@sap/cds 5.8.4 → 5.9.2

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -1,16 +1,13 @@
 const cds = require('../../cds.js')
-const LOG = cds.log('messaging')
 const express = require('express')
 const getTenantInfo = require('./getTenantInfo.js')
-const isSecured = () => cds.requires.uaa && cds.requires.uaa.credentials
-const { getTenant } = require('../../auth/strategies/utils/xssec.js')
+const isSecured = () => cds.requires.auth && cds.requires.auth.credentials
+const { getTenant } = require('../../auth/strategies/xssecUtils')
 
 const _isAll = a => a && a.includes('all')
-const _hasScope = (scope, req) =>
-  req && req.authInfo && req.authInfo.checkLocalScope && req.authInfo.checkLocalScope(scope)
 
 class EndpointRegistry {
-  constructor(basePath) {
+  constructor(basePath, LOG) {
     const deployPath = basePath + '/deploy'
     const paths = [basePath, deployPath]
     this.webhookCallbacks = new Map()
@@ -18,11 +15,20 @@ class EndpointRegistry {
     if (isSecured()) {
       const JWTStrategy = require('../../auth/strategies/JWT.js')
       const passport = require('passport')
-      passport.use(new JWTStrategy(cds.requires.uaa))
+      // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
+      //          In principle, user-facing endpoints might differ from messaging ones.
+      passport.use(new JWTStrategy(cds.requires.auth.credentials))
       paths.forEach(path => {
         cds.app.use(path, passport.initialize())
         cds.app.use(path, passport.authenticate('JWT', { session: false }))
+        cds.app.use(path, (req, res, next) => {
+          // unsuccessful auth doesn't automatically reject!
+          if (!req.user) return res.status(401).json({ message: 'Unauthorized' })
+          next()
+        })
       })
+    } else if (process.env.NODE_ENV === 'production') {
+      LOG.warn('Messaging endpoints not secured')
     }
     paths.forEach(path => {
       cds.app.use(path, express.json({ type: 'application/*+json' }))
@@ -43,7 +49,7 @@ class EndpointRegistry {
 
     cds.app.options(basePath, (req, res) => {
       try {
-        if (isSecured() && !_hasScope('emcallback', req)) return res.sendStatus(403)
+        if (isSecured() && !req.user.is('emcallback')) return res.sendStatus(403)
         res.set('WebHook-Allowed-Origin', req.headers['webhook-request-origin'])
         res.sendStatus(200)
       } catch (error) {
@@ -53,7 +59,7 @@ class EndpointRegistry {
     LOG._debug && LOG.debug('Register inbound endpoint', { basePath, method: 'POST' })
     cds.app.post(basePath, (req, res) => {
       try {
-        if (isSecured() && !_hasScope('emcallback', req)) return res.sendStatus(403)
+        if (isSecured() && !req.user.is('emcallback')) return res.sendStatus(403)
         const queueName = req.query.q
         const authInfo = req.authInfo
         const xAddress = req.headers['x-address']
@@ -83,7 +89,7 @@ class EndpointRegistry {
     })
     cds.app.post(deployPath, async (req, res) => {
       try {
-        if (isSecured() && !_hasScope('emmanagement', req)) return res.sendStatus(403)
+        if (isSecured() && !req.user.is('emmanagement')) return res.sendStatus(403)
         const tenants = req.body && !_isAll(req.body.tenants) && req.body.tenants
         const queues = req.body && !_isAll(req.body.queues) && req.body.queues
         const options = { wipeData: req.body && req.body.wipeData }
@@ -120,9 +126,10 @@ class EndpointRegistry {
 const registries = new Map()
 
 // REVISIT: Use cds mechanism instead of express? -> Need option method and handler for specifica
-const registerWebhookEndpoints = (basePath, queueName, cb) => {
+const registerWebhookEndpoints = (basePath, queueName, LOG, cb) => {
   const registry =
-    registries.get(basePath) || (registries.set(basePath, new EndpointRegistry(basePath)) && registries.get(basePath))
+    registries.get(basePath) ||
+    (registries.set(basePath, new EndpointRegistry(basePath, LOG)) && registries.get(basePath))
   registry.registerWebhookCallback(queueName, cb)
 }
 

package/libx/_runtime/messaging/enterprise-messaging.js

@@ -10,7 +10,6 @@ const {
   registerDeployEndpoints,
   registerWebhookEndpoints
 } = require('./enterprise-messaging-utils/registerEndpoints.js')
-const LOG = cds.log('messaging')
 const cloudEvents = require('./enterprise-messaging-utils/cloudEvents.js')
 
 const BASE_PATH = '/messaging/enterprise-messaging'
@@ -61,12 +60,12 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
           const management = await this.getManagement(subdomain).waitUntilReady()
           await management.undeploy()
         } catch (error) {
-          LOG._error && LOG.error('Failed to delete messaging artifacts for subdomain', subdomain, '(', error, ')')
+          this.LOG.error('Failed to delete messaging artifacts for subdomain', subdomain, '(', error, ')')
         }
         return next()
       })
       provisioning.on('dependencies', async (req, next) => {
-        LOG._info && LOG.info('Include Enterprise-Messaging as SaaS dependency')
+        this.LOG._info && this.LOG.info('Include Enterprise-Messaging as SaaS dependency')
         const res = await next()
         const xsappname = this.options.credentials && this.options.credentials.xsappname
         if (xsappname) {
@@ -80,7 +79,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
 
   startListening() {
     const doNotDeploy = cds._mtxEnabled && !this.options.deployForProvider
-    if (doNotDeploy) LOG._info && LOG.info('Skipping deployment of messaging artifacts for provider account')
+    if (doNotDeploy) this.LOG._info && this.LOG.info('Skipping deployment of messaging artifacts for provider account')
     super.startListening({ doNotDeploy })
     if (!doNotDeploy && this.subscribedTopics.size) {
       const management = this.getManagement()
@@ -97,7 +96,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
 
   async listenToClient(cb) {
     _checkAppURL(this.optionsApp.appURL)
-    registerWebhookEndpoints(BASE_PATH, this.queueName, cb)
+    registerWebhookEndpoints(BASE_PATH, this.queueName, this.LOG, cb)
     if (cds._mtxEnabled) {
       await this.addMTXHandlers()
       registerDeployEndpoints(BASE_PATH, this.queueName, async (tenantInfo, options) => {
@@ -110,7 +109,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
               await management.deploy()
               result.succeeded.push(info.tenant)
             } catch (error) {
-              LOG._error && LOG.error('Failed to create messaging artifacts for subdomain', info.subdomain, ':', error)
+              this.LOG.error('Failed to create messaging artifacts for subdomain', info.subdomain, ':', error)
               result.failed.push({ error: error.message, tenant: info.tenant })
             }
           })
@@ -147,7 +146,8 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
       subscribedTopics: this.subscribedTopics,
       alternativeTopics: this.alternativeTopics,
       subdomain: _subdomain,
-      namespace: this.options.credentials && this.options.credentials.namespace
+      namespace: this.options.credentials && this.options.credentials.namespace,
+      LOG: this.LOG
     })
   }
 
@@ -174,7 +174,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
         headers: {
           'x-qos': 1
         },
-        attemptInfo: () => LOG._info && LOG.info('Emit', { topic }),
+        attemptInfo: () => this.LOG._info && this.LOG.info('Emit', { topic }),
         errMsg,
         target: { kind: 'MESSAGE', topic },
         tokenStore: {}

package/libx/_runtime/messaging/file-based.js

@@ -1,5 +1,4 @@
 const cds = require('../cds')
-const LOG = cds.log('messaging')
 
 const path = require('path')
 const fs = require('fs').promises
@@ -25,11 +24,11 @@ class FileBasedMessaging extends MessagingService {
     const e = _msg.event
     delete _msg.event
     await this.queued(lock)(this.file)
-    LOG._debug && LOG.debug('Emit', { topic: e, file: this.file })
+    this.LOG._debug && this.LOG.debug('Emit', { topic: e, file: this.file })
     try {
       await fs.appendFile(this.file, `\n${e} ${JSON.stringify(_msg)}`)
     } catch (e) {
-      LOG._debug && LOG.debug('Error', e)
+      this.LOG._debug && this.LOG.debug('Error', e)
     } finally {
       unlock(this.file)
     }
@@ -53,9 +52,10 @@ class FileBasedMessaging extends MessagingService {
               if (this.subscribedTopics.has(topic)) {
                 const event = this.subscribedTopics.get(topic)
                 if (!event) return
+                // REVISIT: should we use this.dispatch instead of super.emit for inbound messages?
                 super
                   .emit({ event, ...json, inbound: true })
-                  .catch(e => LOG.error('ERROR occured in asynchronous event processing:', e))
+                  .catch(e => this.LOG.error('ERROR occured in asynchronous event processing:', e))
               } else other.push(each + '\n')
             }
           } catch (e) {
@@ -65,7 +65,7 @@ class FileBasedMessaging extends MessagingService {
         if (other.length < lines.length) await fs.writeFile(this.file, other.join(''))
         this.recent = await touched(this.file)
       } catch (e) {
-        LOG._debug && LOG.debug(e)
+        this.LOG._debug && this.LOG.debug(e)
       } finally {
         unlock(this.file)
       }

package/libx/_runtime/messaging/message-queuing.js

@@ -1,18 +1,17 @@
-const cds = require('../cds.js')
 const AMQPWebhookMessaging = require('./AMQPWebhookMessaging')
 const AMQPClient = require('./common-utils/AMQPClient.js')
 
 const optionsMessaging = require('./message-queuing-utils/options-messaging.js')
 const optionsManagement = require('./message-queuing-utils/options-management.js')
 const authorizedRequest = require('./common-utils/authorizedRequest')
-const LOG = cds.log('messaging')
 
 class MQManagement {
-  constructor({ options, queueConfig, queueName, subscribedTopics }) {
+  constructor({ options, queueConfig, queueName, subscribedTopics, LOG }) {
     this.options = options
     this.queueConfig = queueConfig
     this.queueName = queueName
     this.subscribedTopics = subscribedTopics
+    this.LOG = LOG
   }
 
   async getQueue(queueName = this.queueName) {
@@ -21,7 +20,7 @@ class MQManagement {
       uri: this.options.url,
       path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
       oa2: this.options.auth.oauth2,
-      attemptInfo: () => LOG._info && LOG.info('Get queue', { queue: queueName }),
+      attemptInfo: () => this.LOG._info && this.LOG.info('Get queue', { queue: queueName }),
       errMsg: `Queue "${queueName}" could not be retrieved`,
       target: { kind: 'QUEUE', queue: queueName },
       tokenStore: this
@@ -35,7 +34,7 @@ class MQManagement {
       uri: this.options.url,
       path: `/v1/management/queues`,
       oa2: this.options.auth.oauth2,
-      attemptInfo: () => LOG._info && LOG.info('Get queues'),
+      attemptInfo: () => this.LOG._info && this.LOG.info('Get queues'),
       errMsg: `Queues could not be retrieved`,
       target: { kind: 'QUEUE' },
       tokenStore: this
@@ -50,7 +49,7 @@ class MQManagement {
       path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
       oa2: this.options.auth.oauth2,
       dataObj: this.queueConfig,
-      attemptInfo: () => LOG._info && LOG.info('Create queue', { queue: queueName }),
+      attemptInfo: () => this.LOG._info && this.LOG.info('Create queue', { queue: queueName }),
       errMsg: `Queue "${queueName}" could not be created`,
       target: { kind: 'QUEUE', queue: queueName },
       tokenStore: this
@@ -63,7 +62,7 @@ class MQManagement {
       uri: this.options.url,
       path: `/v1/management/queues/${encodeURIComponent(queueName)}`,
       oa2: this.options.auth.oauth2,
-      attemptInfo: () => LOG._info && LOG.info('Delete queue', { queue: queueName }),
+      attemptInfo: () => this.LOG._info && this.LOG.info('Delete queue', { queue: queueName }),
       errMsg: `Queue "${queueName}" could not be deleted`,
       target: { kind: 'QUEUE', queue: queueName },
       tokenStore: this
@@ -76,7 +75,7 @@ class MQManagement {
       uri: this.options.url,
       path: `/v1/management/queues/${encodeURIComponent(queueName)}/subscriptions/topics`,
       oa2: this.options.auth.oauth2,
-      attemptInfo: () => LOG._info && LOG.info('Get subscriptions', { queue: queueName }),
+      attemptInfo: () => this.LOG._info && this.LOG.info('Get subscriptions', { queue: queueName }),
       errMsg: `Subscriptions for "${queueName}" could not be retrieved`,
       target: { kind: 'SUBSCRIPTION', queue: queueName },
       tokenStore: this
@@ -92,7 +91,8 @@ class MQManagement {
         topicPattern
       )}`,
       oa2: this.options.auth.oauth2,
-      attemptInfo: () => LOG._info && LOG.info('Create subscription', { topic: topicPattern, queue: queueName }),
+      attemptInfo: () =>
+        this.LOG._info && this.LOG.info('Create subscription', { topic: topicPattern, queue: queueName }),
       errMsg: `Subscription "${topicPattern}" could not be added to queue "${queueName}"`,
       target: { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern },
       tokenStore: this
@@ -107,7 +107,8 @@ class MQManagement {
         topicPattern
       )}`,
       oa2: this.options.auth.oauth2,
-      attemptInfo: () => LOG._info && LOG.info('Delete subscription', { topic: topicPattern, queue: queueName }),
+      attemptInfo: () =>
+        this.LOG._info && this.LOG.info('Delete subscription', { topic: topicPattern, queue: queueName }),
       errMsg: `Subscription "${topicPattern}" could not be deleted from queue "${queueName}"`,
       target: { kind: 'SUBSCRIPTION', queue: queueName, topic: topicPattern },
       tokenStore: this
@@ -115,7 +116,7 @@ class MQManagement {
   }
 
   async createQueueAndSubscriptions() {
-    LOG._info && LOG.info(`Create messaging artifacts`)
+    this.LOG._info && this.LOG.info(`Create messaging artifacts`)
     const created = await this.createQueue()
     if (created && created.statusCode === 200) {
       // We need to make sure to only keep our own subscriptions
@@ -171,7 +172,8 @@ class MessageQueuing extends AMQPWebhookMessaging {
       options: _optionsManagement,
       queueConfig,
       queueName,
-      subscribedTopics: this.subscribedTopics
+      subscribedTopics: this.subscribedTopics,
+      LOG: this.LOG
     })
     return this.management
   }

package/libx/_runtime/messaging/outbox/utils.js

@@ -21,9 +21,10 @@ const _getMessagesEntity = () => {
   return messagesEntity
 }
 
-// REVISIT: Is there a better way?
+// REVISIT: Is this always a reliable way to identify the provider tenant?
+//          Are there scenarios where the credentials have a different format?
 const _isProviderTenant = tenant =>
-  cds.requires.uaa && cds.requires.uaa.credentials && cds.requires.uaa.credentials.identityzoneid === tenant
+  cds.requires.auth && cds.requires.auth.credentials && cds.requires.auth.credentials.identityzoneid === tenant
 
 const hasPersistentOutbox = (srv, tenant) => {
   if (!cds.requires.outbox || cds.requires.outbox.kind !== 'persistent-outbox') return false
@@ -86,16 +87,15 @@ const processMessages = async (service, tenant, _opts = {}) => {
       } catch (e) {
         // could potentially be a timeout
         const _waitingTime = waitingTime(opts.attempt)
-        LOG._error &&
-          LOG.error(
-            'Outbox SELECT FOR UPDATE failed',
-            opts.attempt > 0
-              ? ''
-              : {
-                  cause: e
-                },
-            `Retrying in ${Math.round(_waitingTime / 1000)} s`
-          )
+        LOG.error(
+          'Outbox SELECT FOR UPDATE failed',
+          opts.attempt > 0
+            ? ''
+            : {
+                cause: e
+              },
+          `Retrying in ${Math.round(_waitingTime / 1000)} s`
+        )
         outboxRunner.schedule(
           {
             name,
@@ -127,7 +127,7 @@ const processMessages = async (service, tenant, _opts = {}) => {
           const _waitingTime = waitingTime(error.failedMessage.attempts)
           const info = { service: name, event: error.failedMessage.event }
           if (error.failedMessage.attempts > 0) info.cause = error.failedMessage.error
-          LOG._error && LOG.error('Emit failed', info, `Retrying in ${Math.round(_waitingTime / 1000)} s`)
+          LOG.error('Emit failed', info, `Retrying in ${Math.round(_waitingTime / 1000)} s`)
           await UPDATE(messagesEntity)
             .where({ ID: error.failedMessage.ID })
             .set({ attempts: { '+=': 1 } })
@@ -140,12 +140,11 @@ const processMessages = async (service, tenant, _opts = {}) => {
             () => processMessages(service, tenant, opts)
           )
         } else {
-          LOG._error &&
-            LOG.error(
-              'Emit failed',
-              { service: name, event: error.failedMessage.event, cause: error.failedMessage.error },
-              'Unrecoverable, outbox entry deleted'
-            )
+          LOG.error(
+            'Emit failed',
+            { service: name, event: error.failedMessage.event, cause: error.failedMessage.error },
+            'Unrecoverable, outbox entry deleted'
+          )
         }
       } else {
         outboxRunner.success({ name, tenant })

package/libx/_runtime/messaging/redis-messaging.js

@@ -0,0 +1,91 @@
+/* eslint-disable prettier/prettier */
+const redis = require('redis')
+const cds = require('../../../lib')
+const waitingTime = require('./common-utils/waitingTime')
+const normalizeIncomingMessage = require('./common-utils/normalizeIncomingMessage')
+const { hasPersistentOutbox } = require('./outbox/utils')
+
+const _handleReconnects = (client, LOG) => {
+  client.on('reconnecting', () => {
+    LOG.warn('Reconnecting')
+  })
+
+  client.on('error', error => {
+    LOG.warn('Failed to connect to Redis: ', error)
+  })
+}
+
+class RedisMessaging extends cds.MessagingService {
+  async init() {
+    await super.init()
+    const credentials = this.options && this.options.credentials
+    const config = {
+      socket: {
+        reconnectStrategy: attempts => {
+          const _waitingTime = waitingTime(attempts)
+          this.LOG.warn(`Connection to Redis lost: Reconnecting in ${Math.round(_waitingTime / 1000)} s`)
+          return _waitingTime
+        }
+      }
+    }
+    // rediss://someUserName:somePassword@hostName:port -> rediss://:somePassword@hostName:port
+    const url = credentials && credentials.uri && credentials.uri.replace(/\/\/.*?:/, '//:')
+    if (!url) this.LOG._warn && this.LOG.warn('No Redis credentials found, using default credentials')
+    else config.url = url
+    this.client = redis.createClient(config)
+    _handleReconnects(this.client, this.LOG)
+
+    try {
+      await this.client.connect()
+    } catch (e) {
+      throw new Error('Connection to Redis could not be established: ' + e)
+    }
+
+    this._ready = true
+    this.client.on('end', () => {
+      this._ready = false
+    })
+    this.client.on('error', () => {
+      this._ready = false
+    })
+    this.client.on('ready', () => {
+      this._ready = true
+    })
+
+    cds.once('listening', () => {
+      this.startListening()
+    })
+  }
+
+  async startListening() {
+    let subscriber
+    for (const topic of [...this.subscribedTopics].map(kv => kv[0])) {
+      if (!subscriber) {
+        // For subscriptions we need to duplicate the connection
+        subscriber = this.client.duplicate()
+        _handleReconnects(subscriber)
+        await subscriber.connect()
+      }
+      this.LOG._info && this.LOG('Create subscription', { topic })
+      await subscriber.subscribe(topic, async message => {
+        const msg = normalizeIncomingMessage(message)
+        msg.event = topic
+        try {
+          await super.emit(msg)
+        } catch (e) {
+          this.LOG.error('ERROR occured in asynchronous event processing:', e)
+        }
+      })
+    }
+  }
+
+  async emit(msg) {
+    const _msg = this.message4(msg)
+    this.LOG._info && this.LOG.info('Emit', { topic: _msg.event })
+    if (!this._ready && hasPersistentOutbox(this, cds.context && cds.context.tenant))
+      throw new Error('Redis connection not ready')
+    await this.client.publish(_msg.event, JSON.stringify({ data: _msg.data, ...(_msg.headers || {}) }))
+  }
+}
+
+module.exports = RedisMessaging

package/libx/_runtime/messaging/service.js

@@ -1,12 +1,11 @@
 const cds = require('../cds')
-const LOG = cds.log('messaging')
 const queued = require('./common-utils/queued')
 const OutboxService = require('./Outbox')
 
 const _topic = declared => declared['@topic'] || declared.name
 
 let usedTopicOnce = false
-const _warnAndStripTopicPrefix = event => {
+const _warnAndStripTopicPrefix = (event, LOG) => {
   if (event.startsWith('topic:')) {
     // backwards compatibility
     event = event.replace(/topic:/, '')
@@ -24,6 +23,7 @@ class MessagingService extends OutboxService {
     // enables queued async operations (without awaiting)
     this.queued = queued()
     this.subscribedTopics = new Map()
+    this.LOG = cds.log(this.kind ? `${this.kind}|messaging` : 'messaging')
     // Only for one central `messaging` service, otherwise all technical services would register themselves
     if (this.name === 'messaging') {
       this._registeredServices = new Map()
@@ -81,7 +81,7 @@ class MessagingService extends OutboxService {
   }
 
   on(event, cb) {
-    const _event = _warnAndStripTopicPrefix(event)
+    const _event = _warnAndStripTopicPrefix(event, this.LOG)
     // save all subscribed topics (not needed for local-messaging)
     this.subscribedTopics.set(this.prepareTopic(_event, true), _event)
     return super.on(_event, cb)
@@ -109,9 +109,11 @@ class MessagingService extends OutboxService {
 
   message4(msg) {
     const _msg = { ...msg }
-    if (msg.inbound && !cds.context)
-      _msg.user = msg.tenant ? new cds.User.Privileged({ tenant: msg.tenant }) : new cds.User.Privileged()
-    _msg.event = _warnAndStripTopicPrefix(_msg.event)
+    if (msg.inbound && !cds.context) {
+      // REVISIT: why are all inbound messages executed with privileged user?
+      cds.context = { tenant: msg.tenant, user: new cds.User.Privileged() }
+    }
+    _msg.event = _warnAndStripTopicPrefix(_msg.event, this.LOG)
     if (!_msg.headers) _msg.headers = {}
     if (!_msg.inbound) {
       _msg.headers = { ..._msg.headers } // don't change the original object

package/libx/_runtime/remote/Service.js

@@ -40,12 +40,13 @@ const _setCorrectValue = (el, data, params, kind) => {
 const _buildPartialUrlFunctions = (url, data, params, kind = 'odata-v4') => {
   const funcParams = []
   const queryOptions = []
-  for (const el in data) {
+  // REVISIT: take params from params after importer fix (the keys should not be part of params)
+  for (const param in data) {
     if (kind === 'odata-v2') {
-      funcParams.push(`${el}=${_setCorrectValue(el, data, params, kind)}`)
+      funcParams.push(`${param}=${_setCorrectValue(param, data, params, kind)}`)
     } else {
-      funcParams.push(`${el}=@${el}`)
-      queryOptions.push(`@${el}=${_setCorrectValue(el, data, params, kind)}`)
+      funcParams.push(`${param}=@${param}`)
+      queryOptions.push(`@${param}=${_setCorrectValue(param, data, params, kind)}`)
     }
   }
   return kind === 'odata-v2'
@@ -62,8 +63,17 @@ const _extractParamsFromData = (data, params) => {
 
 const _buildKeys = (req, kind) => {
   const keys = []
-  for (const key in req.target.keys) {
-    keys.push(`${key}=${formatVal(req.data[key], key, req.target, kind)}`)
+  if (req.params && req.params.length > 0) {
+    const p1 = req.params[0]
+    if (typeof p1 !== 'object') return [p1]
+    for (const key in req.target.keys) {
+      keys.push(`${key}=${formatVal(p1[key], key, req.target, kind)}`)
+    }
+  } else {
+    // REVISIT: shall we keep that or remove it?
+    for (const key in req.target.keys) {
+      keys.push(`${key}=${formatVal(req.data[key], key, req.target, kind)}`)
+    }
   }
   return keys
 }
@@ -83,7 +93,14 @@ const _handleBoundActionFunction = (srv, def, req, url) => {
 
 const _handleUnboundActionFunction = (srv, def, req, event) => {
   if (def.kind === 'action') {
-    return srv.post(`/${event}`, req.data)
+    // REVISIT: only for "rest" unbound actions/functions, we enforce axios to return a buffer
+    // required by cds-mt
+    const isBinary =
+      srv.kind === 'rest' &&
+      def &&
+      def.returns &&
+      (def.returns.type === 'cds.LargeBinary' || def.returns.type === 'cds.Binary')
+    return srv.send({ method: 'POST', path: `/${event}`, data: req.data, _binary: isBinary })
   }
 
   const url =
@@ -97,11 +114,30 @@ const _handleV2ActionFunction = (srv, def, req, event, kind) => {
   return def.kind === 'function' ? srv.get(url) : srv.post(url, {})
 }
 
+const _handleV2BoundActionFunction = (srv, def, req, event, kind) => {
+  const params = []
+  const data = req.data
+  // REVISIT: take params from def.params, after importer fix (the keys should not be part of params)
+  for (const param in req.data) {
+    params.push(`${param}=${formatVal(data[param], param, { elements: def.params }, kind)}`)
+  }
+  const keys = _buildKeys(req, this.kind)
+  if (keys.length === 1 && typeof req.params[0] !== 'object') {
+    params.push(`${Object.keys(req.target.keys)[0]}=${keys[0]}`)
+  } else {
+    params.push(...keys)
+  }
+  const url = `${`/${event}`}?${params.join('&')}`
+  return def.kind === 'function' ? srv.get(url) : srv.post(url, {})
+}
+
 const _addHandlerActionFunction = (srv, def, target) => {
   const event = def.name.match(/\w*$/)[0]
   if (target) {
     srv.on(event, target, async function (req) {
       const shortEntityName = req.target.name.replace(`${this.namespace}.`, '')
+      if (this.kind === 'odata-v2')
+        return _handleV2BoundActionFunction(srv, def, req, `${shortEntityName}_${event}`, this.kind)
       const url = `/${shortEntityName}(${_buildKeys(req, this.kind).join(',')})/${this.namespace}.${event}`
       return _handleBoundActionFunction(srv, def, req, url)
     })
@@ -208,7 +244,7 @@ class RemoteService extends cds.Service {
 
     if (req.target && req.target.name && this.definition && req.target.name.startsWith(this.definition.name + '.')) {
       const result = await super.handle(req)
-      // only post process if alias was explicitely set in query
+      // only post process if alias was explicitly set in query
       if (_selectOnlyWithAlias(req.query)) {
         return postProcess(req.query, result, this, true)
       }