@sap/cds 5.5.5 → 5.6.0

package/libx/rest/middleware/update.js

@@ -0,0 +1,42 @@
+const cds = require('../../_runtime/cds')
+const { INSERT } = cds.ql
+
+const RestRequest = require('../RestRequest')
+
+const UPSERT_ALLOWED = !(cds.env.runtime && cds.env.runtime.allow_upsert === false)
+
+const { deepCopyObject } = require('../../_runtime/common/utils/copy')
+
+module.exports = async (_req, _res, next) => {
+  let { _srv: srv, _query: query, _target, _data, _params } = _req
+
+  let result,
+    status = 200
+
+  // unfortunately, express doesn't catch async errors -> try catch needed
+  try {
+    // if upsert it allowed, we need to catch 404 and retry with create
+    try {
+      // add the data (as copy, if upsert allowed)
+      query.with(UPSERT_ALLOWED ? deepCopyObject(_data) : _data)
+      // REVISIT: if PUT, req.method should be PUT -> Crud2Http maps UPSERT to PUT
+      result = await srv.dispatch(new RestRequest({ query, _target, method: _req.method }))
+      if (_params) Object.assign(result, _params[_params.length - 1])
+    } catch (e) {
+      if ((e.code === 404 || e.status === 404 || e.statusCode === 404) && UPSERT_ALLOWED) {
+        query = INSERT.into(query.UPDATE.entity).entries(
+          _params ? Object.assign(_data, _params[_params.length - 1]) : _data
+        )
+        result = await srv.dispatch(new RestRequest({ query, _target }))
+        status = 201
+      } else {
+        throw e
+      }
+    }
+  } catch (e) {
+    return next(e)
+  }
+
+  _req._result = { result, status }
+  next()
+}

package/libx/rest/utils/data.js

@@ -0,0 +1,65 @@
+const cds = require('../../_runtime/cds')
+
+const { deepCopyObject } = require('../../_runtime/common/utils/copy')
+const { checkKeys, checkStatic } = require('../../_runtime/cds-services/util/assert')
+const { MULTIPLE_ERRORS } = require('../../_runtime/common/error/constants')
+
+// this can be reused for flattening data on db layer, if necessary
+// const _getFlattenedCopy = (data, key, entity) => {
+//   const d = {}
+//   const prefix = key + '_'
+//   // TODO: ignore or preserve unknown?
+//   const matches = Object.keys(entity.elements)
+//     .filter(ele => ele.startsWith(prefix))
+//     .map(ele => ele.replace(prefix, ''))
+//   if (matches.length) {
+//     const current = data[key]
+//     for (const k of matches) if (current[k] !== undefined) d[prefix + k] = current[k]
+//     const nested = Object.keys(current).filter(k => current[k] && typeof current[k] === 'object')
+//     for (const k of nested) Object.assign(d, _getFlattenedCopy({ [prefix + k]: current[k] }, prefix + k, entity))
+//   }
+//   return d
+// }
+
+const _getDeepCopy = (data, definition, model, validations, skipKeys) => {
+  skipKeys || (definition.keys && validations.push(...checkKeys(definition, data)))
+  validations.push(...checkStatic(definition, data, true))
+
+  const d = {}
+  for (const k in data) {
+    const element = (definition.elements && definition.elements[k]) || (definition.params && definition.params[k])
+    if (!element) {
+      const { additional_properties } = cds.env.features
+      if (additional_properties === 'ignore' || !additional_properties) {
+        // ignore input (the default)
+      } else if (additional_properties === 'error') {
+        validations.push({ message: `Unknown property "${k}"`, code: 400 })
+      } else {
+        d[k] = data[k] && typeof data[k] === 'object' ? deepCopyObject(data[k]) : data[k]
+      }
+    } else if (element.isAssociation) {
+      d[k] = Array.isArray(data[k])
+        ? data[k].map(d => _getDeepCopy(d, model.definitions[element.target], model, validations))
+        : _getDeepCopy(data[k], model.definitions[element.target], model, validations)
+    } else if (element._isStructured) {
+      d[k] = _getDeepCopy(data[k], element, model, validations)
+    } else {
+      d[k] = data[k]
+    }
+  }
+  return d
+}
+
+const getDeepCopy = (data, definition, model, skipKeys) => {
+  const validations = []
+  const copy = Array.isArray(data)
+    ? data.map(d => _getDeepCopy(d, definition, model, validations, skipKeys))
+    : _getDeepCopy(data, definition, model, validations, skipKeys)
+  if (!validations.length) return [undefined, copy]
+  if (validations.length === 1) return [validations[0]]
+  return [Object.assign(new Error(MULTIPLE_ERRORS), { details: validations })]
+}
+
+module.exports = {
+  getDeepCopy
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "5.5.5",
+  "version": "5.6.0",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -40,6 +40,9 @@
     }
   },
   "lint-staged": {
+    "libx/odata/odata2cqn/grammar.pegjs": [
+      "npm run pegjs:odata2cqn && git add libx/odata/odata2cqn/parser.js"
+    ],
     "{libx,tests/_runtime}/**/*.js": [
       "npx prettier --write"
     ]

package/server.js

@@ -40,16 +40,23 @@ module.exports = async function cds_server (options, o = { ...options, __proto__
   if (o.logger)    app.use (o.logger)                   //> basic request logging
   if (o.toggler)   app.use (o.toggler)                  //> feature toggler
 
+  // give uiflex a chance to plug into everything
+  if (cds.requires.extensibility) await require('./libx/_runtime/fiori/uiflex')() // REVISIT: later this should be a ext umbrella service
+
   // load specified models or all in project
   const csn = await cds.load (o.from||'*', {mocked:o.mocked})
-  cds.model = o.from = cds.linked (cds.compile.for.odata(csn))
+  const m = cds.linked(csn).minified()
+  cds.model = o.from = cds.linked (cds.compile.for.odata(m))
 
   // connect to essential framework services if required
-  const _init = o.in_memory && (db => cds.deploy(csn).to(db,o))
+  const _init = o.in_memory && (db => cds.deploy(m).to(db,o))
   if (cds.requires.db) cds.db =  await cds.connect.to ('db') .then (_init)
   if (cds.requires.messaging)    await cds.connect.to ('messaging')
   if (cds.requires.multitenancy) await cds.mtx.in (app)
 
+  // serve graphql
+  if (cds.env.features.graphql) serve_graphql(app)
+
   // serve all services declared in models
   await cds.serve (o.service,o).in (app)
   await cds.emit ('served', cds.services)               //> hook for listeners
@@ -113,6 +120,16 @@ const _app_serve = function (endpoint) { return {
 }}
 
 
+// register graphql router on served event
+function serve_graphql (app) {
+  cds.on('served', services => {
+    const GraphQLAdapter = require('./libx/gql/GraphQLAdapter')
+    app.use(new GraphQLAdapter(services, { graphiql: true }))
+    cds.log()("serving GraphQL endpoint for all services { at: '/graphql' }")
+  })
+}
+
+
 function cors (req, res, next) {
   const { origin } = req.headers
   if (origin) res.set('access-control-allow-origin', origin)
@@ -133,5 +150,6 @@ function correlate (req,_,next) {
   next()
 }
 
+
 // -------------------------------------------------------------------------
 if (!module.parent)  module.exports ({from:process.argv[2]})

package/libx/_runtime/cds-services/services/utils/diff.js

@@ -1,53 +0,0 @@
-/* istanbul ignore file */
-
-// REVISIT: probably needed for personal data handling
-
-const _getDiff = (data, status) => {
-  const diffs = []
-
-  for (const key in data) {
-    if (!key.startsWith('*@odata.')) {
-      diffs.push({ name: key, [status]: data[key] })
-    }
-  }
-
-  return diffs
-}
-
-const _getDiffForUpdate = (oldData, newData) => {
-  const diffs = []
-
-  // Diff added if field in newData is not present or has a different value in oldData.
-  // No diff added if a field is not present in newData.
-  for (const key in newData) {
-    if (!key.startsWith('*@odata.') && oldData[key] !== newData[key]) {
-      diffs.push({ name: key, old: oldData[key], new: newData[key] })
-    }
-  }
-
-  return diffs
-}
-
-/**
- * Compare to objects on first level.
- * Returns a list of changes like {name: 'key', old: 'val', new: 'val'}
- *
- * @param {string} event
- * @param {object} oldData
- * @param {object} newData
- * @returns {Array}
- */
-const diff = (event, oldData = {}, newData = {}) => {
-  switch (event) {
-    case 'CREATE':
-      return _getDiff(newData, 'new')
-    case 'UPDATE':
-      return _getDiffForUpdate(oldData, newData)
-    case 'DELETE':
-      return _getDiff(oldData, 'old')
-    default:
-      return []
-  }
-}
-
-module.exports = diff

package/libx/_runtime/cds-services/util/auditlog.js

@@ -1,247 +0,0 @@
-/* istanbul ignore file */
-
-const { getAuditLogNotWrittenError } = require('./errors')
-
-const _getCredentials = auditLog => {
-  return require('./xsenv')('auditlog', auditLog)
-}
-
-const _keysToString = keys => {
-  const strings = []
-  for (const key in keys) {
-    strings.push(`${key}: ${keys[key]}`)
-  }
-
-  return strings.join(', ')
-}
-
-const _logAttributes = (log, attributes) => {
-  for (const attribute in attributes) {
-    log = log.attribute({ name: attribute })
-  }
-}
-
-const _logTenant = (log, tenant) => {
-  log = tenant ? log.tenant(tenant) : log
-}
-
-/**
- * Logs securityMessage that user is not authorized.
- *
- * @param auditLogger - the audit logger
- * @param credentials - credentials for audit log instance
- * @param logger - logger object
- * @param {object} args - user if provided via basic auth, if not  => ip address
- * @param args.user
- * @param args.ip ip address of the user
- * @private
- */
-const _logUnauthorized = (auditLogger, credentials, logger, { user, ip }) => {
-  auditLogger.v2(credentials, function (err, auditLog) {
-    if (err) {
-      // TODO: Decide for a more meaningful error message
-      return logger.error(`Error occurred while writing audit log: ${err}`)
-    }
-
-    let log = auditLog.securityMessage('Unsuccessful login attempt').by(user)
-    log = ip ? log.externalIP(ip) : log
-
-    log.log(function (err) {
-      if (err) {
-        return logger.error(`Error occurred while writing audit log: ${err}`)
-      }
-    })
-  })
-}
-
-/**
- * Logs securityMessage that user does not have sufficient permissions.
- *
- * @param auditLogger - the audit logger
- * @param credentials - credentials for audit log instance
- * @param logger - logger object
- * @param {object} args
- * @param args.user - user that has not sufficient privileges
- * @param args.ip - ip address of the user
- * @param args.tenant - tenant of the user
- * @private
- */
-const _logMissingPermissions = (auditLogger, credentials, logger, { user, ip, tenant }) => {
-  auditLogger.v2(credentials, function (err, auditLog) {
-    if (err) {
-      return logger.error(`Error occurred while writing audit log: ${err}`)
-    }
-
-    let log = auditLog.securityMessage('User does not have required permissions').by(user)
-    log = ip ? log.externalIP(ip) : log
-    log = tenant ? log.tenant(tenant) : log
-
-    log.log(function (err) {
-      if (err) {
-        return logger.error(`Error occurred while writing audit log: ${err}`)
-      }
-    })
-  })
-}
-
-/**
- *
- * Logs data read access.
- *
- * @param auditLogger - the audit logger
- * @param credentials - credentials for audit log instance
- * @param auditLogData - audit log input like dataSubject, the changed sensitive attributes or the user and tenant
- * @returns {Promise} which rejects if audit log cannot be written
- * @private
- */
-const _logReadAccess = (auditLogger, credentials, auditLogData) => {
-  return new Promise((resolve, reject) => {
-    auditLogger.v2(credentials, function (err, auditLog) {
-      if (err) {
-        return reject(getAuditLogNotWrittenError(err, 'before commit', 'READ'))
-      }
-
-      const { dataSubject, attributes, auditObject, user, tenant } = auditLogData
-
-      try {
-        let log = auditLog.read({
-          type: auditObject.type,
-          id: { key: _keysToString(auditObject.keys) }
-        })
-
-        _logAttributes(log, attributes)
-        log = log.dataSubject({
-          type: dataSubject.type,
-          id: dataSubject.keys,
-          role: dataSubject.role
-        })
-
-        _logTenant(log, tenant)
-        log = log.by(user)
-
-        log.log(function (err) {
-          if (err) {
-            return reject(getAuditLogNotWrittenError(err, 'before commit', 'READ'))
-          }
-          resolve()
-        })
-      } catch (err) {
-        return reject(getAuditLogNotWrittenError(err, 'before commit', 'READ'))
-      }
-    })
-  })
-}
-
-/**
- *
- * Logs diff of a data manipulation event.
- *
- * @param auditLogger - the audit logger
- * @param credentials - credentials for audit log instance
- * @param {object} args
- * @param args.context - the context object
- * @param args.auditLogData - audit log input like dataSubject, the changed sensitive attributes or the user and tenant
- * @param args.phase - the phase the logDataChange handler was triggered in
- * @returns {Promise}
- * @private
- */
-const _logDataChange = (auditLogger, credentials, { context, auditLogData, phase }) => {
-  const { dataSubject, attributes, auditObject, diff, user, tenant } = auditLogData
-  return new Promise((resolve, reject) => {
-    auditLogger.v2(credentials, function (err, auditLog) {
-      if (err) {
-        return reject(getAuditLogNotWrittenError(err, phase))
-      }
-
-      try {
-        let log = auditLog.update({
-          type: auditObject.type,
-          id: { key: _keysToString(auditObject.keys) }
-        })
-
-        for (const difference of diff) {
-          if (attributes[difference.name]) {
-            log = log.attribute(Object.assign({ new: 'null', old: 'null' }, difference))
-          }
-        }
-
-        log = log.dataSubject({
-          type: dataSubject.type,
-          id: dataSubject.keys,
-          role: dataSubject.role
-        })
-
-        log = tenant ? log.tenant(tenant) : log
-        log = log.by(user)
-
-        log.logPrepare(function (err) {
-          if (err) {
-            return reject(getAuditLogNotWrittenError(err, phase))
-          }
-          context._.auditLogContinuation = log
-          resolve()
-        })
-      } catch (err) {
-        return reject(getAuditLogNotWrittenError(err, phase))
-      }
-    })
-  })
-}
-
-/**
- * Initializes the audit log object.
- * If options.auditLog provided, it looks via xsenv for a configured audit log instance.
- * If not, logs the audit events to the logger object (if provided via options, if not to console).
- *
- * @param {object} auditLog - the service options
- * @param {object} logger - the logger object
- * @returns {object} - with convenience methods logUnauthorized and logMissingPermissions to write audit logs
- */
-const initialize = (auditLog, logger) => {
-  // REVISIT: use xsenv directly and remove xsenv util
-  let auditLogConfig = _getCredentials(auditLog)
-
-  try {
-    const auditLogger = require('@sap/audit-logging')
-    if (!auditLogConfig) {
-      auditLogConfig = { logToConsole: true }
-    }
-
-    return {
-      logDataChange: info => {
-        return _logDataChange(auditLogger, auditLogConfig, info)
-      },
-      logReadAccess: info => {
-        return _logReadAccess(auditLogger, auditLogConfig, info)
-      },
-      logUnauthorized: info => {
-        return _logUnauthorized(auditLogger, auditLogConfig, logger, info)
-      },
-      logMissingPermissions: info => {
-        return _logMissingPermissions(auditLogger, auditLogConfig, logger, info)
-      }
-    }
-  } catch (err) {
-    if (auditLogConfig) {
-      // this should crash the app if audit log was defined in VCAP and module could not be loaded
-      setImmediate(() => {
-        throw err
-      })
-    }
-
-    return {
-      logDataChange: info => {
-        logger.log(info)
-        return Promise.resolve()
-      },
-      logReadAccess: info => {
-        logger.log(info)
-        return Promise.resolve()
-      },
-      logUnauthorized: logger.warn,
-      logMissingPermissions: logger.warn
-    }
-  }
-}
-
-module.exports = initialize

package/libx/_runtime/cds-services/util/xsenv.js

@@ -1,51 +0,0 @@
-/* istanbul ignore file */
-
-const _findByType = type => {
-  try {
-    return require('@sap/xsenv').getServices({
-      [type]: {
-        tag: type
-      }
-    })
-  } catch (e) {}
-}
-
-const _structured = filter => {
-  return Object.keys(filter).some(key => {
-    return typeof filter[key] === 'object'
-  })
-}
-
-const _filter = (serviceName, filter) => {
-  if (_structured(filter)) {
-    return filter
-  }
-
-  return { [serviceName]: filter }
-}
-
-const _getServices = (serviceName, filter) => {
-  if (typeof filter === 'object') {
-    return require('@sap/xsenv').getServices(_filter(serviceName, filter))
-  }
-
-  return _findByType(serviceName)
-}
-
-/**
- * Get credentials for service by name and/or filter object.
- *
- * @param {string} serviceName
- * @param {object} [filter]
- * @returns {*}
- * @private
- */
-const getCredentialsFromXsEnv = (serviceName, filter) => {
-  const services = _getServices(serviceName, filter)
-
-  if (services) {
-    return services[Object.keys(services)[0]]
-  }
-}
-
-module.exports = getCredentialsFromXsEnv

package/libx/_runtime/common/utils/backlinks.js

@@ -1,83 +0,0 @@
-const { foreignKeyPropagations } = require('./foreignKeyPropagations')
-
-const getOnCondElements = (onCond, onCondElements = []) => {
-  const andIndex = onCond.indexOf('and')
-  const entityKey = onCond[2].ref && onCond[2].ref.join('.')
-  const entityVal = onCond[2].val
-  const targetKey = onCond[0].ref && onCond[0].ref.join('.')
-  const targetVal = onCond[0].val
-  onCondElements.push({ entityKey, targetKey, entityVal, targetVal })
-
-  if (andIndex !== -1) {
-    getOnCondElements(onCond.slice(andIndex + 1), onCondElements)
-  }
-  return onCondElements
-}
-
-const isSelfManaged = element => {
-  if (element.on && element.on.length > 2) {
-    return (
-      (element.on[0].ref && element.on[0].ref[0]) === '$self' || (element.on[2].ref && element.on[2].ref[0] === '$self')
-    )
-  }
-  return false
-}
-
-const _getBacklinkNameFromOnCond = element => {
-  if (element.on && element.on.length === 3 && element.on[0].ref && element.on[2].ref) {
-    if (element.on[0].ref[0] === '$self') {
-      return element.on[2].ref[element.on[2].ref.length - 1]
-    } else if (element.on[2].ref[0] === '$self') {
-      return element.on[0].ref[element.on[0].ref.length - 1]
-    }
-  }
-}
-
-const isBacklink = (element, parent, checkContained, backLinkName) => {
-  if (!element._isAssociationStrict) return false
-  if (!parent || !(element.keys || element.on)) return false
-  if (element.target !== parent.name) return false
-
-  const _isBackLink = parentElement =>
-    (!checkContained || parentElement._isContained) && _getBacklinkNameFromOnCond(parentElement) === element.name
-
-  if (backLinkName) {
-    const parentElement = parent.elements[backLinkName]
-    return parentElement.isAssociation && _isBackLink(parentElement)
-  }
-  for (const parentElementName in parent.elements) {
-    const parentElement = parent.elements[parentElementName]
-    if (!parentElement.isAssociation) continue
-    if (_isBackLink(parentElement)) return true
-  }
-
-  return false
-}
-// REVISIT: replace getBacklinks where used with foreignKeyPropagation
-const getBackLinks = element => {
-  const res = foreignKeyPropagations(element)
-
-  if (element.on) {
-    return res.map(e => ({
-      entityKey:
-        e.prefix && !e.childFieldName.includes(e.prefix) ? e.prefix + '_' + e.childFieldName : e.childFieldName,
-      entityVal: e.childFieldValue,
-      targetKey:
-        e.prefix && !e.parentFieldName.includes(e.prefix) ? e.prefix + '_' + e.parentFieldName : e.parentFieldName,
-      targetVal: e.parentFieldValue
-    }))
-  }
-
-  return res.map(e => ({
-    entityKey:
-      e.prefix && !e.parentFieldName.includes(e.prefix) ? e.prefix + '_' + e.parentFieldName : e.parentFieldName,
-    targetKey: e.prefix && !e.childFieldName.includes(e.prefix) ? e.prefix + '_' + e.childFieldName : e.childFieldName
-  }))
-}
-
-module.exports = {
-  getBackLinks,
-  isSelfManaged,
-  getOnCondElements,
-  isBacklink
-}

package/libx/_runtime/common/utils/rewriteAsterisk.js

@@ -1,72 +0,0 @@
-const { getNavigationIfStruct } = require('./structured')
-const getColumns = require('../../db/utils/columns')
-const _isAsteriskCol = col => col === '*' || (col.ref && col.ref[0] === '*')
-const cds = require('../../../../libx/_runtime/cds')
-
-const _isDraft = req => {
-  return (
-    req.target &&
-    ((typeof req.target.name === 'string' && req.target.name.endsWith('_drafts')) ||
-      typeof req.target.name === 'object') // > union, which is (currently) only the case with draft
-  )
-}
-
-const _getColumns = target => {
-  const columns = getColumns(target)
-  return columns.map(col => ({ ref: [col.name] }))
-}
-
-const _rewriteExpandAsterisks = (column, entity, refs) => {
-  const navigation = getNavigationIfStruct(entity, refs)
-  const targetEntity = navigation && navigation._target
-
-  if (Array.isArray(column.expand) && targetEntity) {
-    column.expand.forEach(col => {
-      if (col.ref && col.expand) {
-        _rewriteExpandAsterisks(col, targetEntity, col.ref)
-      }
-    })
-  }
-
-  if (column.expand === '*') {
-    column.expand = _getColumns(targetEntity)
-    return
-  }
-
-  if (Array.isArray(column.expand)) {
-    const asteriskColumnIndex = column.expand.findIndex(col => _isAsteriskCol(col))
-    if (asteriskColumnIndex === -1) return // * not found
-
-    column.expand.splice(asteriskColumnIndex, 1)
-    const columns = getColumns(targetEntity)
-    columns.forEach(col => {
-      column.expand.push({ ref: [col.name] })
-    })
-  }
-}
-
-const _rewriteAsterisks = req => {
-  if (_isDraft(req) || !req.query.SELECT) return
-
-  if (cds.env.features.odata_new_parser && !req.query.SELECT.columns) {
-    req.query.SELECT.columns = _getColumns(req.target)
-    return
-  }
-
-  if (!req.query.SELECT.columns) return
-  const columnsIncludesAsterisk = req.query.SELECT.columns.some(col => _isAsteriskCol(col))
-
-  if (columnsIncludesAsterisk) {
-    const expandColumns = req.query.SELECT.columns.filter(column => column.expand)
-    const columns = _getColumns(req.target)
-    req.query.SELECT.columns = expandColumns.length ? [...columns, ...expandColumns] : columns
-  }
-
-  req.query.SELECT.columns.forEach(col => {
-    if (col.ref && col.ref[0] !== 'DraftAdministrativeData' && col.expand && req.target) {
-      _rewriteExpandAsterisks(col, req.target, col.ref)
-    }
-  })
-}
-
-module.exports = _rewriteAsterisks