npm - @sap/cds - Versions diffs - 6.8.4 → 7.0.0 - Mend

@sap/cds 6.8.4 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/CHANGELOG.md +58 -5
package/README.md +0 -1
package/bin/cds-serve.js +50 -3
package/bin/deploy/to-hana.js +1 -0
package/bin/serve.js +16 -20
package/lib/auth/basic-auth.js +6 -4
package/lib/auth/index.js +4 -3
package/lib/auth/jwt-auth.js +2 -5
package/lib/compile/cds-compile.js +34 -89
package/lib/compile/cdsc.js +11 -0
package/lib/compile/etc/properties.js +2 -2
package/lib/compile/for/lean_drafts.js +36 -69
package/lib/compile/for/nodejs.js +2 -1
package/lib/compile/load.js +1 -1
package/lib/compile/minify.js +2 -0
package/lib/compile/to/csn.js +74 -0
package/{bin/build/provider/hana/2tabledata.js → lib/compile/to/hdbtabledata.js} +4 -6
package/lib/compile/to/json.js +1 -1
package/lib/compile/to/sql.js +8 -6
package/lib/dbs/cds-deploy.js +174 -114
package/lib/env/cds-env.js +64 -79
package/lib/env/cds-requires.js +11 -28
package/lib/env/defaults.js +13 -3
package/lib/env/plugins.js +1 -12
package/lib/env/presets.js +25 -21
package/lib/index.js +121 -147
package/lib/{core/reflect.js → linked/models.js} +2 -2
package/lib/{core/infer.js → linked/queries.js} +2 -0
package/lib/{core/index.js → linked/types.js} +2 -1
package/lib/log/cds-error.js +13 -7
package/lib/log/format/cf.js +1 -1
package/lib/plugins.js +49 -0
package/lib/ql/Query.js +0 -9
package/lib/ql/STREAM.js +0 -1
package/lib/req/context.js +2 -7
package/lib/req/request.js +6 -2
package/lib/req/response.js +23 -10
package/lib/srv/middlewares/ctx-model.js +1 -1
package/lib/srv/middlewares/errors.js +1 -1
package/lib/srv/protocols/_legacy.js +1 -0
package/lib/srv/protocols/graphql.js +7 -16
package/lib/srv/protocols/index.js +59 -45
package/lib/srv/protocols/odata-v2-proxy.js +2 -70
package/lib/srv/srv-api.js +9 -3
package/lib/srv/srv-dispatch.js +12 -9
package/lib/srv/srv-models.js +4 -21
package/lib/srv/srv-tx.js +15 -12
package/lib/utils/cds-test.js +14 -9
package/lib/utils/cds-utils.js +2 -12
package/lib/utils/check-version.js +17 -0
package/{bin/build → lib/utils}/csv-reader.js +23 -24
package/libx/_runtime/auth/index.js +27 -23
package/libx/_runtime/cds-services/adapter/odata-v4/ODataRequest.js +15 -72
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/create.js +1 -1
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/metadata.js +0 -2
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/read.js +33 -63
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/request.js +14 -18
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/update.js +15 -5
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/ExpressionToCQN.js +5 -4
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/readToCQN.js +37 -40
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/updateToCQN.js +7 -1
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/utils.js +101 -38
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/errors/AbstractError.js +5 -1
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/utils/ValueConverter.js +2 -1
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-server/deserializer/ResourceJsonDeserializer.js +9 -8
package/libx/_runtime/cds-services/adapter/odata-v4/to.js +1 -1
package/libx/_runtime/cds-services/adapter/odata-v4/utils/data.js +15 -11
package/libx/_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite.js +4 -0
package/libx/_runtime/cds-services/adapter/odata-v4/utils/result.js +5 -2
package/libx/_runtime/cds-services/adapter/odata-v4/utils/stream.js +1 -123
package/libx/_runtime/cds-services/services/Service.js +79 -107
package/libx/_runtime/cds-services/services/utils/columns.js +23 -19
package/libx/_runtime/cds-services/services/utils/compareJson.js +11 -1
package/libx/_runtime/cds-services/services/utils/differ.js +7 -2
package/libx/_runtime/cds-services/util/assert.js +65 -2
package/libx/_runtime/common/composition/data.js +1 -0
package/libx/_runtime/common/generic/auth/expand.js +1 -1
package/libx/_runtime/common/generic/auth/restrict.js +5 -10
package/libx/_runtime/common/generic/auth/restrictions.js +40 -0
package/libx/_runtime/common/generic/auth/utils.js +1 -2
package/libx/_runtime/common/generic/crud.js +32 -16
package/libx/_runtime/common/generic/etag.js +133 -104
package/libx/_runtime/common/generic/input.js +6 -21
package/libx/_runtime/common/generic/put.js +1 -1
package/libx/_runtime/common/generic/stream.js +52 -0
package/libx/_runtime/common/generic/temporal.js +25 -8
package/libx/_runtime/common/i18n/messages.properties +0 -2
package/libx/_runtime/common/utils/cqn.js +1 -1
package/libx/_runtime/common/utils/cqn2cqn4sql.js +5 -2
package/libx/_runtime/common/utils/csn.js +0 -51
package/libx/_runtime/common/utils/etag.js +30 -0
package/libx/_runtime/common/utils/keys.js +1 -1
package/libx/_runtime/common/utils/normalizeTimestamp.js +25 -0
package/libx/_runtime/common/utils/path.js +1 -1
package/libx/_runtime/common/utils/resolveView.js +2 -1
package/libx/_runtime/common/utils/rewriteAsterisks.js +6 -4
package/libx/_runtime/common/utils/search2cqn4sql.js +12 -16
package/libx/_runtime/common/utils/stream.js +140 -0
package/libx/_runtime/common/utils/streamProp.js +29 -12
package/libx/_runtime/common/utils/templateProcessorPathSerializer.js +0 -2
package/libx/_runtime/db/generic/index.js +0 -2
package/libx/_runtime/db/query/delete.js +2 -2
package/libx/_runtime/db/query/insert.js +2 -2
package/libx/_runtime/db/query/read.js +2 -2
package/libx/_runtime/db/query/run.js +2 -2
package/libx/_runtime/db/query/update.js +2 -2
package/libx/_runtime/db/sql-builder/BaseBuilder.js +0 -6
package/libx/_runtime/db/sql-builder/ExpressionBuilder.js +23 -12
package/libx/_runtime/db/sql-builder/FunctionBuilder.js +18 -6
package/libx/_runtime/db/sql-builder/InsertBuilder.js +1 -0
package/libx/_runtime/db/sql-builder/SelectBuilder.js +3 -7
package/libx/_runtime/db/sql-builder/UpsertBuilder.js +1 -0
package/libx/_runtime/db/utils/normalizeTimeData.js +7 -3
package/libx/_runtime/fiori/draft.js +2 -0
package/libx/_runtime/fiori/generic/activate.js +8 -9
package/libx/_runtime/fiori/generic/before.js +30 -20
package/libx/_runtime/fiori/generic/cancel.js +5 -3
package/libx/_runtime/fiori/generic/delete.js +5 -3
package/libx/_runtime/fiori/generic/edit.js +7 -7
package/libx/_runtime/fiori/generic/index.js +10 -16
package/libx/_runtime/fiori/generic/new.js +5 -3
package/libx/_runtime/fiori/generic/patch.js +11 -8
package/libx/_runtime/fiori/generic/prepare.js +13 -6
package/libx/_runtime/fiori/generic/read.js +12 -6
package/libx/_runtime/fiori/lean-draft.js +207 -152
package/libx/_runtime/fiori/utils/delete.js +10 -5
package/libx/_runtime/fiori/utils/req.js +17 -5
package/libx/_runtime/fiori/utils/stream.js +36 -0
package/libx/_runtime/hana/Service.js +12 -9
package/libx/_runtime/hana/conversion.js +10 -15
package/libx/_runtime/hana/driver.js +2 -0
package/libx/_runtime/hana/execute.js +28 -6
package/libx/_runtime/hana/pool.js +36 -122
package/libx/_runtime/hana/search2cqn4sql.js +34 -36
package/libx/_runtime/messaging/enterprise-messaging-utils/getTenantInfo.js +2 -6
package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js +3 -1
package/libx/_runtime/messaging/enterprise-messaging.js +10 -58
package/libx/_runtime/messaging/outbox/utils.js +1 -1
package/libx/_runtime/remote/Service.js +20 -1
package/libx/_runtime/remote/utils/client.js +3 -5
package/libx/_runtime/sqlite/Service.js +4 -6
package/libx/_runtime/sqlite/conversion.js +3 -13
package/libx/_runtime/sqlite/customBuilder/CustomFunctionBuilder.js +9 -6
package/libx/_runtime/sqlite/customBuilder/CustomUpsertBuilder.js +6 -1
package/libx/_runtime/sqlite/execute.js +5 -16
package/libx/odata/afterburner.js +22 -6
package/libx/odata/grammar.pegjs +6 -1
package/libx/odata/parser.js +1 -1
package/libx/rest/RestAdapter.js +16 -9
package/libx/rest/RestRequest.js +1 -1
package/libx/rest/middleware/input.js +2 -1
package/libx/rest/middleware/operation.js +1 -0
package/libx/rest/middleware/parse.js +3 -2
package/libx/rest/middleware/payload.js +9 -8
package/libx/rest/middleware/read.js +1 -0
package/package.json +9 -16
package/app/fiori/preview.js +0 -270
package/app/fiori/routes.js +0 -59
package/bin/build/buildTaskEngine.js +0 -360
package/bin/build/buildTaskFactory.js +0 -283
package/bin/build/buildTaskHandler.js +0 -241
package/bin/build/buildTaskProvider.js +0 -22
package/bin/build/buildTaskProviderFactory.js +0 -175
package/bin/build/cds.js +0 -5
package/bin/build/constants.js +0 -66
package/bin/build/index.js +0 -58
package/bin/build/provider/buildTaskHandlerEdmx.js +0 -82
package/bin/build/provider/buildTaskHandlerFeatureToggles.js +0 -131
package/bin/build/provider/buildTaskHandlerInternal.js +0 -254
package/bin/build/provider/buildTaskProviderInternal.js +0 -383
package/bin/build/provider/fiori/index.js +0 -171
package/bin/build/provider/hana/2migration.js +0 -179
package/bin/build/provider/hana/index.js +0 -505
package/bin/build/provider/hana/migrationtable.js +0 -472
package/bin/build/provider/hana/template/.hdiconfig-haas +0 -163
package/bin/build/provider/hana/template/.hdiconfig-hanacloud +0 -137
package/bin/build/provider/hana/template/.hdinamespace +0 -4
package/bin/build/provider/hana/template/package.json +0 -12
package/bin/build/provider/hana/template/undeploy.json +0 -5
package/bin/build/provider/java/index.js +0 -111
package/bin/build/provider/java-cf/index.js +0 -1
package/bin/build/provider/mtx/index.js +0 -268
package/bin/build/provider/mtx/resourcesTarBuilder.js +0 -95
package/bin/build/provider/mtx-extension/index.js +0 -131
package/bin/build/provider/mtx-sidecar/index.js +0 -137
package/bin/build/provider/node-cf/index.js +0 -1
package/bin/build/provider/nodejs/index.js +0 -192
package/bin/build/util.js +0 -299
package/bin/cds.js +0 -125
package/bin/deploy/to-hana/cfUtil.js +0 -355
package/bin/deploy/to-hana/gitUtil.js +0 -57
package/bin/deploy/to-hana/hana.js +0 -306
package/bin/deploy/to-hana/hdiDeployUtil.js +0 -153
package/bin/deploy/to-hana/index.js +0 -16
package/bin/deploy/to-hana/mtaUtil.js +0 -170
package/bin/mtx/in-cds.js +0 -17
package/bin/plugins.js +0 -32
package/bin/run.js +0 -24
package/bin/utils/log.js +0 -24
package/bin/version.js +0 -178
package/libx/_runtime/audit/Service.js +0 -222
package/libx/_runtime/audit/generic/personal/access.js +0 -61
package/libx/_runtime/audit/generic/personal/index.js +0 -56
package/libx/_runtime/audit/generic/personal/modification.js +0 -132
package/libx/_runtime/audit/generic/personal/utils.js +0 -186
package/libx/_runtime/audit/utils/log.js +0 -23
package/libx/_runtime/audit/utils/v2.js +0 -176
package/libx/_runtime/db/data-conversion/timestamp.js +0 -9
package/libx/_runtime/db/generic/integrity.js +0 -455
package/srv/audit-log.cds +0 -87
package/srv/mtx.cds +0 -2
package/srv/mtx.js +0 -8
/package/lib/{core → linked}/classes.js +0 -0
/package/lib/{core → linked}/entities.js +0 -0

package/libx/_runtime/auth/index.js CHANGED Viewed

@@ -57,27 +57,30 @@ const _log = (req, challenges) => {
   LOG.debug(`User "${req.user.id}" request URL`, req.url, '\n', ...challengesLog)
 }
-const cap_auth_callback = (req, res, next, internalError, user, challenges) => {
+const cap_auth_callback = (req, res, next, internalError, user, arg) => {
   // An internal error occurs during the authentication process
   if (internalError) {
-    // REVISIT: What to do? Security log?
-    return res.status(401).json(UNAUTHORIZED) // no details to client
+    return res.status(401).json({ error: UNAUTHORIZED }) // no details to client
   }
-  let infoChallenges
-  if (challenges) {
-    if (Array.isArray(challenges)) {
-      infoChallenges = challenges.filter(ele => ele)
-      infoChallenges = infoChallenges.length ? infoChallenges : undefined
+  let challenges
+  if (arg) {
+    if (!user) {
+      // > challenges
+      if (Array.isArray(arg)) {
+        challenges = arg.filter(ele => ele)
+        challenges = challenges.length ? challenges : undefined
+      } else {
+        challenges = [arg]
+      }
     } else {
-      req.authInfo = challenges
+      // REVISIT: req._.req.authInfo compat
+      if (arg.verifyToken) req.authInfo = arg
     }
   }
+  req.user = user || Object.defineProperty(new cds.User(), '_challenges', { enumerable: false, value: challenges })
+  _log(req, challenges)
-  req.user = user || Object.defineProperty(new cds.User(), '_challenges', { enumerable: false, value: infoChallenges })
-  Object.defineProperty(req.user, '_req', { enumerable: false, value: req })
-  _log(req, infoChallenges)
   next()
 }
@@ -102,14 +105,13 @@ const _mountMockAuth = (srv, app, strategy, config) => {
 }
 const _mountPassportAuth = (srv, app, strategy, config) => {
-  if (!config.credentials)
-    return (
-      LOG._warn &&
-      LOG.warn(`
-    No XSUAA instance bound to application, but "${config.strategy}" configured.
-    This is NOT recommended in production!
-  `)
-    )
+  if (strategy in { jwt: 1, xsuaa: 1 } && !config.credentials) {
+    LOG._warn &&
+      LOG.warn(`Authentication kind "${config.kind}" configured, but no XSUAA instance bound to application.
+        This is NOT recommended in production!`)
+    return
+  }
   if (!passport) passport = _require('passport')
   // initialize strategy
@@ -134,6 +136,7 @@ const _mountPassportAuth = (srv, app, strategy, config) => {
 module.exports = (srv, options = srv.options) => {
   const handlers = [],
     app = { use: h => handlers.push(h) }
   // NOTE: options.auth is not an official API
   let config = 'auth' in options ? options.auth : cds.env.requires.auth
   if (!config) {
@@ -192,6 +195,7 @@ module.exports = (srv, options = srv.options) => {
   // so we don't log the same stuff multiple times
   logged = true
   return handlers
 }
@@ -207,8 +211,8 @@ const cap_enforce_login = (req, res, next) => {
   if (req.user && req.user.is('authenticated-user')) return next() // pass if user is authenticated
   if (!req.user || req.user._is_anonymous) {
     if (req.user && req.user._challenges) res.set('WWW-Authenticate', req.user._challenges.join(';'))
-    return res.status(401).json(UNAUTHORIZED) // no details to client // REVISIT: security log in else case?
+    return res.status(401).json({ error: UNAUTHORIZED }) // no details to client
   } else {
-    return res.status(403).json(FORBIDDEN) // no details to client // REVISIT: security log?
+    return res.status(403).json({ error: FORBIDDEN }) // no details to client
   }
 }

package/libx/_runtime/cds-services/adapter/odata-v4/ODataRequest.js CHANGED Viewed

@@ -1,3 +1,4 @@
+/* eslint-disable complexity */
 const cds = require('../../../cds')
 // requesting logger without module on purpose!
 const LOG = cds.log()
@@ -15,6 +16,8 @@ const metaInfo = require('./utils/metaInfo')
 const odataToCQN = require('./odata-to-cqn')
 const { getData, getParams } = require('./utils/data')
 const { isCustomOperation } = require('./utils/request')
+const { isStreaming } = require('./utils/stream')
+const { handleStreamProperties } = require('../../../common/utils/streamProp')
 function _isCorrectCallToViewWithParams(csdlStructuredType) {
   return (
@@ -75,10 +78,11 @@ class ODataRequest extends cds.Request {
       ? odataReq.getBatchApplicationData().req
       : odataReq.getIncomingRequest()
     const res = req.res
+    const segments = odataReq.getUriInfo().getPathSegments()
     if (cds.env.features.odata_new_parser) {
       // REVISIT need to resolve target after replacing okra <= maybe just take one from afterburner?
-      const target = _getTarget(service, [...odataReq.getUriInfo().getPathSegments()])
+      const target = _getTarget(service, [...segments])
       // REVISIT payload after replacing okra
       const data = getData(type, odataReq, service, target)
       const query = odataToCQN(type, service, target, data, odataReq, upsert)
@@ -88,7 +92,11 @@ class ODataRequest extends cds.Request {
       const { user } = req
       const info = metaInfo(query, type, service, data, req, upsert)
       const { event, unbound } = info
-      if (event === 'READ') _add4Odata(query)
+      if (event === 'READ') {
+        _add4Odata(query)
+        if (query.SELECT && !query.SELECT.columns) query.SELECT.columns = ['*']
+        if (!isStreaming(segments)) handleStreamProperties(target, query, service.model, true)
+      }
       const _queryOptions = odataReq.getQueryOptions()
       super({ event, target, data, query: unbound ? {} : query, user, method, headers, req, res, _queryOptions })
       this._metaInfo = info.metadata
@@ -96,7 +104,7 @@ class ODataRequest extends cds.Request {
       /*
        * target
        */
-      const target = _getTarget(service, [...odataReq.getUriInfo().getPathSegments()])
+      const target = _getTarget(service, [...segments])
       /*
        * data
@@ -106,9 +114,7 @@ class ODataRequest extends cds.Request {
       /*
        * query
        */
-      const operation = isCustomOperation(odataReq.getUriInfo().getPathSegments())
-        ? odataReq.getUriInfo().getLastSegment().getKind()
-        : type
+      const operation = isCustomOperation(segments) ? odataReq.getUriInfo().getLastSegment().getKind() : type
       const query = odataToCQN(operation, service, target, data, odataReq, upsert)
       /*
@@ -147,6 +153,8 @@ class ODataRequest extends cds.Request {
         else if (type === 'DELETE' && data.IsActiveEntity !== true) event = 'CANCEL'
       }
+      if (query.STREAM) event = 'STREAM'
       // mark query as for an OData READ
       if (event === 'READ') Object.defineProperty(query.SELECT, '_4odata', { value: true })
@@ -168,23 +176,6 @@ class ODataRequest extends cds.Request {
       super({ event, target, data, query, user, method, headers, req, res, _queryOptions, tenant })
     }
-    /*
-     * req.run
-     */
-    Object.defineProperty(this, 'run', {
-      configurable: true,
-      get:
-        () =>
-        (...args) => {
-          if (!cds._deprecationWarningForRun) {
-            LOG._warn && LOG.warn('req.run is deprecated and will be removed.')
-            cds._deprecationWarningForRun = true
-          }
-          return cds.tx(this).run(...args)
-        }
-    })
     /*
      * req.params
      */
@@ -233,55 +224,7 @@ class ODataRequest extends cds.Request {
       }
     })
-    /*
-     * req.isConcurrentResource
-     */
-    // REVISIT: re-implement in runtime w/o using okra
-    Object.defineProperty(this, 'isConcurrentResource', {
-      get() {
-        this._isConcurrentResource = this._isConcurrentResource || odataReq.getConcurrentResource() !== null
-        return this._isConcurrentResource
-      }
-    })
-    /*
-     * req.isConditional
-     */
-    // REVISIT: re-implement in runtime w/o using okra
-    Object.defineProperty(this, 'isConditional', {
-      get() {
-        this._isConditional = this._isConditional || odataReq.isConditional()
-        return this._isConditional
-      }
-    })
-    Object.defineProperty(this, '_isOData', { value: true })
-    /*
-     * req.validateEtag()
-     */
-    // REVISIT: re-implement in runtime w/o using okra
-    this.validateEtag = (...args) => {
-      return odataReq.validateEtag(...args)
-    }
-    /*
-     * req.getUriInfo()
-     * req.getUrlObject()
-     *
-     * In draft context req object is cloned.
-     * Defining a property here will not work.
-     */
-    // REVISIT: re-implement in runtime w/o using okra
-    this.getUriInfo = () => {
-      this._uriInfo = this._uriInfo || odataReq.getUriInfo()
-      return this._uriInfo
-    }
-    this.getUrlObject = () => {
-      this._urlObject = this._urlObject || odataReq.getUrlObject()
-      return this._urlObject
-    }
+    Object.defineProperty(this, 'protocol', { value: 'odata-v4' })
   }
 }

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/create.js CHANGED Viewed

@@ -58,7 +58,7 @@ const create = service => {
       }
       if (result == null || isReturnMinimal(req)) {
-        odataRes.setStatusCode(204)
+        odataRes.setStatusCode(204, { overwrite: true })
       }
     } catch (e) {
       err = e

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/metadata.js CHANGED Viewed

@@ -22,8 +22,6 @@ const metadata = service => {
       const { 'cds.xt.ModelProviderService': mps } = cds.services
       let edmx = mps
         ? await mps.getEdmx({ tenant, model: service.model, service: service.definition.name, locale })
-        : cds.mtx && (await cds.mtx.isExtended(tenant))
-        ? await cds.mtx.getEdmx(tenant, service.definition.name, locale)
         : cds.localize(
             service.model,
             locale,

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/read.js CHANGED Viewed

@@ -17,12 +17,13 @@ const { isCustomOperation } = require('../utils/request')
 const { getActionOrFunctionReturnType } = require('../utils/handlerUtils')
 const { validateResourcePath } = require('../utils/request')
 const { toODataResult, postProcess } = require('../utils/result')
-const { isStreaming, getStreamProperties } = require('../utils/stream')
+const { isStreaming } = require('../utils/stream')
 const { resolveStructuredName } = require('../utils/handlerUtils')
 const getError = require('../../../../common/error')
 const { getSapMessages } = require('../../../../common/error/frontend')
 const { getPageSize, commonGenericPaging } = require('../../../../common/generic/paging')
 const { handler: commonGenericSorting } = require('../../../../common/generic/sorting')
+const { isNewStream, transformRedirectProperties } = require('../../../../common/utils/stream')
 /**
  * Checks whether a bound function or function import is invoked.
@@ -144,43 +145,6 @@ const _isNavigationToOne = segments =>
   segments[segments.length - 1].getKind() === NAVIGATION_TO_ONE &&
   segments[segments.length - 1].getKeyPredicates().length === 0
-const _hasRedirectProperty = elements => {
-  return Object.values(elements).some(val => {
-    return val['@Core.IsURL']
-  })
-}
-const _addMediaType = (key, entry, mediaType) => {
-  if (mediaType) {
-    if (typeof mediaType === 'object') {
-      entry[`${key}@odata.mediaContentType`] = entry[Object.values(mediaType)[0]]
-    } else {
-      entry[`${key}@odata.mediaContentType`] = mediaType
-    }
-  }
-}
-const _transformRedirectProperties = (req, result) => {
-  if (!Array.isArray(result) || result.length === 0) {
-    return
-  }
-  // optimization
-  if (!_hasRedirectProperty(req.target.elements)) {
-    return
-  }
-  for (const entry of result) {
-    for (const key in entry) {
-      if (entry[key] !== undefined && req.target.elements[key]['@Core.IsURL']) {
-        entry[`${key}@odata.mediaReadLink`] = entry[key]
-        _addMediaType(key, entry, req.target.elements[key]['@Core.MediaType'])
-        delete entry[key]
-      }
-    }
-  }
-}
 const _getResult = (nameArr, result) => {
   if (nameArr.length === 0) return result
   return _getResult(nameArr.slice(1), result[nameArr[0]])
@@ -211,6 +175,10 @@ const _readEntityOrProperty = async (tx, req, segments) => {
    *     If no entity is related, the service returns 204 No Content.
    */
   if (result == null) {
+    if (req.headers['if-none-match']) {
+      req._.odataRes.setStatusCode(304)
+      return
+    }
     if (_isNavigationToOne(segments)) return toODataResult(null)
     throw getError(404)
   }
@@ -226,8 +194,6 @@ const _readEntityOrProperty = async (tx, req, segments) => {
   const propertyElement = segments[segments.length - index].getProperty()
   if (propertyElement === null) {
-    _transformRedirectProperties(req, result)
     return toODataResult(result[0], req)
   }
@@ -323,8 +289,6 @@ const _readCollection = async (tx, req, odataReq) => {
   const odataResult = toODataResult(result, req)
-  _transformRedirectProperties(req, result)
   return odataResult
 }
@@ -341,22 +305,26 @@ const _readCollection = async (tx, req, odataReq) => {
 const _readStream = async (tx, req) => {
   req.query._streaming = true
-  const { contentType, contentDispositionFilename, contentDispositionType } = await getStreamProperties(req, tx.model)
   let result = await tx.dispatch(req)
   // REVISIT: compat, should actually be treated as object
   if (!Array.isArray(result)) result = [result]
   // Reading one entity or a property of it should yield only a result length of one.
-  if (result.length === 0 || result[0] === undefined) throw getError(404)
+  if (result.length === 0 || result[0] === undefined) {
+    if (req.headers['if-none-match']) {
+      req._.odataRes.setStatusCode(304)
+      return
+    }
+    throw getError(404)
+  }
   if (result.length > 1) throw getError(400)
   if (result[0] === null) return null
   result = result[0]
-  const { value: readable } = result
+  const readable = result.value
   if (readable) {
     readable.on('error', () => {
@@ -367,6 +335,7 @@ const _readStream = async (tx, req) => {
   }
   const headers = req._.odataReq.getHeaders()
+  const contentType = result.$mediaContentType
   if (
     contentType &&
@@ -379,12 +348,6 @@ const _readStream = async (tx, req) => {
     req.reject(406, `Content type "${contentType}" not listed in accept header "${headers.accept}".`)
   }
-  if (contentType) result.$mediaContentType = contentType
-  if (contentDispositionFilename) {
-    result.$mediaContentDispositionFilename = contentDispositionFilename
-    if (contentDispositionType) result.$mediaContentDispositionType = contentDispositionType
-  }
   return toODataResult(result, req)
 }
@@ -424,20 +387,26 @@ const _readAndTransform = (tx, req, odataReq) => {
     return _readCollection(tx, req, odataReq)
   }
-  // REVISIT: move to afterburner
-  if (segments[segments.length - 1]._isStreamByDollarValue) {
-    for (const k in req.target.elements) {
-      if (req.target.elements[k]['@Core.MediaType']) {
-        req.query.SELECT.columns = [{ ref: [k] }]
-        break
-      }
+  if (isNewStream()) {
+    if (req.query.STREAM) {
+      return _readStream(tx, req)
     }
+  } else {
+    // REVISIT: move to afterburner
+    if (segments[segments.length - 1]._isStreamByDollarValue) {
+      for (const k in req.target.elements) {
+        if (req.target.elements[k]['@Core.MediaType']) {
+          req.query.SELECT.columns = [{ ref: [k] }]
+          break
+        }
+      }
-    return _readStream(tx, req)
-  }
+      return _readStream(tx, req)
+    }
-  if (isStreaming(segments)) {
-    return _readStream(tx, req)
+    if (isStreaming(segments)) {
+      return _readStream(tx, req)
+    }
   }
   if (req.target._isSingleton) {
@@ -448,6 +417,7 @@ const _readAndTransform = (tx, req, odataReq) => {
 }
 const _postProcess = (odataReq, req, odataRes, service, result) => {
+  transformRedirectProperties(req, service, result.value)
   const functionReturnType = getActionOrFunctionReturnType(
     odataReq.getUriInfo().getPathSegments(),
     service.model.definitions

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/request.js CHANGED Viewed

@@ -10,6 +10,11 @@ module.exports = srv => {
     const req = odataReq.getBatchApplicationData()
       ? odataReq.getBatchApplicationData().req
       : odataReq.getIncomingRequest()
+    // REVISIT: ensure there always is a user (should be the case with new middlewares -> remove with old middlewares)
+    // prettier-ignore
+    if (!req.user) req.user = new cds.User.default
     const { res, user, path, headers } = req
     const { protectMetadata } = cds.env.odata
@@ -19,31 +24,22 @@ module.exports = srv => {
     }
     // in case of $batch we need to challenge directly, as the header is not processed if in $batch response body
-    if (restricted && path.endsWith('/$batch')) {
-      if (user?._challenges) {
-        res.set('WWW-Authenticate', user._challenges.join(';'))
-        return next(UNAUTHORIZED)
-      } else if (user._is_anonymous && req.login) {
-        res.set('WWW-Authenticate', `Basic realm="Users"`) // REVISIT: should be req.login(), and fiori app works with that but cds/tests/_runtime/auth/__tests__/strategies.test.js fails
-        return next(UNAUTHORIZED)
-        // return req.login()
-      }
+    if (restricted && path.endsWith('/$batch') && req.user._is_anonymous) {
+      // NOTE: "return req._login()" would not invoke custom error handlers
+      if (req._login) res.set('WWW-Authenticate', `Basic realm="Users"`)
+      else if (user._challenges) res.set('WWW-Authenticate', user._challenges.join(';'))
+      return next(UNAUTHORIZED)
     }
     // check @requires as soon as possible (DoS)
     if (requires && !requires.some(r => user.is(r))) {
       // > unauthorized or forbidden?
-      if (user._is_anonymous) {
-        if (user._challenges) {
-          res.set('WWW-Authenticate', user._challenges.join(';'))
-        } else if (req.login) {
-          res.set('WWW-Authenticate', `Basic realm="Users"`) // REVISIT: should be req.login(), and fiori app works with that but cds/tests/_runtime/auth/__tests__/strategies.test.js fails
-          // return req.login()
-        }
-        // REVISIT: security log in else case?
+      if (req.user._is_anonymous) {
+        // NOTE: "return req._login()" would not invoke custom error handlers
+        if (req._login) res.set('WWW-Authenticate', `Basic realm="Users"`)
+        else if (user._challenges) res.set('WWW-Authenticate', user._challenges.join(';'))
         return next(UNAUTHORIZED)
       }
-      // REVISIT: security log?
       return next(FORBIDDEN)
     }

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/update.js CHANGED Viewed

@@ -72,7 +72,7 @@ const _create = async (req, odataReq, odataRes, tx) => {
       }
     })
-    odataRes.setStatusCode(201)
+    odataRes.setStatusCode(201, { overwrite: true })
     req = new ODataRequest(DATA_CREATE_HANDLER, tx, odataReq, odataRes, true)
     result = await tx.dispatch(req)
@@ -93,9 +93,14 @@ const _updateThenCreate = async (req, odataReq, odataRes, tx) => {
   try {
     result = await tx.dispatch(req)
   } catch (e) {
-    if ((e.code === 404 || e.status === 404 || e.statusCode === 404) && _isUpsertAllowed(req.target)) {
-      // REVISIT: remove error (and child?) from tx.context? -> would require a unique req.id
+    const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
+    if (is404 && _isUpsertAllowed(req.target)) {
+      // PUT/ PATCH with if-match header means "only if already exists", i.e., no insert if not
+      if (req.headers['if-match'])
+        throw Object.assign(new Error('412'), { statusCode: 412 })
+        // REVISIT: remove error (and child?) from tx.context? -> would require a unique req.id
       ;[result, req] = await _create(req, odataReq, odataRes, tx)
+      odataRes.setStatusCode(201, { overwrite: true })
     } else {
       throw e
     }
@@ -109,6 +114,10 @@ const _shouldReadPreviousResult = req =>
   !isReturnMinimal(req) &&
   (hasOmitValuesPreference(req.headers.prefer, 'defaults') || hasOmitValuesPreference(req.headers.prefer, 'nulls'))
+const _hasEtag = target => {
+  return target._etag
+}
 /**
  * The handler that will be registered with odata-v4.
  *
@@ -149,12 +158,13 @@ const update = service => {
       // try UPDATE and, on 404 error, try CREATE
       ;[result, req] = await _updateThenCreate(req, odataReq, odataRes, tx)
-      if (!primitive && req._.readAfterWrite) {
+      if (!(primitive && !_hasEtag(req.target)) && req._.readAfterWrite) {
         // REVISIT:
         // Performance: For `isReturnMinimal` it's enough to just read the etag.
         // Note: Without read access, one cannot return the etag.
         result = await readAfterWrite(req, service, { operation: { result } })
       }
       if (!isReturnMinimal(req)) {
         postProcess(req, odataRes, service, result, previousResult)
       } else {
@@ -169,7 +179,7 @@ const update = service => {
       }
       if (result == null || isReturnMinimal(req)) {
-        odataRes.setStatusCode(204)
+        odataRes.setStatusCode(204, { overwrite: true })
       }
     } catch (e) {
       err = e

package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/ExpressionToCQN.js CHANGED Viewed

@@ -7,6 +7,7 @@ const ResourceKind = odata.uri.UriResource.ResourceKind
 const EdmPrimitiveTypeKind = odata.edm.EdmPrimitiveTypeKind
 const { getFeatureNotSupportedError } = require('../../../util/errors')
 const { getSegmentKeyValue } = require('./utils')
+const normalizeTimestamp = require('../../../../common/utils/normalizeTimestamp')
 const _binaryOperatorToCQN = new Map([
   [BinaryOperatorKind.EQ, '='],
@@ -46,10 +47,10 @@ class ExpressionToCQN {
         return { val: parseFloat(value) }
       case EdmPrimitiveTypeKind.DateTimeOffset: {
         try {
-          let val = new Date(value).toISOString()
-          // cut off ms if cds.DateTime
-          if (expression._cdsType === 'cds.DateTime') val = val.replace(/\.\d\d\dZ$/, 'Z')
-          return { val }
+          if (expression._cdsType === 'cds.DateTime')
+            // cut off ms if cds.DateTime
+            return { val: new Date(value).toISOString().replace(/\.\d\d\dZ$/, 'Z') }
+          return { val: normalizeTimestamp(value) }
         } catch (e) {
           throw Object.assign(new Error(`The type 'Edm.DateTimeOffset' is not compatible with '${value}'`), {
             status: 400