@sap/cds 6.8.4 → 7.0.1

package/bin/run.js

@@ -1,24 +0,0 @@
-const serve = require ('./serve')
-module.exports = Object.assign (
-    cds_run, serve, {help: `
-# SYNOPSIS
-
-    *cds run* [<project>] [<options>]
-
-    Runs 'cds serve all' for the specified project, with default <project> = cwd.
-
-# OPTIONS
-
-    - see _cds help serve_
-
-# SEE ALSO
-
-    Actually, *cds run* is just a convenient shortcut for:
-    *cds serve* [--project <project>] [<options>] ...
-    Check out *cds serve --help* to learn more.
-
-`})
-
-function cds_run (projects, options) {
-    return serve (projects,{ project:true, ...options })
-}

package/bin/utils/log.js

@@ -1,24 +0,0 @@
-// sorts, filters, and writes compilation messages to console
-module.exports = (messages, options={}) => {
-  const { format } = require('./term')
-  const logLevel = options && options['log-level'] || require('../../lib').env.log.levels.cli || ''
-  const levels = {
-    debug: { Error:4, undefined:4, Warning:3, Info:2, Debug:1 },
-    info: { Error:4, undefined:4, Warning:3, Info:2 },
-    warn: { Error:4, undefined:4, Warning:3 },
-    error: { Error:4, undefined:4 },
-  } [logLevel.toLowerCase()] || { Error:4, undefined:4, Warning:3 }
-  const log = options.log || console.error
-
-  if (!Array.isArray (messages))  messages = [messages]
-  for (let m of messages.filter (m => m.severity in levels)) {
-    // show stack for resolution issues since there the requiring code location is in the stack
-    // check for standard Error classes, but not Error itself
-    const internalError = m.name === 'EvalError' || m.name === 'InternalError' || m.name === 'RangeError'
-    || m.name === 'ReferenceError' || m.name === 'SyntaxError' || m.name === 'TypeError'
-    || m.name === 'URIError'
-    const mf = format (m, m.severity, internalError, true)
-    log (mf)
-  }
-}
-/* eslint no-console:off */

package/bin/version.js

@@ -1,178 +0,0 @@
-/* eslint-disable no-console */
-const { dirname, join, resolve } = require ('path')
-const { cwd } = require('process')
-module.exports = Object.assign(list_versions, {
-  flags: [ '--info', '--markdown', '--all', '--npm-list', '--npm-tree', '--no-colors'],
-  shortcuts: [ '-i', '-m','-a', '-ls', '-ll' ],
-  info,
-  help: `
-# SYNOPSIS
-
-    *cds version* <options>
-    *cds -v* <option>
-
-    Prints the versions of all @sap/cds packages in your package dependencies.
-
-# OPTIONS
-
-    *-i  | --info*
-
-      Prints version information in a tabular markdown format, which you
-      can embed into your bug reports.
-
-    *-a  | --all*
-
-      Also lists sub-packages and optional dependencies.
-
-    *-ls | --npm-list* <pattern>
-    *-ll | --npm-tree* <pattern>
-
-      Prints an npm ls tree filtered to the specified pattern.
-      (default: '@sap/cds')
-
-`})
-
-const MISSING = '-- missing --'
-
-function list_versions(args, options) { //NOSONAR
-  if (options['npm-list'] || options['npm-tree']) {
-    let [pattern] = args, re = pattern ? RegExp(pattern) : /@sap\/cd[rs]|@sap\/eslint-plugin-cds/
-    let cmd = 'npm ls --depth ' + (options['npm-tree'] ? 11 : 0)
-    console.log (cmd,'| grep', pattern)
-    return require('child_process').exec(cmd, (e,stdout)=>{
-      // if (e) console.error(e)
-      const replacement = (options['no-colors'] ? '$1 $2$3$4' : '\x1b[91m$1 \x1b[32m$2\x1b[0m\x1b[2m$3\x1b[32m$4\x1b[0m');
-      for (let line of stdout.split(/\n/)) if (line.match(re)) console.log(
-        line.replace(/(@sap[^@]*)@([\S]+)( -> [\S]+)?(deduped)?/,replacement)
-      )
-    })
-  }
-  const versions = info (options)
-  if (options.markdown)  return _markdown (versions)
-  if (options.info)  return _markdown (versions)
-  const mark = options['no-colors'] ? s => s : require('./utils/term').info
-  for (let each of Object.keys(versions).sort())  console.log(`${mark(each)}: ${versions[each]}`)
-}
-
-function info(o) {
-  const { npmGlobalModules } = require('./utils/modules');
-  const main = _findPackage (require.main.filename)
-  const sap_cds = require.resolve('@sap/cds/package.json', {paths:[process.cwd(), __dirname]})
-  return {
-    // REVISIT: Why do we need all these different hard-coded ways, including proliferation of arguments?
-    ..._versions4(main, {}, true),  // usually sap/cds-dk or sap/cds
-    ..._versions4('@sap/cds-dk', {}, null, o),  // make sure cds-dk is there, cds-maven-plugin uses it
-    ..._versions4('@sap/cds-dk', {}, null, {...o, label: '@sap/cds-dk (global)', pkg: join(npmGlobalModules(), '@sap/cds-dk')}),
-    ..._versions4('@sap/eslint-plugin-cds', {}, null, o),
-    ..._versions4(process.cwd(), {}, null, o),
-    ..._versions4('..', {}, null, o),
-    ..._findMTX(),
-    '@sap/cds': require(sap_cds).version, // ensure effective sap/cds version is listed
-    'Node.js': process.version,
-    'home': __dirname.slice(0,-4)
-  }
-}
-
-function _versions4 (pkg_name, info, parent, o={}) {
-  if (!pkg_name)  return info
-  try {
-    let path = join(o.pkg || pkg_name, 'package.json')
-    if(o.here) {
-      // path.join(['./', x]) is immediately resolved to x.
-      // Calling require() on that will then follow the standard (global) module resolution strategy.
-      // If we want to look into a directory relative to CWD,
-      // turning it into a global path is the most convenient way.
-      path = join(cwd(), path)
-    }
-    const pkg = require(path)
-    info[o.label || pkg.name] = pkg.version
-    // console.log(o.label || pkg.name, pkg.version, path)
-    if (!parent || o.all) for (let d in pkg.dependencies) { // recurse sap packages in dependencies...
-      if (!(d in info) && (d.startsWith('@sap/') || d.startsWith('@cap-js/'))) _versions4(d, info, pkg.name, o)
-    }
-  } catch (e) {
-    if (e.code !== 'MODULE_NOT_FOUND') info[pkg_name] = MISSING  // unknown error
-    // require fails for indirect packages if node_modules layout is nested, e.g. on Windows.
-    // Try one more time with nested node_modules dir.
-    else if (parent) _versions4(parent + '/node_modules/' + pkg_name, info)
-  }
-  return info
-}
-
-
-function _markdown (versions) {
-  console.log()
-  const pkg = { name:'', repository:'', version:'' }; try {
-    Object.assign (pkg, require (resolve('package.json')))
-  } catch (e) {/* ignored */}
-  console.log ('|', pkg.name, '|', pkg.repository.url || pkg.repository, '|')
-  console.log ('|:---------------------- | ----------- |')
-  if (require('../lib').env['project-nature'] === 'nodejs') {
-    console.log ('|', v('Node.js'), '|')
-    console.log ('|', v('@sap/cds'), '|')
-  } else {
-    console.log ('|', v('CAP Java Runtime'), '|')
-    console.log ('|', v('OData Version'), '|')
-  }
-  console.log ('|', v('@sap/cds-compiler'), '|')
-  console.log ('|', v('@sap/cds-dk'), '|')
-  console.log ('|', v('@sap/cds-dk (global)'), '|')
-  console.log ('|', v('@sap/eslint-plugin-cds'), '|')
-  function v (component) {
-    const version = versions [component] || '_version_'
-    return (component + '               ').slice(0,22)
-    +' | '+ (version  + '           ').slice(0,11)
-  }
-  console.log()
-}
-
-function _findPackage (dir) {
-  try {
-    if (dir) {
-      require.resolve(join (dir, 'package.json'))
-      return dir
-    }
-  } catch (e) {
-    if (e.code !== 'MODULE_NOT_FOUND')  throw e
-    return _findPackage (dirname (dir))
-  }
-}
-
-function _findMTX() {
-  // looks for any occurrence of cds-mtx.
-  // In node projects, cds-mtx can be resolved via _versions4 like all the other SAP modules
-  // In Java-flavoured projects cds-mtx may be deployed through a separate node project
-  // with just sidecar in it. So we can not rely on the global require() resolution strategy
-  // and will as a fallback...
-  // (1) ...look for an MTX project within cds.env
-  // (2) ...look within a few preselected subdirectories which often contain MTX projects
-  const cds = require('../lib')
-  const cdsmtx = '@sap/cds-mtx'
-  let res = _versions4 (cdsmtx, {}, null)
-
-  if (res[cdsmtx] === undefined) {
-    // not resolvable -> look in cds.env
-    if ('build' in cds.env && 'tasks' in cds.env.build) {
-      let i = 0
-      while (res[cdsmtx] === undefined && i < cds.env.build.tasks.length) {
-        const task = cds.env.build.tasks[i]
-        if ('for' in task && task.for === 'mtx' && 'dest' in task) {
-          res = _versions4 (join(task.dest, 'node_modules', cdsmtx), {}, null, {here: true})
-        }
-        i++
-      }
-    }
-
-    // mtx still not found via cds.env? Try looking in well-known subdirectories
-    const folders = cds.env.folders
-                    ? [cds.env.folders.db, cds.env.folders.srv].flat().filter(d => d)
-                    : []
-    let i = 0
-    while(res[cdsmtx] === undefined && i < folders.length) {
-      res = _versions4 (join(folders[i], 'node_modules', cdsmtx), {}, null, {here: true})
-      i++
-    }
-    res[cdsmtx] = res[cdsmtx] || MISSING
-  }
-  return res
-}

package/libx/_runtime/audit/Service.js

@@ -1,222 +0,0 @@
-const cds = require('../cds')
-const OutboxService = require('../messaging/Outbox')
-const {
-  connect,
-  buildDataAccessLogs,
-  sendDataAccessLog,
-  buildDataModificationLogs,
-  sendDataModificationLog,
-  buildSecurityLog,
-  sendSecurityLog,
-  buildConfigChangeLogs,
-  sendConfigChangeLog
-} = require('./utils/v2')
-const ANONYMOUS = 'anonymous'
-const PLAN = {
-  standard: 'standard',
-  OAuth2: 'OAuth2'
-}
-
-const _getTenantAndUser = options => {
-  // REVISIT: the standard plan is deprecated/insecure
-  if (options.plan === PLAN.standard) {
-    return {
-      user: cds.context?.user?.id ?? ANONYMOUS,
-      tenant: cds.context?.tenant
-    }
-  }
-
-  return {
-    user: '$USER',
-    tenant: '$PROVIDER'
-  }
-}
-
-const _getSecurityContext = () => {
-  const securityContext = cds?.context?.http?.req?.authInfo
-
-  if (!securityContext) {
-    const errorMsg =
-      '[Audit Logging]: The Programmatic API of the Audit Logging service for the OAuth2 plan (API - V2) can only be ' +
-      'called within the context of a request event handler. The authInfo property of the request interface (req.authInfo) ' +
-      "is used to get the security context required for the implementation's proper functioning."
-    throw new Error(errorMsg)
-  }
-
-  return securityContext
-}
-
-module.exports = class AuditLogService extends OutboxService {
-  async init() {
-    // call OutboxService's init, which handles outboxing
-    await super.init()
-
-    const credentials = this.options.credentials
-    this.options.plan = !credentials || !credentials.uaa ? PLAN.standard : PLAN.OAuth2
-
-    // REVISIT: the standard plan is deprecated/insecure
-    if (this.options.plan === PLAN.standard) {
-      const auditLogClient = await connect(credentials)
-      if (auditLogClient) this.#registerOnHandlers(auditLogClient)
-      return
-    }
-
-    // OAuth2 plan
-    const outbox = cds.requires['audit-log'].outbox
-    if (outbox?.kind === 'persistent-outbox' || (outbox && cds.requires.outbox?.kind === 'persistent-outbox')) {
-      throw new Error('The OAuth2 plan is not currently supported with persistent outbox')
-    }
-
-    if (credentials?.uaa) this.#registerOnHandlers()
-  }
-
-  async emit(first, second) {
-    const { event, data } = typeof first === 'object' ? first : { event: first, data: second }
-    if (!this.options.outbox) return this.send(event, data)
-
-    if (this[event]) {
-      try {
-        // this will open a new tx -> preserve user
-        await super.send(new cds.Request({ method: event, data, user: cds.context.user }))
-      } catch (e) {
-        if (e.code === 'ERR_ASSERTION') {
-          e.unrecoverable = true
-        }
-        throw e
-      }
-    }
-  }
-
-  async send(event, data) {
-    if (this[event]) return super.send(event, data)
-  }
-
-  /*
-   * api (await AuditLogService.<event>(data))
-   */
-
-  async dataAccessLog(data) {
-    return super.send('dataAccessLog', data)
-  }
-
-  async dataModificationLog(data) {
-    return super.send('dataModificationLog', data)
-  }
-
-  async securityLog(data) {
-    return super.send('securityLog', data)
-  }
-
-  async configChangeLog(data) {
-    return super.send('configChangeLog', data)
-  }
-
-  /*
-   * impl
-   */
-
-  #registerOnHandlers(auditLogClient) {
-    this.on('dataAccessLog', function (req) {
-      return this._dataAccessLog(req, auditLogClient)
-    })
-
-    this.on('dataModificationLog', function (req) {
-      return this._dataModificationLog(req, auditLogClient)
-    })
-
-    this.on('securityLog', function (req) {
-      return this._securityLog(req, auditLogClient)
-    })
-
-    this.on('configChangeLog', function (req) {
-      return this._configChangeLog(req, auditLogClient)
-    })
-  }
-
-  async _dataAccessLog({ data: { accesses } }, auditLogClient) {
-    const { tenant, user } = _getTenantAndUser(this.options)
-
-    // build the logs
-    auditLogClient = auditLogClient ?? (await connect(this.options.credentials, _getSecurityContext()))
-    const { entries, errors } = buildDataAccessLogs(auditLogClient, accesses, tenant, user)
-    if (errors.length) {
-      throw errors.length === 1 ? errors[0] : Object.assign(new Error('MULTIPLE_ERRORS'), { details: errors })
-    }
-
-    // write the logs
-    await Promise.all(entries.map(entry => sendDataAccessLog(entry).catch(err => errors.push(err))))
-
-    if (errors.length) {
-      throw errors.length === 1 ? errors[0] : Object.assign(new Error('MULTIPLE_ERRORS'), { details: errors })
-    }
-  }
-
-  // REVISIT: modification.action not used in auditlog v2
-  async _dataModificationLog({ data: { modifications } }, auditLogClient) {
-    const { tenant, user } = _getTenantAndUser(this.options)
-
-    // build the logs
-    auditLogClient = auditLogClient ?? (await connect(this.options.credentials, _getSecurityContext()))
-    const { entries, errors } = buildDataModificationLogs(auditLogClient, modifications, tenant, user)
-    if (errors.length) {
-      throw errors.length === 1 ? errors[0] : Object.assign(new Error('MULTIPLE_ERRORS'), { details: errors })
-    }
-
-    // write the logs
-    await Promise.all(entries.map(entry => sendDataModificationLog(entry).catch(err => errors.push(err))))
-
-    if (errors.length) {
-      throw errors.length === 1 ? errors[0] : Object.assign(new Error('MULTIPLE_ERRORS'), { details: errors })
-    }
-  }
-
-  async _securityLog({ data: { action, data } }, auditLogClient) {
-    let { tenant, user } = _getTenantAndUser(this.options)
-
-    // cds.context may not be proper on auth-related errors -> try to extract from data
-    if (!tenant && user === ANONYMOUS) {
-      try {
-        const parsed = JSON.parse(data)
-        if (parsed.tenant) {
-          tenant = parsed.tenant
-          delete parsed.tenant
-        }
-
-        if (parsed.user && typeof parsed.user === 'string') {
-          user = parsed.user
-          delete parsed.user
-        }
-
-        data = JSON.stringify(parsed)
-      } catch (e) {
-        // ignore
-      }
-    }
-
-    // build the log
-    auditLogClient = auditLogClient ?? (await connect(this.options.credentials, _getSecurityContext()))
-    const entry = buildSecurityLog(auditLogClient, action, data, tenant, user)
-
-    // write the log
-    await sendSecurityLog(entry)
-  }
-
-  // REVISIT: action and success not used in auditlog v2
-  async _configChangeLog({ data: { configurations } }, auditLogClient) {
-    const { tenant, user } = _getTenantAndUser(this.options)
-
-    // build the logs
-    auditLogClient = auditLogClient ?? (await connect(this.options.credentials, _getSecurityContext()))
-    const { entries, errors } = buildConfigChangeLogs(auditLogClient, configurations, tenant, user)
-    if (errors.length) {
-      throw errors.length === 1 ? errors[0] : Object.assign(new Error('MULTIPLE_ERRORS'), { details: errors })
-    }
-
-    // write the logs
-    await Promise.all(entries.map(entry => sendConfigChangeLog(entry).catch(err => errors.push(err))))
-
-    if (errors.length) {
-      throw errors.length === 1 ? errors[0] : Object.assign(new Error('MULTIPLE_ERRORS'), { details: errors })
-    }
-  }
-}

package/libx/_runtime/audit/generic/personal/access.js

@@ -1,61 +0,0 @@
-const cds = require('../../../cds')
-
-const getTemplate = require('../../../common/utils/template')
-const templateProcessor = require('../../../common/utils/templateProcessor')
-
-const {
-  getRootEntity,
-  getPick,
-  createLogEntry,
-  addObjectID,
-  addDataSubject,
-  addDataSubjectForDetailsEntity,
-  resolveDataSubjectPromises
-} = require('./utils')
-
-const _processorFnAccess = (accessLogs, model, req) => {
-  return ({ row, key, element, plain }) => {
-    if (row.IsActiveEntity === false) return
-
-    const entity = getRootEntity(element)
-
-    // create or augment log entry
-    const entry = createLogEntry(accessLogs, entity, row)
-
-    // process categories
-    for (const category of plain.categories) {
-      if (category === 'ObjectID') addObjectID(entry, row, key)
-      else if (category === 'DataSubjectID') addDataSubject(entry, row, key, entity)
-      else if (category === 'IsPotentiallySensitive' && key in row) {
-        if (!entry.attributes.some(e => e.name === key)) entry.attributes.push({ name: key })
-        // REVISIT: attribute vs. attachment?
-      }
-    }
-
-    // add promise to determine data subject if a DataSubjectDetails entity
-    const semantics = entity['@PersonalData.EntitySemantics']
-    if (
-      (semantics === 'DataSubjectDetails' || semantics === 'Other') &&
-      entry.dataSubject.id.length === 0 // > id still an array -> promise not yet set
-    ) {
-      addDataSubjectForDetailsEntity(row, entry, req, entity, model)
-    }
-  }
-}
-
-const auditAccessHandler = async function (data, req) {
-  const auditLogService = await cds.connect.to('audit-log')
-  const mock = Object.assign({ name: req.target._service.name, model: this.model })
-  const template = getTemplate('personal_read', mock, req.target, { pick: getPick('READ') })
-  if (!template.elements.size) return
-  const accessLogs = {}
-  if (typeof data === 'object' && data !== null) {
-    const processFn = _processorFnAccess(accessLogs, this.model, req)
-    const data_ = Array.isArray(data) ? data : [data]
-    data_.forEach(row => templateProcessor({ processFn, row, template }))
-    const accesses = (await resolveDataSubjectPromises(accessLogs)).filter(ele => ele.attributes.length)
-    if (accesses.length) await auditLogService.emit('dataAccessLog', { accesses })
-  }
-}
-
-module.exports = { auditAccessHandler }

package/libx/_runtime/audit/generic/personal/index.js

@@ -1,56 +0,0 @@
-const cds = require('../../../cds')
-const {
-  attachDiffToContextHandler,
-  calcModificationLogsHandler4Before,
-  calcModificationLogsHandler4After,
-  emitModificationHandler
-} = require('./modification')
-const { auditAccessHandler } = require('./access')
-
-exports.impl = cds.service.impl(function () {
-  if (!cds.db) return cds.on('connect', srv => srv.isDatabaseService && exports.impl.call(this))
-  // REVISIT: diff() doesn't work in srv after phase but foreign key propagation has not yet taken place in srv before phase
-  //          -> calc diff in db layer and store in audit data structure at context
-  //          -> REVISIT for GA: clear req._.partialPersistentState?
-  attachDiffToContextHandler._initial = true
-  for (const e of this.entities) {
-    if (!_hasPersonalData(e)) continue
-
-    if (e['@AuditLog.Operation.Insert']) {
-      cds.db.before('CREATE', e, attachDiffToContextHandler)
-      // create -> all new -> calcModificationLogsHandler in after phase
-      cds.db.after('CREATE', e, calcModificationLogsHandler4After)
-      this.after('CREATE', e, emitModificationHandler)
-    }
-
-    if (e['@AuditLog.Operation.Update']) {
-      cds.db.before('UPDATE', e, attachDiffToContextHandler)
-      // update -> mixed (via deep) -> calcModificationLogsHandler in before and after phase
-      cds.db.before('UPDATE', e, calcModificationLogsHandler4Before)
-      cds.db.after('UPDATE', e, calcModificationLogsHandler4After)
-      this.after('UPDATE', e, emitModificationHandler)
-    }
-
-    if (e['@AuditLog.Operation.Delete']) {
-      cds.db.before('DELETE', e, attachDiffToContextHandler)
-      // delete -> all done -> calcModificationLogsHandler in before phase
-      cds.db.before('DELETE', e, calcModificationLogsHandler4Before)
-      this.after('DELETE', e, emitModificationHandler)
-    }
-
-    if (e['@AuditLog.Operation.Read']) {
-      this.after('READ', e, auditAccessHandler)
-    }
-  }
-})
-
-const _hasPersonalData = e => {
-  if (!e['@PersonalData.DataSubjectRole']) return
-  if (!e['@PersonalData.EntitySemantics']) return
-  return !!Object.values(e.elements).some(
-    e =>
-      e['@PersonalData.IsPotentiallyPersonal'] ||
-      e['@PersonalData.IsPotentiallySensitive'] ||
-      (e['@PersonalData.FieldSemantics'] && e['@PersonalData.FieldSemantics'] === 'DataSubjectID')
-  )
-}