@sap/cds 6.8.4 → 7.0.0

package/libx/_runtime/audit/generic/personal/modification.js

@@ -1,132 +0,0 @@
-const cds = require('../../../cds')
-
-const getTemplate = require('../../../common/utils/template')
-const templateProcessor = require('../../../common/utils/templateProcessor')
-
-const {
-  getMapKeyForCurrentRequest,
-  getRootEntity,
-  getPick,
-  createLogEntry,
-  addObjectID,
-  addDataSubject,
-  addDataSubjectForDetailsEntity,
-  resolveDataSubjectPromises
-} = require('./utils')
-
-let auditLogService
-
-const attachDiffToContextHandler = async function (req) {
-  // store diff in audit data structure at context
-  const _audit = req.context._audit || (req.context._audit = {})
-  if (!_audit.diffs) _audit.diffs = new Map()
-  _audit.diffs.set(req._.query, await req.diff())
-}
-
-const _getOldAndNew = (action, row, key) => {
-  let oldValue = action === 'Create' ? null : row._old && row._old[key]
-  if (oldValue === undefined) oldValue = null
-  let newValue = action === 'Delete' ? null : row[key]
-  if (newValue === undefined) newValue = null
-  return { oldValue, newValue }
-}
-
-const _addAttribute = (log, action, row, key) => {
-  if (!log.attributes.find(ele => ele.name === key)) {
-    const { oldValue, newValue } = _getOldAndNew(action, row, key)
-    if (oldValue !== newValue)
-      log.attributes.push({ name: key, oldValue: String(oldValue), newValue: String(newValue) })
-  }
-}
-
-const _processorFnModification = (modificationLogs, model, req, beforeWrite) => elementInfo => {
-  if (!elementInfo.row._op) return
-
-  const { row, key, element, plain } = elementInfo
-
-  // delete in before phase, create and update in after phase
-  if ((row._op === 'delete') !== !!beforeWrite) return
-
-  const entity = getRootEntity(element)
-  const action = row._op[0].toUpperCase() + row._op.slice(1)
-
-  // create or augment log entry
-  const modificationLog = createLogEntry(modificationLogs, entity, row)
-
-  // process categories
-  for (const category of plain.categories) {
-    if (category === 'ObjectID') {
-      addObjectID(modificationLog, row, key)
-    } else if (category === 'DataSubjectID') {
-      addDataSubject(modificationLog, row, key, entity)
-    } else if (category === 'IsPotentiallyPersonal' || category === 'IsPotentiallySensitive') {
-      _addAttribute(modificationLog, action, row, key)
-    }
-  }
-
-  // add promise to determine data subject if a DataSubjectDetails entity
-  if (
-    (entity['@PersonalData.EntitySemantics'] === 'DataSubjectDetails' ||
-      entity['@PersonalData.EntitySemantics'] === 'Other') &&
-    modificationLog.dataSubject.id.length === 0 // > id still an array -> promise not yet set
-  ) {
-    addDataSubjectForDetailsEntity(row, modificationLog, req, entity, model)
-  }
-}
-
-const _getDataModificationLogs = (req, tx, diff, beforeWrite) => {
-  const template = getTemplate(
-    `personal_${req.event}`.toLowerCase(),
-    Object.assign({ name: req.target._service.name, model: tx.model }),
-    req.target,
-    { pick: getPick(req.event) }
-  )
-
-  const modificationLogs = {}
-  const processFn = _processorFnModification(modificationLogs, tx.model, req, beforeWrite)
-  templateProcessor({ processFn, row: diff, template })
-
-  return modificationLogs
-}
-
-const _calcModificationLogsHandler = async function (req, beforeWrite, that) {
-  const mapKey = getMapKeyForCurrentRequest(req)
-
-  const _audit = req.context._audit || (req.context._audit = {})
-  const modificationLogs = _getDataModificationLogs(req, that, _audit.diffs.get(mapKey), beforeWrite)
-
-  // store modificationLogs in audit data structure at context
-  if (!_audit.modificationLogs) _audit.modificationLogs = new Map()
-  const existingLogs = _audit.modificationLogs.get(mapKey) || {}
-  _audit.modificationLogs.set(mapKey, Object.assign(existingLogs, modificationLogs))
-
-  // execute the data subject promises before going along to on phase
-  // guarantees that the reads are executed before the data is modified
-  await resolveDataSubjectPromises(modificationLogs)
-}
-
-const calcModificationLogsHandler4Before = function (req) {
-  return _calcModificationLogsHandler(req, true, this)
-}
-
-const calcModificationLogsHandler4After = function (_, req) {
-  return _calcModificationLogsHandler(req, false, this)
-}
-
-const emitModificationHandler = async function (_, req) {
-  auditLogService = auditLogService || (await cds.connect.to('audit-log'))
-
-  const modificationLogs = req.context._audit.modificationLogs.get(req.query)
-  const modifications = Object.keys(modificationLogs)
-    .map(k => modificationLogs[k])
-    .filter(log => log.attributes.length)
-
-  await auditLogService.emit('dataModificationLog', { modifications })
-}
-
-module.exports = {
-  attachDiffToContextHandler,
-  calcModificationLogsHandler4Before,
-  calcModificationLogsHandler4After,
-  emitModificationHandler
-}

package/libx/_runtime/audit/generic/personal/utils.js

@@ -1,186 +0,0 @@
-const cds = require('../../../cds')
-
-const { getDataSubject } = require('../../../common/utils/csn')
-
-const WRITE = { CREATE: 1, UPDATE: 1, DELETE: 1 }
-
-const getMapKeyForCurrentRequest = req => {
-  // running in srv or db layer? -> srv's req.query used as key of diff and logs maps at req.context
-  // REVISIT: req._tx should not be used like that!
-  return req.tx.isDatabaseService ? req._.query : req.query
-}
-
-const getRootEntity = element => {
-  let entity = element.parent
-  while (entity.kind !== 'entity') entity = entity.parent
-  return entity
-}
-
-const _hasPersonalData = e => {
-  if (!e['@PersonalData.DataSubjectRole']) return
-  if (!e['@PersonalData.EntitySemantics']) return
-  return !!Object.values(e.elements).some(
-    e => e['@PersonalData.IsPotentiallyPersonal'] || e['@PersonalData.IsPotentiallySensitive']
-  )
-}
-
-const auditAnnotations = {
-  CREATE: '@AuditLog.Operation.Insert',
-  UPDATE: '@AuditLog.Operation.Update',
-  DELETE: '@AuditLog.Operation.Delete',
-  READ: '@AuditLog.Operation.Read'
-}
-
-const getPick = event => {
-  return (element, target) => {
-    if (!_hasPersonalData(target)) return
-    if (!auditAnnotations[event] || !target[auditAnnotations[event]]) return
-
-    const categories = []
-    if (!element.isAssociation && element.key) categories.push('ObjectID')
-    if (
-      !element.isAssociation &&
-      element['@PersonalData.FieldSemantics'] === 'DataSubjectID' &&
-      target['@PersonalData.EntitySemantics'] === 'DataSubject'
-    )
-      categories.push('DataSubjectID')
-    if (event in WRITE && element['@PersonalData.IsPotentiallyPersonal']) categories.push('IsPotentiallyPersonal')
-    if (element['@PersonalData.IsPotentiallySensitive']) categories.push('IsPotentiallySensitive')
-    if (categories.length) return { categories }
-  }
-}
-
-const _getHash = (entity, row) => {
-  return `${entity.name}(${Object.keys(entity.keys)
-    .map(k => `${k}=${row[k]}`)
-    .join(',')})`
-}
-
-const createLogEntry = (logs, entity, row) => {
-  const hash = _getHash(entity, row)
-  let log = logs[hash]
-  if (!log) {
-    logs[hash] = {
-      dataObject: { type: entity.name, id: [] },
-      dataSubject: { id: [], role: entity['@PersonalData.DataSubjectRole'] },
-      attributes: [],
-      attachments: []
-    }
-    log = logs[hash]
-  }
-  return log
-}
-
-const addObjectID = (log, row, key) => {
-  if (!log.dataObject.id.find(ele => ele.keyName === key) && key !== 'IsActiveEntity')
-    log.dataObject.id.push({ keyName: key, value: String(row[key]) })
-}
-
-const addDataSubject = (log, row, key, entity) => {
-  if (!log.dataSubject.type) log.dataSubject.type = entity.name
-  if (!log.dataSubject.id.find(ele => ele.key === key)) {
-    const value = row[key] || (row._old && row._old[key])
-    log.dataSubject.id.push({ keyName: key, value: String(value) })
-  }
-}
-
-const _addKeysToWhere = (keys, row, alias) =>
-  keys
-    .filter(key => !key.isAssociation && key.name !== 'IsActiveEntity')
-    .reduce((keys, key) => {
-      if (keys.length) keys.push('and')
-      keys.push({ ref: [alias, key.name] }, '=', { val: row[key.name] })
-      return keys
-    }, [])
-
-const _keyColumns = (keys, alias) =>
-  keys.filter(key => !key.isAssociation && key.name !== 'IsActiveEntity').map(key => ({ ref: [alias, key.name] }))
-
-const _alias = entity => entity.name.replace(`${entity._service.name}.`, '').replace('.', '_')
-
-const _buildSubSelect = (model, { entity, relative, element, next }, row, previousCqn) => {
-  // relative is a parent or an entity itself
-
-  const keys = Object.values(entity.keys)
-
-  const entityName = entity.name
-  const as = _alias(entity)
-
-  const childCqn = SELECT.from({ ref: [entityName], as }).columns(_keyColumns(keys, as))
-
-  const targetAlias = _alias(element._target)
-  const relativeAlias = _alias(relative)
-
-  childCqn.where(relative._relations[element.name].join(targetAlias, relativeAlias))
-
-  if (previousCqn) {
-    childCqn.where('exists', previousCqn)
-  } else {
-    childCqn.where(_addKeysToWhere(keys, row, as))
-  }
-  if (next) return _buildSubSelect(model, next, {}, childCqn)
-  return childCqn
-}
-
-const _getDataSubjectIdPromise = ({ dataSubjectEntity, subs }, row, req, model) => {
-  const keys = Object.values(dataSubjectEntity.keys)
-  const as = _alias(dataSubjectEntity)
-
-  const cqn = SELECT.from({ ref: [dataSubjectEntity.name], as })
-    .columns(_keyColumns(keys, as))
-    .where(['exists', _buildSubSelect(model, subs[0], row)])
-  // entity reused in different branches => must check all
-  for (let i = 1; i < subs.length; i++) {
-    cqn.or(['exists', _buildSubSelect(model, subs[i], row)])
-  }
-  return cds
-    .tx(req)
-    .run(cqn)
-    .then(res => {
-      const id = []
-      for (const k in res[0]) id.push({ keyName: k, value: String(res[0][k]) })
-      return id
-    })
-}
-
-const addDataSubjectForDetailsEntity = (row, log, req, entity, model) => {
-  const role = entity['@PersonalData.DataSubjectRole']
-
-  const dataSubjectInfo = getDataSubject(entity, model, role)
-
-  log.dataSubject.type = dataSubjectInfo.dataSubjectEntity.name
-
-  /*
-   * for each req (cf. $batch with atomicity) and data subject role (e.g., customer vs supplier),
-   * store (in audit data structure at context) and reuse a single promise to look up the respective data subject
-   */
-  const mapKey = getMapKeyForCurrentRequest(req)
-  const _audit = req.context._audit || (req.context._audit = {})
-  if (!_audit.dataSubjects) _audit.dataSubjects = new Map()
-  if (!_audit.dataSubjects.has(mapKey)) _audit.dataSubjects.set(mapKey, new Map())
-  const map = _audit.dataSubjects.get(mapKey)
-  if (map.has(role)) log.dataSubject.id = map.get(role)
-  // REVISIT by downward lookups row might already contain ID - some potential to optimize
-  else map.set(role, _getDataSubjectIdPromise(dataSubjectInfo, row, req, model))
-}
-
-const resolveDataSubjectPromises = log => {
-  const logs = Object.values(log)
-  return Promise.all(logs.map(log => log.dataSubject.id)).then(IDs =>
-    logs.map((log, i) => {
-      log.dataSubject.id = IDs[i]
-      return log
-    })
-  )
-}
-
-module.exports = {
-  getMapKeyForCurrentRequest,
-  getRootEntity,
-  getPick,
-  createLogEntry,
-  addObjectID,
-  addDataSubject,
-  addDataSubjectForDetailsEntity,
-  resolveDataSubjectPromises
-}

package/libx/_runtime/audit/utils/log.js

@@ -1,23 +0,0 @@
-function getObjectAndDataSubject(entry) {
-  const { dataObject, dataSubject } = entry
-  dataObject.id = dataObject.id.reduce((acc, cur) => {
-    acc[cur.keyName] = cur.value
-    return acc
-  }, {})
-  if (dataSubject) {
-    dataSubject.id = dataSubject.id.reduce((acc, cur) => {
-      acc[cur.keyName] = cur.value
-      return acc
-    }, {})
-  }
-  return { dataObject, dataSubject }
-}
-
-function getAttributeToLog(ele) {
-  return { name: ele.name, old: ele.oldValue || 'null', new: ele.newValue || 'null' }
-}
-
-module.exports = {
-  getObjectAndDataSubject,
-  getAttributeToLog
-}

package/libx/_runtime/audit/utils/v2.js

@@ -1,176 +0,0 @@
-const cds = require('../../cds')
-const LOG = cds.log('audit-log')
-const { getObjectAndDataSubject, getAttributeToLog } = require('./log')
-
-async function connect(credentials, securityContext) {
-  let auditLogging
-
-  try {
-    // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-    auditLogging = require('@sap/audit-logging')
-  } catch (error) {
-    // not able to require lib -> no audit logging ootb
-    return Promise.resolve()
-  }
-
-  try {
-    return await auditLogging.v2(credentials, securityContext)
-  } catch (error) {
-    LOG._warn && LOG.warn('Unable to initialize audit-logging client with error:', error)
-    return Promise.resolve()
-  }
-}
-
-function sendDataAccessLog(entry) {
-  return new Promise((resolve, reject) => {
-    entry.log(function (err) {
-      if (err && LOG._warn) {
-        err.message = `Writing data access log failed with error: ${err.message}`
-        return reject(err)
-      }
-
-      resolve()
-    })
-  })
-}
-
-function sendDataModificationLog(entry) {
-  return new Promise((resolve, reject) => {
-    entry.logPrepare(function (err) {
-      if (err) {
-        err.message = `Preparing data modification log failed with error: ${err.message}`
-        return reject(err)
-      }
-
-      entry.logSuccess(function (err) {
-        if (err) {
-          err.message = `Writing data modification log failed with error: ${err.message}`
-          return reject(err)
-        }
-
-        resolve()
-      })
-    })
-  })
-}
-
-function sendSecurityLog(entry) {
-  return new Promise((resolve, reject) => {
-    entry.log(function (err) {
-      if (err) {
-        err.message = `Writing security log failed with error: ${err.message}`
-        return reject(err)
-      }
-
-      resolve()
-    })
-  })
-}
-
-function sendConfigChangeLog(entry) {
-  return new Promise((resolve, reject) => {
-    entry.logPrepare(function (err) {
-      if (err) {
-        err.message = `Preparing configuration change log failed with error: ${err.message}`
-        return reject(err)
-      }
-
-      entry.logSuccess(function (err) {
-        if (err) {
-          err.message = `Writing configuration change log failed with error: ${err.message}`
-          return reject(err)
-        }
-
-        resolve()
-      })
-    })
-  })
-}
-
-function buildDataAccessLogs(auditLogClient, accesses, tenant, user) {
-  const entries = []
-  const errors = []
-
-  for (const access of accesses) {
-    try {
-      const { dataObject, dataSubject } = getObjectAndDataSubject(access)
-      const entry = auditLogClient.read(dataObject).dataSubject(dataSubject).by(user)
-      if (tenant) entry.tenant(tenant)
-      for (const each of access.attributes) entry.attribute(each)
-      if (access.attachments) for (const each of access.attachments) entry.attachment(each)
-      entries.push(entry)
-    } catch (err) {
-      err.message = `Building data access log failed with error: ${err.message}`
-      errors.push(err)
-    }
-  }
-
-  return { entries, errors }
-}
-
-function buildDataModificationLogs(auditLogClient, modifications, tenant, user) {
-  const entries = []
-  const errors = []
-
-  for (const modification of modifications) {
-    try {
-      const { dataObject, dataSubject } = getObjectAndDataSubject(modification)
-      const entry = auditLogClient.update(dataObject).dataSubject(dataSubject).by(user)
-      if (tenant) entry.tenant(tenant)
-      for (const each of modification.attributes) entry.attribute(getAttributeToLog(each))
-      entries.push(entry)
-    } catch (err) {
-      err.message = `Building data modification log failed with error: ${err.message}`
-      errors.push(err)
-    }
-  }
-
-  return { entries, errors }
-}
-
-function buildSecurityLog(auditLogClient, action, data, tenant, user) {
-  let entry
-
-  try {
-    entry = auditLogClient.securityMessage('action: %s, data: %s', action, data)
-    if (tenant) entry.tenant(tenant)
-    if (user) entry.by(user)
-  } catch (err) {
-    err.message = `Building security log failed with error: ${err.message}`
-    throw err
-  }
-
-  return entry
-}
-
-function buildConfigChangeLogs(auditLogClient, configurations, tenant, user) {
-  const entries = []
-  const errors = []
-
-  for (const configuration of configurations) {
-    try {
-      const { dataObject } = getObjectAndDataSubject(configuration)
-      const entry = auditLogClient.configurationChange(dataObject).by(user)
-      if (tenant) entry.tenant(tenant)
-      for (const each of configuration.attributes) entry.attribute(getAttributeToLog(each))
-      entries.push(entry)
-    } catch (err) {
-      err.message = `Building configuration change log failed with error: ${err.message}`
-      errors.push(err)
-    }
-  }
-
-  return { entries, errors }
-}
-
-module.exports = {
-  connect,
-  buildDataAccessLogs,
-  buildDataModificationLogs,
-  buildSecurityLog,
-  buildConfigChangeLogs,
-  sendDataAccessLog,
-  sendDataModificationLog,
-  sendSecurityLog,
-  sendConfigChangeLog
-}

package/libx/_runtime/db/data-conversion/timestamp.js

@@ -1,9 +0,0 @@
-function timestampToISO(ts) {
-  if (typeof ts === 'number') return new Date(ts).toISOString()
-  if (ts instanceof Date) return ts.toISOString()
-  return ts
-}
-
-module.exports = {
-  timestampToISO
-}