@sap/cds 6.8.4 → 7.0.1

package/libx/_runtime/db/generic/integrity.js

@@ -1,455 +0,0 @@
-const cds = require('../../cds')
-const { SELECT } = cds.ql
-
-const crypto = require('crypto')
-
-const { cqn2cqn4sql } = require('../../common/utils/cqn2cqn4sql')
-const { all, resolve } = require('../../common/utils/thenable')
-const { assertError } = require('../../cds-services/util/assert')
-const { processDeepAsync } = require('../../cds-services/util/dataProcessUtils')
-
-const ASSERT_REFERENCE_INTEGRITY = 'ASSERT_REFERENCE_INTEGRITY'
-const ASSERT_INTEGRITY_ANNOTATION = '@assert.integrity'
-
-const CRUD = { CREATE: 1, READ: 1, UPDATE: 1, DELETE: 1 }
-const C_UD = { CREATE: 1, INSERT: 1, UPDATE: 1, DELETE: 1 }
-
-/*
- * UTILS
- */
-
-const _requiresRuntimeCheck = def => {
-  const val = String(def['@assert.integrity']).toLowerCase()
-  if (val === 'rt') return true
-  if (val === 'db' || val === 'false') return false
-  if (val === 'true') {
-    const { assert_integrity_type: ait } = cds.env.features
-    if (ait && ait.match(/rt/i)) return true
-  }
-}
-
-const _runtimeShallCheckIntegrityFor = (assoc, inclComps) => {
-  const { parent } = assoc
-
-  // disqualifications
-  if (!assoc._isAssociationStrict && !inclComps) return
-  if (!assoc.is2one) return
-  if (assoc.on) return
-  if (assoc._isCompositionBacklink) return
-  if (parent['@cds.persistence.skip']) return
-
-  // check @assert.integrity bottom-up and break on value (i.e., lowest spec wins)
-  if ('@assert.integrity' in assoc) {
-    const val = _requiresRuntimeCheck(assoc)
-    if (val !== undefined) return val
-  }
-  if ('@assert.integrity' in parent) {
-    const val = _requiresRuntimeCheck(parent)
-    if (val !== undefined) return val
-  }
-  if (parent._service && '@assert.integrity' in parent._service) {
-    const val = _requiresRuntimeCheck(parent._service)
-    if (val !== undefined) return val
-  }
-
-  // here, no disqualification and no @assert.integrity specified -> global setting
-  const { assert_integrity: ai, assert_integrity_type: ait } = cds.env.features
-  if (ai && ait && ait.match(/db/i)) return false
-  return true
-}
-
-/*
- * this modifies the csn on purpose for caching effect!
- * doing as aspect is difficult due to no global definitons per tenant
- */
-const _getDependents = (entity, model) => {
-  if (entity.own('__dependents')) return entity.__dependents
-
-  /** @type {Array|boolean} */
-  let dependents = []
-  for (const def of Object.values(model.definitions)) {
-    if (def.kind !== 'entity') continue
-    if (!def.associations) continue
-
-    for (const assoc of Object.values(def.associations)) {
-      if (assoc.target !== entity.name) continue
-
-      if (_runtimeShallCheckIntegrityFor(assoc)) {
-        dependents.push({ /* element: assoc, */ parent: assoc.parent, target: model.definitions[assoc.target] })
-      }
-    }
-  }
-
-  if (dependents.length === 0) dependents = false
-  return entity.set('__dependents', dependents)
-}
-
-const _getElement = (entity, ref) => {
-  if (ref.length > 1) return _getElement(entity.elements[ref[0]], ref.slice(1))
-  return entity.elements[ref[0]]
-}
-
-const _getFullForeignKeyName = (elementName, foreignKeyName) => `${elementName}_${foreignKeyName}`
-
-const _getDataFromRef = (row, ref) => {
-  if (row === undefined) return
-  if (ref.length > 1) return _getDataFromRef(row[ref[0]], ref.slice(1))
-  return row[ref[0]]
-}
-
-const _foreignKeyReducer = (key, foreignKeyName, row, element, ref) => {
-  const fullForeignKeyName = _getFullForeignKeyName(element.name, foreignKeyName)
-
-  if (ref.length > 1) {
-    // ref includes assoc name, so we need to replace it by foreign key name
-    const refWithFlatForeignKey = [...ref.slice(0, ref.length - 1), fullForeignKeyName]
-    key[foreignKeyName] = _getDataFromRef(row, refWithFlatForeignKey)
-  } else {
-    key[foreignKeyName] = Object.prototype.hasOwnProperty.call(row, fullForeignKeyName) ? row[fullForeignKeyName] : null
-  }
-
-  return key
-}
-
-const _buildForeignKey = (element, row, ref) => {
-  let foreignKey
-
-  if (element.keys) {
-    foreignKey = element.keys
-      .map(obj => obj.ref[obj.ref.length - 1])
-      .reduce((key, foreignKeyName) => {
-        return _foreignKeyReducer(key, foreignKeyName, row, element, ref)
-      }, {})
-  }
-
-  return foreignKey
-}
-
-const _checkExists = (entity, data, req, run) => {
-  if (!Array.isArray(data)) {
-    return _checkExists(entity, [data], req, run).then(result => {
-      return result[0]
-    })
-  }
-
-  const where = data.map(row => {
-    return Object.keys(entity.keys).reduce((where, name) => {
-      if (row[name] !== undefined && row[name] !== null) {
-        if (where.length > 0) {
-          where.push('and')
-        }
-        where.push({ ref: [name] }, '=', { val: row[name] })
-      }
-
-      return where
-    }, [])
-  })
-  return _checkExistsWhere(entity, where, run)
-}
-
-const _checkCreateUpdate = (result, ref, rootEntity, checks, data, req, run) => {
-  const resolvedElement = _getElement(rootEntity, ref)
-
-  // REVISIT: incl comps?!
-  if (!_runtimeShallCheckIntegrityFor(resolvedElement /* true */)) return result
-
-  // REVISIT: reduce should only be used to build object from array, not for loops!
-  return data.reduce((result, row) => {
-    const foreignKey = _buildForeignKey(resolvedElement, row, ref)
-    if (foreignKey === undefined || Object.values(foreignKey).every(v => v === null)) return result
-
-    // REVISIT: if incl comps, skip check if target is in payload
-    // if (resolvedElement.isComposition && resolvedElement.is2one && row[resolvedElement.name]) return result
-
-    checks.push(
-      _checkExists(resolvedElement._target, foreignKey, req, run).then(exists => {
-        if (!exists) {
-          result.push(assertError(ASSERT_REFERENCE_INTEGRITY, resolvedElement, foreignKey))
-        }
-      })
-    )
-
-    return result
-  }, result)
-}
-
-const _buildWhereDelete = (result, key, element, data) => {
-  return data
-    .map(d => {
-      return Object.keys(d).reduce((result, name) => {
-        if (key.ref[0] === name) {
-          if (result.length > 0) {
-            result.push('and')
-          }
-          result.push({ ref: [_getFullForeignKeyName(element.name, key.ref[0])] }, '=', { val: d[name] })
-        }
-
-        return result
-      }, result)
-    })
-    .reduce((accumulatedWhere, currentWhere, i) => {
-      if (i > 0) accumulatedWhere.push('or')
-      accumulatedWhere.push(...currentWhere)
-      return accumulatedWhere
-    }, [])
-}
-
-const _checkExistsWhere = (entity, whereList, run) => {
-  const checks = whereList.map(where => {
-    if (where.length === 0) return true
-
-    const query = {
-      SELECT: {
-        columns: [{ val: 1, as: '_exists' }],
-        from: { ref: [entity.name || entity] },
-        where: where,
-        limit: { rows: { val: 1 } }
-      }
-    }
-
-    if (cds.context) {
-      const hash = crypto.createHash('sha1').update(JSON.stringify(query)).digest('base64') // fastest hash
-      if (!cds.context.__alreadyExecutedIntegrityChecks) cds.context.__alreadyExecutedIntegrityChecks = new Map()
-
-      if (cds.context.__alreadyExecutedIntegrityChecks.has(hash)) {
-        return cds.context.__alreadyExecutedIntegrityChecks.get(hash)
-      }
-
-      const promise = run(query).then(exists => exists.length !== 0)
-
-      // we store the promise object in the map, it won't get executed twice when calling await Promise.all([promise, promise])
-      cds.context.__alreadyExecutedIntegrityChecks.set(hash, promise)
-      return promise
-    }
-
-    return run(query).then(exists => exists.length !== 0)
-  })
-
-  return all(checks)
-}
-
-const _checkDelete = (result, key, entity, checks, req, csn, run, data) => {
-  const elements = csn.definitions[key].elements
-  const source = csn.definitions[key].name
-
-  const dependents = _getDependents(req.target, csn) || []
-
-  const sourceDependent = dependents.find(dep => dep.parent.name === source)
-  if (!sourceDependent) return result
-
-  return Object.keys(elements).reduce((result, assoc) => {
-    if (!elements[assoc].target || !elements[assoc].keys) return result
-
-    const targetDependent = dependents.find(dep => dep.target.name === elements[assoc].target)
-    if (!targetDependent) return result
-
-    const where = elements[assoc].keys.reduce((buildWhere, key) => {
-      return _buildWhereDelete(buildWhere, key, elements[assoc], data)
-    }, [])
-    checks.push(
-      _checkExistsWhere(source, [where], run).then(exists => {
-        if (exists.includes(true)) {
-          result.push(assertError(ASSERT_REFERENCE_INTEGRITY, elements[assoc], req.data))
-        }
-      })
-    )
-    return result
-  }, result)
-}
-
-function _filterStructured(element, structuredAssocs, prefix) {
-  const elements = element.elements
-  for (const subElement in elements) {
-    if (_filterAssocs(elements[subElement], structuredAssocs, prefix)) {
-      structuredAssocs.push([...prefix, elements[subElement].name])
-    }
-  }
-}
-
-const _filterAssocs = (element, structuredAssocs, prefix = []) => {
-  if (element.elements) {
-    _filterStructured(element, structuredAssocs, [...prefix, element.name])
-  }
-
-  return (
-    // element._isAssociationStrict && // > comps handled by deep crud logic
-    element.isAssociation &&
-    !element.virtual &&
-    !element.abstract &&
-    element[ASSERT_INTEGRITY_ANNOTATION] !== false &&
-    !element._target._hasPersistenceSkip
-  )
-}
-
-const _checkReferenceIntegrity = (entity, data, req, csn, run) => {
-  const service = entity._service
-  if (entity[ASSERT_INTEGRITY_ANNOTATION] === false || (service && service[ASSERT_INTEGRITY_ANNOTATION] === false)) {
-    return
-  }
-
-  if (!Array.isArray(data)) data = [data]
-
-  const checks = []
-  let result
-  if (req.event === 'CREATE' || req.event === 'UPDATE') {
-    const structuredAssocRefs = []
-    const associationRefs = Object.keys(entity.elements)
-      .filter(elementName => _filterAssocs(entity.elements[elementName], structuredAssocRefs))
-      .map(name => [name])
-    result = [...associationRefs, ...structuredAssocRefs].reduce((createUpdateResult, ref) => {
-      return _checkCreateUpdate(createUpdateResult, ref, entity, checks, data, req, run)
-    }, [])
-  }
-  if (req.event === 'DELETE') {
-    // we are only interested in table-level references not all derived ones on view levels
-    // TODO: why?
-    while (entity.query && entity.query._target) {
-      entity = csn.definitions[entity.query._target.name]
-    }
-
-    result = Object.keys(csn.definitions)
-      .filter(
-        key =>
-          !csn.definitions[key]['@cds.persistence.skip'] &&
-          csn.definitions[key].elements !== undefined &&
-          // skip check for events, aspects and localized tables
-          csn.definitions[key].kind !== 'event' &&
-          csn.definitions[key].kind !== 'aspect' &&
-          csn.definitions[key].kind !== 'type' &&
-          !csn.definitions[key].name.startsWith('localized.')
-      )
-      .reduce((deleteResult, key) => {
-        return _checkDelete(deleteResult, key, entity, checks, req, csn, run, data)
-      }, [])
-  }
-
-  if (checks.length) {
-    return Promise.all(checks).then(() => {
-      return result
-    })
-  }
-
-  return resolve(result || [])
-}
-
-const _checkIntegrityWrapper = (req, csn, run) => async (data, entity) => {
-  if (cds.env.fiori.lean_draft && entity.name?.endsWith('.drafts')) return
-  const errors = await _checkReferenceIntegrity(entity, data, req, csn, run)
-  if (errors && errors.length !== 0) for (const err of errors) req.error(err)
-}
-
-const _isUncheckableInsert = query => query.INSERT && (query.INSERT.rows || query.INSERT.values || query.INSERT.as)
-
-const _checkIntegrityUtil = async (req, csn, run) => {
-  if (!run) return
-  if (typeof req.query === 'string' || req.target._unresolved) return
-  if (_isUncheckableInsert(req.query)) return
-
-  // REVISIT: integrity check needs context.data
-  if (Object.keys(req.data).length === 0) {
-    // REVISIT: We may need to double-check re req.data being undefined or empty
-    if (req.query.DELETE) {
-      req.data = req._beforeDeleteData || {}
-    } else if (req.context && req.context.data && Object.keys(req.context.data).length > 0) {
-      req.data = req.context.data
-    }
-  }
-  if (Object.keys(req.data).length === 0) return
-
-  await processDeepAsync(_checkIntegrityWrapper(req, csn, run), req.data, req.target, false, true)
-}
-
-/*
- * HANDLERS
- */
-
-const _skipIntegrityCheck = (req, tx) => {
-  if (cds.env.features.assert_integrity === false) return true
-  if (!tx.model) return true
-  if (req.event in CRUD) {
-    if (typeof req.query === 'string') return true
-    if (!req.target || req.target._unresolved) return true
-  }
-  return false
-}
-
-/*
- * before delete
- */
-const _isPrimitiveKey = e => !e.is2one && !e.is2many
-
-async function beforeDelete(req) {
-  if (_skipIntegrityCheck(req, this)) return
-
-  // via protocol adapter with key predicates?
-  if (Object.keys(req.data).length > 0) return
-
-  const target = this.model.definitions[req.target.name]
-  if (!target) return
-
-  // only if target has dependents (i.e., is the target of a managed to one association)
-  const dependents = _getDependents(target, this.model)
-  if (!dependents) return
-
-  const keys = Object.keys(target.keys).filter(k => _isPrimitiveKey(target.elements[k]) && k !== 'IsActiveEntity')
-  let selectQuery = SELECT(keys).from(req.target.name)
-
-  if (req.query.DELETE.where) {
-    selectQuery = selectQuery.where(req.query.DELETE.where)
-  }
-
-  selectQuery = cqn2cqn4sql(selectQuery, this.model, { service: this })
-  req._beforeDeleteData = await this._read(this.model, this.dbc, selectQuery, req.context || req)
-}
-
-beforeDelete._initial = true
-
-/*
- * perform check
- */
-const _performCheck = async (req, cur, csn, run) => {
-  const prev = (cur.errors && cur.errors.length) || 0
-
-  if (Array.isArray(cur.query)) {
-    for (const each of cur.query) {
-      const r = { query: each, target: each._target, event: each.cmd === 'INSERT' ? 'CREATE' : each.cmd }
-      Object.setPrototypeOf(r, cur)
-      await _checkIntegrityUtil(r, csn, run)
-      if (r.errors && r.errors.length) r.errors.forEach(e => req.error(e))
-    }
-  } else {
-    await _checkIntegrityUtil(cur, csn, run)
-  }
-
-  // only additional errors
-  if (cur.errors && cur.errors.length > prev) {
-    cur.errors.forEach(e => req.error(e))
-  }
-}
-
-function performCheck(req) {
-  if (_skipIntegrityCheck(req, this)) return
-
-  const root = req.context || req
-  const children = root._children
-  if (!children || !(this.name in children)) return
-
-  const relevant = children[this.name].filter(r => {
-    if (r.event) return r.event in C_UD
-    if (Array.isArray(r.query)) return r.query.some(q => q.cmd in C_UD)
-    return r.query && r.query.cmd in C_UD
-  })
-
-  if (relevant.length === 0) return
-
-  return Promise.all(
-    relevant.map(r => _performCheck(req, r, this.model, query => this._read(this.model, this.dbc, query, root)))
-  )
-}
-
-performCheck._initial = true
-
-module.exports = {
-  beforeDelete,
-  performCheck
-}

package/srv/audit-log.cds

@@ -1,87 +0,0 @@
-service AuditLogService {
-
-  // Log read access to sensitive personal data
-  event dataAccessLog {
-    accesses         : array of Access;
-    // accessFilters : array of KeyValuePair;
-  };
-
-  // Log changes to personal data
-  event dataModificationLog : {
-    modifications : array of DataModification;
-  };
-
-  // config change
-  event configChangeLog : {
-    action         : String @assert.range enum {
-      Create;
-      Update;
-      Delete
-    };
-    // success     : Boolean;
-    configurations : array of ConfigChange;
-  };
-
-  // security message
-  event securityLog : {
-    action : String;
-    data   : String;
-  };
-
-}
-
-// types
-
-define type KeyValuePair {
-  keyName : String;
-  value   : String;
-};
-
-define type DataObject {
-  type : String;
-  id   : array of KeyValuePair;
-};
-
-define type DataSubject {
-  type : String;
-  id   : array of KeyValuePair;
-  role : String;
-};
-
-define type Attribute {
-  name : String;
-};
-
-define type Attachment {
-  id   : String;
-  name : String;
-};
-
-define type Access {
-  dataObject  : DataObject;
-  dataSubject : DataSubject;
-  attributes  : array of Attribute;
-  attachments : array of Attachment;
-};
-
-define type ChangedAttribute {
-  name     : String;
-  oldValue : String;
-  newValue : String;
-};
-
-define type DataModification {
-  dataObject  : DataObject;
-  dataSubject : DataSubject;
-  action      : String @assert.range enum {
-    Create;
-    Update;
-    Delete;
-  };
-  attributes  : array of ChangedAttribute;
-}
-
-define type ConfigChange {
-  dataObject : DataObject;
-  attributes : array of ChangedAttribute;
-};

package/srv/mtx.cds

@@ -1,2 +0,0 @@
-/** Dummy service for bootstrapping old MTX */
-@protocol:'none' service cds.xt.MTXServices {}

package/srv/mtx.js

@@ -1,8 +0,0 @@
-module.exports = ()=> {
-  const cds = require ('../lib')
-  if (cds.mtx) {
-    const DEBUG = cds.debug('mtx')
-    DEBUG && DEBUG ('bootstrapping old MTX...')
-    return cds.mtx.in (cds.app) // old mtx
-  }
-}