@sap/cds 6.4.0 → 6.4.1

package/CHANGELOG.md

@@ -4,6 +4,25 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 6.4.1 - 2022-01-16
+
+### Fixed
+
+- `cds build` correctly creates a `resources.tgz` file for MTXS projects on Windows
+- `cds.deploy` for HANA now doesn't try to search for a globally installed `@sap/hdi-deploy` if there's no `npm` installed, e.g. on a Node.js server without `npm`.
+- Signature for `cds.ql.UPSERT`
+- Signature for `<srv>.delete().where()`
+- Signature for `SELECT.alias`
+- `UPSERT` requests for SQLite if only keys are provided
+- `cds.test` doesn't log database resets with `autoReset` enabled any more.
+- The `cds.deploy` output for HANA is now correctly formatted in Kibana.
+- SAP HANA stored procedures containing implicit selects
+- Shorthand configuration for `graphql` in `cds.env.protocols`
+- If `cds.env.protocols` is set, `cds.requires.middlewares` is automatically turned on
+- `cds.context` middleware is split to initial handling of request correlation and user propagation
+- fix view resolving and managed data for UPSERT
+- `cds.linked` supports polymorphic self links like in: `action foo( self: [many] $self, ...)`
+
 ## Version 6.4.0 - 2022-12-15
 
 ### Added

package/apis/cds.d.ts

@@ -16,6 +16,7 @@ declare global {
 	// these provide the functionality from SELECT, INSERT, etc in the global facade
 	const SELECT: typeof cds.ql.SELECT
 	const INSERT: typeof cds.ql.INSERT
+	const UPSERT: typeof cds.ql.UPSERT
 	const UPDATE: typeof cds.ql.UPDATE
 	const DELETE: typeof cds.ql.DELETE
 	const CREATE: typeof cds.ql.CREATE
@@ -24,6 +25,7 @@ declare global {
 	// and these allow us to use them as type too, i.e. `const q: SELECT<Book> = ...`
 	type SELECT<T> = ql.SELECT<T>
 	type INSERT<T> = ql.INSERT<T>
+	type UPSERT<T> = ql.UPSERT<T>
 	type UPDATE<T> = ql.UPDATE<T>
 	type DELETE<T> = ql.DELETE<T>
 	type CREATE<T> = ql.CREATE<T>

package/apis/ql.d.ts

@@ -95,6 +95,8 @@ declare class QL<T> {
 	SELECT : StaticSELECT<T>
 	INSERT : typeof INSERT 
 		& ((...entries:object[]) => INSERT<any>) & ((entries:object[]) => INSERT<any>)
+	UPSERT: typeof UPSERT
+		& ((...entries:object[]) => UPSERT<any>) & ((entries:object[]) => UPSERT<any>)
 	UPDATE : typeof UPDATE 
 		& typeof UPDATE.entity
 	DELETE : typeof DELETE
@@ -137,6 +139,8 @@ export class SELECT<T> extends ConstructedQuery {
 		& ((rows : number, offset? : number) => this)
 	forShareLock () : this
 	forUpdate ({wait}? : {wait?: number}) : this
+	alias (as: string) : this
+
 
 // Not yet public
 	// fullJoin (other: string, as: string) : this

package/apis/services.d.ts

@@ -30,6 +30,14 @@ export class QueryAPI {
     <T>(data: object | object[]): INSERT<T>
   }
 
+  /**
+ * @see [docs](https://cap.cloud.sap/docs/node.js/services#srv-run)
+ */
+  upsert: {
+    <T extends ArrayConstructable<any>>(data: T): UPSERT<T>
+    <T>(data: object | object[]): UPSERT<T>
+  }
+
   /**
    * @see [docs](https://cap.cloud.sap/docs/node.js/services#srv-run)
    */
@@ -204,7 +212,7 @@ export class Service extends QueryAPI {
    * Constructs and sends a DELETE request.
    * @see [capire docs](https://cap.cloud.sap/docs/node.js/services#srv-send)
    */
-  delete(entityOrPath: Target, data?: object): Promise<this>
+  delete(entityOrPath: Target, data?: object): DELETE<T>
   /**
    * @see [docs](https://cap.cloud.sap/docs/node.js/services#srv-run)
    */

package/bin/build/provider/mtx/resourcesTarBuilder.js

@@ -37,7 +37,7 @@ class ResourcesTarBuilder {
         if (root) {
             resources = this._getHanaResources(root)
         } else {
-            root = path.join(this.handler.buildOptions.root, cds.env.folders.db)
+            root = this.handler.buildOptions.root
             resources = await this._getSqliteResources(model)
         }
         return { root, resources }

package/bin/deploy/to-hana/hdiDeployUtil.js

@@ -97,9 +97,15 @@ Add it either as a devDependency using 'npm install -D ${this.deployerName}' or
 
 
     async _npmSearchPaths(cwd) {
-        const npmRootCall = await execAsync('npm root -g');
-        const globalNodeModules = npmRootCall.stdout.toString().trim();
-        return [cwd, globalNodeModules, '@sap/hdi-deploy']
+        // REVISIT: we shouldn't have to rely on `npm` on the server
+        try {
+            const npmRootCall = await execAsync('npm root -g');
+            const globalNodeModules = npmRootCall.stdout.toString().trim();
+            return [cwd, globalNodeModules, '@sap/hdi-deploy']
+        } catch (error) {
+            if (/Command failed: npm.*not found/s.test(error.message)) return [cwd, '@sap/hdi-deploy']
+            else throw error
+        }
     }
 
 
@@ -107,10 +113,10 @@ Add it either as a devDependency using 'npm install -D ${this.deployerName}' or
         const hdiDeployLib = await this._getHdiDeployLib(dbDir);
         return new Promise((resolve, reject) => {
             const callbacks = {
-                stderrCB: error => console.error(error.toString())
+                stderrCB: error => LOG.error(error.toString())
             }
             if (LOG.level !== SILENT) {
-                callbacks.stdoutCB = (data) => console.log(data.toString());
+                callbacks.stdoutCB = (data) => LOG.log(data.toString());
             }
 
             hdiDeployLib.deploy(dbDir, env, (error, response) => {

package/lib/auth/index.js

@@ -1,6 +1,22 @@
 
+const cds = require ('../index'), { path, local } = cds.utils
+
+const _require = require; require = cds.lazified (module) // eslint-disable-line no-global-assign
+module.exports = Object.assign (auth_factory, {
+  mocked: require('./basic-auth'),
+  basic:  require('./basic-auth'),
+  dummy:  require('./dummy-auth'),
+  ias:    require('./ias-auth'),
+  jwt:    require('./jwt-auth'),
+  xsuaa:  require('./jwt-auth'),
+})
+require = _require // eslint-disable-line no-global-assign
+
+
+/**
+ * Constructs one of the above middlewares as configured
+ */
 function auth_factory (options) {
-  const cds = require ('../index'), { path, local } = cds.utils
   const o = { ...options, ...cds.requires.auth }
   let kind = o.kind || o.strategy
   let middleware = cds.auth[kind]
@@ -16,17 +32,3 @@ function auth_factory (options) {
   }
   return middleware(o)
 }
-
-const { lazified } = require('../lazy')
-const _require = require; require = lazified (module) // eslint-disable-line no-global-assign
-
-module.exports = lazified (Object.assign (auth_factory, {
-  mocked: require('./basic-auth'),
-  basic:  require('./basic-auth'),
-  dummy:  require('./dummy-auth'),
-  ias:    require('./ias-auth'),
-  jwt:    require('./jwt-auth'),
-  xsuaa:  require('./jwt-auth'),
-}))
-
-require = _require // eslint-disable-line no-global-assign

package/lib/core/index.js

@@ -26,6 +26,7 @@ const roots = _roots ({
 	Association: {type:'type'},
 	Composition: {type:'Association'},
 	service: {type:'context'},
+	$self: {}, //> to support polymorphic self links like in: action foo( self: [many] $self, ...)
 })
 
 /**

package/lib/srv/middlewares/cds-context.js

@@ -7,8 +7,6 @@ module.exports = ()=> {
     const ctx = {}
     ctx.http = { req, res }
     ctx.id = _id4(req)
-    ctx.user = req.user
-    ctx.tenant = req.tenant || ctx.user?.tenant
     cds._context.run (ctx, next)
   }
 

package/lib/srv/middlewares/ctx-auth.js

@@ -0,0 +1,11 @@
+const cds = require ('../../index')
+
+/**
+ * Propagates auth results to cds.context
+ */
+module.exports = ()=> function cds_context_auth (req, res, next) {
+  const ctx = cds.context
+  ctx.user = req.user
+  ctx.tenant = req.tenant || ctx.user?.tenant
+  next()
+}

package/lib/srv/middlewares/ctx-model.js

@@ -1,24 +1,26 @@
-module.exports = ()=>{
+module.exports = ()=> {
+
   const cds = require ('../../index')
-  if (cds.requires.extensibility || cds.requires.toggles || cds.mtx) {
-    const { model4 } = require('../srv-models')
-    return async function cds_context_model (req,res, next) {
-      if (req.baseUrl.startsWith('/-/')) return next() //> our own tech services cannot be extended
-      const ctx = cds.context
-      if (ctx.tenant) try {
-        // if (req.headers.features) ctx.user.features = req.headers.features //> currently done in basic-auth only
-        ctx.model = req.__model = await model4 (ctx.tenant, ctx.features) // REVISIT: req.__model is because of Okra
-      } catch (e) {
-        console.error(e)
-        return res.status(503) .json ({ // REVISIT: we should throw a simple error, nothing else! -> this is overly OData-specific!
-          error: { code: '503', message:
-            process.env.NODE_ENV === 'production' ? 'Service Unavailable' :
-            'Unable to get context-specific model due to: ' + e.message
-          }
-        })
-      }
-      next()
+  const context_model_required = cds.requires.extensibility || cds.requires.toggles || cds.mtx
+  if (!context_model_required) return []
+
+  const { model4 } = require('../srv-models')
+  return async function cds_context_model (req,res, next) {
+    if (req.baseUrl.startsWith('/-/')) return next() //> our own tech services cannot be extended
+    const ctx = cds.context
+    if (ctx.tenant) try {
+      // if (req.headers.features) ctx.user.features = req.headers.features //> currently done in basic-auth only
+      ctx.model = req.__model = await model4 (ctx.tenant, ctx.features) // REVISIT: req.__model is because of Okra
+    } catch (e) {
+      console.error(e)
+      return res.status(503) .json ({ // REVISIT: we should throw a simple error, nothing else! -> this is overly OData-specific!
+        error: { code: '503', message:
+          process.env.NODE_ENV === 'production' ? 'Service Unavailable' :
+          'Unable to get context-specific model due to: ' + e.message
+        }
+      })
     }
+    next()
   }
-  else return []
+
 }

package/lib/srv/middlewares/index.js

@@ -1,22 +1,20 @@
 const auth      = exports.auth      = require('../../auth')
 const context   = exports.context   = require('./cds-context')
+const ctx_auth  = exports.ctx_auth  = require('./ctx-auth')
 const ctx_model = exports.ctx_model = require('./ctx-model')
 const errors    = exports.errors    = require('./errors')
 const trace     = exports.trace     = require('./trace')
 
 // middlewares running before protocol adapters
 exports.before = [
-  trace(),    // provides detailed trace logs when DEBUG=trace
-  auth(),     // provides req.user & tenant
-  context(),  // provides cds.context
-  ctx_model(),    // fills in cds.context.model
+  context(),    // provides cds.context
+  trace(),      // provides detailed trace logs when DEBUG=trace
+  auth(),       // provides req.user & tenant
+  ctx_auth(),   // propagates auth results to cds.context
+  ctx_model(),  // fills in cds.context.model, in case of extensibility
 ]
 
+// middlewares running after protocol adapters -> usually error middlewares
 exports.after = [
-  // usually error middlewares
   errors(),
 ]
-
-exports.bootstrap = ()=>{
-  require('../protocols')()
-}

package/lib/srv/protocols/_legacy.js

@@ -1,5 +1,7 @@
 const libx = require('../../../libx/_runtime')
 const cds_context_model = require('../srv-models')
+const cds_context = require('../middlewares/cds-context')()
+const ctx_auth = require('../middlewares/ctx-auth')()
 const { ProtocolAdapter } = require('.')
 
 class LegacyProtocolAdapter extends ProtocolAdapter {
@@ -14,9 +16,11 @@ class LegacyProtocolAdapter extends ProtocolAdapter {
   static serve (srv, /* in: */ app) {
     return super.serve (srv, app, { before: [
       // async (req, res, next) => { await 1; next() }, // REVISIT: AsyncResource.bind() -> enable to break cds/tests/_runtime/odata/__tests__/integration/crud-with-mtx.test.js with existing, non-middleware mode, *w/o* fix to BufferedWriter
+      cds_context,
       cap_req_logger,
       libx.perf,
       libx.auth(srv),
+      ctx_auth,
       cds_context_model.middleware4(srv)
     ], after:[] })
   }

package/lib/srv/protocols/graphql.js

@@ -1,7 +1,7 @@
 const cds = require ('../../index'), { decodeURIComponent } = cds.utils
 const LOG = cds.log('graphql')
 
-const GraphQLAdapter = require('@sap/cds-graphql/lib') // eslint-disable-line cds/no-missing-dependencies
+const GraphQLAdapter = require('@cap-js/graphql') // eslint-disable-line cds/no-missing-dependencies
 const express = require ('express') // eslint-disable-line cds/no-missing-dependencies
 
 function CDSGraphQLAdapter (options) {
@@ -33,7 +33,7 @@ function CDSGraphQLAdapter (options) {
   })
 
   /** The global /graphql route */
-  .use (new GraphQLAdapter (services, options))
+  .use (new GraphQLAdapter (options))
 }
 
 module.exports = CDSGraphQLAdapter

package/lib/srv/protocols/index.js

@@ -10,7 +10,6 @@ class ProtocolAdapter {
     for (let [k,o] of Object.entries(protocols)) if (typeof o === 'string') protocols[k] = {path:o}
     if (!protocols.odata) protocols.odata = { impl: join(__dirname,'odata-v4') }
     if (!protocols.rest) protocols.rest = { impl: join(__dirname,'rest') }
-    
     // odata must always be first for fallback
     return this.protocols = { odata: protocols.odata, ...protocols }
   }
@@ -84,5 +83,10 @@ const protocols = Object.keys(ProtocolAdapter.init())
 const protocol4 = (def, _default = protocols[0]) => def['@protocol'] || protocols.find(p => def['@'+p]) || _default
 const is_global = adapter => adapter.length === 1 && !/^(function )?(\w+\s+)?\((srv|service)/.test(adapter)
 
-module.exports = Object.assign (ProtocolAdapter.serveAll, { ProtocolAdapter, protocol4 })
-if (!cds.requires.middlewares) module.exports.ProtocolAdapter = require('./_legacy')
+module.exports = { ProtocolAdapter, protocol4 }
+if (cds.env.protocols) {
+  cds.middlewares = require('../middlewares')
+  ProtocolAdapter.serveAll()
+} else if (!cds.requires.middlewares) {
+  module.exports.ProtocolAdapter = require('./_legacy')
+}

package/lib/srv/srv-api.js

@@ -76,6 +76,7 @@ class Service extends require('./srv-handlers') {
   insert (...args) { return INSERT(...args).bind(this) }
   create (...args) { return INSERT.into(...args).bind(this) }
   update (...args) { return UPDATE.entity(...args).bind(this) }
+  upsert (...args) { return UPSERT(...args).bind(this) }
   exists (...args) { return SELECT.one([1]).from(...args).bind(this) }
 
   /**

package/lib/utils/data.js

@@ -13,8 +13,8 @@ class DataUtil {
       }
     }
     if (this._deletes.length > 0) {
-      const log = cds.log('deploy')
-      if (log._info)  log.info('Deleting all data in', this._deletes)
+      const LOG = cds.log('deploy')
+      if (!this._autoReset)  LOG.info('Deleting all data for', db.model.each('entity'))
       await db.run(this._deletes)
     }
   }

package/lib/utils/tar.js

@@ -15,16 +15,37 @@ const win = path => {
   if (Array.isArray(path)) return path.map(el => win(el))
 }
 
-// Copy files to temp dir on Windows and pack temp dir.
+async function copyDir(src, dest) {
+  if ((await fs.promises.stat(src)).isDirectory()) {
+    const entries = await fs.promises.readdir(src)
+    return Promise.all(entries.map(async each => copyDir(path.join(src, each), path.join(dest, each))))
+  } else {
+    await fs.promises.mkdir(path.dirname(dest), { recursive: true })
+    return fs.promises.copyFile(src, dest)
+  }
+}
+
+// Copy resources containing files and folders to temp dir on Windows and pack temp dir.
 // cli tar has a size limit on Windows.
-const createTemp = async (root, files) => {
-  const temp = await fs.promises.mkdtemp(`${fs.realpathSync(require('os').tmpdir())}${path.sep}tar-`)    
-  for (const file of files) {
-      const fname = path.relative(root, file)
-      const destination = path.join(temp, fname)
-      const dirname = path.dirname(destination)
-      if (!await exists(dirname)) await fs.promises.mkdir(dirname, { recursive: true })
-      await fs.promises.copyFile(file, destination)          
+const createTemp = async (root, resources) => {
+  // Asynchronously copies the entire content from src to dest.
+  const temp = await fs.promises.mkdtemp(`${fs.realpathSync(require('os').tmpdir())}${path.sep}tar-`)
+  for (let resource of resources) {
+    const destination = path.join(temp, path.relative(root, resource))
+    if ((await fs.promises.stat(resource)).isFile()) {
+      const dirName = path.dirname(destination)
+      if (!await exists(dirName)) {
+        await fs.promises.mkdir(dirName, { recursive: true })
+      }
+      await fs.promises.copyFile(resource, destination)
+    } else {
+      if (fs.promises.cp) {
+        await fs.promises.cp(resource, destination, { recursive: true })
+      } else {
+        // node < 16
+        await copyDir(resource, destination)
+      }
+    }
   }
 
   return temp
@@ -60,6 +81,7 @@ exports.create = async (dir='.', ...args) => {
   if (Array.isArray(dir)) [ dir, ...args ] = [ cds.root, dir, ...args ]
 
   let c, temp
+  args = args.filter(el => el)
   if (process.platform === 'win32') {
     const spawnDir = (dir, args) => {      
       if (args.some(arg => arg === '-f')) return spawn ('tar', ['c', '-C', win(dir), ...win(args)])

package/libx/_runtime/common/generic/crud.js

@@ -26,7 +26,7 @@ const _targetEntityDoesNotExist = async req => {
 
 exports.impl = cds.service.impl(function () {
   // eslint-disable-next-line complexity
-  this.on(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', async function (req) {
+  this.on(['CREATE', 'READ', 'UPDATE', 'DELETE', 'UPSERT'], '*', async function (req) {
     if (typeof req.query !== 'string' && req.target && req.target._hasPersistenceSkip) {
       throw getError({
         code: 501,

package/libx/_runtime/common/generic/paging.js

@@ -1,5 +1,5 @@
 const cds = require('../../cds')
-const { getDefaultPageSize, getMaxPageSize } = require('../utils/page')
+const { getPageSize } = require('../utils/page')
 
 const commonGenericPaging = function (req) {
   // only if http request
@@ -11,13 +11,14 @@ const commonGenericPaging = function (req) {
   _addPaging(req.query, req.target)
 }
 
-const _addPaging = function (query, target) {
-  let { rows, offset } = query.SELECT.limit || {}
-  rows = rows && 'val' in rows ? rows.val : getDefaultPageSize(target)
-  offset = offset && 'val' in offset ? offset.val : 0
-  query.limit(...[Math.min(rows, getMaxPageSize(target)), offset])
+const _addPaging = function ({ SELECT }, target) {
+  const { rows } = SELECT.limit || (SELECT.limit = {})
+  const conf = getPageSize(target)
+  SELECT.limit.rows = {
+    val: !rows ? conf.default : Math.min(rows.val ?? rows, conf.max)
+  }
   //Handle nested limits
-  if (query.SELECT.from.SELECT?.limit) _addPaging(query.SELECT.from, target)
+  if (SELECT.from.SELECT?.limit) _addPaging(SELECT.from, target)
 }
 
 /**

package/libx/_runtime/common/utils/cqn2cqn4sql.js

@@ -804,6 +804,33 @@ const _convertSelect = (query, model, _options) => {
   return query
 }
 
+const _convertUpsert = (query, model) => {
+  // resolve path expression
+  const resolvedIntoClause = _convertPathExpressionForInsert(query.UPSERT.into, model)
+
+  const target = model.definitions[resolvedIntoClause]
+  if (!target) {
+    // if there is no target, just return original query, as a copy is not deep anyways and all the sub items of query.UPSERT are referenced only anyways
+    return query
+  }
+
+  // overwrite only .into, foreign keys are already set
+  // 'a' added as placeholder since its overwritten by Object.assign below
+  const upsert = UPSERT.into('a')
+
+  // REVISIT flatten structured types, currently its done in SQL builder
+
+  // We add all previous properties ot the newly created query.
+  // Reason is to not lose the query API functionality
+  Object.assign(upsert.UPSERT, query.UPSERT, { into: { ref: [resolvedIntoClause], as: query.UPSERT.into.as } })
+
+  const resolved = resolveView(upsert, model, cds.db)
+  // required for deplyoing of extensions, not used anywhere else except UpsertBuilder
+  resolved._target = resolved.UPSERT?._transitions?.[0].target || query._target
+  // resolved._target = query._target
+  return resolved
+}
+
 const _convertInsert = (query, model) => {
   // resolve path expression
   const resolvedIntoClause = _convertPathExpressionForInsert(query.INSERT.into, model)
@@ -950,6 +977,10 @@ const cqn2cqn4sql = (query, model, options = { suppressSearch: false }) => {
     return _convertInsert(query, model)
   }
 
+  if (query.UPSERT) {
+    return _convertUpsert(query, model)
+  }
+
   if (query.DELETE) {
     return _convertDelete(query, model, options)
   }

package/libx/_runtime/common/utils/resolveView.js

@@ -679,6 +679,8 @@ const findQueryTarget = q => {
     ? q.INSERT._transitions[q.INSERT._transitions.length - 1].target
     : q.UPDATE
     ? q.UPDATE._transitions[q.UPDATE._transitions.length - 1].target
+    : q.UPSERT
+    ? q.UPSERT._transitions[q.UPSERT._transitions.length - 1].target
     : q.DELETE
     ? q.DELETE._transitions[q.DELETE._transitions.length - 1].target
     : undefined

package/libx/_runtime/db/sql-builder/InsertBuilder.js

@@ -36,6 +36,10 @@ class InsertBuilder extends BaseBuilder {
     this._csn = csn
   }
 
+  annotatedColumns(entityName, csn) {
+    return getAnnotatedColumns(entityName, csn)
+  }
+
   /**
    * Builds an Object based on the properties of the CQN object.
    *
@@ -77,7 +81,7 @@ class InsertBuilder extends BaseBuilder {
     this._findUuidKeys(entityName)
 
     this._columnIndexesToDelete = []
-    const annotatedColumns = getAnnotatedColumns(entityName, this._csn)
+    const annotatedColumns = this.annotatedColumns(entityName, this._csn)
 
     if (this._obj.INSERT.columns) {
       this._removeAlreadyExistingInsertAnnotatedColumnsFromMap(annotatedColumns)

package/libx/_runtime/db/sql-builder/UpsertBuilder.js

@@ -6,40 +6,17 @@ class UpsertBuilder extends InsertBuilder {
     super(obj, options, csn)
   }
 
+  annotatedColumns(entityName, csn) {
+    const { updateAnnotatedColumns } = getAnnotatedColumns(entityName, csn)
+    return { insertAnnotatedColumns: updateAnnotatedColumns }
+  }
+
   // REVISIT: We need to copy over the implementation for annotation handling
   build() {
-    this._outputObj = {
-      sql: ['UPSERT'],
-      values: []
-    }
-    this._obj = { INSERT: this._obj.UPSERT, _target: this._obj._target }
-
-    const entityName = this._into()
-
-    this._columnIndexesToDelete = []
-    const annotatedColumns = getAnnotatedColumns(entityName, this._csn)
-    // hack: treat update annotations as insert because of sql builder impl
-    if (annotatedColumns) {
-      annotatedColumns.insertAnnotatedColumns = annotatedColumns.updateAnnotatedColumns
-    }
-
-    if (this._obj.INSERT.columns) {
-      this._removeAlreadyExistingInsertAnnotatedColumnsFromMap(annotatedColumns)
-      this._columns(annotatedColumns)
-    }
-
-    if (this._obj.INSERT.values || this._obj.INSERT.rows) {
-      if (annotatedColumns && !this._obj.INSERT.columns) {
-        // if columns not provided get indexes from csn
-        this._getAnnotatedColumnIndexes(annotatedColumns)
-      }
-
-      this._values(annotatedColumns)
-    } else if (this._obj.INSERT.entries && this._obj.INSERT.entries.length !== 0) {
-      this._entries(annotatedColumns)
-    }
-
-    this._outputObj.sql = this._outputObj.sql.join(' ') + ' WITH PRIMARY KEY'
+    this._obj = { INSERT: this._obj.UPSERT }
+    super.build()
+    this._outputObj.sql = this._outputObj.sql.replace('INSERT INTO', 'UPSERT')
+    this._outputObj.sql += ' WITH PRIMARY KEY'
     return this._outputObj
   }
 }

package/libx/_runtime/db/sql-builder/annotations.js

@@ -16,7 +16,10 @@ const _getAnnotationNames = column => {
 const getAnnotatedColumns = (entityName, csn) => {
   const entityNameWithoutSuffix = ensureNoDraftsSuffix(entityName)
   if (!csn || !csn.definitions[entityNameWithoutSuffix]) {
-    return undefined
+    return {
+      insertAnnotatedColumns: new Map(),
+      updateAnnotatedColumns: new Map()
+    }
   }
   const columns = getColumns(csn.definitions[entityNameWithoutSuffix])
   const insertAnnotatedColumns = new Map()
@@ -39,8 +42,8 @@ const getAnnotatedColumns = (entityName, csn) => {
   }
 
   return {
-    insertAnnotatedColumns: insertAnnotatedColumns,
-    updateAnnotatedColumns: updateAnnotatedColumns
+    insertAnnotatedColumns,
+    updateAnnotatedColumns
   }
 }
 

package/libx/_runtime/hana/Service.js

@@ -93,7 +93,7 @@ class HanaDatabase extends DatabaseService {
   _registerBeforeHandlers() {
     this.before(['CREATE', 'UPDATE'], '*', this._input) // > has to run before rewrite
     this.before('READ', '*', search) // > has to run before rewrite
-    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', this._rewrite)
+    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE', 'UPSERT'], '*', this._rewrite)
 
     this.before('READ', '*', localized) // > has to run after rewrite
     this.before('READ', '*', this._virtual)

package/libx/_runtime/hana/execute.js

@@ -61,7 +61,7 @@ function _hdbGetResultForProcedure(rows, args, outParameters) {
   // merge table output params into scalar params
   if (args && args.length && outParameters) {
     const params = outParameters.filter(md => !(md.PARAMETER_NAME in rows))
-    for (let i = 0; i < args.length; i++) {
+    for (let i = 0; i < params.length; i++) {
       result[params[i].PARAMETER_NAME] = args[i]
     }
   }
@@ -82,14 +82,14 @@ function _hcGetResultForProcedure(stmt, resultSet, outParameters) {
   // merge table output params into scalar params
   const params = Array.isArray(outParameters) && outParameters.filter(md => !(md.PARAMETER_NAME in result))
   if (params && params.length) {
-    let i = 0
-    do {
-      const parameterName = params[i++].PARAMETER_NAME
+    for (let i = 0; i < params.length; i++) {
+      const parameterName = params[i].PARAMETER_NAME
       result[parameterName] = []
       while (resultSet.next()) {
         result[parameterName].push(resultSet.getValues())
       }
-    } while (resultSet.nextResult())
+      resultSet.nextResult()
+    }
   }
   return result
 }

package/libx/_runtime/sqlite/Service.js

@@ -73,7 +73,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
 
   _registerBeforeHandlers() {
     this.before(['CREATE', 'UPDATE'], '*', this._input) // > has to run before rewrite
-    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', this._rewrite)
+    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE', 'UPSERT'], '*', this._rewrite)
 
     if (cds.env.features.lean_draft && cds.db?.kind !== 'better-sqlite')
       this.before('READ', '*', convertDraftAdminPathExpression)

package/libx/_runtime/sqlite/customBuilder/CustomUpsertBuilder.js

@@ -2,56 +2,38 @@ const InsertBuilder = require('../../db/sql-builder').InsertBuilder
 const getAnnotatedColumns = require('../../db/sql-builder/annotations')
 
 class CustomUpsertBuilder extends InsertBuilder {
-  // REVISIT: We need to copy over the implementation for annotation handling
-  build() {
-    this._outputObj = {
-      sql: ['INSERT', 'INTO'],
-      values: []
-    }
-
-    this._obj = { INSERT: this._obj.UPSERT, _target: this._obj._target }
+  annotatedColumns(entityName, csn) {
+    const { updateAnnotatedColumns } = getAnnotatedColumns(entityName, csn)
 
-    const entityName = this._into()
-
-    this._columnIndexesToDelete = []
-    const annotatedColumns = getAnnotatedColumns(entityName, this._csn)
-    // hack: treat update annotations as insert because of sql builder impl
-    if (annotatedColumns) {
-      annotatedColumns.insertAnnotatedColumns = annotatedColumns.updateAnnotatedColumns
-    }
-
-    if (this._obj.INSERT.columns) {
-      this._removeAlreadyExistingInsertAnnotatedColumnsFromMap(annotatedColumns)
-      this._columns(annotatedColumns)
+    if (updateAnnotatedColumns?.size) {
+      this.managedCols = Array.from(updateAnnotatedColumns.keys())
     }
 
-    if (this._obj.INSERT.values || this._obj.INSERT.rows) {
-      if (annotatedColumns && !this._obj.INSERT.columns) {
-        // if columns not provided get indexes from csn
-        this._getAnnotatedColumnIndexes(annotatedColumns)
-      }
-
-      this._values(annotatedColumns)
-    } else if (this._obj.INSERT.entries && this._obj.INSERT.entries.length !== 0) {
-      this._entries(annotatedColumns)
-    }
-
-    const insertSql = this._outputObj.sql.join(' ')
+    return { insertAnnotatedColumns: updateAnnotatedColumns }
+  }
 
-    const csnKeys = this._obj._target ? this._obj._target.keys : this._csn.definitions[this._obj.INSERT.into].keys
+  // REVISIT: We need to copy over the implementation for annotation handling
+  build() {
+    this._obj = { INSERT: this._obj.UPSERT, _target: this._obj._target }
+    super.build()
+    const csnKeys =
+      (this._obj._target ? this._obj._target.keys : this._csn.definitions[this._obj.INSERT.into].keys) || {}
     const keys = Object.keys(csnKeys).filter(k => !csnKeys[k].isAssociation)
-    const conflict = ` ON CONFLICT(${keys}) DO UPDATE SET `
     const updates = []
     const columns = this._obj.INSERT.columns || Object.keys(this._obj.INSERT.entries[0])
+    if (this.managedCols) {
+      columns.push(...this.managedCols)
+    }
+
     columns.forEach(col => {
       const col_ = col.replace(/\./g, '_')
       if (!keys.includes(col_)) updates.push(`${col_}=excluded.${col_}`)
     })
+    const conflict = updates.length
+      ? ` ON CONFLICT(${keys}) DO UPDATE SET ` + updates.join(', ')
+      : ` ON CONFLICT(${keys}) DO NOTHING`
 
-    if (updates.length) {
-      this._outputObj.sql = insertSql + conflict + updates.join(', ')
-    }
-
+    this._outputObj.sql = this._outputObj.sql + conflict
     return this._outputObj
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "6.4.0",
+  "version": "6.4.1",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [

package/server.js

@@ -47,7 +47,6 @@ module.exports = async function cds_server (options) {
   if (cds.requires.messaging)   await cds.connect.to ('messaging')
 
   // serve all services declared in models
-  if (cds.requires.middlewares) cds.middlewares.bootstrap(); else if (o.correlate) app.use (o.correlate)
   await cds.serve (o.service,o) .in (app)
   await cds.emit ('served', cds.services) //> hook for listeners
 
@@ -71,7 +70,7 @@ module.exports = async function cds_server (options) {
 //
 const defaults = {
 
-  cors, correlate,
+  cors,
 
   get static() { return cds.env.folders.app },  //> defaults to ./app
 
@@ -100,7 +99,7 @@ const _app_serve = function (endpoint) { return {
 }}
 
 
-function cors (req, res, next) {
+function cors (req, res, next) { // REVISIT: should that move into middlewares?
   const { origin } = req.headers
   if (origin) res.set('access-control-allow-origin', origin)
   if (origin && req.method === 'OPTIONS')
@@ -108,23 +107,6 @@ function cors (req, res, next) {
   next()
 }
 
-function correlate (req, res, next) {
-  // derive correlation id from req
-  const id = req.headers['x-correlation-id'] || req.headers['x-correlationid']
-    || req.headers['x-request-id'] || req.headers['x-vcap-request-id']
-    || cds.utils.uuid()
-  // new intermediate cds.context, if necessary
-  if (!cds.context) cds.context = { id }
-  // guarantee x-correlation-id going forward and set on res
-  req.headers['x-correlation-id'] = id
-  res.set('X-Correlation-ID', id)
-  // guaranteed access to cds.context._.req -> REVISIT
-  if (!cds.context._) cds.context._ = {}
-  if (!cds.context._.req) cds.context._.req = req
-  if (!cds.context._.res) cds.context._.res = res
-  next()
-}
-
 function express_static (dir) {
   return express.static (path.resolve (cds.root,dir))
 }