@sap/cds 7.4.1 → 7.5.0

package/libx/rest/middleware/operation.js

@@ -1,58 +1,113 @@
 const cds = require('../../_runtime/cds')
-const { validateReturnType } = require('../../_runtime/cds-services/adapter/rest/utils/validation-checks')
 
 const RestRequest = require('../RestRequest')
 
-module.exports = async (_req, _res, next) => {
-  const { _srv: srv, _query: query, _operation: operation, _data: data, _params } = _req
+const { checkStatic, CDS_TYPE_CHECKS } = require('../../_runtime/cds-services/util/assert')
+const getError = require('../../_runtime/common/error')
 
-  let result
+// REVISIT: use i18n
+const _enrichErrorDetails = (isPrimitive, error) => {
+  const element = error.target ? ` '${error.target}' ` : ' '
+  const typeDetails = isPrimitive ? '.' : ` according to type definition '${error.type}'.`
+  const value = typeof error.value === 'string' ? `'${error.value}'` : error.value
+  if (element && element.match(/\w/)) return `Value ${value} of element${element}is invalid${typeDetails}`
+  return `Value ${value} is invalid${typeDetails}`
+}
 
-  // unfortunately, express doesn't catch async errors -> try catch needed
-  try {
-    const req = query
-      ? new RestRequest({ query, event: operation.name, data, params: _params })
-      : new RestRequest({ event: operation.name.replace(`${srv.namespace}.`, ''), data, params: _params })
-    result = await srv.dispatch(req)
-  } catch (e) {
-    return next(e)
-  }
+// REVISIT: use i18n
+const _getTypeError = (operation, type, errorDetails) => {
+  const typeErrors = errorDetails.map(error => _enrichErrorDetails(cds.builtin.types[type], error))
+  const msg = `Failed to validate return value ${type ? `of type '${type}' ` : ''}for custom ${operation.kind} '${
+    operation.name
+  }': ${typeErrors.join(' ')}`
+  return getError(msg)
+}
+
+const _validateReturnType = (operation, data) => {
+  // array of or single return type
+  // in case of modeled return type: { type: 'bookModel.Books', _type: csnDefinition }
+  // in case of inline return type: { elements: ... } and no explicit name of return type
+  const returnType = operation.returns.items ? operation.returns.items : operation.returns
+
+  if (typeof data === 'undefined') return true
+  if (returnType['@open']) return true
 
-  if (!operation.returns) {
-    _req._result = { status: 204 }
+  let checkResult
+
+  // .type of action/function behaves different to .type of other csn elements
+  // Return type contains primitives
+  // eslint-disable-next-line no-proto
+  const _type = typeof returnType._type === 'object' ? returnType.__proto__._type : returnType._type // REVISIT: super dirty hack for compiler's to.edmx polluting the csn definitions with ._type -> please use Symbols instead
+  const check = CDS_TYPE_CHECKS[_type] // IMPORTANT: use ._type
+  if (check) {
+    const array = Array.isArray(data) ? data : [data]
+    checkResult = array.filter(value => !check(value)).map(value => ({ type: _type, value }))
   } else {
-    // unfortunately, express doesn't catch async errors -> try catch needed
-    try {
-      // REVISIT: do not use from old rest adapter
-      // REVISIT: new impl should return instead of throwing to avoid try catch
-      validateReturnType(operation, result)
-
-      // set content-type header to text/plain for returned primitive data types, except for boolean
-      const returnType = operation.returns._type
-      if (
-        !_res.get('content-type') &&
-        !operation.returns.items &&
-        returnType &&
-        cds.builtin.types[returnType] &&
-        returnType !== 'cds.Boolean'
+    if (typeof data !== 'object') {
+      throw new Error(
+        `Invalid scalar value ${typeof data === 'string' ? `"${data}"` : data} for return type "${returnType.type}"`
       )
-        _res.set('content-type', 'text/plain')
-    } catch (e) {
-      return next(e)
     }
 
-    // REVISIT: Still needed with cds-mtxs?
-    // mtx compat, modeled as string but object returned
-    if (operation.returns._type === 'cds.String' && typeof result === 'object') {
-      _res.set('content-type', 'application/json')
+    // Only check complex objects, ignore non-modelled data
+    data = (Array.isArray(data) ? data : [data]).filter(entry => typeof entry === 'object' && !Array.isArray(entry))
+
+    // Determine entity from bound or unbound action/function
+    const returnTypeCsnDefinition = returnType._type || returnType
+
+    // REVISIT: remove exception with cds^6
+    // mtx returns object instead of string (as in modell) -> skip validation
+    if (returnTypeCsnDefinition.type !== 'cds.String') {
+      checkResult = checkStatic(returnTypeCsnDefinition, data, true)
     }
+  }
 
-    // REVISIT: still needed?
-    if (!operation.returns.items && Array.isArray(result)) result = result[0]
+  if (checkResult && checkResult.length !== 0) {
+    throw _getTypeError(operation, returnType.type, checkResult)
+  }
 
-    if (result === undefined) _req._result = { status: 204 }
-    else _req._result = { result }
+  return true
+}
+
+// TODO: add headers to return object to avoid passing _res
+module.exports = srv => async (_req, _res) => {
+  const { _query: query, _operation: operation, _data: data, _params } = _req
+
+  let result
+
+  const req = query
+    ? new RestRequest({ query, event: operation.name, data, params: _params })
+    : new RestRequest({ event: operation.name.replace(`${srv.namespace}.`, ''), data, params: _params })
+  result = await srv.dispatch(req)
+
+  if (!operation.returns) return { status: 204 }
+
+  // REVISIT: do not use from old rest adapter
+  // REVISIT: new impl should return instead of throwing to avoid try catch
+  _validateReturnType(operation, result)
+
+  // set content-type header to text/plain for returned primitive data types, except for boolean
+  const returnType = operation.returns._type
+  if (
+    !_res.get('content-type') &&
+    !operation.returns.items &&
+    returnType &&
+    cds.builtin.types[returnType] &&
+    returnType !== 'cds.Boolean'
+  ) {
+    _res.set('content-type', 'text/plain')
+  }
+
+  // REVISIT: Still needed with cds-mtxs?
+  // mtx compat, modeled as string but object returned
+  if (operation.returns._type === 'cds.String' && typeof result === 'object') {
+    _res.set('content-type', 'application/json')
   }
 
-  next()
+  // REVISIT: still needed?
+  if (!operation.returns.items && Array.isArray(result)) result = result[0]
+
+  if (result === undefined) return { status: 204 }
+
+  return { result }
 }

package/libx/rest/middleware/parse.js

@@ -6,12 +6,10 @@ const { where2obj } = require('../../_runtime/common/utils/cqn')
 const { convertStructured } = require('../../_runtime/common/utils/ucsn')
 const { deepCopy } = require('../../_runtime/common/utils/copy')
 
-module.exports = (req, res, next) => {
-  const { _srv: service } = req
-
+module.exports = srv => (req, res, next) => {
   // REVISIT: Once we don't display the error message location in terms of an offset, but instead a copy of the
   // original request including a marker, we don't need to provide the baseUrl here.
-  let query = cds.odata.parse(req.url, { service, baseUrl: req.baseUrl })
+  let query = cds.odata.parse(req.url, { service: srv, baseUrl: req.baseUrl })
 
   // parser always produces selects
   const _target = (req._target = query.SELECT && query.SELECT.from)
@@ -22,7 +20,7 @@ module.exports = (req, res, next) => {
     __target: definition,
     SELECT: { one }
   } = query
-  if (typeof definition === 'string') definition = service.model.definitions[definition] || service.model.definitions[definition.split(':$:')[0]].actions[definition.split(':$:')[1]]
+  if (typeof definition === 'string') definition = srv.model.definitions[definition] || srv.model.definitions[definition.split(':$:')[0]].actions[definition.split(':$:')[1]]
   delete query.__target
 
   // REVISIT: hack for actions and functions
@@ -104,7 +102,7 @@ module.exports = (req, res, next) => {
       req._data = {}
     } else {
       const payload = deepCopy(args || req.body)
-      convertStructured(service, operation || definition, payload, { cleanupStruct: cds.env.features.rest_struct_data })
+      convertStructured(srv, operation || definition, payload, { cleanupStruct: cds.env.features.rest_struct_data })
       req._data = payload
     }
   }

package/libx/rest/middleware/payload.js

@@ -1,13 +1,13 @@
 const { base64ToBuffer } = require('../../_runtime/common/utils/binary')
 
-module.exports = (req, res, next) => {
-  const { _srv, _query, _data, _operation } = req
+module.exports = srv => (req, res, next) => {
+  const { _query, _data, _operation } = req
   let definition = _operation || _query.__target
-  if (typeof definition === 'string') definition = _srv.model.definitions[definition] || _srv.model.definitions[definition.split(':$:')[0]].actions[definition.split(':$:')[1]]
+  if (typeof definition === 'string') definition = srv.model.definitions[definition] || srv.model.definitions[definition.split(':$:')[0]].actions[definition.split(':$:')[1]]
 
-  if (!(_data && _srv && definition)) return next()
+  if (!(_data && srv && definition)) return next()
 
-  base64ToBuffer(_data, _srv, definition)
+  base64ToBuffer(_data, srv, definition)
 
   next()
 }

package/libx/rest/middleware/read.js

@@ -1,27 +1,22 @@
 const RestRequest = require('../RestRequest')
 
-module.exports = async (_req, _res, next) => {
-  const { _srv: srv, _query: query, _target, _params } = _req
+module.exports = srv => async _req => {
+  const { _query: query, _target, _params } = _req
 
   let result,
     status = 200
 
-  // unfortunately, express doesn't catch async errors -> try catch needed
-  try {
-    const req = new RestRequest({ query, _target, params: _params, _req })
+  const req = new RestRequest({ query, _target, params: _params, _req })
 
-    // req.data is filled with keys during read and delete
-    if (_params) req.data = _params[_params.length - 1]
+  // req.data is filled with keys during read and delete
+  if (_params) req.data = _params[_params.length - 1]
 
-    result = await srv.dispatch(req)
+  result = await srv.dispatch(req)
 
-    // 204 or 404?
-    if (result == null && query.SELECT.one) {
-      if (_target.ref.length > 1) status = 204
-      else throw { code: 404 }
-    }
-  } catch (e) {
-    return next(e)
+  // 204 or 404?
+  if (result == null && query.SELECT.one) {
+    if (_target.ref.length > 1) status = 204
+    else throw { code: 404 }
   }
 
   // REVISIT: Still needed with cds-mtxs?
@@ -35,7 +30,6 @@ module.exports = async (_req, _res, next) => {
     // TODO check if this is needed
     result = result.toString()
   }
-  _req._result = { result, status }
 
-  next()
+  return { result, status }
 }

package/libx/rest/middleware/update.js

@@ -7,36 +7,31 @@ const UPSERT_ALLOWED = !(cds.env.runtime && cds.env.runtime.allow_upsert === fal
 
 const { deepCopyObject } = require('../../_runtime/common/utils/copy')
 
-module.exports = async (_req, _res, next) => {
-  let { _srv: srv, _query: query, _target, _data, _params } = _req
+module.exports = srv => async _req => {
+  let { _query: query, _target, _data, _params } = _req
+
   let result,
     status = 200
 
-  // unfortunately, express doesn't catch async errors -> try catch needed
+  // if upsert it allowed, we need to catch 404 and retry with create
   try {
-    // if upsert it allowed, we need to catch 404 and retry with create
-    try {
-      // add the data (as copy, if upsert allowed)
-      query.data(UPSERT_ALLOWED ? deepCopyObject(_data) : _data)
-
-      // REVISIT: if PUT, req.method should be PUT -> Crud2Http maps UPSERT to PUT
-      result = await srv.dispatch(new RestRequest({ query, _target, method: _req.method, params: _params }))
-      if (_params && result) Object.assign(result, _params[_params.length - 1])
-    } catch (e) {
-      if ((e.code === 404 || e.status === 404 || e.statusCode === 404) && UPSERT_ALLOWED) {
-        query = INSERT.into(query.UPDATE.entity).entries(
-          _params ? Object.assign(_data, _params[_params.length - 1]) : _data
-        )
-        result = await srv.dispatch(new RestRequest({ query, _target, params: _params }))
-        status = 201
-      } else {
-        throw e
-      }
-    }
+    // add the data (as copy, if upsert allowed)
+    query.data(UPSERT_ALLOWED ? deepCopyObject(_data) : _data)
+
+    // REVISIT: if PUT, req.method should be PUT -> Crud2Http maps UPSERT to PUT
+    result = await srv.dispatch(new RestRequest({ query, _target, method: _req.method, params: _params }))
+    if (_params && result) Object.assign(result, _params[_params.length - 1])
   } catch (e) {
-    return next(e)
+    if ((e.code === 404 || e.status === 404 || e.statusCode === 404) && UPSERT_ALLOWED) {
+      query = INSERT.into(query.UPDATE.entity).entries(
+        _params ? Object.assign(_data, _params[_params.length - 1]) : _data
+      )
+      result = await srv.dispatch(new RestRequest({ query, _target, params: _params }))
+      status = 201
+    } else {
+      throw e
+    }
   }
 
-  _req._result = { result, status }
-  next()
+  return { result, status }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "7.4.1",
+  "version": "7.5.0",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -33,6 +33,7 @@
     "node": ">=16"
   },
   "dependencies": {
+    "@cap-js/cds-types": "<1",
     "@sap/cds-compiler": "^4",
     "@sap/cds-fiori": "^1",
     "@sap/cds-foss": "^5.0.0"

package/server.js

@@ -1,6 +1,7 @@
 const cds = require('./lib'), { features } = cds.env
 // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-const express = require('express')
+const express = require('express'), fs = require('fs'), path = require('path')
+
 
 /**
  * Standard express.js bootstrapping, constructing an express `application`
@@ -72,7 +73,11 @@ const defaults = {
 
   cors,
 
-  get static() { return cds.env.folders.app },  //> defaults to ./app
+  get static() {
+    const dir = cds.env.folders.app //> defaults to ./app
+    if (dir && !fs.existsSync(path.resolve(cds.root, dir))) return undefined
+    return dir
+  },
 
   // default generic index.html page
   get index() {
@@ -89,7 +94,6 @@ const defaults = {
 
 
 // Helpers to delegate to imported UIs
-const path = require('path')
 const _app_serve = function (endpoint) { return {
   from: (pkg,folder) => {
     folder = !folder ? pkg : path.resolve(require.resolve(pkg+'/package.json',{paths:[cds.root]}),'../'+folder)
@@ -98,7 +102,6 @@ const _app_serve = function (endpoint) { return {
   }
 }}
 
-
 function cors (req, res, next) { // REVISIT: should that move into middlewares?
   const { origin } = req.headers
   if (origin) res.set('access-control-allow-origin', origin)

package/srv/outbox.cds

@@ -1,13 +1,12 @@
-using cuid from '@sap/cds/common';
-
 namespace cds.outbox;
 
-entity Messages : cuid {
-  timestamp: Timestamp;
-  target: String;
-  msg: LargeString;
-  attempts: Integer default 0;
-  partition: Integer default 0;
-  lastError: LargeString;
-  lastAttemptTimestamp: Timestamp @cds.on.update : $now;
+entity Messages {
+  key ID                   : UUID;
+      timestamp            : Timestamp;
+      target               : String;
+      msg                  : LargeString;
+      attempts             : Integer default 0;
+      partition            : Integer default 0;
+      lastError            : LargeString;
+      lastAttemptTimestamp : Timestamp @cds.on.update: $now;
 }

package/apis/env.d.ts

@@ -1,25 +0,0 @@
-export default class {
-  /**
-   * Access to the configuration for Node.js runtime and tools.
-   * The object is the effective result of configuration merged from various sources,
-   * filtered through the currently active profiles, thus highly dependent on the current working
-   * directory and process environment.
-   */
-  env : {
-    build: any,
-    hana: any,
-    i18n: any,
-    mtx: any,
-    requires: any,
-    folders: any,
-    odata: any,
-    query: any,
-    sql: any
-  }
-
-  requires: any
-  version: string
-  home: string
-  root: string
-
-}

package/apis/test.d.ts

@@ -1,81 +0,0 @@
-import { AxiosInstance } from 'axios';
-import chai from 'chai';
-import * as http from 'http';
-import { Service } from './services';
-
-declare class Axios {
-  get axios(): AxiosInstance;
-
-  get     : AxiosInstance['get'];
-  put     : AxiosInstance['put'];
-  post    : AxiosInstance['post'];
-  patch   : AxiosInstance['patch'];
-  delete  : AxiosInstance['delete'];
-  options : AxiosInstance['options'];
-
-  get GET()     : Axios['get'];
-  get PUT()     : Axios['put'];
-  get POST()    : Axios['post'];
-  get PATCH()   : Axios['patch'];
-  get DELETE()  : Axios['delete'];
-  get OPTIONS() : Axios['options'];
-}
-
-declare class DataUtil {
-  delete(db?: Service): Promise<void>;
-  reset(db?: Service): Promise<void>;
-  /** @deprecated */ autoReset(enabled: boolean): this;
-}
-
-declare class Test extends Axios {
-
-  test : Test
-
-  run(cmd: string, ...args: string[]): this;
-  in(...paths: string[]): this;
-  silent(): this;
-  /** @deprecated */ verbose(v: boolean): this;
-
-  get chai(): typeof chai;
-  get expect(): typeof chai.expect;
-  get assert(): typeof chai.assert;
-  get data(): DataUtil;
-  get cds(): typeof import('./cds')
-
-  log() : {
-    output: string
-    clear(): void
-    release(): void
-  }
-
-  then(r: (args: { server: http.Server, url: string }) => void): void;
-
-  // get sleep(): (ms: number) => Promise<void>;
-  // get spy(): <T, K extends keyof T>(o: T, f: K) => T[K] extends (...args: infer TArgs) => infer TReturnValue
-  //   ? Spy<TArgs, TReturnValue>
-  //   : Spy;
-}
-
-// typings for spy inspired by @types/sinon
-// interface Spy<TArgs extends any[] = any[], TReturnValue = any> {
-//   (...args: TArgs): TReturnValue;
-//   called: number;
-//   restore(): (...args: TArgs) => TReturnValue;
-// }
-
-export = cds
-
-declare class cds {
-  test: {
-    Test: typeof Test
-    /**
-     * @see [capire docs](https://cap.cloud.sap/docs/node.js/cds-test?q=cds.test#run)
-     */
-    (projectDir: string): Test;
-    /**
-     * @see [capire docs](https://cap.cloud.sap/docs/node.js/cds-test?q=cds.test#run-2)
-     */
-    (command: string, ...args: string[]): Test;
-    in (string) : Test
-  }
-}

package/apis/utils.d.ts

@@ -1,15 +0,0 @@
-export = cds
-
-declare class cds {
-
-	/**
-	 * Provides a set of utility functionss
-	 */
-	utils : {
-		/**
-		 * Generates a new v4 UUID
-		 * @see https://cap.cloud.sap/docs/node.js/cds-facade#cds-utils
-		 */
-		uuid () : string
-	}
-}

package/lib/auth/passport-basic.js

@@ -1,14 +0,0 @@
-// REVISIT: either document passport basic auth or remove it
-
-/* eslint-disable cds/no-missing-dependencies */
-module.exports = function passport_basic_auth (options) {
-  // const session = require('express-session')({ secret:'secret', resave:false, saveUninitialized:true, })
-  const { BasicStrategy } = require('passport-http')
-  const users = require ('./mocked-users') (options)
-  const passport = require('passport') .use (new BasicStrategy ((id, pwd, done) => {
-    let user = users.verify (id,pwd)
-    if (user.failed) return done (null, false, { message: user.failed })
-    else return done (null, user)
-  }))
-  return passport.authenticate('basic', {session:false})
-}

package/lib/auth/passport-digest.js

@@ -1,16 +0,0 @@
-// REVISIT: either document passport digest auth or remove it
-
-/* eslint-disable cds/no-missing-dependencies */
-module.exports = function passport_digest_auth (options) {
-  // const session = require('express-session')({ secret:'secret', resave:false, saveUninitialized:true, })
-  const { users } = require ('./mocked-users') (options)
-  const { DigestStrategy } = require('passport-http')
-  const passport = require('passport') .use (new DigestStrategy ((id, done) => {
-    // REVISIT: this is never called -> no clue why
-    console.trace (id)
-    const u = users[id]
-    if (!u) return done (null, false)
-    else return done (null, u, u.password)
-  }))
-  return passport.authenticate('digest', {session:false})
-}

package/lib/env/presets.js

@@ -1,35 +0,0 @@
-const cds = require('../index')
-
-const { join } = cds.utils.path
-
-const PROTOCOLS = {
-  'odata-v4': { path: '/odata/v4', impl: join(__dirname,'../srv/protocols/odata-v4') },
-  rest: { path: '/rest', impl: join(__dirname,'../srv/protocols/rest') }
-}
-
-// REVISIT: Looks very hard-coded -> move this to consumers?
-module.exports = function (conf) {
-  let { features } = conf
-
-  // protocols configuration
-  let p = conf.protocols || {}
-  for (let [k, o] of Object.entries(p)) {
-    if (typeof o === 'string') p[k] = { path: o }
-    if (!p[k].path.startsWith('/')) p[k].path = `/${p[k].path}`
-  }
-
-  p['odata-v4'] = Object.assign({}, PROTOCOLS['odata-v4'], p.odata, p['odata-v4'])
-  p.odata = Object.assign({}, PROTOCOLS['odata-v4'], p['odata-v4'], p.odata)
-  p.rest = Object.assign({}, PROTOCOLS.rest, p.rest)
-
-  // odata must always be first for fallback
-  conf.protocols = { odata: p.odata, ...p }
-
-  // integrity checks
-  if (!features) return
-  if (typeof features.assert_integrity === 'string' && features.assert_integrity.match(/db/i)) {
-    features.assert_integrity = true
-    features.assert_integrity_type = 'DB'
-  } else features.assert_integrity = false
-}
-

package/lib/log/format/cf.js

@@ -1,16 +0,0 @@
-const cds = require ('../../')
-const kibana = require('./kibana')
-
-/*
- * extension of log formatter for kibana that additionally logs Cloud Foundry specific data
- */
-module.exports = (module, level, ...args) => {
-  const toLog = kibana.addFields(module, level, ...args)
-
-  toLog.layer = 'cds'
-
-  // cds.context._ instead of cds.context.http because of messaging
-  toLog.tenant_subdomain = cds.context?._?.req?.authInfo?.getSubdomain?.()
-
-  return kibana.format(toLog)
-}