@sap/cds 7.2.1 → 7.3.1

package/libx/odata/utils.js

@@ -1,7 +1,7 @@
 const { toBase64url } = require('../_runtime/common/utils/binary')
 const cds = require('../_runtime/cds')
 
-const MATH_FUNC = {'round': 1, 'floor': 1, 'ceiling': 1}
+const MATH_FUNC = { round: 1, floor: 1, ceiling: 1 }
 
 const getSafeNumber = str => {
   const n = Number(str)
@@ -50,56 +50,110 @@ const _getElement = (csnTarget, key) => {
   }
 }
 
+const _v2 = (val, element) => {
+  switch (element.type) {
+    case 'cds.UUID':
+      return `guid'${val}'`
+    // binaries
+    case 'cds.Binary':
+    case 'cds.LargeBinary':
+      return `binary'${toBase64url(val)}'`
+    // integers
+    case 'cds.UInt8':
+    case 'cds.Int16':
+    case 'cds.Int32':
+    case 'cds.Integer':
+      return val
+    // big integers
+    case 'cds.Int64':
+    case 'cds.Integer64':
+      // inofficial flag to skip appending "L"
+      return cds.env.remote?.skip_v2_appendix ? val : `${val}L`.replace(/ll$/i, 'L')
+    // floating point numbers
+    case 'cds.Decimal':
+      // inofficial flag to skip appending "m"
+      return cds.env.remote?.skip_v2_appendix ? val : `${val}m`.replace(/mm$/i, 'm')
+    case 'cds.Double':
+      // inofficial flag to skip appending "d"
+      return cds.env.remote?.skip_v2_appendix ? val : `${val}d`.replace(/dd$/i, 'd')
+    // dates et al
+    case 'cds.Date':
+      return element['@odata.Type'] === 'Edm.DateTimeOffset'
+        ? `datetimeoffset'${val}T00:00:00'`
+        : `datetime'${val}T00:00:00'`
+    case 'cds.DateTime':
+      return element['@odata.Type'] === 'Edm.DateTimeOffset' ? `datetimeoffset'${val}'` : `datetime'${val}'`
+    case 'cds.Time':
+      return `time'${_PT(val.split(':'))}'`
+    case 'cds.Timestamp':
+      return element['@odata.Type'] === 'Edm.DateTime' ? `datetime'${val}'` : `datetimeoffset'${val}'`
+    // bool
+    case 'cds.Boolean':
+      return val
+    // strings + default to string representation
+    case 'cds.String':
+    case 'cds.LargeString':
+    default:
+      return `'${val}'`
+  }
+}
+
+const _v4 = (val, element) => {
+  switch (element.type) {
+    case 'cds.UUID':
+      return val
+    // binary
+    case 'cds.Binary':
+    case 'cds.LargeBinary':
+      return `binary'${toBase64url(val)}'`
+    // integers
+    case 'cds.UInt8':
+    case 'cds.Int16':
+    case 'cds.Int32':
+    case 'cds.Integer':
+      return val
+    // big integers
+    case 'cds.Int64':
+    case 'cds.Integer64':
+      return val
+    // floating point numbers
+    case 'cds.Decimal':
+    case 'cds.Double':
+      return val
+    // dates et al
+    case 'cds.DateTime':
+    case 'cds.Date':
+    case 'cds.Timestamp':
+    case 'cds.Time':
+      return val
+    // bool
+    case 'cds.Boolean':
+      return val
+    // strings + default to string representation
+    case 'cds.String':
+    case 'cds.LargeString':
+    default:
+      return `'${val}'`
+  }
+}
+
 const formatVal = (val, elementName, csnTarget, kind, func) => {
   if (val === null || val === 'null') return 'null'
   if (typeof val === 'boolean') return val
-  if (typeof val === 'number') return getSafeNumber(val)
-  if (!csnTarget && typeof val === 'string' && UUID.test(val)) return kind === 'odata-v2' ? `guid'${val}'` : val
-  if (typeof val === 'string' && func in MATH_FUNC) return val
-  const element = _getElement(csnTarget, elementName)
-  if (kind === 'odata-v2') {
-    switch (element.type) {
-      case 'cds.Decimal':
-      case 'cds.Integer64':
-      case 'cds.Int64':
-        return val
-      case 'cds.Binary':
-      case 'cds.LargeBinary':
-        return `binary'${toBase64url(val)}'`
-      case 'cds.Date':
-        return element['@odata.Type'] === 'Edm.DateTimeOffset'
-          ? `datetimeoffset'${val}T00:00:00'`
-          : `datetime'${val}T00:00:00'`
-      case 'cds.DateTime':
-        return element['@odata.Type'] === 'Edm.DateTimeOffset' ? `datetimeoffset'${val}'` : `datetime'${val}'`
-      case 'cds.Time':
-        return `time'${_PT(val.split(':'))}'`
-      case 'cds.Timestamp':
-        return element['@odata.Type'] === 'Edm.DateTime' ? `datetime'${val}'` : `datetimeoffset'${val}'`
-      case 'cds.UUID':
-        return `guid'${val}'`
-      default:
-        return `'${val}'`
-    }
-  } else {
-    switch (element.type) {
-      case 'cds.Binary':
-      case 'cds.LargeBinary':
-        return `binary'${toBase64url(val)}'`
-      case 'cds.Decimal':
-      case 'cds.Integer64':
-      case 'cds.Int64':
-      case 'cds.Boolean':
-      case 'cds.DateTime':
-      case 'cds.Date':
-      case 'cds.Timestamp':
-      case 'cds.Time':
-      case 'cds.UUID':
-        return val
-      default:
-        return _isTimestamp(val) ? val : `'${val}'` // Why are we checking strings for timestamps? --> expensive
-    }
+  if (typeof val === 'string') {
+    if (!csnTarget && UUID.test(val)) return kind === 'odata-v2' ? `guid'${val}'` : val
+    if (func in MATH_FUNC) return val
+  }
+  if (typeof val === 'number') val = getSafeNumber(val)
+  if (!csnTarget) {
+    if (typeof val !== 'string') return val
+    // REVISIT: why do we need to check strings for timestamps?
+    if (_isTimestamp(val)) return val
+    return `'${val}'`
   }
+  const element = _getElement(csnTarget, elementName)
+  if (!element?.type) return typeof val === 'string' ? `'${val}'` : val
+  return kind === 'odata-v2' ? _v2(val, element) : _v4(val, element)
 }
 
 const skipToken = (token, cqn) => {
@@ -135,7 +189,7 @@ const skipToken = (token, cqn) => {
     }
 
     if (cqn.SELECT.where) {
-      cqn.SELECT.where = [{ xpr: [ ...cqn.SELECT.where]}, 'and', { xpr }]
+      cqn.SELECT.where = [{ xpr: [...cqn.SELECT.where] }, 'and', { xpr }]
     } else {
       cqn.SELECT.where = [{ xpr }]
     }

package/libx/rest/RestAdapter.js

@@ -65,8 +65,8 @@ const RestAdapter = function (srv) {
 
   // check @requires as soon as possible (DoS)
   router.use((req, res, next) => {
-    // REVISIT: ensure there always is a user (should be the case with new middlewares -> remove with old middlewares)
-    if (!req.user) req.user = new cds.User.default
+    // ensure there always is a user going forward (not always the case with old or custom auth)
+    if (!req.user) req.user = new cds.User.default()
 
     // check @restrict and @requires as soon as possible (DoS)
     if (!accessRestrictions.some(r => req.user.is(r))) {

package/libx/rest/middleware/error.js

@@ -44,7 +44,7 @@ module.exports = (err, req, res, next) => {
   let ctx = cds.context
   if (!ctx) {
     // > error before req was dispatched
-    ctx = new cds.Request({ req, res: req.res, user: req.user || new cds.User.Anonymous() })
+    ctx = new cds.Request({ req, res: req.res, user: req.user || new cds.User.default })
     for (const each of srv._handlers._error) each.handler.call(srv, err, ctx)
   } else if (ctx._tx?._done !== 'rolled back') {
     for (const each of srv._handlers._error) each.handler.call(srv, err, ctx)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "7.2.1",
+  "version": "7.3.1",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [