@sap/cds 6.8.4 → 7.0.0

package/libx/_runtime/fiori/utils/delete.js

@@ -29,7 +29,7 @@ const _validate = (activeResult, draftResult, req, IsActiveEntity) => {
     (IsActiveEntity === true && activeResult.length === 0) ||
     (IsActiveEntity === false && draftResult.length === 0)
   ) {
-    req.reject(404)
+    req.reject(req._etagValidationClause ? 412 : 404)
   }
 }
 
@@ -46,10 +46,15 @@ const deleteDraft = async (req, srv, includingActive = false) => {
   // Intentional?
   const deleteActive = keys.IsActiveEntity !== false
 
-  const [activeResult, draftResult] = await Promise.all([
-    dbtx.run(_getSelectCQN(req, keys)),
-    dbtx.run(_getDraftSelectCQN(req, keys))
-  ])
+  const selectActive = _getSelectCQN(req, keys)
+  const selectDraft = _getDraftSelectCQN(req, keys)
+
+  if (req._etagValidationClause) {
+    if (keys.IsActiveEntity) selectActive.where(req._etagValidationClause)
+    else selectDraft.where(req._etagValidationClause)
+  }
+
+  const [activeResult, draftResult] = await Promise.all([dbtx.run(selectActive), dbtx.run(selectDraft)])
 
   _validate(activeResult, draftResult, req, deleteActive)
 

package/libx/_runtime/fiori/utils/req.js

@@ -1,9 +1,21 @@
-const isNavigationToMany = req => {
-  // REVISIT: get rid of getUriInfo
-  if (!req.getUriInfo) return
+const _ref2name = ref => (ref.id || ref).replace(/_drafts$/, '')
 
-  const segments = req.getUriInfo().getPathSegments()
-  return segments[segments.length - 1].getKind() === 'NAVIGATION.TO.MANY'
+const isNavigationToMany = (req, model) => {
+  // only one segment -> false
+  if (req.subject.ref.length < 2) return
+
+  // last segment has it's own where -> false
+  if (req.subject.ref[req.subject.ref.length - 1].where) return
+
+  // determine the csn element of the last navigation and return it's is2many property
+  let cur
+  for (let i = 0; i < req.subject.ref.length - 1; i++) {
+    cur = cur
+      ? model.definitions[cur.elements[_ref2name(req.subject.ref[i])].target]
+      : model.definitions[_ref2name(req.subject.ref[i])]
+  }
+  const last = cur.elements[_ref2name(req.subject.ref[req.subject.ref.length - 1])]
+  return last.is2many
 }
 
 module.exports = {

package/libx/_runtime/fiori/utils/stream.js

@@ -0,0 +1,36 @@
+const { ensureDraftsSuffix } = require('./handler')
+const { removeIsActiveEntityRecursively, isActiveEntityRequested } = require('./where')
+
+const _adaptSubSelectsDraft = select => {
+  if (select.SELECT.from.ref) {
+    const index = select.SELECT.from.ref.length - 1
+    select.SELECT.from.ref[index] = ensureDraftsSuffix(select.SELECT.from.ref[index])
+  }
+
+  if (select.SELECT.where) {
+    for (let i = 0; i < select.SELECT.where.length; i++) {
+      const element = select.SELECT.where[i]
+      if (element.SELECT) {
+        _adaptSubSelectsDraft(element)
+      } else if (element.xpr) {
+        _adaptSubSelectsDraft({ SELECT: { from: {}, where: element.xpr } })
+      }
+    }
+  }
+}
+
+const adaptStreamCQN = (cqn, isDraft = false) => {
+  let draft = isDraft
+  if (!draft) {
+    draft = !isActiveEntityRequested(cqn.SELECT.where)
+    const ref = cqn.SELECT.from?.ref
+    if (!draft && ref) draft = !isActiveEntityRequested(ref[ref.length - 1].where)
+  }
+
+  if (draft) _adaptSubSelectsDraft(cqn)
+  cqn.SELECT.where = removeIsActiveEntityRecursively(cqn.SELECT.where)
+}
+
+module.exports = {
+  adaptStreamCQN
+}

package/libx/_runtime/hana/Service.js

@@ -57,17 +57,20 @@ class HanaDatabase extends DatabaseService {
      */
     this.on('BEGIN', function () {
       LOG._debug && LOG.debug(coloredTxCommands['BEGIN'])
+
       this.dbc.setAutoCommit(false)
+
       return 'dummy'
     })
 
-    // REVISIT: register only if needed?
-    this.before('COMMIT', this._integrity.performCheck)
-
     this.on(['COMMIT', 'ROLLBACK'], function (req) {
       LOG._debug && LOG.debug(coloredTxCommands[req.event])
+
+      // REVISIT: better?
+      this.dbc._closed = true
+
       return new Promise((resolve, reject) => {
-        this.dbc[req.event.toLowerCase()](async err => {
+        this.dbc[req.event.toLowerCase()](err => {
           try {
             this.dbc.setAutoCommit(true)
           } catch (e) {
@@ -97,9 +100,6 @@ class HanaDatabase extends DatabaseService {
 
     this.before('READ', '*', localized) // > has to run after rewrite
     this.before('READ', '*', this._virtual)
-
-    // REVISIT: get data to be deleted for integrity check
-    this.before('DELETE', '*', this._integrity.beforeDelete)
   }
 
   _registerOnHandlers() {
@@ -124,8 +124,7 @@ class HanaDatabase extends DatabaseService {
    */
   // eslint-disable-next-line complexity
   async acquire(arg) {
-    // REVISIT: remove fallback arg.user.tenant with cds^6 (still needed for cds-mtx)
-    const tenant = arg && (typeof arg === 'string' ? arg : arg.tenant || (arg.user && arg.user.tenant))
+    const tenant = arg && (typeof arg === 'string' ? arg : arg.tenant)
     const dbc = await pool.acquire(tenant, this)
 
     if (arg && typeof arg !== 'string') {
@@ -152,6 +151,10 @@ class HanaDatabase extends DatabaseService {
     }
 
     dbc._tenant = tenant
+
+    // REVISIT: better?
+    dbc._closed = false
+
     return dbc
   }
 

package/libx/_runtime/hana/conversion.js

@@ -1,5 +1,4 @@
-const cds = require('../cds')
-
+const cds = require('../../../lib')
 const driver = require('./driver')
 const isHdb = driver?.name === 'hdb'
 
@@ -20,11 +19,17 @@ const convertInt64ToString = int64 => {
 }
 
 const convertToISO = element => {
-  if (element) {
-    return new Date(element + 'Z').toISOString()
+  if (!element) return null
+
+  if (cds.env.features.precise_timestamps) {
+    const dateTime = element.slice(0, 19).replace(' ', 'T')
+    let millis = element.slice(20)
+    if (millis.at(-1) === 'Z') millis = millis.slice(0, -1)
+    millis = millis.slice(0, 7).padEnd(7, '0')
+    return dateTime + '.' + millis + 'Z'
   }
 
-  return null
+  return new Date(element + 'Z').toISOString()
 }
 
 const convertToISONoMillis = element => {
@@ -62,16 +67,6 @@ const HANA_TYPE_CONVERSION_MAP = new Map([
   ['cds.hana.CLOB', convertToString]
 ])
 
-if (cds.env.features.bigjs) {
-  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-  const Big = require('big.js')
-  const convertToBig = value => new Big(value)
-
-  HANA_TYPE_CONVERSION_MAP.set('cds.Integer64', convertToBig)
-  HANA_TYPE_CONVERSION_MAP.set('cds.Int64', convertToBig)
-  HANA_TYPE_CONVERSION_MAP.set('cds.Decimal', convertToBig)
-}
-
 module.exports = {
   HANA_TYPE_CONVERSION_MAP
 }

package/libx/_runtime/hana/driver.js

@@ -187,6 +187,8 @@ const _getHanaDriver = name => {
       return client.state() === 'connected'
     }
 
+    if (LOG._debug) LOG.debug(`Using "${driver.name}"`)
+
     return driver
   } catch (e) {
     if (name === 'hdb' && !isConfigured) {

package/libx/_runtime/hana/execute.js

@@ -100,6 +100,9 @@ function _hcGetResultForProcedure(stmt, resultSet, outParameters) {
 
 function _getProcedureMetadata(procedureName, dbc) {
   return new Promise((resolve, reject) => {
+    // REVISIT: better?
+    if (dbc._closed) return reject(new Error('Transaction is already closed'))
+
     dbc.exec(
       `SELECT PARAMETER_NAME FROM SYS.PROCEDURE_PARAMETERS WHERE SCHEMA_NAME = CURRENT_SCHEMA AND PROCEDURE_NAME = '${procedureName}' AND PARAMETER_TYPE IN ('OUT', 'INOUT') ORDER BY POSITION`,
       (err, res) => {
@@ -111,6 +114,9 @@ function _getProcedureMetadata(procedureName, dbc) {
 }
 
 function _executeAsPreparedStatement(dbc, sql, values, reject, resolve) {
+  // REVISIT: better?
+  if (dbc._closed) return reject(new Error('Transaction is already closed'))
+
   dbc.prepare(sql, async function (err, stmt) {
     if (err) {
       err.query = sql
@@ -144,6 +150,9 @@ function _executeAsPreparedStatement(dbc, sql, values, reject, resolve) {
       }
     }
 
+    // REVISIT: better?
+    if (dbc._closed) return reject(new Error('Transaction is already closed'))
+
     // on @sap/hana-client, we need to use execQuery in case of calling procedures
     stmt[procedureName && dbc.name !== 'hdb' ? 'execQuery' : 'exec'](values, function (err, rows, ...args) {
       if (err) {
@@ -188,6 +197,9 @@ function _executeSimpleSQL(dbc, sql, values) {
     if (_hasValues(values) || !!_getProcedureName(sql)) {
       _executeAsPreparedStatement(dbc, sql, values, reject, resolve)
     } else {
+      // REVISIT: better?
+      if (dbc._closed) return reject(new Error('Transaction is already closed'))
+
       dbc.exec(sql, function (err, result) {
         if (err) {
           err.query = sql
@@ -317,16 +329,26 @@ function executeInsertCQN(model, dbc, query, user, locale, txTimestamp) {
   })
 }
 
+function _writeStream(model, dbc, query, user, locale, txTimestamp, sql, values) {
+  if (dbc.name === 'hdb') return writeStreamWithHdb(dbc, sql, values)
+
+  // @sap/hana-client does not support WHERE EXISTS when writing stream
+  const subselect = query.UPDATE.where?.find(ele => typeof ele === 'object' && ele.SELECT && ele._etagValidation)
+  if (!subselect) return writeStreamWithHanaClient(dbc, sql, values)
+
+  const { sql: s, values: v } = _cqnToSQL(model, subselect, user, locale, txTimestamp)
+  return executePlainSQL(dbc, s, v).then(res => {
+    if (res.length === 0) return 0
+    return writeStreamWithHanaClient(dbc, sql, values)
+  })
+}
+
 function executeUpdateCQN(model, dbc, query, user, locale, txTimestamp) {
   const { sql, values = [] } = _cqnToSQL(model, query, user, locale, txTimestamp)
 
   // query can be insert from deep update
-  if (query.UPDATE && hasStreamUpdate(query.UPDATE, model)) {
-    if (dbc.name === 'hdb') {
-      return writeStreamWithHdb(dbc, sql, values)
-    }
-    return writeStreamWithHanaClient(dbc, sql, values)
-  }
+  if (query.UPDATE && hasStreamUpdate(query.UPDATE, model))
+    return _writeStream(model, dbc, query, user, locale, txTimestamp, sql, values)
 
   return _executeSimpleSQL(dbc, sql, values)
 }

package/libx/_runtime/hana/pool.js

@@ -1,111 +1,51 @@
-// REVISIT: Remove @sap/instance-manager compat with CDS 7
-
 const cds = require('../cds')
 const LOG = cds.log('pool|db')
 
 const { pool } = require('@sap/cds-foss')
 const hana = require('./driver')
-
-const _require = require('../common/utils/require')
 const getError = require('../common/error')
 
-function multiTenantServiceManager() {
-  try {
-    // Make sure cds-mtxs APIs are loaded
-    require('@sap/cds-mtxs/lib') // eslint-disable-line cds/no-missing-dependencies
-  } catch (e) {
-    if (e.code === 'MODULE_NOT_FOUND') return null
-    else throw e
-  }
-
-  const oldIm =
-    cds.requires.multitenancy?.['old-instance-manager'] ??
-    cds.env.requires?.['cds.xt.DeploymentService']?.['old-instance-manager']
-  return oldIm ? null : cds.xt?.serviceManager
-}
-
-function multiTenantInstanceManager(config = cds.env.requires.db) {
-  const { credentials } = config
-
-  if (!credentials) throw Object.assign(new Error('No database credentials provided'))
-  else if (typeof credentials !== 'object' || !(credentials.get_managed_instance_url || credentials.sm_url))
-    throw Object.assign(new Error('Malformed database credentials provided'))
-
-  // new instance manager
-  return new Promise((resolve, reject) => {
-    // REVISIT: better cache settings? current copied from old cds-hana...
-    // note: may need to be low for mtx tests -> configurable?
-    const opts = {
-      cache_max_items: 1,
-      cache_item_expire_seconds: 1
-    }
-
-    // check binding to both managed-hana and service-manager for instance migration
-    if (cds.env.features.hybrid_instance_manager && process.env.VCAP_SERVICES) {
-      const vcap = JSON.parse(process.env.VCAP_SERVICES)
-      if (vcap['managed-hana'] && vcap['service-manager']) {
-        opts.smOpts = vcap['service-manager'][0].credentials
-        opts.imOpts = vcap['managed-hana'][0].credentials
-      }
-    }
-
-    // no double config -> take passed credentials (= cds.env.requires.db.credentials)
-    if (!opts.smOpts) Object.assign(opts, credentials)
-
-    // REVISIT: should be relative
-    // const mtxPath = require.resolve('@sap/cds-mtx', { paths: [process.env.pwd(), __dirname] })
-    // const imPath = require.resolve('@sap/instance-manager', { paths: [mtxPath] })
-    // _require(imPath).create(opts, (err, res) => {
-    _require('@sap/instance-manager').create(opts, (err, res) => {
-      if (err) return reject(err)
-      resolve(res)
-    })
-  })
-}
-
-function singleTenantInstanceManager(config = cds.env.requires.db) {
-  const { credentials } = config
-
-  if (!credentials) throw Object.assign(new Error('No database credentials provided'))
-  else if (typeof credentials !== 'object' || !credentials.host)
-    throw Object.assign(new Error('Malformed database credentials provided'))
-
-  // mock instance manager
-  return {
-    get: (_, cb) => cb(null, { credentials })
-  }
+const _getMassagedCreds = function (creds) {
+  if (!('ca' in creds) && creds.certificate) creds.ca = creds.certificate
+  if ('encrypt' in creds && !('useTLS' in creds)) creds.useTLS = creds.encrypt
+  if ('hostname_in_certificate' in creds && !('sslHostNameInCertificate' in creds))
+    creds.sslHostNameInCertificate = creds.hostname_in_certificate
+  if ('validate_certificate' in creds && !('sslValidateCertificate' in creds))
+    creds.sslValidateCertificate = creds.validate_certificate
+  return creds
 }
 
-async function credentials4(tenant, db) {
-  if (!db._instance_manager) {
-    const opts = db.options && db.options.credentials ? db.options : undefined
-    db._instance_manager = cds.requires.multitenancy
-      ? multiTenantServiceManager() ?? (await multiTenantInstanceManager(opts))
-      : singleTenantInstanceManager(opts)
-  }
-
-  const oldIm =
-    cds.requires.multitenancy?.['old-instance-manager'] ??
-    cds.env.requires?.['cds.xt.DeploymentService']?.['old-instance-manager']
-  if (cds.xt?.serviceManager && !oldIm) {
-    return (await db._instance_manager.get(tenant, { disableCache: true })).credentials
+// NOTE: disableCache: true means "force fetch credentials from service manager"
+async function credentials4(tenant, { disableCache = false }) {
+  const { credentials } = cds.env.requires.db
+  if (!credentials) throw new Error('No database credentials provided')
+  if (cds.requires.multitenancy) {
+    // eslint-disable-next-line cds/no-missing-dependencies
+    const res = await require('@sap/cds-mtxs/lib').xt.serviceManager.get(tenant, { disableCache })
+    return _getMassagedCreds(res.credentials)
+  } else {
+    if (typeof credentials !== 'object' || !credentials.host) throw new Error('Malformed database credentials provided')
+    return _getMassagedCreds(credentials)
   }
-
-  return new Promise((resolve, reject) => {
-    db._instance_manager.get(tenant, (err, res) => {
-      if (err) return reject(err)
-      if (!res) {
-        return reject(Object.assign(new Error(`There is no instance for tenant "${tenant}"`), { statusCode: 404 }))
-      }
-
-      resolve(res.credentials)
-    })
-  })
 }
 
 function factory4(creds, tenant) {
   return {
-    create: () => hana.__connect(creds, tenant),
+    create: () => {
+      return hana.__connect(creds, tenant).catch(e => {
+        if (!cds.requires.multitenancy || !e?.message.match(/authentication failed/i)) throw e
+
+        LOG._warn &&
+          LOG.warn(
+            `Possibly stale credentials for tenant ${tenant}, re-trying with fresh credentials from BTP Service Manager`
+          )
+        return credentials4(tenant, { disableCache: true }).then(_creds => {
+          // update creds in closure
+          creds = _creds
+          return hana.__connect(creds, tenant)
+        })
+      })
+    },
     destroy: client => hana.__disconnect(client),
     validate: client => hana.__isConnected(client)
   }
@@ -145,27 +85,6 @@ const _getPoolConfig = function () {
   return mergedConfig
 }
 
-// REVISIT: copied from old cds-hana
-const _getMassagedCreds = function (creds) {
-  if (!('ca' in creds) && creds.certificate) {
-    creds.ca = creds.certificate
-  }
-
-  if ('encrypt' in creds && !('useTLS' in creds)) {
-    creds.useTLS = creds.encrypt
-  }
-
-  if ('hostname_in_certificate' in creds && !('sslHostNameInCertificate' in creds)) {
-    creds.sslHostNameInCertificate = creds.hostname_in_certificate
-  }
-
-  if ('validate_certificate' in creds && !('sslValidateCertificate' in creds)) {
-    creds.sslValidateCertificate = creds.validate_certificate
-  }
-
-  return creds
-}
-
 const pools = new Map()
 
 async function pool4(tenant, db) {
@@ -177,7 +96,7 @@ async function pool4(tenant, db) {
           .then(creds => {
             const config = _getPoolConfig()
             LOG._info && LOG.info('effective pool configuration:', config)
-            const p = pool.createPool(factory4(_getMassagedCreds(creds), tenant), config)
+            const p = pool.createPool(factory4(creds, tenant), config)
 
             const INVALID_CREDENTIALS_WARNING = `Could not establish connection for tenant "${tenant}". Existing pool will be drained.`
             const INVALID_CREDENTIALS_ERROR = new Error(
@@ -250,12 +169,7 @@ async function resilientAcquire(pool, attempts = 1) {
   const message =
     'Acquiring client from pool timed out. Please review your system setup, transaction handling, and pool configuration. ' +
     `Pool State: borrowed: ${borrowed}, pending: ${pending}, size: ${size}, available: ${available}, max: ${max}`
-  err = getError(
-    Object.assign(err, {
-      statusCode: 503,
-      message
-    })
-  )
+  err = getError(Object.assign(err, { statusCode: 503, message }))
   err._attempts = attempt
   LOG._debug && LOG.debug(err)
   throw err

package/libx/_runtime/hana/search2cqn4sql.js

@@ -28,43 +28,41 @@ const search2cqn4sql = (query, entity, options) => {
   if (!cqnSearchPhrase) return query
   const localizedAssociation = entity.associations?.localized
 
-  if (localizedAssociation) {
-    let { columns: columns2Search = computeColumnsToBeSearched(query, entity), locale } = options
-    const viewAlias = query.SELECT.from.as ? query.SELECT.from.as : 'LocalizedView'
-
-    if (!query.SELECT.from.as) {
-      _addAliasToQuery(query, viewAlias)
-    }
-
-    const subQuery = cds.ql.SELECT.from(entity.name).columns(1)
-    subQuery.SELECT.from.as = targetAlias
-    const onCondition = _generateKeysWhereCondition(entity, targetAlias, textsAlias)
-    onCondition.push('and', { ref: [textsAlias, 'locale'] }, '=', { val: locale || "SESSION_CONTEXT('LOCALE')" })
-
-    // left outer join the target table with the _texts table (the _texts table contains the translated texts)
-    subQuery.leftJoin(localizedAssociation.target, textsAlias).on(onCondition)
-
-    // add condition for equal keys of target table and localized view
-    subQuery.where(_generateKeysWhereCondition(entity, targetAlias, viewAlias))
-    const containsColumns = _generateContainsColumns(columns2Search, entity)
-
-    let expression
-
-    if (isContainsPredicateSupported(query, entity, columns2Search)) {
-      // generate CQN expression with `CONTAINS` predicate for the columns from the target and text table
-      expression = search2Contains(cqnSearchPhrase, containsColumns)
-      Object.defineProperty(expression, 'searchUsingContains', { value: true, enumerable: true })
-    } else {
-      expression = searchToLike(cqnSearchPhrase, containsColumns)
-    }
-
-    subQuery.where(expression)
-
-    // suppress the localize handler from redirecting the subQuery's target to the localized view
-    Object.defineProperty(subQuery, '_suppressLocalization', { value: true })
-    query.where('exists', subQuery)
-    return query
+  let { columns: columns2Search = computeColumnsToBeSearched(query, entity), locale } = options
+  const viewAlias = query.SELECT.from.as ? query.SELECT.from.as : 'LocalizedView'
+
+  if (!query.SELECT.from.as) {
+    _addAliasToQuery(query, viewAlias)
   }
+
+  const subQuery = cds.ql.SELECT.from(entity.name).columns(1)
+  subQuery.SELECT.from.as = targetAlias
+  const onCondition = _generateKeysWhereCondition(entity, targetAlias, textsAlias)
+  onCondition.push('and', { ref: [textsAlias, 'locale'] }, '=', { val: locale || "SESSION_CONTEXT('LOCALE')" })
+
+  // left outer join the target table with the _texts table (the _texts table contains the translated texts)
+  subQuery.leftJoin(localizedAssociation.target, textsAlias).on(onCondition)
+
+  // add condition for equal keys of target table and localized view
+  subQuery.where(_generateKeysWhereCondition(entity, targetAlias, viewAlias))
+  const containsColumns = _generateContainsColumns(columns2Search, entity)
+
+  let expression
+
+  if (isContainsPredicateSupported(query, entity, columns2Search)) {
+    // generate CQN expression with `CONTAINS` predicate for the columns from the target and text table
+    expression = search2Contains(cqnSearchPhrase, containsColumns)
+    Object.defineProperty(expression, 'searchUsingContains', { value: true, enumerable: true })
+  } else {
+    expression = searchToLike(cqnSearchPhrase, containsColumns)
+  }
+
+  subQuery.where(expression)
+
+  // suppress the localize handler from redirecting the subQuery's target to the localized view
+  Object.defineProperty(subQuery, '_suppressLocalization', { value: true })
+  query.where('exists', subQuery)
+  return query
 }
 
 const _generateKeysWhereCondition = (entity, alias1, alias2) => {

package/libx/_runtime/messaging/enterprise-messaging-utils/getTenantInfo.js

@@ -3,15 +3,11 @@ const _transform = o => ({ subdomain: o.subscribedSubdomain, tenant: o.subscribe
 
 // REVISIT: Looks ugly -> can we simplify that?
 const getTenantInfo = async tenant => {
-  const provisioningServiceName = cds.mtx ? 'ProvisioningService' : 'cds.xt.SaasProvisioningService'
-  const primaryKey = cds.mtx ? 'ID' : 'subscribedTenantId'
-  const path = cds.mtx ? 'tenant' : '/tenant' // HACK, otherwise the API doesn't work
-
-  const provisioning = await cds.connect.to(provisioningServiceName)
+  const provisioning = await cds.connect.to('cds.xt.SaasProvisioningService')
   const tx = provisioning.tx({ user: new cds.User.Privileged() })
   try {
     const result = tenant
-      ? _transform(await tx.get(path, { [primaryKey]: tenant }))
+      ? _transform(await tx.get('/tenant', { ['subscribedTenantId']: tenant }))
       : (await tx.read('tenant')).map(o => _transform(o))
     await tx.commit()
     return result

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -33,7 +33,8 @@ class EndpointRegistry {
       // unsuccessful auth doesn't automatically reject!
       paths.forEach(path => {
         cds.app.use(path, (req, res, next) => {
-          if (!req.user) res.status(401).json(UNAUTHORIZED)
+          // REVISIT: we should probably pass an error into next so that a (custom) error middleware can handle it
+          if (!req.user) res.status(401).json({ error: UNAUTHORIZED })
           next()
         })
       })
@@ -116,6 +117,7 @@ class EndpointRegistry {
         if (hasError) return res.status(500).send(results)
         return res.status(201).send(results)
       } catch (mtxError) {
+        // REVISIT: Still needed with cds-mtxs?
         // If an unknown tenant id is provided, cds-mtx will crash ("Cannot read property 'hanaClient' of undefined")
         return res.sendStatus(500)
       }