@sap/cds 7.3.1 → 7.4.1

package/libx/_runtime/remote/utils/client.js

@@ -7,41 +7,34 @@ const { convertV2ResponseData, deepSanitize, convertV2PayloadData } = require('.
 
 let _cloudSdk
 
-const PPPD = {
-  POST: 1,
-  PUT: 1,
-  PATCH: 1,
-  DELETE: 1
-}
-
+const PPPD = { POST: 1, PUT: 1, PATCH: 1, DELETE: 1 }
 const KINDS_SUPPORTING_BATCH = { odata: 1, 'odata-v2': 1, 'odata-v4': 1 }
 
 const _sanitizeHeaders = headers => {
-  if (headers && headers.authorization) headers.authorization = headers.authorization.split(' ')[0] + ' ...'
-
+  // REVISIT: is this in-place modification intended?
+  if (headers?.authorization) headers.authorization = headers.authorization.split(' ')[0] + ' ***'
   return headers
 }
 
 const _executeHttpRequest = async ({ requestConfig, destination, destinationOptions, jwt, csrf, csrfInBatch }) => {
-  const { executeHttpRequestWithOrigin } = cloudSdk()
-  const destinationName = typeof destination === 'string' && destination
+  const { executeHttpRequestWithOrigin } = _getCloudSdk()
 
-  if (destinationName) {
-    destination = { destinationName, ...(resolveDestinationOptions(destinationOptions, jwt) ?? {}) }
+  if (typeof destination === 'string') {
+    destination = {
+      destinationName: destination,
+      ...destinationOptions,
+      ...{ jwt: destinationOptions?.jwt !== undefined ? destinationOptions.jwt : jwt }
+    }
+    if (destination.jwt !== undefined && !destination.jwt) delete destination.jwt // don't pass any value
   } else if (destination.forwardAuthToken) {
     destination = {
       ...destination,
       headers: destination.headers ? { ...destination.headers } : {},
       authentication: 'NoAuthentication'
     }
-
     delete destination.forwardAuthToken
-
-    if (jwt) {
-      destination.headers.authorization = `Bearer ${jwt}`
-    } else {
-      LOG._warn && LOG.warn('Missing JWT token for forwardAuthToken')
-    }
+    if (jwt) destination.headers.authorization = `Bearer ${jwt}`
+    else LOG._warn && LOG.warn('Missing JWT token for forwardAuthToken')
   }
 
   let requestOptions
@@ -64,62 +57,20 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
   const maxBodyLength = cds.env?.remote?.max_body_length
   requestConfig = {
     ...requestConfig,
-    headers: {
-      custom: { ...requestConfig.headers }
-    },
+    headers: { custom: { ...requestConfig.headers } },
     ...(maxBodyLength && { maxBodyLength })
   }
 
   return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
 }
 
-const cloudSdk = () => {
+const _getCloudSdk = () => {
   if (_cloudSdk) return _cloudSdk
   // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   _cloudSdk = require('@sap-cloud-sdk/http-client')
   return _cloudSdk
 }
 
-const getDestination = (name, credentials) => {
-  // Cloud SDK wants property "queryParameters" but we have documented "queries"
-  if (credentials.queries && !credentials.queryParameters) {
-    credentials.queryParameters = credentials.queries
-  }
-
-  return { name, ...credentials }
-}
-
-/**
- * @param {import('@sap-cloud-sdk/connectivity').DestinationFetchOptions} [options]
- * @param {string} [jwt]
- * @returns {import('@sap-cloud-sdk/connectivity').DestinationFetchOptions}
- */
-const resolveDestinationOptions = function (options, jwt) {
-  if (!options && !jwt) return
-
-  const resolvedOptions = Object.assign({}, options ?? {})
-  resolvedOptions.jwt = jwt
-
-  if (options?.selectionStrategy) {
-    resolvedOptions.selectionStrategy = options.selectionStrategy
-  }
-
-  return resolvedOptions
-}
-
-const getKind = options => {
-  const kind = (options.credentials && options.credentials.kind) || options.kind
-  if (typeof kind === 'object') {
-    const k = Object.keys(kind).find(
-      key => key === 'odata' || key === 'odata-v4' || key === 'odata-v2' || key === 'rest'
-    )
-    // odata-v4 is equivalent of odata
-    return k === 'odata-v4' ? 'odata' : k
-  }
-
-  return kind
-}
-
 /**
  * Rest Client
  */
@@ -278,21 +229,10 @@ const _getSanitizedError = (e, reqOptions, options = { suppressRemoteResponseBod
 }
 
 // eslint-disable-next-line complexity
-const run = async (
-  requestConfig,
-  {
-    destination,
-    jwt,
-    kind,
-    resolvedTarget,
-    returnType,
-    suppressRemoteResponseBody,
-    destinationOptions,
-    csrf,
-    csrfInBatch
-  }
-) => {
+const run = async (requestConfig, options) => {
   let response
+
+  const { destination, destinationOptions, jwt, csrf, csrfInBatch, suppressRemoteResponseBody } = options
   try {
     response = await _executeHttpRequest({
       requestConfig,
@@ -368,31 +308,19 @@ const run = async (
     }
   }
 
+  const { kind, resolvedTarget, returnType } = options
   if (kind === 'odata-v4') return _purgeODataV4(response.data)
   if (kind === 'odata-v2') return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
   if (kind === 'odata') {
     if (typeof response.data !== 'object') return response.data
     // try to guess if we need to purge v2 or v4
-    if (response.data.d) {
-      return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
-    }
-
+    if (response.data.d) return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
     return _purgeODataV4(response.data)
   }
 
   return response.data
 }
 
-const getJwt = req => {
-  const headers = req?.context?.headers
-  if (headers?.authorization) {
-    const token = headers.authorization.match(/^bearer (.+)/i)
-    if (token) return token[1]
-  }
-
-  return null
-}
-
 const _cqnToReqOptions = (query, service, req) => {
   const { kind, model } = service
   const method = req.method
@@ -459,8 +387,8 @@ const getReqOptions = (req, query, service) => {
     typeof query === 'object'
       ? _cqnToReqOptions(query, service, req)
       : typeof query === 'string'
-      ? _stringToReqOptions(query, req.data, req.target)
-      : _pathToReqOptions(req.method, req.path, req.data, req.target, service.name)
+        ? _stringToReqOptions(query, req.data, req.target)
+        : _pathToReqOptions(req.method, req.path, req.data, req.target, service.name)
 
   if (service.kind === 'odata-v2' && req.event === 'READ' && reqOptions.url?.match(/(\/any\()|(\/all\()/)) {
     req.reject(501, 'Lambda expressions are not supported in OData v2')
@@ -528,41 +456,12 @@ const getReqOptions = (req, query, service) => {
   if (service.path) reqOptions.url = `${encodeURI(service.path)}${reqOptions.url}`
 
   // set axios responseType to 'arraybuffer' if returning binary in rest
-  if (req._binary) {
-    reqOptions.responseType = 'arraybuffer'
-  }
+  if (req._binary) reqOptions.responseType = 'arraybuffer'
 
   return reqOptions
 }
 
-const getAdditionalOptions = (
-  req,
-  destination,
-  kind,
-  resolvedTarget,
-  returnType,
-  destinationOptions,
-  csrf,
-  csrfInBatch
-) => {
-  const jwt = getJwt(req)
-  const additionalOptions = {
-    destination,
-    kind,
-    resolvedTarget,
-    returnType,
-    destinationOptions,
-    csrf,
-    csrfInBatch
-  }
-  if (jwt) additionalOptions.jwt = jwt
-  return additionalOptions
-}
-
 module.exports = {
-  getKind,
   run,
-  getReqOptions,
-  getDestination,
-  getAdditionalOptions
+  getReqOptions
 }

package/libx/odata/afterburner.js

@@ -125,12 +125,15 @@ function getResolvedElement(entity, { ref }) {
   return element
 }
 
+const forbidden = { '(': 1, and: 1, or: 1, not: 1, ')': 1 }
+
 function _processWhere(where, entity) {
   for (let i = 0; i < where.length; i++) {
     const ref = where[i]
+    const operator = where[i + 1]
     const val = where[i + 2]
 
-    if (ref === '(' || ref === ')' || ref === 'and' || ref === 'or' || ref === 'not' || val === 'not' || ref.func) {
+    if (ref in forbidden || val in forbidden || ref.func) {
       continue
     }
     if (ref.xpr) {
@@ -138,6 +141,11 @@ function _processWhere(where, entity) {
       continue
     }
 
+    if (operator in forbidden) {
+      // xpr check needs to be done first, else it could happen, that we ignore xpr OR xpr
+      continue;
+    }
+
     let valIndex = -1
     let refIndex = -1
     if (typeof val === 'object') {
@@ -165,19 +173,21 @@ function _processWhere(where, entity) {
 function _convertVal(element, value) {
   if (value === null) return value
   switch (element._type) {
-    case 'cds.Integer':
     case 'cds.UInt8':
+    case 'cds.Integer':
     case 'cds.Int16':
     case 'cds.Int32':
+      if (!/^-?\d+$/.test(value)) throw new Error('Not a valid integer')
       // eslint-disable-next-line no-case-declarations
       const n = Number(value)
-      if (Number.isSafeInteger(n)) return n
-      throw new Error('Not a valid integer') // TODO
+      if (!Number.isSafeInteger(n)) throw new Error('Not a valid integer')
+      if (element._type === 'cds.UInt8' && n < 0) throw new Error('Not a positive integer')
+      return n
 
     case 'cds.String':
-    case 'cds.LargeString':      
+    case 'cds.LargeString':
       return String(value)
-    case 'cds.Double':      
+    case 'cds.Double':
       return parseFloat(value)
     case 'cds.Decimal':
     case 'cds.DecimalFloat':

package/libx/odata/grammar.peggy

@@ -36,9 +36,25 @@
     // we keep that here to allow for usage in https://peggyjs.org/online
     const safeNumber =
       options.safeNumber ||
-      function (str) {
-        const n = Number(str)
-        return Number.isSafeInteger(n) ? n : str
+      function (inputString) {
+        if (typeof inputString !== 'string') return inputString
+        // Try to parse the input string as a floating-point number using parseFloat
+          const parsedFloat = parseFloat(inputString)
+      
+        // Check if the parsed value is not NaN and is equal to the original input string
+        if (!isNaN(parsedFloat) && String(parsedFloat) === inputString) {
+          return parsedFloat
+        } 
+    
+        // Try to parse the input string as an integer using parseInt
+        const parsedInt = parseInt(inputString);
+        // special case like '3.00000000000001', the precision is not lost and string is returned
+        if (!isNaN(parsedInt) && String(parsedInt) === inputString.replace(/^-?\d+\.0+$/, inputString.split('.')[0])) {
+          return parsedInt
+        }
+
+        // If none of the above conditions are met, return the input string as is
+        return inputString
       }
     const skipToken = options.skipToken
     const standardBase64 =
@@ -380,7 +396,9 @@
     "$skip="        o val:skip { _setLimitOffset(val) } /
     "$search="      o s:search { if (s) SELECT.search = s } /
     "$count="       o count /
-    "$apply="       o trafos:transformations { return trafos }
+    "$apply="       o trafos:transformations { return trafos } /
+    //Workaround to support empty expand even if not OData compliant old adapter supported it and did not crash
+    "$expand=" {return null}
 
   temporal = ("$at" / "$from" / "$toInclusive" / "$to") "=" date
 
@@ -600,7 +618,8 @@
   aliasedParamVal = val / jsonObject / jsonArray / "[" list:innerList "]" { return { list } }
 
   custom
-    = [a-zA-Z0-9-_.~]+ "=" [^&]*
+    = [a-zA-Z0-9-_.~]+ ("=" [^&]*)?
+
   aliasedParam "an aliased parameter (@param)" = "@" i:identifier { return "@" + i }
   aliasedParamEqualsVal = alias:aliasedParam "=" !aliasedParam value:aliasedParamVal {
     _replaceAliased(SELECT, alias, value);
@@ -655,9 +674,9 @@
     }
 
   val
-    = val:(bool / date) {return {val}}
-    / val:time {return {val}}
+    = val:bool {return {val}}
     / val:date {return {val}}
+    / val:time {return {val}}
     / val:guid {return {val}}
     / val:number {return typeof val === 'number' ? {val} : { val, literal:'number' }}
     / val:string {return {val}}

package/libx/odata/metadata.js

@@ -1,6 +1,7 @@
 const cds = require('../../lib')
 const LOG = cds.log('odata')
 const crypto = require('crypto')
+const { join } = require ('path')
 
 const _requestedFormat = (queryOption, header) => {
   if (queryOption) return queryOption.match(/json/i) ? 'json' : 'xml'
@@ -44,6 +45,12 @@ const generateEtag = s => {
 
 const odata_error = (code, message) => ({ error: { code, message } })
 
+const mpSupportsEmptyLocale = () => {   
+  const pkg = require(join('@sap/cds-mtxs', 'package.json'))  
+  const version = pkg.version.match(/^(\d+\.)?(\d+\.)?(\*|\d+)$/).map(Number)
+  return version[1] > 1 || (version[1] === 1 && version[2] >= 12)
+}
+
 module.exports = srv =>
   async function metadata(req, res, next) {
     if (req.path === '/$metadata') {
@@ -85,10 +92,20 @@ module.exports = srv =>
             )
 
         try {
-          const edmx = await mps.getEdmx({ tenant, model: srv.model, service: srv.definition.name, locale })
+          let edmx
+          // REVISIT: remove check later
+          if (mpSupportsEmptyLocale()) {
+            edmx = metadataCache.edm || await mps.getEdmx({ tenant, model: srv.model, service: srv.definition.name })
+            metadataCache.edm = edmx
+            const extBundle = cds.env.requires.extensibility && await mps.getI18n({ tenant, locale })
+            edmx = cds.localize(srv.model, locale, edmx, extBundle)
+          } else {
+            edmx = await mps.getEdmx({ tenant, model: srv.model, service: srv.definition.name, locale })
+          }
           metadataCache.xmlEtag[locale] = generateEtag(edmx)
           res.set('Content-Type', 'application/xml')
           res.send(edmx)
+          return
         } catch (e) {
           if (LOG._error) {
             e.message = 'Unable to get EDMX for tenant ' + tenant + ' due to error: ' + e.message