@sap/cds 6.7.1 → 6.8.1

package/libx/_runtime/hana/pool.js

@@ -17,6 +17,7 @@ function multiTenantServiceManager() {
     if (e.code === 'MODULE_NOT_FOUND') return null
     else throw e
   }
+
   const oldIm =
     cds.requires.multitenancy?.['old-instance-manager'] ??
     cds.env.requires?.['cds.xt.DeploymentService']?.['old-instance-manager']
@@ -93,8 +94,10 @@ async function credentials4(tenant, db) {
   return new Promise((resolve, reject) => {
     db._instance_manager.get(tenant, (err, res) => {
       if (err) return reject(err)
-      if (!res)
+      if (!res) {
         return reject(Object.assign(new Error(`There is no instance for tenant "${tenant}"`), { statusCode: 404 }))
+      }
+
       resolve(res.credentials)
     })
   })
@@ -102,15 +105,9 @@ async function credentials4(tenant, db) {
 
 function factory4(creds, tenant) {
   return {
-    create: function () {
-      return hana.__connect(creds, tenant)
-    },
-    destroy: function (client) {
-      return hana.__disconnect(client)
-    },
-    validate: function (client) {
-      return hana.__isConnected(client)
-    }
+    create: () => hana.__connect(creds, tenant),
+    destroy: client => hana.__disconnect(client),
+    validate: client => hana.__isConnected(client)
   }
 }
 
@@ -121,7 +118,6 @@ const defaultConfig = { min: 0, max: 100, testOnBorrow: true, fifo: false }
 
 const _getPoolConfig = function () {
   const { pool: poolConfig } = cds.env.requires.db
-
   const mergedConfig = Object.assign({}, defaultConfig, poolConfig)
 
   // defaults
@@ -154,15 +150,19 @@ const _getMassagedCreds = function (creds) {
   if (!('ca' in creds) && creds.certificate) {
     creds.ca = creds.certificate
   }
+
   if ('encrypt' in creds && !('useTLS' in creds)) {
     creds.useTLS = creds.encrypt
   }
+
   if ('hostname_in_certificate' in creds && !('sslHostNameInCertificate' in creds)) {
     creds.sslHostNameInCertificate = creds.hostname_in_certificate
   }
+
   if ('validate_certificate' in creds && !('sslValidateCertificate' in creds)) {
     creds.sslValidateCertificate = creds.validate_certificate
   }
+
   return creds
 }
 
@@ -185,9 +185,11 @@ async function pool4(tenant, db) {
             )
 
             /*
-             * The error listener for "factoryCreateError" is registered in order to find out failed connection attempts.
-             * If it fails due to invalid credentials, we delete the current pool from the pools map and overwrite the pool factory create function.
-             * Background is that generic-pool will continue to try to open a connection by calling the factory create function until the "acquireTimeoutMillis" is reached.
+             * The error listener for "factoryCreateError" is registered to find out failed connection attempts.
+             * If it fails due to invalid credentials, we delete the current pool from the pools map and overwrite the
+             * pool factory create function.
+             * Background is that generic-pool will continue to try to open a connection by calling the factory create
+             * function until the "acquireTimeoutMillis" is reached.
              * This ends up in many connection attempts for one request even though the credentials are invalid.
              * Because of the deletion in the map, subsequent requests will fetch the credentials again.
              */
@@ -218,6 +220,7 @@ async function pool4(tenant, db) {
       })
     )
   }
+
   if ('then' in pools.get(tenant)) {
     pools.set(tenant, await pools.get(tenant))
   }
@@ -240,12 +243,17 @@ async function resilientAcquire(pool, attempts = 1) {
       attempt++
     }
   }
+
   if (client) return client
+
   const { borrowed, pending, size, available, max } = pool
+  const message =
+    'Acquiring client from pool timed out. Please review your system setup, transaction handling, and pool configuration. ' +
+    `Pool State: borrowed: ${borrowed}, pending: ${pending}, size: ${size}, available: ${available}, max: ${max}`
   err = getError(
     Object.assign(err, {
       statusCode: 503,
-      message: `Acquiring client from pool timed out. Please review your system setup, transaction handling, and pool configuration. Pool State: borrowed: ${borrowed}, pending: ${pending}, size: ${size}, available: ${available}, max: ${max}`
+      message
     })
   )
   err._attempts = attempt
@@ -262,9 +270,9 @@ module.exports = {
     client._pool = pool
     return client
   },
-  release: client => {
-    return client._pool.release(client)
-  },
+
+  release: client => client._pool.release(client),
+
   drain: async tenant => {
     const pool = pools.get(tenant)
     if (!pool) return

package/libx/_runtime/hana/search2Contains.js

@@ -62,7 +62,7 @@ const search2Contains = (cqnSearchPhrase, columns) => {
 const isContainsPredicateSupported = (query, entity, columns2Search) => {
   const cqnSearchPhrase = query.SELECT.search
 
-  if (cqnSearchPhrase && cqnSearchPhrase[0] && cqnSearchPhrase[0].val === ' ') return false
+  if (cqnSearchPhrase?.[0]?.val === ' ') return false
 
   // REVISIT: In the future, to further optimize search queries, you might
   // want to remove the following condition(s).

package/libx/_runtime/hana/search2cqn4sql.js

@@ -5,21 +5,7 @@ const { isContainsPredicateSupported, search2Contains } = require('./search2Cont
 const { addAliasToExpression } = require('../db/utils/generateAliases')
 const targetAlias = 'Target'
 const textsAlias = 'Texts'
-const _generateKeysWhereCondition = (entity, alias1, alias2) => {
-  const keys = Object.keys(entity.keys).filter(k => !entity.keys[k].isAssociation && !entity.keys[k].virtual)
-  const where = []
-  keys.forEach(key => {
-    if (where.length > 0) where.push('and')
-    where.push({ ref: [alias1, key] }, '=', { ref: [alias2, key] })
-  })
-  return where
-}
-const _generateContainsColumns = (columns, entity) => {
-  const columnsTarget = addAliasToExpression(columns, targetAlias)
-  const columns2SearchText = columns.filter(col => col.ref && entity.elements[col.ref[col.ref.length - 1]].localized)
-  const columnsText = addAliasToExpression(columns2SearchText, textsAlias)
-  return [...columnsTarget, ...columnsText]
-}
+
 /**
  * Computes a CQN expression for a search query.
  *
@@ -40,11 +26,12 @@ const _generateContainsColumns = (columns, entity) => {
 const search2cqn4sql = (query, entity, options) => {
   const cqnSearchPhrase = query.SELECT.search
   if (!cqnSearchPhrase) return query
-
   const localizedAssociation = entity.associations?.localized
+
   if (localizedAssociation) {
     let { columns: columns2Search = computeColumnsToBeSearched(query, entity), locale } = options
     const viewAlias = query.SELECT.from.as ? query.SELECT.from.as : 'LocalizedView'
+
     if (!query.SELECT.from.as) {
       _addAliasToQuery(query, viewAlias)
     }
@@ -56,14 +43,17 @@ const search2cqn4sql = (query, entity, options) => {
 
     // left outer join the target table with the _texts table (the _texts table contains the translated texts)
     subQuery.leftJoin(localizedAssociation.target, textsAlias).on(onCondition)
+
     // add condition for equal keys of target table and localized view
     subQuery.where(_generateKeysWhereCondition(entity, targetAlias, viewAlias))
     const containsColumns = _generateContainsColumns(columns2Search, entity)
+
     let expression
+
     if (isContainsPredicateSupported(query, entity, columns2Search)) {
       // generate CQN expression with `CONTAINS` predicate for the columns from the target and text table
       expression = search2Contains(cqnSearchPhrase, containsColumns)
-      Object.defineProperty(subQuery, '_$searchUsingContains', { value: true, enumerable: true })
+      Object.defineProperty(expression, 'searchUsingContains', { value: true, enumerable: true })
     } else {
       expression = searchToLike(cqnSearchPhrase, containsColumns)
     }
@@ -73,11 +63,29 @@ const search2cqn4sql = (query, entity, options) => {
     // suppress the localize handler from redirecting the subQuery's target to the localized view
     Object.defineProperty(subQuery, '_suppressLocalization', { value: true })
     query.where('exists', subQuery)
-
     return query
   }
 }
 
+const _generateKeysWhereCondition = (entity, alias1, alias2) => {
+  const keys = Object.keys(entity.keys).filter(key => !entity.keys[key].isAssociation && !entity.keys[key].virtual)
+  const where = []
+
+  keys.forEach(key => {
+    if (where.length > 0) where.push('and')
+    where.push({ ref: [alias1, key] }, '=', { ref: [alias2, key] })
+  })
+
+  return where
+}
+
+const _generateContainsColumns = (columns, entity) => {
+  const columnsTarget = addAliasToExpression(columns, targetAlias)
+  const columns2SearchText = columns.filter(col => col.ref && entity.elements[col.ref[col.ref.length - 1]].localized)
+  const columnsText = addAliasToExpression(columns2SearchText, textsAlias)
+  return [...columnsTarget, ...columnsText]
+}
+
 const _addAliasToQuery = (query, alias) => {
   const SELECT = query.SELECT
   SELECT.from.as = alias

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -2,8 +2,9 @@ const cds = require('../../cds.js')
 // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
 const express = require('express')
 const getTenantInfo = require('./getTenantInfo.js')
-const isSecured = () => cds.requires.auth && cds.requires.auth.credentials
-const { getTenant } = require('../../auth/strategies/xssecUtils')
+const isSecured = () => cds.requires.auth && (cds.requires.auth.impl || cds.requires.auth.credentials)
+const _require = require('../../common/utils/require')
+const { UNAUTHORIZED } = require('../../auth/utils')
 
 const _isAll = a => a && a.includes('all')
 
@@ -14,18 +15,25 @@ class EndpointRegistry {
     this.webhookCallbacks = new Map()
     this.deployCallbacks = new Map()
     if (isSecured()) {
-      const JWTStrategy = require('../../auth/strategies/JWT.js')
-      // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-      const passport = require('passport')
-      // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
-      //          In principle, user-facing endpoints might differ from messaging ones.
-      passport.use(new JWTStrategy(cds.requires.auth.credentials))
+      if (cds.requires.auth.impl) {
+        const impl = _require(cds.resolve(cds.requires.auth.impl))
+        paths.forEach(path => cds.app.use(path, impl))
+      } else {
+        const JWTStrategy = require('../../auth/strategies/JWT.js')
+        // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+        const passport = _require('passport')
+        // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
+        //          In principle, user-facing endpoints might differ from messaging ones.
+        passport.use(new JWTStrategy(cds.requires.auth.credentials))
+        paths.forEach(path => {
+          cds.app.use(path, passport.initialize())
+          cds.app.use(path, passport.authenticate('JWT', { session: false }))
+        })
+      }
+      // unsuccessful auth doesn't automatically reject!
       paths.forEach(path => {
-        cds.app.use(path, passport.initialize())
-        cds.app.use(path, passport.authenticate('JWT', { session: false }))
         cds.app.use(path, (req, res, next) => {
-          // unsuccessful auth doesn't automatically reject!
-          if (!req.user) return res.status(401).json({ message: 'Unauthorized' })
+          if (!req.user) res.status(401).json(UNAUTHORIZED)
           next()
         })
       })
@@ -63,17 +71,16 @@ class EndpointRegistry {
       try {
         if (isSecured() && !req.user.is('emcallback')) return res.sendStatus(403)
         const queueName = req.query.q
-        const authInfo = req.authInfo
         const xAddress = req.headers['x-address']
         const topic = xAddress && xAddress.match(/^topic:(.*)/)[1]
         const payload = req.body
         const cb = this.webhookCallbacks.get(queueName)
         if (!topic || !payload || !queueName || !cb) return res.sendStatus(200)
-        const tenantId = getTenant(authInfo)
-        const other = authInfo
+        const tenant = req.tenant || req.user.tenant
+        const other = tenant
           ? {
               _: { req, res }, // For `cds.context.http`
-              tenant: tenantId
+              tenant
             }
           : {}
         if (!cb) return res.sendStatus(200)

package/libx/_runtime/messaging/outbox/utils.js

@@ -15,6 +15,11 @@ const outboxRunner = new OutboxRunner()
 const cdsUser = 'cds.internal.user'
 const messageProcessorRegistered = Symbol('message processor registered')
 
+const _get100NanosecondTimestampISOString = () => {
+  const [now, nanoseconds] = [new Date(), process.hrtime()[1]]
+  return now.toISOString().replace('Z', `${nanoseconds}`.padStart(9, '0').substring(3, 7) + 'Z')
+}
+
 const _getMessagesEntity = () => {
   const messagesDbName = 'cds.outbox.Messages'
   const messagesEntity = cds.model.definitions[messagesDbName]
@@ -221,7 +226,7 @@ const _createMessage = (name, msg, context) => {
   const outboxMsg = {
     ID: cds.utils.uuid(),
     target: name,
-    timestamp: new Date().toISOString(), // needs to be different for each emit
+    timestamp: _get100NanosecondTimestampISOString(), // needs to be different for each emit
     msg: JSON.stringify(_msg)
   }
   return outboxMsg

package/libx/_runtime/remote/Service.js

@@ -7,6 +7,14 @@ const { getKind, run, getDestination, getAdditionalOptions, getReqOptions } = re
 const { formatVal } = require('../../odata/utils')
 const { hasAliasedColumns } = require('./utils/data')
 
+let _cloudSdkConnectivity
+const cloudSdkConnectivity = () => {
+  if (_cloudSdkConnectivity) return _cloudSdkConnectivity
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+  _cloudSdkConnectivity = require('@sap-cloud-sdk/connectivity')
+  return _cloudSdkConnectivity
+}
+
 const _isSimpleCqnQuery = q => typeof q === 'object' && q !== null && !Array.isArray(q) && Object.keys(q).length > 0
 
 const _setHeaders = (defaultHeaders, req) => {
@@ -18,6 +26,7 @@ const _setHeaders = (defaultHeaders, req) => {
     }, {})
   )
 }
+
 const _setCorrectValue = (el, data, params, kind) => {
   return typeof data[el] === 'object' && kind !== 'odata-v2'
     ? JSON.stringify(data[el])
@@ -151,49 +160,68 @@ const resolvedTargetOfQuery = q => {
   const transitions = (typeof q === 'object' && (q.SELECT || q.INSERT || q.UPDATE || q.DELETE)._transitions) || []
   return transitions.length && [transitions.length - 1].target
 }
+
 let logged
 let sdkLoggerDisabled
+
+const _resolveSelectionStrategy = options => {
+  if (typeof options?.selectionStrategy !== 'string') return
+  options.selectionStrategy = cloudSdkConnectivity().DestinationSelectionStrategies[options.selectionStrategy]
+
+  if (typeof options?.selectionStrategy !== 'function') {
+    throw new Error(`Unsupported destination selection strategy "${options.selectionStrategy}".`)
+  }
+}
+
 class RemoteService extends cds.Service {
   init() {
-    if (!this.options.credentials) {
-      throw new Error(`No credentials configured for "${this.name}".`)
-    }
+    this.kind = getKind(this.options) // TODO: Simplify
 
-    this.datasource = this.options.datasource
-    this.destinationOptions = this.options.destinationOptions
-    this.destination =
-      this.options.credentials.destination ||
-      getDestination((this.definition && this.definition.name) || this.datasource, this.options.credentials)
-    this.requestTimeout = this.options.credentials.requestTimeout
-    if (this.requestTimeout == null) this.requestTimeout = 60000
-    if (cds.env.features.fetch_csrf && !logged) {
-      // for logging once for all remote services
-      logged = true
-      LOG._warn &&
-        LOG.warn(
-          'Configuration option "cds.env.features.fetch_csrf" is deprecated.\n Please use "csrf"/"csrfInBatch" as described in https://cap.cloud.sap/docs/node.js/remote-services'
-        )
-    }
+    /*
+     * set up connectivity stuff if credentials are provided
+     * throw error if no credentials are provided and the service has at least one entity or one action/function
+     */
+    if (this.options.credentials) {
+      this.datasource = this.options.datasource
+      this.destinationOptions = this.options.destinationOptions
+      _resolveSelectionStrategy(this.destinationOptions)
+      this.destination =
+        this.options.credentials.destination ??
+        getDestination(this.definition?.name ?? this.datasource, this.options.credentials)
+      this.path = this.options.credentials.path
+
+      this.requestTimeout = this.options.credentials.requestTimeout
+      if (this.requestTimeout == null) this.requestTimeout = 60000
+
+      // REVISIT: remove cds.env.features.fetch_csrf in next major ^7
+      this.csrf = cds.env.features.fetch_csrf ?? this.options.csrf
+      this.csrfInBatch = this.options.csrfInBatch
+      if (cds.env.features.fetch_csrf && !logged) {
+        // for logging once for all remote services
+        logged = true
+        LOG._warn &&
+          LOG.warn(
+            'Configuration option "cds.env.features.fetch_csrf" is deprecated.\n Please use "csrf"/"csrfInBatch" as described in https://cap.cloud.sap/docs/node.js/remote-services'
+          )
+      }
 
-    // REVISIT: use cds.log's logger in cloud sdk
-
-    // disable sdk logger if not in debug mode
-    if (!LOG._debug && !sdkLoggerDisabled) {
-      try {
-        // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-        const sdkUtils = require('@sap-cloud-sdk/util')
-        sdkUtils.setGlobalLogLevel('error')
-        // disable sdk logger once
-        sdkLoggerDisabled = true
-      } catch (err) {
-        /* might fail in cds repl due to winston's exception handler, see cap/issues#10134 */
+      // REVISIT: use cds.log's logger in cloud sdk
+
+      // disable sdk logger if not in debug mode
+      if (!LOG._debug && !sdkLoggerDisabled) {
+        try {
+          // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+          const sdkUtils = require('@sap-cloud-sdk/util')
+          sdkUtils.setGlobalLogLevel('error')
+          // disable sdk logger once
+          sdkLoggerDisabled = true
+        } catch (err) {
+          /* might fail in cds repl due to winston's exception handler, see cap/issues#10134 */
+        }
       }
+    } else if ([...this.entities].length || [...this.operations].length) {
+      throw new Error(`No credentials configured for "${this.name}".`)
     }
-    // REVISIT: remove cds.env.features.fetch_csrf in next major ^7
-    this.csrf = cds.env.features.fetch_csrf || this.options.csrf
-    this.csrfInBatch = this.options.csrfInBatch
-    this.path = this.options.credentials.path
-    this.kind = getKind(this.options) // TODO: Simplify
 
     const clearKeysFromData = function (req) {
       if (req.target && req.target.keys) for (const k of Object.keys(req.target.keys)) delete req.data[k]
@@ -235,9 +263,7 @@ class RemoteService extends cds.Service {
       }
 
       let result = await run(reqOptions, additionalOptions)
-
-      result =
-        typeof query === 'object' && query.SELECT && query.SELECT.one && Array.isArray(result) ? result[0] : result
+      result = typeof query === 'object' && query.SELECT?.one && Array.isArray(result) ? result[0] : result
 
       return result
     })

package/libx/_runtime/remote/utils/client.js

@@ -27,14 +27,16 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
   const destinationName = typeof destination === 'string' && destination
 
   if (destinationName) {
-    destination = { destinationName, ...(resolveDestinationOptions(destinationOptions, jwt) || {}) }
+    destination = { destinationName, ...(resolveDestinationOptions(destinationOptions, jwt) ?? {}) }
   } else if (destination.forwardAuthToken) {
     destination = {
       ...destination,
       headers: destination.headers ? { ...destination.headers } : {},
       authentication: 'NoAuthentication'
     }
+
     delete destination.forwardAuthToken
+
     if (jwt) {
       destination.headers.authorization = `Bearer ${jwt}`
     } else {
@@ -93,12 +95,12 @@ const getDestination = (name, credentials) => {
  * @returns {import('@sap-cloud-sdk/connectivity').DestinationFetchOptions}
  */
 const resolveDestinationOptions = function (options, jwt) {
-  if (!options && !jwt) return undefined
+  if (!options && !jwt) return
 
-  const resolvedOptions = Object.assign({}, options || {})
+  const resolvedOptions = Object.assign({}, options ?? {})
   resolvedOptions.jwt = jwt
 
-  if (options && options.selectionStrategy) {
+  if (options?.selectionStrategy) {
     resolvedOptions.selectionStrategy = options.selectionStrategy
   }
 
@@ -388,12 +390,10 @@ const run = async (
 }
 
 const getJwt = req => {
-  const headers = req && req.context && req.context.headers
-  if (headers && headers.authorization) {
+  const headers = req?.context?.headers
+  if (headers?.authorization) {
     const token = headers.authorization.match(/^bearer (.+)/i)
-    if (token) {
-      return token[1]
-    }
+    if (token) return token[1]
   }
 
   return null
@@ -467,6 +467,10 @@ const getReqOptions = (req, query, service) => {
       ? _stringToReqOptions(query, req.data, req.target)
       : _pathToReqOptions(req.method, req.path, req.data, req.target)
 
+  if (service.kind === 'odata-v2' && req.event === 'READ' && reqOptions.url?.match(/(\/any\()|(\/all\()/)) {
+    req.reject(501, 'Lambda expressions are not supported in OData v2')
+  }
+
   reqOptions.headers = { accept: 'application/json,text/plain' }
   reqOptions.timeout = service.requestTimeout
 

package/libx/rest/middleware/read.js

@@ -16,13 +16,14 @@ module.exports = async (_req, _res, next) => {
     result = await srv.dispatch(req)
 
     // 204 or 404?
-    if (result === null && query.SELECT.one) {
+    if (result == null && query.SELECT.one) {
       if (_target.ref.length > 1) status = 204
       else throw { code: 404 }
     }
   } catch (e) {
     return next(e)
   }
+
   // compat for mtx returning strings instead of objects
   if (typeof result === 'object' && result !== null && '$count' in result) {
     result = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "6.7.1",
+  "version": "6.8.1",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [