+  /**
+   * @type {number}
+   * @constant
+   */
+  REPEATABLE_READ: 4,
+
+  /**
+   * @type {number}
+   * @constant
+   */
+  SERIALIZABLE: 8
+};
+
+exports.isolationLevelValues = {
+  2: 'READ COMMITTED',
+  4: 'REPEATABLE READ',
+  8: 'SERIALIZABLE'
+};
+
+function invert(source) {
+  var target = {};
+  for (var key in source) {
+    target[source[key]] = key;
+  }
+  return target;
+}

package/_hdbext/lib/internal-constants.js

@@ -0,0 +1,7 @@
+'use strict';
+
+module.exports = {
+  SYSTEM: 'System',
+  HDB: 'HDB',
+  GRANTTYPE_CLIENTCREDENTIAL: 'client_credentials'
+};

package/_hdbext/lib/middleware.js

@@ -0,0 +1,46 @@
+'use strict';
+
+var _ = require('lodash');
+var debug = require('debug')('hdbext:middleware');
+var poolModule = require('./pool');
+var connOptions = require('./conn-options');
+
+exports.middleware = function middleware(hanaService, poolOptions) {
+  var hanaOptions = _.merge({}, connOptions.getGlobalOptions(), hanaService);
+  var pool = poolModule.getPool(hanaOptions, poolOptions);
+
+  return function db(req, res, next) {
+    var opt = connOptions.getRequestOptions(req);
+    pool.acquire(opt, function (err, client) {
+      if (err) {
+        err.status = 500;
+        return next(err);
+      }
+
+      var releaseClient = true;
+      client.once('release', function () {
+        releaseClient = false;
+        delete req.db;
+      });
+
+      function cleanup() {
+        debug('Cleanup triggered');
+        delete req.db;
+        if (releaseClient) {
+          releaseClient = false;
+          pool.release(client);
+        }
+      }
+
+      var end = res.end;
+      res.end = function () {
+        cleanup();
+        res.end = end;
+        res.end.apply(this, arguments);
+      };
+
+      req.db = client;
+      next();
+    });
+  };
+};

package/_hdbext/lib/pool.js

@@ -0,0 +1,236 @@
+'use strict';
+
+var _ = require('lodash');
+var async = require('async');
+var crypto = require('crypto');
+var util = require('util');
+var constants = require('./constants');
+var factory = require('./client-factory');
+var clientSession = require('./client-session');
+var debug = require('debug')('hdbext:pool');
+var safeSql = require('./safe-sql');
+
+var INSUFFICIENT_PRIVILEGE_ERROR_CODE = 258;
+
+var poolModule = require('generic-pool');
+var LRU = require('lru-cache'),
+  cache = LRU({
+    max: 10,
+    dispose: function (key, pool) {
+      _drainPool(pool);
+    }
+  });
+
+exports.getPool = getPool;
+exports.createPool = createPool;
+
+function createPool(hanaService, options) {
+  var pool = _createPool(hanaService, options);
+  return _getPoolObject(pool, hanaService);
+}
+
+function getPool(hanaService, options) {
+  var key = hanaService.host + ':' + hanaService.port + ':' + hanaService.assertion + ':' + hanaService.user + ':' + hanaService.password;
+  key = crypto.createHash('sha256').update(key).digest('hex');
+  var pool = cache.get(key);
+  if (!pool) {
+    pool = _createPool(hanaService, options);
+    cache.set(key, pool);
+  }
+  return _getPoolObject(pool, hanaService);
+}
+
+function _getPoolObject(pool, hanaService) {
+  return {
+    pool: pool,
+    acquire: _acquireConnection.bind(null, pool, hanaService),
+    release: _releaseToPool.bind(null, pool),
+    drain: _drainPool.bind(null, pool)
+  };
+}
+
+function _releaseToPool(pool, safeClient) {
+  function handleError(err) {
+    // Currently the 'user' from the service binding does not have the privileges required to access the view with the list of temporary tables.
+    // Connection will be terminated in order not to be reused. Logging on level debug in order not to flood the logs.
+    // Corresponding privileges will be added to the user in the service binding.
+    var insufficientPriv = err.code === INSUFFICIENT_PRIVILEGE_ERROR_CODE ? 'Insufficient privileges' : '';
+    debug('Could not reset connection: ', insufficientPriv, err);
+    pool.destroy(client);
+  }
+
+  var client = Object.getPrototypeOf(safeClient);
+  if (client === null) {
+    return;
+  }
+  if (!client._connection.isIdle()) {
+    client._connection._queue.once('drain', _releaseToPool.bind(this, pool, safeClient));
+    return;
+  }
+
+  safeClient._connection = undefined;
+  safeClient.emit('release');
+  safeClient.removeAllListeners();
+  client.removeAllListeners();
+  Object.setPrototypeOf(safeClient, null);
+
+  async.series([
+    function (cb) {
+      client.rollback(cb);
+    },
+    function (cb) {
+      clientSession.unsetSessionVariables(client, client._connectionUpdatedSettings.session, cb);
+    },
+    function (cb) {
+      client._connectionUpdatedSettings.session = undefined;
+      client._connectionInitialSettings = _getDeltaDBSettings({}, {}, _.merge({}, client._connectionDefaultSettings, client._connectionInitialSettings, client._connectionUpdatedSettings));
+      client._connectionUpdatedSettings = undefined;
+      clientSession.updateConnectionOptions(client, client._connectionInitialSettings, cb);
+    }
+  ], function (err) {
+    if (err) {
+      return handleError(err);
+    }
+
+    async.waterfall([
+      client.exec.bind(client, 'SELECT SCHEMA_NAME, TABLE_NAME, TEMPORARY_TABLE_TYPE FROM M_TEMPORARY_TABLES WHERE CONNECTION_ID = CURRENT_CONNECTION'),
+      function (rs, cb) {
+        var statements = rs.map(function (row) {
+          var operation = (row.TEMPORARY_TABLE_TYPE === 'GLOBAL') ? 'TRUNCATE' : 'DROP';
+          var table = util.format('%s.%s', safeSql.identifier(row.SCHEMA_NAME), safeSql.identifier(row.TABLE_NAME));
+          return util.format('%s TABLE %s', operation, table);
+        });
+
+        async.each(statements, function (statement, eachCb) {
+          client.exec(statement, function (err) {
+            debug(statement, err);
+            eachCb(err);
+          });
+        }, cb);
+      },
+      function (cb) {
+        client.commit(cb);
+      }
+    ], function (err) {
+      if (err) {
+        return handleError(err);
+      }
+      pool.release(client);
+    });
+  });
+}
+
+function _acquireConnection(pool, hanaService, options, callback) {
+  if (arguments.length === 3) {
+    callback = arguments[2];
+    options = {};
+  }
+  var _options = _.merge({}, hanaService, options);
+  pool.acquire(function (err, client) {
+    if (err) {
+      return callback(err);
+    }
+
+    var safeClient = Object.create(client);
+    client.close = _releaseToPool.bind(null, pool, safeClient);
+    client.disconnect = _releaseToPool.bind(null, pool, safeClient);
+    client.on('close', pool.destroy.bind(null, client));
+
+    client._connectionUpdatedSettings = _getDeltaDBSettings(client._connectionDefaultSettings, client._connectionInitialSettings
+                                                                                            , _.pick(_options,['session', 'autoCommit', 'locale', 'isolationLevel', 'schema']));
+    clientSession.updateConnectionOptions(client, client._connectionUpdatedSettings, function (err) {
+      callback(err, safeClient);
+    });
+  });
+}
+
+function _drainPool(pool) {
+  pool.drain(function () {
+    pool.destroyAllNow();
+  });
+}
+
+function _createPool(hanaService, options) {
+  debug('Creating pool');
+  var defaultOptions = {
+    max: 100,
+    min: 0,
+    idleTimeoutMillis: 10000,
+    log: false,
+    refreshIdle: false
+  };
+
+  options = _.extend(defaultOptions, options);
+
+  var pool = poolModule.Pool({
+    name: 'hana',
+    create: function (callback) {
+      debug('Creating client in pool');
+      factory.openBaseConnection(hanaService, function (err, client) {
+        if (err) {
+          return callback(err);
+        }
+
+        client._connectionDefaultSettings = {
+          autoCommit: true,
+          locale: client.connectOptions.clientLocale,
+          isolationLevel: constants.isolation['READ_COMMITTED']
+        };
+
+        client._connectionInitialSettings = {
+          autoCommit: _.isNil(options.autoCommit) ? client._connectionDefaultSettings.autoCommit : !!options.autoCommit,
+          locale: hanaService.locale || client._connectionDefaultSettings.clientLocale,
+          isolationLevel: hanaService.isolationLevel || client._connectionDefaultSettings.isolationLevel,
+          schema: hanaService.schema
+        };
+
+        clientSession.getSchema(client, function (err, schema) {
+          client._connectionDefaultSettings.schema = schema;
+          var updatedSettings = _getDeltaDBSettings(client._connectionDefaultSettings, client._connectionDefaultSettings, client._connectionInitialSettings);
+          clientSession.updateConnectionOptions(client, updatedSettings, function (err) {
+            if (err) {
+              client.close();
+              client = null;
+            }
+            callback(err, client);
+          });
+        });
+      });
+    },
+    destroy: function (client) {
+      debug('Destroying client from pool');
+      client._connection.close();
+    },
+    validate: function (client) {
+      return client.readyState === 'connected';
+    },
+    max: options.max,
+    min: options.min,
+    idleTimeoutMillis: options.idleTimeoutMillis,
+    log: options.log,
+    refreshIdle: options.refreshIdle,
+    reapIntervalMillis: options.reapIntervalMillis,
+    returnToHead: options.returnToHead,
+    priorityRange: options.priorityRange
+  });
+  return pool;
+}
+
+
+function _getDeltaDBSettings(def, init, curr) {
+  def = def || {};
+  init = init || {};
+  curr = curr || {};
+  var res = {};
+  _.union(_.keys(curr), _.keys(init)).forEach(function (key) {
+    if (curr[key] === undefined && init[key] !== def[key] && init[key] !== undefined) {
+      res[key] = def[key];
+    } else {
+      if (curr[key] !== init[key] && (init[key] !== undefined || def[key] !== curr[key])) {
+        res[key] = curr[key];
+      }
+    }
+  });
+
+  return res;
+}

package/_hdbext/lib/safe-sql.js

@@ -0,0 +1,17 @@
+'use strict';
+
+var sqlInjectionUtils = require('./sql-injection-utils');
+var format = require('util').format;
+
+module.exports = {
+  identifier: identifier,
+  stringLiteral: stringLiteral
+};
+
+function identifier(identifier) {
+  return format('"%s"', sqlInjectionUtils.escapeDoubleQuotes(identifier));
+}
+
+function stringLiteral(literal) {
+  return format("'%s'", sqlInjectionUtils.escapeSingleQuotes(literal));
+}