@sap/cds 7.3.0 → 7.4.0

package/libx/_runtime/messaging/common-utils/authorizedRequest.js

@@ -1,8 +1,11 @@
 const https = require('https')
 const requestToken = require('../http-utils/token')
+const cds = require('../../cds')
+const LOG = cds.log('http-messaging') // not public
 
 const authorizedRequest = ({ method, uri, path, oa2, tenant, dataObj, headers, tokenStore }) => {
   return new Promise((resolve, reject) => {
+    if (LOG._debug) LOG.debug({ method, uri, path, oa2, tenant, dataObj, headers, tokenStore })
     ;((tokenStore.token && Promise.resolve(tokenStore.token)) || requestToken(oa2, tenant, tokenStore))
       .catch(err => reject(err))
       .then(token => {

package/libx/_runtime/messaging/common-utils/connections.js

@@ -1,4 +1,4 @@
-const waitingTime = require('./waitingTime')
+const waitingTime = require('../../common/utils/waitingTime')
 
 const _connectUntilConnected = (client, LOG, x) => {
   const _waitingTime = waitingTime(x)

package/libx/_runtime/messaging/enterprise-messaging.js

@@ -45,10 +45,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
     const provisioningSrv = await cds.connect.to('cds.xt.SaasProvisioningService')
     deploymentSrv.impl(() => {
       deploymentSrv.after('subscribe', async (_res, req) => {
-        const { tenant } = req.data
-        let subdomain
-        const tenantInfo = await getTenantInfo(tenant)
-        subdomain = tenantInfo.subdomain
+        const { subscribedSubdomain: subdomain } = req.data.metadata
         const management = await this.getManagement(subdomain).waitUntilReady()
         await management.deploy()
       })
@@ -158,35 +155,37 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
     })
   }
 
-  async emit(event, ...etc) {
-    const msg = this.message4(event, ...etc)
+  async handle(msg) {
+    if (msg.inbound) return super.handle(msg)
+    const _msg = this.message4(msg)
     const _optionsMessagingREST = optionsMessagingREST(this.options)
     const context = this.context || cds.context
-    const tenant = context && context.tenant
-    const topic = msg.event
-    const message = { ...(msg.headers || {}), data: msg.data }
+    const tenant = cds.requires.multitenancy && context && context.tenant
+    const topic = _msg.event
+    const message = { ...(_msg.headers || {}), data: _msg.data }
 
     const contentType =
-      msg.headers && ['id', 'source', 'specversion', 'type'].every(el => el in msg.headers)
+      _msg.headers && ['id', 'source', 'specversion', 'type'].every(el => el in _msg.headers)
         ? 'application/cloudevents+json'
         : 'application/json'
 
     await this.queued(() => {})()
 
     try {
-      await authorizedRequest({
+      const params = {
         method: 'POST',
         uri: _optionsMessagingREST.uri,
         path: `/messagingrest/v1/topics/${encodeURIComponent(topic)}/messages`,
         oa2: _optionsMessagingREST.oa2,
-        tenant,
         dataObj: message,
         headers: {
           'Content-Type': contentType,
           'x-qos': 1
         },
         tokenStore: {}
-      })
+      }
+      if (tenant) params.tenant = tenant
+      await authorizedRequest(params)
     } catch (e) {
       // Note: If the topic rules don't allow the topic, we get a 403 (which is a strange choice by Event Mesh)
       if (e && (e.statusCode === 400 || e.statusCode === 403)) e.unrecoverable = true

package/libx/_runtime/messaging/file-based.js

@@ -19,7 +19,8 @@ class FileBasedMessaging extends MessagingService {
     return super.init()
   }
 
-  async emit(msg) {
+  async handle(msg) {
+    if (msg.inbound) return super.handle(msg)
     const _msg = this.message4(msg)
     const e = _msg.event
     delete _msg.event
@@ -53,10 +54,11 @@ class FileBasedMessaging extends MessagingService {
               if (this.subscribedTopics.has(topic)) {
                 const event = this.subscribedTopics.get(topic)
                 if (!event) return
-                // REVISIT: should we use this.dispatch instead of super.emit for inbound messages?
-                super
-                  .emit({ event, ...json, inbound: true })
-                  .catch(e => this.LOG.error('ERROR occured in asynchronous event processing:', e))
+                this.tx(tx =>
+                  tx
+                    .emit({ event, ...json, inbound: true })
+                    .catch(e => this.LOG.error('ERROR occured in asynchronous event processing:', e))
+                )
               } else other.push(each + '\n')
             }
           } catch (e) {

package/libx/_runtime/messaging/redis-messaging.js

@@ -1,9 +1,8 @@
 // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
 const redis = require('redis')
 const cds = require('../../../lib')
-const waitingTime = require('./common-utils/waitingTime')
+const waitingTime = require('../common/utils/waitingTime')
 const normalizeIncomingMessage = require('./common-utils/normalizeIncomingMessage')
-const { hasPersistentOutbox } = require('./outbox/utils')
 
 const _handleReconnects = (client, LOG) => {
   client.on('reconnecting', () => {
@@ -57,6 +56,14 @@ class RedisMessaging extends cds.MessagingService {
     })
   }
 
+  async handle(msg) {
+    if (msg.inbound) return super.handle(msg)
+    const _msg = this.message4(msg)
+    this.LOG._info && this.LOG.info('Emit', { topic: _msg.event })
+    if (!this._ready && msg._fromOutbox) throw new Error('Redis connection not ready')
+    await this.client.publish(_msg.event, JSON.stringify({ data: _msg.data, ...(_msg.headers || {}) }))
+  }
+
   async startListening() {
     let subscriber
     for (const topic of [...this.subscribedTopics].map(kv => kv[0])) {
@@ -71,21 +78,13 @@ class RedisMessaging extends cds.MessagingService {
         const msg = normalizeIncomingMessage(message)
         msg.event = topic
         try {
-          await super.emit(msg)
+          await this.tx({ user: cds.User.privileged }, tx => tx.emit(msg))
         } catch (e) {
           this.LOG.error('ERROR occured in asynchronous event processing:', e)
         }
       })
     }
   }
-
-  async emit(msg) {
-    const _msg = this.message4(msg)
-    this.LOG._info && this.LOG.info('Emit', { topic: _msg.event })
-    if (!this._ready && hasPersistentOutbox(this, cds.context && cds.context.tenant))
-      throw new Error('Redis connection not ready')
-    await this.client.publish(_msg.event, JSON.stringify({ data: _msg.data, ...(_msg.headers || {}) }))
-  }
 }
 
 module.exports = RedisMessaging

package/libx/_runtime/messaging/service.js

@@ -1,6 +1,5 @@
 const cds = require('../cds')
 const queued = require('./common-utils/queued')
-const OutboxService = require('./Outbox')
 const ExtendedModels = require('../../../lib/srv/srv-models')
 
 const appId = require('./common-utils/appId')
@@ -21,7 +20,7 @@ const _warnAndStripTopicPrefix = (event, LOG) => {
 }
 
 // There's currently no mechanism to detect mocked services, this is the best we can do.
-class MessagingService extends OutboxService {
+class MessagingService extends cds.Service {
   init() {
     // enables queued async operations (without awaiting)
     this.queued = queued()
@@ -58,9 +57,10 @@ class MessagingService extends OutboxService {
           // calls to srv.emit are forwarded to this.emit, which is expected to
           // be overwritten by subclasses to write events to message channel
           const topic = _topic(declared)
-          srv.on(event, msg => {
+          srv.on(event, async msg => {
             const { data, headers } = msg
-            return this.tx(msg).emit({ event: topic, data, headers })
+            const messaging = await cds.connect.to('messaging') // needed for potential outbox
+            return messaging.tx(msg).emit({ event: topic, data, headers })
           })
         }
       })
@@ -77,29 +77,15 @@ class MessagingService extends OutboxService {
     return super.init()
   }
 
-  async emit(event, data, headers) {
-    const _msg = typeof event === 'object' ? event : { event, data, headers }
-    if (_msg instanceof cds.Event) return super.emit(_msg)
-    if (_msg.inbound && !cds.context) {
-      return cds._context.run(
-        {
-          tenant: _msg.tenant,
-          user: cds.User.privileged,
-          ...(_msg._?.req && { req: _msg._.req }),
-          ...(_msg._?.res && { res: _msg._.res })
-        },
-        async () => {
-          if (cds.model) {
-            const ctx = cds.context
-            ctx.model = await ExtendedModels.model4(ctx.tenant, ctx.features)
-          }
-          const msg = new cds.Event(this.message4(_msg))
-          return super.emit(msg)
-        }
-      )
+  async handle(msg) {
+    if (msg.inbound) {
+      if (cds.model) {
+        const ctx = cds.context
+        ctx.model = await ExtendedModels.model4(ctx.tenant, ctx.features)
+      }
+      return super.handle(this.message4(msg))
     }
-    const msg = new cds.Event(this.message4(_msg))
-    return super.emit(msg)
+    return super.handle(msg)
   }
 
   on(event, cb) {

package/libx/_runtime/remote/Service.js

@@ -1,21 +1,25 @@
 const cds = require('../cds')
 const LOG = cds.log('remote')
 
+const { run, getReqOptions } = require('./utils/client')
+const { hasAliasedColumns } = require('./utils/data')
+
 const { resolveView, getTransition, restoreLink, findQueryTarget } = require('../common/utils/resolveView')
 const { postProcess } = require('../common/utils/postProcessing')
-const { getKind, run, getDestination, getAdditionalOptions, getReqOptions } = require('./utils/client')
+
 const { formatVal } = require('../../odata/utils')
-const { hasAliasedColumns } = require('./utils/data')
 
-let _cloudSdkConnectivity, _cloudSdkResilience
-const cloudSdkConnectivity = () => {
+let _cloudSdkConnectivity
+const _getCloudSdkConnectivity = () => {
   if (_cloudSdkConnectivity) return _cloudSdkConnectivity
   // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   _cloudSdkConnectivity = require('@sap-cloud-sdk/connectivity')
   return _cloudSdkConnectivity
 }
-const cloudSdkResilience = () => {
-  if (_cloudSdkResilience !== undefined) return _cloudSdkResilience
+
+let _cloudSdkResilience
+const _getCloudSdkResilience = () => {
+  if (_cloudSdkResilience) return _cloudSdkResilience
   // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   _cloudSdkResilience = require('@sap-cloud-sdk/resilience')
   return _cloudSdkResilience
@@ -96,7 +100,9 @@ const _handleBoundActionFunction = (srv, def, req, url) => {
   if (def.params) {
     const data = _extractParamsFromData(req.data, def.params)
     url = _buildPartialUrlFunctions(url, data, def.params)
-  } else url = `${url}()`
+  } else {
+    url = `${url}()`
+  }
 
   return srv.get(url)
 }
@@ -105,11 +111,7 @@ const _handleUnboundActionFunction = (srv, def, req, event) => {
   if (def.kind === 'action') {
     // REVISIT: only for "rest" unbound actions/functions, we enforce axios to return a buffer
     // required by cds-mt
-    const isBinary =
-      srv.kind === 'rest' &&
-      def &&
-      def.returns &&
-      (def.returns.type === 'cds.LargeBinary' || def.returns.type === 'cds.Binary')
+    const isBinary = srv.kind === 'rest' && def?.returns?.type.match(/binary/i)
     const { headers, data } = req
 
     return srv.send({ method: 'POST', path: `/${event}`, headers, data, _binary: isBinary })
@@ -163,14 +165,12 @@ const _addHandlerActionFunction = (srv, def, target) => {
       const url = `/${shortEntityName}(${_buildKeys(req, this.kind).join(',')})/${this.namespace}.${event}`
       return _handleBoundActionFunction(srv, def, req, url)
     })
-
-    return
+  } else {
+    srv.on(event, async function (req) {
+      if (this.kind === 'odata-v2') return _handleV2ActionFunction(srv, def, req, event, this.kind)
+      return _handleUnboundActionFunction(srv, def, req, event)
+    })
   }
-
-  srv.on(event, async function (req) {
-    if (this.kind === 'odata-v2') return _handleV2ActionFunction(srv, def, req, event, this.kind)
-    return _handleUnboundActionFunction(srv, def, req, event)
-  })
 }
 
 const _selectOnlyWithAlias = q => q?.SELECT && !q.SELECT._transitions && q.SELECT?.columns?.some(hasAliasedColumns)
@@ -180,20 +180,38 @@ const resolvedTargetOfQuery = q => {
   return transitions.length && [transitions.length - 1].target
 }
 
-let logged
-
 const _resolveSelectionStrategy = options => {
   if (typeof options?.selectionStrategy !== 'string') return
-  options.selectionStrategy = cloudSdkConnectivity().DestinationSelectionStrategies[options.selectionStrategy]
 
+  options.selectionStrategy = _getCloudSdkConnectivity().DestinationSelectionStrategies[options.selectionStrategy]
   if (typeof options?.selectionStrategy !== 'function') {
     throw new Error(`Unsupported destination selection strategy "${options.selectionStrategy}".`)
   }
 }
 
+const _getKind = options => {
+  const kind = (options.credentials && options.credentials.kind) || options.kind
+  if (typeof kind === 'object') {
+    const k = Object.keys(kind).find(
+      key => key === 'odata' || key === 'odata-v4' || key === 'odata-v2' || key === 'rest'
+    )
+    // odata-v4 is equivalent of odata
+    return k === 'odata-v4' ? 'odata' : k
+  }
+  return kind
+}
+
+const _getDestination = (name, credentials) => {
+  // Cloud SDK wants property "queryParameters" but we have documented "queries"
+  if (credentials.queries && !credentials.queryParameters) credentials.queryParameters = credentials.queries
+  return { name, ...credentials }
+}
+
+let logged
+
 class RemoteService extends cds.Service {
   init() {
-    this.kind = getKind(this.options) // TODO: Simplify
+    this.kind = _getKind(this.options) // TODO: Simplify
 
     /*
      * set up connectivity stuff if credentials are provided
@@ -205,7 +223,7 @@ class RemoteService extends cds.Service {
       _resolveSelectionStrategy(this.destinationOptions)
       this.destination =
         this.options.credentials.destination ??
-        getDestination(this.definition?.name ?? this.datasource, this.options.credentials)
+        _getDestination(this.definition?.name ?? this.datasource, this.options.credentials)
       this.path = this.options.credentials.path
 
       // `requestTimeout` API is kept as it was public
@@ -250,27 +268,24 @@ class RemoteService extends cds.Service {
     this.on('*', async (req, next) => {
       const { query } = req
       if (!query && !(typeof req.path === 'string')) return next()
+
       // early validation on first request for use case without remote API
       // ideally, that's done on bootstrap of the remote service
       if (typeof this.destination === 'object' && !this.destination.url)
         throw new Error(`"url" or "destination" property must be configured in "credentials" of "${this.name}".`)
       if (this._resilienceMiddlewares && !this._resilienceMiddlewares.timeout)
-        this._resilienceMiddlewares.timeout = cloudSdkResilience().timeout(this.requestTimeout)
+        this._resilienceMiddlewares.timeout = _getCloudSdkResilience().timeout(this.requestTimeout)
 
-      const resolvedTarget = resolvedTargetOfQuery(query) || getTransition(req.target, this).target
       const reqOptions = getReqOptions(req, query, this)
       reqOptions.headers = _setHeaders(reqOptions.headers, req)
+
+      const { kind, destination, destinationOptions, csrf, csrfInBatch } = this
+      const resolvedTarget = resolvedTargetOfQuery(query) || getTransition(req.target, this).target
       const returnType = req._returnType
-      const additionalOptions = getAdditionalOptions(
-        req,
-        this.destination,
-        this.kind,
-        resolvedTarget,
-        returnType,
-        this.destinationOptions,
-        this.csrf,
-        this.csrfInBatch
-      )
+      const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions, csrf, csrfInBatch }
+
+      const jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
+      if (jwt) additionalOptions.jwt = jwt
 
       // hidden compat flag in order to suppress logging response body of failed request
       if (req._suppressRemoteResponseBody) {
@@ -334,4 +349,5 @@ class RemoteService extends cds.Service {
 }
 
 RemoteService.prototype.isExternal = true
+
 module.exports = RemoteService

package/libx/_runtime/remote/utils/client.js

@@ -7,41 +7,34 @@ const { convertV2ResponseData, deepSanitize, convertV2PayloadData } = require('.
 
 let _cloudSdk
 
-const PPPD = {
-  POST: 1,
-  PUT: 1,
-  PATCH: 1,
-  DELETE: 1
-}
-
+const PPPD = { POST: 1, PUT: 1, PATCH: 1, DELETE: 1 }
 const KINDS_SUPPORTING_BATCH = { odata: 1, 'odata-v2': 1, 'odata-v4': 1 }
 
 const _sanitizeHeaders = headers => {
-  if (headers && headers.authorization) headers.authorization = headers.authorization.split(' ')[0] + ' ...'
-
+  // REVISIT: is this in-place modification intended?
+  if (headers?.authorization) headers.authorization = headers.authorization.split(' ')[0] + ' ***'
   return headers
 }
 
 const _executeHttpRequest = async ({ requestConfig, destination, destinationOptions, jwt, csrf, csrfInBatch }) => {
-  const { executeHttpRequestWithOrigin } = cloudSdk()
-  const destinationName = typeof destination === 'string' && destination
+  const { executeHttpRequestWithOrigin } = _getCloudSdk()
 
-  if (destinationName) {
-    destination = { destinationName, ...(resolveDestinationOptions(destinationOptions, jwt) ?? {}) }
+  if (typeof destination === 'string') {
+    destination = {
+      destinationName: destination,
+      ...destinationOptions,
+      ...{ jwt: destinationOptions?.jwt !== undefined ? destinationOptions.jwt : jwt }
+    }
+    if (destination.jwt !== undefined && !destination.jwt) delete destination.jwt // don't pass any value
   } else if (destination.forwardAuthToken) {
     destination = {
       ...destination,
       headers: destination.headers ? { ...destination.headers } : {},
       authentication: 'NoAuthentication'
     }
-
     delete destination.forwardAuthToken
-
-    if (jwt) {
-      destination.headers.authorization = `Bearer ${jwt}`
-    } else {
-      LOG._warn && LOG.warn('Missing JWT token for forwardAuthToken')
-    }
+    if (jwt) destination.headers.authorization = `Bearer ${jwt}`
+    else LOG._warn && LOG.warn('Missing JWT token for forwardAuthToken')
   }
 
   let requestOptions
@@ -64,62 +57,20 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
   const maxBodyLength = cds.env?.remote?.max_body_length
   requestConfig = {
     ...requestConfig,
-    headers: {
-      custom: { ...requestConfig.headers }
-    },
+    headers: { custom: { ...requestConfig.headers } },
     ...(maxBodyLength && { maxBodyLength })
   }
 
   return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
 }
 
-const cloudSdk = () => {
+const _getCloudSdk = () => {
   if (_cloudSdk) return _cloudSdk
   // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   _cloudSdk = require('@sap-cloud-sdk/http-client')
   return _cloudSdk
 }
 
-const getDestination = (name, credentials) => {
-  // Cloud SDK wants property "queryParameters" but we have documented "queries"
-  if (credentials.queries && !credentials.queryParameters) {
-    credentials.queryParameters = credentials.queries
-  }
-
-  return { name, ...credentials }
-}
-
-/**
- * @param {import('@sap-cloud-sdk/connectivity').DestinationFetchOptions} [options]
- * @param {string} [jwt]
- * @returns {import('@sap-cloud-sdk/connectivity').DestinationFetchOptions}
- */
-const resolveDestinationOptions = function (options, jwt) {
-  if (!options && !jwt) return
-
-  const resolvedOptions = Object.assign({}, options ?? {})
-  resolvedOptions.jwt = jwt
-
-  if (options?.selectionStrategy) {
-    resolvedOptions.selectionStrategy = options.selectionStrategy
-  }
-
-  return resolvedOptions
-}
-
-const getKind = options => {
-  const kind = (options.credentials && options.credentials.kind) || options.kind
-  if (typeof kind === 'object') {
-    const k = Object.keys(kind).find(
-      key => key === 'odata' || key === 'odata-v4' || key === 'odata-v2' || key === 'rest'
-    )
-    // odata-v4 is equivalent of odata
-    return k === 'odata-v4' ? 'odata' : k
-  }
-
-  return kind
-}
-
 /**
  * Rest Client
  */
@@ -278,21 +229,10 @@ const _getSanitizedError = (e, reqOptions, options = { suppressRemoteResponseBod
 }
 
 // eslint-disable-next-line complexity
-const run = async (
-  requestConfig,
-  {
-    destination,
-    jwt,
-    kind,
-    resolvedTarget,
-    returnType,
-    suppressRemoteResponseBody,
-    destinationOptions,
-    csrf,
-    csrfInBatch
-  }
-) => {
+const run = async (requestConfig, options) => {
   let response
+
+  const { destination, destinationOptions, jwt, csrf, csrfInBatch, suppressRemoteResponseBody } = options
   try {
     response = await _executeHttpRequest({
       requestConfig,
@@ -368,31 +308,19 @@ const run = async (
     }
   }
 
+  const { kind, resolvedTarget, returnType } = options
   if (kind === 'odata-v4') return _purgeODataV4(response.data)
   if (kind === 'odata-v2') return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
   if (kind === 'odata') {
     if (typeof response.data !== 'object') return response.data
     // try to guess if we need to purge v2 or v4
-    if (response.data.d) {
-      return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
-    }
-
+    if (response.data.d) return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
     return _purgeODataV4(response.data)
   }
 
   return response.data
 }
 
-const getJwt = req => {
-  const headers = req?.context?.headers
-  if (headers?.authorization) {
-    const token = headers.authorization.match(/^bearer (.+)/i)
-    if (token) return token[1]
-  }
-
-  return null
-}
-
 const _cqnToReqOptions = (query, service, req) => {
   const { kind, model } = service
   const method = req.method
@@ -528,41 +456,12 @@ const getReqOptions = (req, query, service) => {
   if (service.path) reqOptions.url = `${encodeURI(service.path)}${reqOptions.url}`
 
   // set axios responseType to 'arraybuffer' if returning binary in rest
-  if (req._binary) {
-    reqOptions.responseType = 'arraybuffer'
-  }
+  if (req._binary) reqOptions.responseType = 'arraybuffer'
 
   return reqOptions
 }
 
-const getAdditionalOptions = (
-  req,
-  destination,
-  kind,
-  resolvedTarget,
-  returnType,
-  destinationOptions,
-  csrf,
-  csrfInBatch
-) => {
-  const jwt = getJwt(req)
-  const additionalOptions = {
-    destination,
-    kind,
-    resolvedTarget,
-    returnType,
-    destinationOptions,
-    csrf,
-    csrfInBatch
-  }
-  if (jwt) additionalOptions.jwt = jwt
-  return additionalOptions
-}
-
 module.exports = {
-  getKind,
   run,
-  getReqOptions,
-  getDestination,
-  getAdditionalOptions
+  getReqOptions
 }

package/libx/odata/afterburner.js

@@ -125,12 +125,15 @@ function getResolvedElement(entity, { ref }) {
   return element
 }
 
+const forbidden = { '(': 1, and: 1, or: 1, not: 1, ')': 1 }
+
 function _processWhere(where, entity) {
   for (let i = 0; i < where.length; i++) {
     const ref = where[i]
+    const operator = where[i + 1]
     const val = where[i + 2]
 
-    if (ref === '(' || ref === ')' || ref === 'and' || ref === 'or' || ref === 'not' || val === 'not' || ref.func) {
+    if (ref in forbidden || val in forbidden || ref.func) {
       continue
     }
     if (ref.xpr) {
@@ -138,6 +141,11 @@ function _processWhere(where, entity) {
       continue
     }
 
+    if (operator in forbidden) {
+      // xpr check needs to be done first, else it could happen, that we ignore xpr OR xpr
+      continue;
+    }
+
     let valIndex = -1
     let refIndex = -1
     if (typeof val === 'object') {
@@ -169,15 +177,16 @@ function _convertVal(element, value) {
     case 'cds.UInt8':
     case 'cds.Int16':
     case 'cds.Int32':
+      if (!/^\d+$/.test(value)) throw new Error('Not a valid integer')
       // eslint-disable-next-line no-case-declarations
       const n = Number(value)
-      if (Number.isSafeInteger(n)) return n
-      throw new Error('Not a valid integer') // TODO
+      if (!Number.isSafeInteger(n)) throw new Error('Not a valid integer')
+      return n
 
     case 'cds.String':
-    case 'cds.LargeString':      
+    case 'cds.LargeString':
       return String(value)
-    case 'cds.Double':      
+    case 'cds.Double':
       return parseFloat(value)
     case 'cds.Decimal':
     case 'cds.DecimalFloat':