@sap/cds 5.7.3 → 5.8.1

package/libx/_runtime/remote/utils/client.js

@@ -5,7 +5,7 @@ const SANITIZE_VALUES = process.env.NODE_ENV === 'production' && cds.env.log.san
 
 const cdsLocale = require('../../../../lib/req/locale')
 
-const { convertV2ResponseData, deepSanitize } = require('./data')
+const { convertV2ResponseData, deepSanitize, convertV2PayloadData } = require('./data')
 
 let _cloudSdkCore
 
@@ -30,6 +30,7 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
   const destinationName = typeof destination === 'string' && destination
   if (destinationName) {
     destination = await getDestination(destinationName, resolveDestinationOptions(destinationOptions, jwt))
+    if (!destination) throw new Error(`Cannot resolve destination "${destinationName}"`)
   } else if (destination.forwardAuthToken) {
     destination = {
       ...destination,
@@ -166,10 +167,10 @@ const _purgeODataV2 = (data, target, reqHeaders) => {
   if (typeof data !== 'object' || !data.d) return data
 
   data = data.d
-  const contentType = reqHeaders['content-type']
-  const ieee754Compatible = contentType && contentType.includes('IEEE754Compatible=true')
+  const ieee754Compatible = reqHeaders.accept && reqHeaders.accept.includes('IEEE754Compatible=true')
+  const exponentialDecimals = ieee754Compatible && reqHeaders.accept.includes('ExponentialDecimals=true')
   const purgedResponse = data.results || data
-  const convertedResponse = convertV2ResponseData(purgedResponse, target, ieee754Compatible)
+  const convertedResponse = convertV2ResponseData(purgedResponse, target, ieee754Compatible, exponentialDecimals)
   return _normalizeMetadata(/^__/, data, convertedResponse)
 }
 
@@ -245,6 +246,7 @@ const run = async (
 
     LOG._warn && LOG.warn(sanitizedError)
 
+    // REVISIT: switch from innererror to reason in cds^6
     throw Object.assign(new Error(e.message), { statusCode: 502, innererror: sanitizedError })
   }
 
@@ -266,6 +268,7 @@ const run = async (
 
     LOG._warn && LOG.warn(sanitizedError)
 
+    // REVISIT: switch from innererror to reason in cds^6
     throw Object.assign(new Error(`Error during request to remote service: ${e.message}`), {
       statusCode: 502,
       innererror: sanitizedError
@@ -293,6 +296,8 @@ const run = async (
         : 'Request to remote service failed.'
       const sanitizedError = _getSanitizedError(contentJSON, requestConfig)
       LOG._warn && LOG.warn(sanitizedError)
+
+      // REVISIT: switch from innererror to reason in cds^6
       throw Object.assign(new Error(contentJSON.message), { statusCode: 502, innererror: sanitizedError })
     }
   }
@@ -321,32 +326,37 @@ const getJwt = req => {
   return null
 }
 
-const _cqnToReqOptions = (query, kind, model) => {
+const _cqnToReqOptions = (query, kind, model, target) => {
   const queryObject = cds.odata.urlify(query, { kind, model })
-  return {
+  const reqOptions = {
     method: queryObject.method,
     url: encodeURI(
       queryObject.path
         // ugly workaround for Okra not allowing spaces in ( x eq 1 )
         .replace(/\( /g, '(')
         .replace(/ \)/g, ')')
-    ),
-    data: queryObject.body
+    )
   }
+  if (queryObject.method !== 'GET' && queryObject.method !== 'HEAD') {
+    reqOptions.data = kind === 'odata-v2' ? convertV2PayloadData(queryObject.body, target) : queryObject.body
+  }
+  return reqOptions
 }
 
-const _stringToReqOptions = (query, data) => {
+const _stringToReqOptions = (query, data, target) => {
   const cleanQuery = query.trim()
   const blankIndex = cleanQuery.substring(0, 8).indexOf(' ')
   const reqOptions = {
     method: cleanQuery.substring(0, blankIndex).toUpperCase(),
     url: encodeURI(formatPath(cleanQuery.substring(blankIndex, cleanQuery.length).trim()))
   }
-  if (data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') reqOptions.data = data
+  if (data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') {
+    reqOptions.data = this.kind === 'odata-v2' ? Object.assign({}, convertV2PayloadData(data, target)) : data
+  }
   return reqOptions
 }
 
-const _pathToReqOptions = (method, path, data) => {
+const _pathToReqOptions = (method, path, data, target) => {
   let url = path
   if (!url.startsWith('/')) {
     // extract entity name and instance identifier (either in "()" or after "/") from fully qualified path
@@ -358,7 +368,9 @@ const _pathToReqOptions = (method, path, data) => {
     url = url.replace(/^\/\//, '/')
   }
   const reqOptions = { method, url }
-  if (data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') reqOptions.data = data
+  if (data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') {
+    reqOptions.data = this.kind === 'odata-v2' ? Object.assign({}, convertV2PayloadData(data, target)) : data
+  }
   return reqOptions
 }
 
@@ -367,13 +379,14 @@ const _hasHeader = (headers, header) =>
     .map(k => k.toLowerCase())
     .includes(header)
 
+// eslint-disable-next-line complexity
 const getReqOptions = (req, query, service) => {
   const reqOptions =
     typeof query === 'object'
-      ? _cqnToReqOptions(query, service.kind, service.model)
+      ? _cqnToReqOptions(query, service.kind, service.model, req.target)
       : typeof query === 'string'
-      ? _stringToReqOptions(query, req.data)
-      : _pathToReqOptions(req.method, req.path, req.data)
+      ? _stringToReqOptions(query, req.data, req.target)
+      : _pathToReqOptions(req.method, req.path, req.data, req.target)
 
   reqOptions.headers = { accept: 'application/json,text/plain' }
   reqOptions.timeout = service.requestTimeout
@@ -387,6 +400,12 @@ const getReqOptions = (req, query, service) => {
     if (locale) reqOptions.headers['accept-language'] = locale
   }
 
+  // forward all dwc-* headers
+  if (service.options.forward_dwc_headers) {
+    const originalHeaders = (req.context && req.context._ && req.context._.req && req.context._.req.headers) || {}
+    for (const k in originalHeaders) if (k.match(/^dwc-/)) reqOptions.headers[k] = originalHeaders[k]
+  }
+
   if (reqOptions.data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') {
     reqOptions.headers['content-type'] = 'application/json'
     reqOptions.headers['content-length'] = Buffer.byteLength(JSON.stringify(reqOptions.data))
@@ -394,11 +413,9 @@ const getReqOptions = (req, query, service) => {
   reqOptions.url = formatPath(reqOptions.url)
 
   // batch envelope if needed
-  if (
-    KINDS_SUPPORTING_BATCH[service.kind] &&
-    reqOptions.method === 'GET' &&
-    reqOptions.url.length > ((cds.env.remote && cds.env.remote.max_get_url_length) || 1028)
-  ) {
+  const maxGetUrlLength =
+    service.options.max_get_url_length || (cds.env.remote && cds.env.remote.max_get_url_length) || 1028
+  if (KINDS_SUPPORTING_BATCH[service.kind] && reqOptions.method === 'GET' && reqOptions.url.length > maxGetUrlLength) {
     reqOptions._autoBatch = true
     reqOptions.data = [
       '--batch1',

package/libx/_runtime/remote/utils/data.js

@@ -1,3 +1,5 @@
+const { big } = require('@sap/cds-foss')
+
 // Code adopted from @sap/cds-odata-v2-adapter-proxy
 // https://www.w3.org/TR/xmlschema11-2/#nt-duDTFrag
 const DurationRegex = /^P(?:(\d)Y)?(?:(\d{1,2})M)?(?:(\d{1,2})D)?T(?:(\d{1,2})H)?(?:(\d{2})M)?(?:(\d{2}(?:\.\d+)?)S)?$/i
@@ -20,15 +22,16 @@ const DataTypeOData = {
   Time: 'cds.TimeOfDay'
 }
 
-const _convertData = (data, target, ieee754Compatible) => {
+const _convertData = (data, target, convertValueFn) => {
+  const _convertRecordFn = _getConvertRecordFn(target, convertValueFn)
   if (Array.isArray(data)) {
-    return data.map(record => _getConvertRecordFn(target, ieee754Compatible)(record))
+    return data.map(_convertRecordFn)
   }
 
-  return _getConvertRecordFn(target, ieee754Compatible)(data)
+  return _convertRecordFn(data)
 }
 
-const _getConvertRecordFn = (target, ieee754Compatible) => record => {
+const _getConvertRecordFn = (target, convertValueFn) => record => {
   for (const key in record) {
     if (key === '__metadata') continue
 
@@ -36,24 +39,26 @@ const _getConvertRecordFn = (target, ieee754Compatible) => record => {
     if (!element) continue
 
     const recordValue = record[key]
-    const type = _elementType(element)
     const value = (recordValue && recordValue.results) || recordValue
 
     if (value && (element.isAssociation || Array.isArray(value))) {
-      record[key] = _convertData(value, element._target, ieee754Compatible)
+      record[key] = _convertData(value, element._target, convertValueFn)
     } else {
-      record[key] = _convertValue(value, type, ieee754Compatible)
+      record[key] = convertValueFn(value, element)
     }
   }
 
   return record
 }
 
-const _convertValue = (value, type, ieee754Compatible) => {
+// eslint-disable-next-line complexity
+const _convertValue = (ieee754Compatible, exponentialDecimals) => (value, element) => {
   if (value == null) {
     return value
   }
 
+  const type = _elementType(element)
+
   if (['cds.Boolean'].includes(type)) {
     if (value === 'true') {
       value = true
@@ -63,7 +68,14 @@ const _convertValue = (value, type, ieee754Compatible) => {
   } else if (['cds.Integer'].includes(type)) {
     value = parseInt(value, 10)
   } else if (['cds.Decimal', 'cds.Integer64', 'cds.DecimalFloat'].includes(type)) {
-    value = ieee754Compatible ? `${value}` : parseFloat(value)
+    const bigValue = big(value)
+    if (ieee754Compatible) {
+      // TODO test with arrayed => element.items.scale?
+      value = exponentialDecimals ? bigValue.toExponential(element.scale) : bigValue.toFixed(element.scale)
+    } else {
+      // OData V2 does not even mention ieee754Compatible, but V4 requires JSON number if ieee754Compatible=false
+      value = bigValue.toNumber()
+    }
   } else if (['cds.Double'].includes(type)) {
     value = parseFloat(value)
   } else if (['cds.Time'].includes(type)) {
@@ -90,6 +102,29 @@ const _convertValue = (value, type, ieee754Compatible) => {
   return value
 }
 
+const _convertPayloadValue = (value, element) => {
+  const type = _elementType(element)
+
+  // see https://www.odata.org/documentation/odata-version-2-0/json-format/
+  if (value == null) return value
+  switch (type) {
+    case 'cds.Date':
+    case 'cds.DateTime':
+      return `/Date(${new Date(value).getTime()})/`
+    case 'cds.Binary':
+    case 'cds.LargeBinary':
+      return Buffer.isBuffer(value) ? value.toString('base64') : value
+    case 'cds.Timestamp':
+      // According to OData V2 spec, and as cds.DateTime => (V2) Edm.DateTimeOffset => cds.Timestamp,
+      // cds.Timestamp should be converted into Edm.DateTimeOffset literal form `datetimeoffset'${new Date(value).toISOString()}'`
+      // However, odata-v2-proxy forwards it literaly as `datetimeoffset'...'` which is rejected by okra.
+      // Note that OData V2 spec example also does not contain 'datetimeoffset' predicate.
+      return new Date(value).toISOString()
+    default:
+      return value
+  }
+}
+
 const _calculateTicksOffsetSum = text => {
   return (text.replace(/\s/g, '').match(/[+-]?([0-9]+)/g) || []).reduce((sum, value, index) => {
     return sum + parseFloat(value) * (index === 0 ? 1 : 60 * 1000) // ticks are milliseconds (0), offset are minutes (1)
@@ -115,14 +150,19 @@ const _elementType = element => {
   return type
 }
 
-const convertV2ResponseData = (data, target, ieee754Compatible) => {
+const convertV2ResponseData = (data, target, ieee754Compatible, exponentialDecimals) => {
+  if (!target || !target.elements) return data
+  return _convertData(data, target, _convertValue(ieee754Compatible, exponentialDecimals))
+}
+
+const convertV2PayloadData = (data, target) => {
   if (!target || !target.elements) return data
-  return _convertData(data, target, ieee754Compatible)
+  return _convertData(data, target, _convertPayloadValue)
 }
 
 const deepSanitize = arg => {
   if (Array.isArray(arg)) return arg.map(deepSanitize)
-  if (typeof arg === 'object')
+  if (typeof arg === 'object' && arg !== null)
     return Object.keys(arg).reduce((acc, cur) => {
       acc[cur] = deepSanitize(arg[cur])
       return acc
@@ -132,5 +172,6 @@ const deepSanitize = arg => {
 
 module.exports = {
   convertV2ResponseData,
+  convertV2PayloadData,
   deepSanitize
 }

package/libx/_runtime/sqlite/Service.js

@@ -39,7 +39,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
     this._insert = this._queries.insert(execute.insert)
     this._read = this._queries.read(execute.select, execute.stream)
     this._update = this._queries.update(execute.update, execute.select)
-    this._delete = this._queries.delete(execute.delete)
+    this._delete = this._queries.delete(execute.delete, execute.update)
     this._run = this._queries.run(this._insert, this._read, this._update, this._delete, execute.cqn, execute.sql)
 
     this.dbcs = new Map()

package/libx/_runtime/sqlite/conversion.js

@@ -1,3 +1,5 @@
+const cds = require('../cds')
+
 const convertToBoolean = boolean => {
   if (boolean === null) return null
 
@@ -41,4 +43,12 @@ const SQLITE_TYPE_CONVERSION_MAP = new Map([
   ['cds.Timestamp', convertToISOTime]
 ])
 
+if (cds.env.features.bigjs) {
+  const Big = require('big.js')
+  const convertToBig = value => new Big(value)
+
+  SQLITE_TYPE_CONVERSION_MAP.set('cds.Integer64', convertToBig)
+  SQLITE_TYPE_CONVERSION_MAP.set('cds.Decimal', convertToBig)
+}
+
 module.exports = { SQLITE_TYPE_CONVERSION_MAP }

package/libx/_runtime/sqlite/localized.js

@@ -41,7 +41,7 @@ const _handler = function (req) {
 
   // suppress localization in "select for update" n/a for sqlite
 
-  redirect(query.SELECT, getLocalize(req.locale, this.model))
+  redirect(query, getLocalize(req.locale, this.model))
 }
 
 _handler._initial = true

package/libx/_runtime/types/api.js

@@ -94,14 +94,14 @@
 
 /**
  * @typedef {object} search2cqnOptions
- * @property {ColumnRefs} [columns] The columns to
- * be searched
+ * @property {ColumnRefs} [columns] The columns to be searched
  * @property {string} locale The user locale
  */
 
 /**
  * @typedef {object} cqn2cqn4sqlOptions
  * @property {boolean} [suppressSearch=false] Indicates whether the search handler is called.
+ * @property {boolean} [_4fiori]
  * @property {import('../db/Service')} [service]
  */
 

package/libx/gql/resolvers/crud/update.js

@@ -5,16 +5,14 @@ const { entriesStructureToEntityStructure } = require('./utils')
 module.exports = async (service, entityFQN, selection) => {
   const filter = getArgumentByName(selection.arguments, ARGUMENT.FILTER)
 
-  let queryBeforeUpdate = service.read(entityFQN)
+  const queryBeforeUpdate = service.read(entityFQN)
   queryBeforeUpdate.columns(astToColumns(selection.selectionSet.selections))
 
   if (filter) {
     queryBeforeUpdate.where(astToWhere(filter))
   }
 
-  const resultBeforeUpdate = await service.tx(tx => tx.run(queryBeforeUpdate))
-
-  let query = service.update(entityFQN)
+  const query = service.update(entityFQN)
 
   if (filter) {
     query.where(astToWhere(filter))
@@ -24,7 +22,12 @@ module.exports = async (service, entityFQN, selection) => {
   const entries = entriesStructureToEntityStructure(service, entityFQN, astToEntries(input))
   query.with(entries)
 
-  const result = await service.tx(tx => tx.run(query))
+  let resultBeforeUpdate
+  const result = await service.tx(async tx => {
+    // read needs to be done before the update, otherwise the where clause might become invalid (case that properties in where clause are updated by the mutation)
+    resultBeforeUpdate = await service.tx(tx => tx.run(queryBeforeUpdate))
+    return tx.run(query)
+  })
 
   // Merge selected fields with updated data
   return resultBeforeUpdate.map(original => ({ ...original, ...result }))

package/libx/gql/resolvers/parse/ast/enrich.js

@@ -45,6 +45,7 @@ const traverseField = (info, field) => {
 const traverseFieldNodes = (info, fieldNodes) => fieldNodes.map(fieldNode => traverseField(info, fieldNode))
 
 module.exports = info => {
+  // REVISIT: JSON.parse(JSON.stringify(obj)) breaks buffers
   const deepClonedFieldNodes = JSON.parse(JSON.stringify(info.fieldNodes))
   traverseFieldNodes(info, deepClonedFieldNodes)
   return deepClonedFieldNodes

package/libx/odata/afterburner.js

@@ -3,12 +3,23 @@ const cds = require('../_runtime/cds')
 const { where2obj } = require('../_runtime/common/utils/cqn')
 const { findCsnTargetFor } = require('../_runtime/common/utils/csn')
 
+const _addKeysDeep = (keys, keysCollector) => {
+  for (const keyName in keys) {
+    const key = keys[keyName]
+    if (key.type === 'cds.Association' || key['@odata.foreignKey4'] === 'up_') continue
+    if ('elements' in key) {
+      _addKeysDeep(key.elements, keysCollector)
+      continue
+    }
+    keysCollector.push(keyName)
+  }
+}
+
 function _keysOf(entity) {
-  return entity && entity.keys
-    ? Object.keys(entity.keys).filter(
-        k => entity.elements[k].type !== 'cds.Association' && entity.elements[k]['@odata.foreignKey4'] !== 'up_'
-      )
-    : []
+  if (!entity || !entity.keys) return
+  const keysCollector = []
+  _addKeysDeep(entity.keys, keysCollector)
+  return keysCollector
 }
 
 function _getDefinition(definition, name, namespace) {
@@ -49,7 +60,7 @@ function _processSegments(cqn, model, namespace) {
   let one
   for (let i = 0; i < ref.length; i++) {
     const seg = ref[i].id || ref[i]
-    const params = ref[i].where && where2obj(ref[i].where)
+    let params = ref[i].where && where2obj(ref[i].where)
 
     if (incompleteKeys) {
       // > key
@@ -91,6 +102,9 @@ function _processSegments(cqn, model, namespace) {
         if (ref[i].where) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
           _resolveAliasInWhere(ref[i].where, current)
+          // in case of Foo(1), params will be {} (before addRefToWhereIfNecessary was called)
+          if (!Object.keys(params).length) params = where2obj(ref[i].where)
+          _checkAllKeysProvided(params, current)
         }
       } else if ({ action: 1, function: 1 }[current.kind]) {
         // > action or function
@@ -146,6 +160,15 @@ function _processSegments(cqn, model, namespace) {
 
 const _resolveFrom = from => (from.SELECT ? _resolveFrom(from.SELECT.from) : from)
 
+const _checkAllKeysProvided = (params, entity) => {
+  const keysOfEntity = _keysOf(entity)
+  if (!keysOfEntity) return
+  for (const keyOfEntity of keysOfEntity) {
+    if (!(keyOfEntity in params))
+      throw Object.assign(new Error(`Key "${keyOfEntity}" is missing for entity "${entity.name}"`), { status: 400 })
+  }
+}
+
 function _4service(service) {
   const { namespace, model } = service
 

package/libx/odata/cqn2odata.js

@@ -357,6 +357,15 @@ function $orderBy(orderBy) {
     if (hasValidProps(cur, 'ref')) {
       res.push(cur.ref.join('/'))
     }
+
+    if (hasValidProps(cur, 'func', 'sort')) {
+      res.push(`${cur.func}(${_args(cur.args)})` + ' ' + cur.sort)
+      continue
+    }
+
+    if (hasValidProps(cur, 'func')) {
+      res.push(`${cur.func}(${_args(cur.args)})`)
+    }
   }
 
   return '$orderby=' + res.join(',')

package/libx/odata/grammar.pegjs

@@ -38,6 +38,11 @@
       const n = Number(str)
       return Number.isSafeInteger(n) ? n : str
     }
+    const standardBase64 = options.standardBase64 || function (str) {
+      // convert url-safe to standard base64 (with padding, if necessary)
+      str = str.replace(/_/g, '/').replace(/-/g, '+')
+      return str.padEnd(str.length + str.length % 4, '=')
+    }
 
     const _compareRefs = col => exp => col === exp ||
       (col.as && exp.as && col.as === exp.as) ||
@@ -178,18 +183,29 @@
     = "$count" {count = true}
     / rv:$("$ref"/"$value") {return !TECHNICAL_OPTS.includes(rv) && {from: {ref: [rv]}}}
     / head:(
-      (identifier filter:(OPEN CLOSE/OPEN args CLOSE)? !segment) / val:(s:(!string val){return s[1]} / segment){return [val]}
+      (identifier filter:(OPEN CLOSE/OPEN args CLOSE)? !segment) / val:segment{return [val]}
     ) tail:( '/' p:path {return p} )? {
       const [id, filter] = head
       // minimal: val also as path segment
-      const ref = [
-        filter
-          ? filter.length > 2
-            ? { id, where: filter[1].map(f => f.val && f.val.match && f.val.match(/^"(.*)"$/) ? { val: f.val.match(/^"(.*)"$/)[1] } : f) }
-            : { id, where: [] }
-          // hasOwnProperty in case of '{val:0}' and so on
-          : ( minimal ? `${typeof id === 'object' && Object.prototype.hasOwnProperty.call(id, 'val') ? id.val : id}` : id )
-      ]
+      const ref = []
+      if (filter) {
+        if (filter.length > 2) {
+          ref.push({ id, where: filter[1].map(f => f.val && f.val.match && f.val.match(/^"(.*)"$/) ? { val: f.val.match(/^"(.*)"$/)[1] } : f) })
+        } else {
+          ref.push({ id, where: [] })
+        }
+      } else {
+        if (minimal) {
+          ref.push(`${typeof id === 'object' && 'val' in id ? id.val : id}`)
+        } else {
+          // REVISIT: keep 123 as number?
+          if (typeof id === 'object' && typeof id.val === 'string' && id.val.match(/^[1-9]\d*$|^0$/)) {
+            ref.push({ val: safeNumber(id.val) })
+          } else {
+            ref.push(id)
+          }
+        }
+      }
       if (tail && tail.from) {
         const more = tail.from.ref
         if (Object.prototype.hasOwnProperty.call(more[0], 'val')) ref[ref.length-1] = { id:ref[ref.length-1], where:[more.shift()] }
@@ -314,7 +330,13 @@
   where_clause = p:( n:NOT? {return n?[n]:[]} )(
       OPEN xpr:where_clause CLOSE {p.push({xpr})}
       / comp:comparison {p.push(...comp)}
-      / lambda:lambda {p.push(...lambda)}
+      / lambda:lambda {
+        if (p[p.length - 1] === 'not' && lambda[0] === 'not') {
+          p.push('(', ...lambda, ')')
+        } else {
+          p.push(...lambda)
+        }
+      }
       / func:boolish {p.push(func)}
       / val:bool {p.push({val})}
     )( ao:(AND/OR) more:where_clause {p.push(ao,...more)} )*
@@ -369,7 +391,8 @@
   all = "all" OPEN p:lambda_clause CLOSE { return p }
 
   orderby
-    = ref:(function/ref) sort:( _ s:$("asc"/"desc") {return s})? {
+    = ref:(lambda{const err = new Error("ORDERBY_LAMBDA_UNSUPPORTED");err.statusCode=501;throw err;}/function/ref) sort:( _ s:$("asc"/"desc") {return s})? {
+        // TODO: Lambda support
         const appendObj = $(ref, sort && {sort});
         SELECT.orderBy = SELECT.orderBy ?
           [...SELECT.orderBy, appendObj] :
@@ -398,7 +421,7 @@
     = operand (_ ("add" / "sub" / "mul" / "div" / "mod") _ operand)*
 
   operand "an operand"
-    = navigationCount / function / ref / val / jsonObject / jsonArray / list
+    = navigationCount / function / val / ref / jsonObject / jsonArray / list
 
   navigationCount "navigation with $count"
   = navigationPath:(head:identifier key:(OPEN keyArgs:args CLOSE {return keyArgs;})? '/' {
@@ -425,6 +448,7 @@
     / val:guid {return {val}}
     / val:number {return typeof val === 'number' ? {val} : { val, literal:'number' }}
     / val:string {return {val}}
+    / val:binary {return {val}}
 
   jsonObject = val:$("{" (jsonObject / [^}])* "}") {return {val}}
 
@@ -561,6 +585,7 @@
   concatTrafo = OPEN o apply (o COMMA o apply)+ o CLOSE
 
   computeTrafo = OPEN o computeExpr (o COMMA o computeExpr)* o CLOSE
+
   computeExpr = where_clause asAlias
 
   commonFuncTrafo = OPEN o first:operand o COMMA o second:operand o CLOSE { return [first, second] }
@@ -582,34 +607,37 @@
     {return s.replace(/\\\\/g,"\\").replace(/\\"/g,'"')}
 
   word
-    = s:$([a-zA-Z0-9.+-]+)
+    = $([^ \t\n()"&;]+)
 
   date
     = s:$( [0-9]+"-"[0-9][0-9]"-"[0-9][0-9] // date
-      ("T"[0-9][0-9]":"[0-9][0-9](":"[0-9][0-9]("."[0-9]+)?)? // time
+      ( "T"[0-9][0-9]":"[0-9][0-9](":"[0-9][0-9]("."[0-9]+)?)? // time
       ( "Z" / (("+" / "-")[0-9][0-9]":"[0-9][0-9]) )? // timezone (Z or +-hh:mm)
     )?)
 
   number
-    = s:$( [+-]? [0-9]+ ("."[0-9]+)? ("e"[0-9]+)? ) {return safeNumber(s)}
+    = s:$( [+-]? [0-9]+ ("."[0-9]+)? ("e"[0-9]+)? ) { return safeNumber(s) }
 
   integer
-    = s:$( [+-]? [0-9]+ ) {return parseInt(s)}
+    = s:$( [+-]? [0-9]+ ) { return parseInt(s) }
 
   identifier
-    = !bool !guid s:$([_a-zA-Z][_a-zA-Z0-9"."]*) {return s}
+    = !bool !guid s:$([_a-zA-Z][_a-zA-Z0-9"."]*) { return s }
 
   guid
-    = $(hex16 hex16 "-"? hex16 "-"? hex16 "-"? hex16 "-"? hex16 hex16 hex16)
+    = $( hex16 hex16 "-"? hex16 "-"? hex16 "-"? hex16 "-"? hex16 hex16 hex16 )
 
   hex16
-    = $([0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F])
+    = $( [0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F] )
 
-  segment
-    = val:$([a-zA-Z0-9-"."_~!$&'()*+,;=:@]+){return {val}}
+  segment // > everything except / and ?
+    = val:$( [^/?]+ ) { return { val } }
 
   skiptokenChars
-    = $([a-zA-Z0-9-"."_~!$'()*+,;=:@"/""?"]+)
+    = $( [a-zA-Z0-9-"."_~!$'()*+,;=:@"/""?"]+ )
+
+  binary // > url-safe base64
+    = "binary'" s:$([a-zA-Z0-9-_]+ ("=="/"=")?) "'" { return standardBase64(s) }
 
 //
 // ---------- Punctuation ----------

package/libx/odata/index.js

@@ -63,7 +63,7 @@ module.exports = {
     try {
       cqn = odata2cqn(url, options)
     } catch (err) {
-      if (err.message === 'EXPAND_COUNT_UNSUPPORTED') {
+      if (err.message === 'EXPAND_COUNT_UNSUPPORTED' || err.message === 'ORDERBY_LAMBDA_UNSUPPORTED') {
         throw getError(err.statusCode || 400, err.message)
       }
 
@@ -79,7 +79,7 @@ module.exports = {
 
     // REVISIT: _target vs __target, i.e., pseudo csn vs actual csn
     // DO NOT USE __target outside of libx/rest!!!
-    query.__target = cqn.__target
+    if (cqn.__target) query.__target = cqn.__target
 
     return query
   },