@sap/cds 6.0.2 → 6.1.0

package/libx/_runtime/extensibility/linter.js

@@ -0,0 +1,32 @@
+const cds = require('../cds')
+
+const NamespaceChecker = require('./linter/namespace_checker')
+const AnnotationsChecker = require('./linter/annotations_checker')
+const AllowlistChecker = require('./linter/allowlist_checker')
+
+const LINTER_OPTIONS = ['element-prefix', 'extension-allowlist', 'namespace-blocklist']
+const LEGACY_OPTIONS = ['entity-whitelist', 'service-whitelist', 'namespace-blacklist']
+
+const linter = async (extCsn, fullCsn, extensionFilenames, req) => {
+  const conf = cds.env.requires['cds.xt.ExtensibilityService'] || cds.env.mtx
+  const compat = cds.env.mtx
+  const linter_options = {}
+  let x
+  for (let p of LINTER_OPTIONS) if ((x = conf[p] || compat[p])) linter_options[p] = x // eslint-disable-line no-cond-assign
+  for (let p of LEGACY_OPTIONS) if ((x = compat[p])) linter_options[p] = x // eslint-disable-line no-cond-assign
+  if (!Object.keys(linter_options).length) return
+
+  const reflectedCsn = cds.reflect(extCsn)
+  const compileBaseDir = global.cds.root
+  const warnings = await Promise.all([
+    NamespaceChecker.check(reflectedCsn, fullCsn, compileBaseDir, linter_options),
+    AnnotationsChecker.check(reflectedCsn, extensionFilenames, compileBaseDir, linter_options),
+    AllowlistChecker.check(reflectedCsn, fullCsn, extensionFilenames, compileBaseDir, linter_options)
+  ])
+  const linterWarnings = [].concat.apply([], warnings) // REVISIT: What are we doing here?
+  if (linterWarnings.length > 0) {
+    req.reject(422, linterWarnings[0]) // REVISIT: Why are we returning the first warning only?
+  }
+}
+
+module.exports = linter

package/libx/_runtime/extensibility/push.js

@@ -3,29 +3,29 @@ const path = require('path')
 const cds = require('../cds')
 
 const activate = require('./activate')
-const { validateExtension } = require('./validation')
-const { collectFiles, getCompilerError, exists } = require('./utils')
+const { collectFiles, getCompilerError } = require('./utils')
 const { packTarArchive, unpackTarArchive } = require('../../../lib/utils/resources')
+const linter = require('./linter')
 
 const TEMP_DIR = fs.realpathSync(require('os').tmpdir())
+const LOG = cds.log('mtx')
 
 const _compileProject = async function (extension, req) {
-  let csn, root
+  let csn, root, files
   try {
     root = await fs.promises.mkdtemp(`${TEMP_DIR}${path.sep}extension-`)
     await unpackTarArchive(extension, root)
-    csn = await cds.compile(collectFiles(root, ['.cds', '.json']), { flavor: 'parsed' })
+    files = collectFiles(root, ['.cds', '.csn']) // REVISIT: don't we have exactly one ext.csn file for all extensions?
+    csn = await cds.compile(files, { flavor: 'parsed' })
     if (csn.requires) delete csn.requires
   } catch (err) {
     if (err.messages) req.reject(400, getCompilerError(err.messages))
     else throw err
   } finally {
-    if (await exists(root)) {
-      await (fs.promises.rm || fs.promises.rmdir)(root, { recursive: true, force: true })
-    }
+    ;(fs.promises.rm || fs.promises.rmdir)(root, { recursive: true, force: true }).catch(() => {})
   }
 
-  return csn
+  return { csn, files }
 }
 
 const base = async function (req) {
@@ -38,24 +38,81 @@ const base = async function (req) {
   return packTarArchive([...cdsFiles, ...csvFiles, ...i18nFiles], cds.root)
 }
 
+// const _copyFile = async function (file, dir) {
+//   const destination = path.join(dir, path.relative(cds.root, file))
+//   const dirname = path.dirname(destination)
+//   if (!(await exists(dirname))) await fs.promises.mkdir(dirname, { recursive: true })
+//   await fs.promises.copyFile(file, destination)
+// }
+
+const pull = async function (req) {
+  LOG.info(`pulling latest model for tenant '${req.tenant}'`)
+  const { 'cds.xt.ModelProviderService': mps } = cds.services
+  const csn = await mps.getCsn({
+    tenant: req.tenant,
+    toggles: Object.keys(cds.context.features || {}), // with all enabled feature extensions
+    base: true, // without any custom extensions
+    flavor: 'xtended'
+  })
+  // const csvObj = await cds.deploy.resources()
+  // const csvFiles = Object.keys(csvObj).filter(f => f.startsWith(cds.root) && !f.includes('node_modules'))
+  // const i18nFiles = collectFiles(cds.root, ['.properties'])
+
+  req._.res?.set('content-type', 'application/octet-stream; charset=binary')
+
+  let temp, tgz
+  try {
+    temp = await fs.promises.mkdtemp(`${TEMP_DIR}${path.sep}extension-`)
+    await fs.promises.writeFile(path.join(temp, 'index.csn'), cds.compile.to.json(csn))
+    // for (const file of csvFiles) await _copyFile(file, temp)
+    // for (const file of i18nFiles) await _copyFile(file, temp)
+    tgz = await packTarArchive(temp)
+  } finally {
+    ;(fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true }).catch(() => {})
+  }
+
+  return tgz
+}
+
 const push = async function (req) {
-  let { extension } = req.data
-  if (!extension || !extension.data) req.reject(400, 'Missing extension')
-  const csn = await _compileProject(extension.data, req)
-  if (!csn) req.reject(400, 'Missing or bad extension')
+  let { extension, tag } = req.data
+  if (!extension) req.reject(400, 'Missing extension')
+  const sources = typeof extension === 'string' ? Buffer.from(extension, 'base64') : extension
+  const { csn: extCsn, files } = await _compileProject(sources, req)
+  if (!extCsn) req.reject(400, 'Missing or bad extension')
+  if (!tag) tag = null
   const tenant = req.tenant
-  await validateExtension(csn, tenant, req)
+  if (tenant) cds.context = { tenant }
+
+  // remove current extension with tag
+  let currentExt
+  if (tag) {
+    currentExt = await cds.db.run(SELECT.from('cds.xt.Extensions').where({ tag }))
+    if (currentExt.length) await cds.db.run(DELETE.from('cds.xt.Extensions').where({ tag }))
+  }
 
+  LOG.info(`validating extension '${tag}' ...`)
+  // validation
+  const { 'cds.xt.ModelProviderService': mps } = cds.services
+  const csn = await mps.getCsn(tenant, Object.keys(cds.context.features || {}))
+  try {
+    cds.extend(csn).with(extCsn)
+  } catch (err) {
+    if (currentExt && currentExt.length) {
+      await cds.db.run(INSERT.into('cds.xt.Extensions').entries(currentExt)) // REVISIT: why did we eagerly delete that at all above?
+    }
+    return req.reject(400, getCompilerError(err.messages))
+  }
+  await linter(extCsn, csn, files, req)
+
+  // insert and activate extension
   const ID = cds.utils.uuid()
-  await cds.tx({ tenant }, async tx => {
-    await tx.run(
-      INSERT.into('cds.xt.Extensions').entries([
-        { ID, csn: JSON.stringify(csn), sources: extension.data, activated: 'database' }
-      ])
-    )
-  })
+  await cds.db.run(
+    INSERT.into('cds.xt.Extensions').entries([{ ID, csn: JSON.stringify(extCsn), sources, activated: 'database', tag }])
+  )
 
+  LOG.info(`activating extension '${tag}' ...`)
   await activate(ID, null, tenant)
 }
 
-module.exports = { base, push }
+module.exports = { base, push, pull }

package/libx/_runtime/extensibility/service.js

@@ -2,20 +2,37 @@ const cds = require('../cds')
 
 const addExtension = require('./addExtension')
 const { add, promote } = require('./add')
-const { base, push } = require('./push')
+const { base, push, pull } = require('./push')
+const { token } = require('./token')
 const { transformExtendedFieldsCREATE, transformExtendedFieldsUPDATE } = require('./handler/transformWRITE')
 const { transformExtendedFieldsREAD } = require('./handler/transformREAD')
 const { transformExtendedFieldsRESULT } = require('./handler/transformRESULT')
 
-module.exports = async function () {
-  this.on('addExtension', addExtension)
-  this.on('add', add)
-  this.on('promote', promote)
-  this.on('base', base)
-  this.on('push', push)
-  cds.db
-    .before('CREATE', transformExtendedFieldsCREATE)
-    .before('UPDATE', transformExtendedFieldsUPDATE)
-    .before('READ', transformExtendedFieldsREAD)
-    .after('READ', transformExtendedFieldsRESULT)
+module.exports = class ExtensibilityService extends cds.ApplicationService {
+  init() {
+    this.on('addExtension', addExtension)
+    this.on('add', add)
+    this.on('promote', promote)
+    this.on('base', base)
+    this.on('push', push)
+    this.on('pull', pull)
+
+    cds.on('served', () => cds.app.get('/-/cds/login/token', token))
+
+    const { 'cds.xt.ModelProviderService': mps } = cds.services
+    // REVISIT: mps._in_sidecar -> revisit options
+    if (!mps?._in_sidecar)
+      cds.db
+        .before('CREATE', transformExtendedFieldsCREATE)
+        .before('UPDATE', transformExtendedFieldsUPDATE)
+        .before('READ', transformExtendedFieldsREAD)
+        .after('READ', transformExtendedFieldsRESULT)
+
+    return super.init()
+  }
+
+  // REVISIT: Do we want to keep this?
+  get isExtensible() {
+    return false
+  }
 }

package/libx/_runtime/extensibility/token.js

@@ -0,0 +1,56 @@
+const { URL } = require('url')
+const cds = require('../../../lib')
+const LOG = cds.log()
+
+module.exports = {
+  async token(request, response) {
+    if (request.method === 'HEAD') {
+      response.status(204).send()
+      return
+    }
+
+    const { passcode, refresh_token, subdomain, clientid, clientsecret } = request.query
+    const { credentials } = cds.env.requires.auth
+    if (!credentials) {
+      cds.error(
+        'No auth credentials defined. The application is likely not bound to an authentication service instance.'
+      )
+    }
+
+    const parsedUrl = new URL(credentials.url)
+    parsedUrl.hostname = subdomain + '.' + parsedUrl.hostname.split('.').slice(1).join('.')
+
+    LOG.info(`Get auth token using URL ${parsedUrl}`)
+
+    if (clientid) {
+      LOG.info(`Using clientid/clientsecret from API call with clientid ${clientid}`)
+    }
+
+    const username = clientid ? clientid : credentials.clientid
+    const password = clientid ? clientsecret : credentials.clientsecret
+    const { xsappname } = cds.env.requires.auth?.credentials ?? cds.env.requires.uaa?.credentials ?? {}
+    const path =
+      (refresh_token
+        ? `oauth/token?grant_type=refresh_token&refresh_token=${refresh_token}`
+        : `oauth/token?grant_type=password&passcode=${encodeURIComponent(passcode)}`) +
+      `&scope=${encodeURIComponent(xsappname + '.cds.ExtensionDeveloper')}`
+
+    try {
+      const { data } = await require('axios').post(
+        parsedUrl + path,
+        { 'Content-Type': 'application/json' },
+        { auth: { username, password } }
+      )
+      response.send(data)
+    } catch (error) {
+      error.message = `Authentication failed with root cause '${error.message}'. Passcode URL: https://${parsedUrl.hostname}/passcode`
+      const {
+        constructor: { name },
+        message
+      } = error
+      const status = name in { JwtRequestError: 1, IncompleteJwtResponseError: 1 } ? 401 : error.response.status ?? 500
+      LOG.error(message)
+      response.status(status).send({ message, status })
+    }
+  }
+}

package/libx/_runtime/extensibility/validation.js

@@ -2,12 +2,12 @@ const cds = require('../cds')
 
 const { getCompilerError } = require('./utils')
 
-const validateCsn = (csn, req) => {
+const validateCsn = (csn, appCsn, req) => {
   if (!csn) req.reject(400, 'Missing extension')
   if (!csn.extensions) return
 
   csn.extensions.forEach(extension => {
-    if (!extension.extend || !cds.model.definitions[extension.extend]) {
+    if (!extension.extend || !appCsn.definitions[extension.extend]) {
       req.reject(400, 'Invalid extension. Parameter "extend" missing or malformed')
     }
 
@@ -17,7 +17,7 @@ const validateCsn = (csn, req) => {
   })
 }
 
-const validateExtensionFields = (csn, req) => {
+const validateExtensionFields = (csn, appCsn, req) => {
   if (!csn.extensions) return
 
   csn.extensions.forEach(extension => {
@@ -27,7 +27,7 @@ const validateExtensionFields = (csn, req) => {
           req.reject(400, `Invalid extension. Bad element name "${name}"`)
         }
 
-        if (Object.keys(cds.model.definitions[extension.extend].elements).includes(name)) {
+        if (Object.keys(appCsn.definitions[extension.extend].elements).includes(name)) {
           req.reject(400, `Invalid extension. Element "${name}" already exists`)
         }
       })
@@ -35,12 +35,9 @@ const validateExtensionFields = (csn, req) => {
   })
 }
 
-const validateExtension = async (ext, tenant, req) => {
+const validateExtension = (ext, csn, req) => {
   try {
-    const { 'cds.xt.ModelProviderService': mps } = cds.services
-    const csn = await mps.getCsn(tenant, ['*'])
-    const extCsn = cds.compile.to.json(ext)
-    await cds.compile.to.csn({ 'base.csn': JSON.stringify(csn), 'ext.csn': extCsn })
+    cds.extend(csn).with(ext)
   } catch (err) {
     req.reject(400, getCompilerError(err.messages))
   }

package/libx/_runtime/fiori/generic/activate.js

@@ -11,7 +11,6 @@ const {
 const { readAndDeleteKeywords, isActiveEntityRequested, getKeyData } = require('../utils/where')
 const { isDraftRootEntity } = require('../../fiori/utils/csn')
 const { getColumns } = require('../../cds-services/services/utils/columns')
-const { setStatusCodeAndHeader, getKeyProperty } = require('../utils/handler')
 
 const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
 
@@ -175,9 +174,6 @@ const _handler = async function (req) {
     })
   ])
 
-  const k = getKeyProperty(req.target.keys)
-  setStatusCodeAndHeader(req._.odataRes, { [k]: result[k] }, req.target.name.replace(`${this.name}.`, ''), true)
-
   return result
 }
 

package/libx/_runtime/fiori/generic/edit.js

@@ -4,14 +4,7 @@ const { INSERT, SELECT, DELETE } = cds.ql
 const { getCompositionTree } = require('../../common/composition')
 const { getColumns } = require('../../cds-services/services/utils/columns')
 const { getTransition } = require('../../common/utils/resolveView')
-const {
-  draftIsLocked,
-  ensureDraftsSuffix,
-  ensureNoDraftsSuffix,
-  getSubCQNs,
-  setStatusCodeAndHeader,
-  filterKeys
-} = require('../utils/handler')
+const { draftIsLocked, ensureDraftsSuffix, ensureNoDraftsSuffix, getSubCQNs, filterKeys } = require('../utils/handler')
 const { isActiveEntityRequested, getKeyData } = require('../utils/where')
 
 const _getDraftColumns = draftUUID => ({
@@ -163,7 +156,6 @@ const _handler = async function (req) {
   }
 
   await Promise.all(insertCQNs.map(CQN => dbtx.run(CQN)))
-  setStatusCodeAndHeader(req._.odataRes, rootWhere, req.target.name.replace(`${this.name}.`, ''), false)
   return results[0][0]
 }
 

package/libx/_runtime/fiori/generic/new.js

@@ -4,7 +4,7 @@ const { INSERT, SELECT, UPDATE } = cds.ql
 const onDraftActivate = require('./activate')._handler
 const { isNavigationToMany } = require('../utils/req')
 const { getKeysCondition } = require('../utils/where')
-const { removeDraftUUIDIfNecessary, ensureDraftsSuffix } = require('../utils/handler')
+const { ensureDraftsSuffix } = require('../utils/handler')
 const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
 
 const _getUpdateDraftAdminCQN = ({ user, timestamp }, draftUUID) => {
@@ -56,17 +56,6 @@ const _handler = async function (req, next) {
     return onDraftActivate(req, next)
   }
 
-  // fill default values
-  const elements = req.target.elements
-  for (const column in elements) {
-    const col = elements[column]
-    if (col.default !== undefined && !(column in DRAFT_COLUMNS_MAP)) {
-      if ('val' in col.default) req.data[col.name] = col.default.val
-      else if ('ref' in col.default) req.data[col.name] = col.default.ref[0]
-      else req.data[col.name] = col.default
-    }
-  }
-
   const navigationToMany = isNavigationToMany(req)
 
   const adminDataCQN = navigationToMany
@@ -74,26 +63,12 @@ const _handler = async function (req, next) {
     : _getInsertDraftAdminCQN(req, req.data.DraftAdministrativeData_DraftUUID)
   const insertDataCQN = _getInsertDataCQN(req, req.data.DraftAdministrativeData_DraftUUID)
 
-  // read data as on db and return
-  const columns = Object.keys(req.target.elements)
-    .map(e => req.target.elements[e])
-    .filter(e => !e.isAssociation)
-    .map(e => e.name)
-  const readInsertDataCQN = SELECT.from(insertDataCQN.INSERT.into).columns(columns)
-  readInsertDataCQN.where(getKeysCondition(req.target, req.data))
-
   const dbtx = cds.tx(req)
 
   await Promise.all([dbtx.run(adminDataCQN), dbtx.run(insertDataCQN)])
 
-  const result = await dbtx.run(readInsertDataCQN)
-  if (result.length === 0) {
-    req.reject(404)
-  }
-
-  removeDraftUUIDIfNecessary(req)(result[0])
-
-  return result[0]
+  req._.readAfterWrite = true
+  return { ...req.data, IsActiveEntity: false }
 }
 
 module.exports = cds.service.impl(function (srv, entity) {

package/libx/_runtime/fiori/generic/patch.js

@@ -29,7 +29,7 @@ const _getSelectCQN = (model, { target: { name } }, keysCondition, checkUser = t
   }
 
   // REVISIT: support navigation to one
-  return SELECT.from(draftName)
+  return SELECT.one(draftName)
     .columns(columns)
     .join('DRAFT.DraftAdministrativeData')
     .on([
@@ -71,19 +71,18 @@ const _handler = async function (req) {
   let result = await dbtx.run(_getSelectCQN(this.model, req, keysCondition))
 
   // Potential timeout scenario supported
-  if (result[0].draftAdmin_inProcessByUser && result[0].draftAdmin_inProcessByUser !== req.user.id) {
+  if (result.draftAdmin_inProcessByUser && result.draftAdmin_inProcessByUser !== req.user.id) {
     // REVISIT: security log?
     req.reject(403)
   }
 
   const updateDraftCQN = _getUpdateDraftCQN(req, keysCondition)
-  const updateDraftAdminCQN = getUpdateDraftAdminCQN(req, result[0].DraftAdministrativeData_DraftUUID)
+  const updateDraftAdminCQN = getUpdateDraftAdminCQN(req, result.DraftAdministrativeData_DraftUUID)
 
   await Promise.all([dbtx.run(updateDraftCQN), dbtx.run(updateDraftAdminCQN)])
-  result = await dbtx.run(_getSelectCQN(this.model, req, keysCondition, false))
-  if (result.length === 0) req.reject(404)
-  removeDraftUUIDIfNecessary(req)(result[0])
-  return result[0]
+  req._.readAfterWrite = true
+
+  return { ...req.data, IsActiveEntity: false }
 }
 
 module.exports = cds.service.impl(function (srv, entity) {

package/libx/_runtime/fiori/generic/prepare.js

@@ -5,8 +5,6 @@ const { isActiveEntityRequested } = require('../utils/where')
 const { ensureDraftsSuffix, ensureNoDraftsSuffix } = require('../utils/handler')
 const { getColumns } = require('../../cds-services/services/utils/columns')
 
-const { DRAFT_COLUMNS_CQN } = require('../../common/constants/draft')
-
 /**
  * Generic Handler for PreparationAction requests.
  * In case of success it returns the prepared draft entry.
@@ -19,15 +17,14 @@ const _handler = async function (req) {
   }
 
   const target = ensureDraftsSuffix(req.target.name)
-  const columns = [
-    ...getColumns(this.model.definitions[ensureNoDraftsSuffix(req.target.name)], {
-      removeIgnore: true,
-      filterVirtual: true
-    }).map(obj => obj.name),
-    ...DRAFT_COLUMNS_CQN.filter(column => column.ref[0] !== 'DraftAdministrativeData_DraftUUID')
-  ]
+  const columns = getColumns(this.model.definitions[ensureNoDraftsSuffix(req.target.name)], {
+    keysOnly: true,
+    removeIgnore: true,
+    filterVirtual: true,
+    onlyNames: true
+  })
   columns.push({ ref: ['DRAFT.DraftAdministrativeData', 'inProcessByUser'], as: 'draftAdmin_inProcessByUser' })
-  const select = SELECT.from(target)
+  const select = SELECT.one(target)
     .columns(columns)
     .join('DRAFT.DraftAdministrativeData')
     .on([
@@ -36,18 +33,14 @@ const _handler = async function (req) {
       { ref: ['DRAFT.DraftAdministrativeData', 'DraftUUID'] }
     ])
     .where(req.query.SELECT.from.ref[0].where)
-
   const result = await cds.tx(req).run(select)
-
-  if (result.length === 0) req.reject(404)
-
-  if (result[0].draftAdmin_inProcessByUser !== req.user.id) {
+  if (!result) req.reject(404)
+  if (result.draftAdmin_inProcessByUser !== req.user.id) {
     // REVISIT: security log?
     req.reject(403, 'DRAFT_LOCKED_BY_ANOTHER_USER')
   }
-  delete result[0].draftAdmin_inProcessByUser
-
-  return result[0]
+  delete result.draftAdmin_inProcessByUser
+  return result
 }
 
 module.exports = cds.service.impl(function (srv, entity) {

package/libx/_runtime/fiori/generic/read.js

@@ -120,6 +120,11 @@ const DRAFT_COLUMNS_CASTED = [
   }
 ]
 
+const DRAFT_COLUMNS_CASTED_WITH_DRAFTADMIN_UUID = [
+  ...DRAFT_COLUMNS_CASTED,
+  { ref: ['DraftAdministrativeData_DraftUUID'] }
+]
+
 // default draft values for active entities
 const _getDefaultDraftProperties = ({ hasDraft, isActive = true, withDraftUUID = true }) => {
   const columns = [
@@ -442,7 +447,10 @@ const _activeWithoutDraft = (req, draftWhere, columns) => {
 
 const _draftOfWhichIAmOwner = (req, draftWhere, columns) => {
   const { table, name } = _getTableName(req, true)
-  const outerMostColumns = _getOuterMostColumns(addColumnAlias(columns, name), DRAFT_COLUMNS_CASTED)
+  const outerMostColumns = _getOuterMostColumns(
+    addColumnAlias(columns, name),
+    DRAFT_COLUMNS_CASTED_WITH_DRAFTADMIN_UUID
+  )
 
   const cqn = SELECT.from(table)
     .columns(...outerMostColumns)
@@ -1277,6 +1285,8 @@ const _handler = async function (req) {
   const query4sql = cqn2cqn4sql(req.query, this.model, { _4fiori: true })
 
   // Clone the request. Do not clone with Object.assign as that would skip all non-enumerable properties.
+  // REVISIT: query4sql.clone() doesn't really clone the original query, hence _generateCQN will heavily modify
+  // it, e.g. IsActiveEntity is stripped. This is a problem for subsequent handlers which rely on this information.
   const reqClone = { __proto__: req, query: query4sql.clone() }
   // Clone draft restrictions to the cloned query.
   reqClone.query._draftRestrictions = query._draftRestrictions

package/libx/_runtime/fiori/utils/handler.js

@@ -183,15 +183,6 @@ const _aliased = (arr, columns, alias) =>
   })
 
 // Only works for root entity, otherwise the relative position needs to be adapted
-const setStatusCodeAndHeader = (response, keys, entityName, isActiveEntity) => {
-  response.setStatusCode(201)
-
-  const keysString = Object.keys(keys)
-    .map(key => `${key}=${keys[key]}`)
-    .join(',')
-  response.setHeader('location', `../${entityName}(${keysString},IsActiveEntity=${isActiveEntity})`)
-}
-
 const removeDraftUUIDIfNecessary = req =>
   req._.req && req._.req.headers && req._.req.headers['x-cds-odata-version'] === 'v2'
     ? () => {}
@@ -255,12 +246,6 @@ const draftIsLocked = lastChangedAt => {
   return DRAFT_CANCEL_TIMEOUT_IN_MS > Date.now() - Date.parse(lastChangedAt)
 }
 
-const getKeyProperty = keys => {
-  return Object.keys(keys).find(k => {
-    return k !== 'IsActiveEntity' && !keys[k]._isAssociationStrict
-  })
-}
-
 const filterKeys = keys => {
   return Object.keys(keys).filter(key => {
     return key !== 'IsActiveEntity' && !keys[key]._isAssociationStrict
@@ -273,7 +258,6 @@ module.exports = {
   getUpdateDraftAdminCQN,
   getEnrichedCQN,
   removeDraftUUIDIfNecessary,
-  setStatusCodeAndHeader,
   isDraftActivateAction,
   ensureDraftsSuffix,
   ensureNoDraftsSuffix,
@@ -282,7 +266,6 @@ module.exports = {
   proxifyToNoDraftsName,
   addColumnAlias,
   replaceRefWithDraft,
-  getKeyProperty,
   filterKeys,
   getDeleteDraftAdminCqn,
   getCompositionTargets

package/libx/_runtime/hana/Service.js

@@ -91,7 +91,6 @@ class HanaDatabase extends DatabaseService {
   }
 
   _registerBeforeHandlers() {
-    this._ensureModel && this.before('*', this._ensureModel)
     this.before(['CREATE', 'UPDATE'], '*', this._input) // > has to run before rewrite
     this.before('READ', '*', search) // > has to run before rewrite
     this.before(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', this._rewrite)

package/libx/_runtime/hana/conversion.js

@@ -1,5 +1,8 @@
 const cds = require('../cds')
 
+const driver = require('./driver')
+const isHdb = driver?.name === 'hdb'
+
 const convertToBoolean = boolean => {
   if (boolean === null) {
     return null
@@ -35,7 +38,15 @@ const convertToISONoMillis = element => {
 
 const convertToString = element => {
   if (element) {
-    return element instanceof Buffer ? Buffer.from(element, 'base64').toString() : element
+    if (element instanceof Buffer) {
+      if (isHdb && driver.iconv) {
+        return driver.iconv.decode(element, 'cesu8')
+      }
+
+      return Buffer.from(element, 'base64').toString()
+    }
+
+    return element
   }
 
   return null

package/libx/_runtime/hana/customBuilder/CustomFunctionBuilder.js

@@ -21,12 +21,13 @@ class CustomFunctionBuilder extends FunctionBuilder {
 
   _handleContains(args) {
     // fuzzy search has three arguments, must not be converted to like expressions
-    if (args.length > 2 || args._$search) {
+    if (args.length > 2 || this._options.$searchUsingContains) {
       this._outputObj.sql.push('CONTAINS')
       this._addFunctionArgs(args, true)
-    } else {
-      super._handleContains(args)
+      return
     }
+
+    super._handleContains(args)
   }
 }
 

package/libx/_runtime/hana/customBuilder/CustomSelectBuilder.js

@@ -28,6 +28,11 @@ class CustomSelectBuilder extends SelectBuilder {
     return SelectBuilder
   }
 
+  getDefaultOptions() {
+    const options = { $searchUsingContains: !!this._obj.SELECT._$searchUsingContains }
+    return { ...super.getDefaultOptions(), ...options }
+  }
+
   _val(obj) {
     if (typeof obj.val === 'boolean') return { sql: obj.val ? 'true' : 'false', values: [] }
     return super._val(obj)