@sap/cds 7.4.2 → 7.5.1

package/CHANGELOG.md

@@ -4,6 +4,106 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 7.5.1 - 2023-12-21
+
+### Fixed
+
+- Resolving custom authentication implementation pointer
+
+## Version 7.5.0 - 2023-12-14
+
+### Added
+
+- Support for expressions in where clause of `@restrict` annotation.
+  - Example: `@(restrict : [{ grant : ['*'], where : (NAME = $user) }])`
+- Function `cds.unboxed(srv)` to get the non-outboxed variant of the service
+- Service implementations can now be provided in .mjs modules.
+- Remote services: advanced configurable `CSRF` token fetching HTTP method and the URL.
+  For example, in the configuration of your remote services, you can now configure the HTTP method and URL as follows:
+  ```json
+  "cds": {
+    "requires": {
+      "API_BUSINESS_PARTNER": {
+        "kind": "odata",
+        "model": "srv/external/API_BUSINESS_PARTNER",
+        "csrf": { // this configuration implies `csrf: true`
+          "method": "get",
+          "url": "..."
+        } 
+      }
+    }
+  }
+  ```
+- `cds.log`'s built-in JSON formatter:
+  + Extract custom fields (`cds.env.log.als_custom_fields`) and categories from args (not only error-like first objects)
+    * Example: `LOG.info('foo', { query: 'SELECT * FROM DUMMY' }, 'bar', { categories: ['baz'] })`
+  + `cds.env.log.mask_headers = [...]` allows to specify a list of matchers for which the header value shall be masked (i.e., printed as `***`)
+    * Default: `['/authorization/i', '/cookie/i']`
+- `cds.env.fiori.bypass_draft` feature flag, designed to enable direct modifications via `POST` and `PATCH` of
+active instances in lean draft mode (`cds.env.fiori.lean_draft=true`). For example:
+
+```http
+POST /Orders
+{
+  "IsActiveEntity": true
+}
+```
+
+- Auth kind `ias`: same SAML attr api as auth kind `xsuaa` for easier migration
+
+### Changed
+
+- Removed and integrated former `ctx-auth` middleware into `cds.auth` middleware
+- `cds.log`:
+  + `cds.env.log.format = 'plain'|'json'` allows to configure which built-in formatter is used. Defaults to `json` in production, `plain` otherwise.
+  + If built-in JSON formatter is used:
+    * Field `tenant_subdomain` is filled if running on CF and information is available through authentication
+    * Additional CF-related fields are filled if running on CF
+    * Custom fields (`cds.env.log.als_custom_fields`) are filled if bound to an instance of Application Logging Service
+    * Field `categories` is filled if bound to an instance of Application Logging Service
+  + Config `cds.env.log.kibana_custom_fields` changed to `cds.env.log.als_custom_fields` (ALS = Application Logging Service) with compatibility until next major
+- Package `passport` is no longer required (if `cds.env.requires.middlewares` is not set to `false`)
+- Type definitions for the APIs of this package are now maintained in package [`@cap-js/cds-types`](https://npmjs.com/package/@cap-js/cds-types).
+  - If you used one of the types `CSN`, `Definitions`, `entity` of _@sap/cds/apis/reflect_, use the `Linked` counterparts instead.
+  - If you used the type `CQNQuery` of _@sap/cds/apis/cqn_, use `SELECT` or a union type instead.
+  - This also includes various fixes to Typings for
+    - `req.subject` like `SELECT.from(req.subject)`
+    - `SELECT.columns([...])`
+    - `cds.db`
+    - `cds.util`
+    - `cds.context.features`
+- The number of files logged on `cds serve` is now limited to 30 by default. You can run with `DEBUG=serve` to show all files.
+- `express.static` is only mounted if the target folder (`cds.folders.app`) exists
+- `cds.outbox.Messages` no longer uses aspect `cuid` to reduce model size impact in case `@sap/cds/common` is not used otherwise
+
+### Fixed
+
+- Messaging: Listen to `*`
+- Drafts of `@readonly` entities cannot be deleted
+- Made `srv.prepend()` robust by not allowing async callbacks and hence not being an async function itself anymore
+- Formatting for stringified number-literal value
+- Secrets are now masked with `DEBUG=cds.service.factory`
+- The timestamp of cds.context is not propagated to new root contexts
+- `cds.localize` uses less memory to create translation bundles
+- `UPSERT` operation failed to fill DateTime/Timestamp fields
+- Use original logic (based on `NODE_ENV`) to load cds plugins from `devDependencies`
+- Property `tenant` also available on express' `req` object with basic and mocked auth
+- Empty `req.data` in before `DELETE` handler in draft
+- Loading `cds-plugins` now offers a hook to add more flexible plugin loader, e.g. for corrupt `package.json` files.
+- Ignore default values of associations for draft entities
+- OData: client-side errors (4xx) logged as warnings instead of errors
+- IAS authentication: use `tokenInfo.getClientId()` instead of `payload.azp` as it implements a fallback
+- Deep updates with binary keys
+- Allow `null` values in `cds.env` (example package.json excerpt: `{ "cds": { "features": { "foo": null } } }`)
+- Collection bound actions/functions called via navigation
+
+### Removed
+
+- Deprecated global configuration feature flag `cds.env.features.fetch_csrf`.
+  Instead, please use `csrf` and `csrfInBatch` in the configuration of your remote services.
+  These options will allow to configure CSRF-token handling.
+- Compat for deprecated `cds.env.auth.passport`. Use `cds.env.requires.auth` instead.
+
 ## Version 7.4.2 - 2023-11-30
 
 ### Fixed

package/apis/cds.d.ts

@@ -1,40 +1,3 @@
-import * as ql from './ql'
-
-declare global {
-	const cds : cds_facade
-}
+import * as cds from '@cap-js/cds-types'
 
 export = cds
-
-type cds_facade = {}
-& import('./core').default
-& import('./env').default
-& import('./models').default
-& import('./server').default
-& import('./services').QueryAPI
-& import('./services').default
-& import('./events').default
-& import('./ql').cds_ql
-& import('./log')
-& import('./utils')
-& import('./test')
-
-declare global {
-	// these provide the functionality from SELECT, INSERT, etc in the global facade
-	const SELECT: typeof cds.ql.SELECT
-	const INSERT: typeof cds.ql.INSERT
-	const UPSERT: typeof cds.ql.UPSERT
-	const UPDATE: typeof cds.ql.UPDATE
-	const DELETE: typeof cds.ql.DELETE
-	const CREATE: typeof cds.ql.CREATE
-	const DROP: typeof cds.ql.DROP
-
-	// and these allow us to use them as type too, i.e. `const q: SELECT<Book> = ...`
-	type SELECT<T> = ql.SELECT<T>
-	type INSERT<T> = ql.INSERT<T>
-	type UPSERT<T> = ql.UPSERT<T>
-	type UPDATE<T> = ql.UPDATE<T>
-	type DELETE<T> = ql.DELETE<T>
-	type CREATE<T> = ql.CREATE<T>
-	type DROP<T>   = ql.DROP<T>
-}

package/apis/core.d.ts

@@ -1,101 +1,21 @@
-import { LinkedAssociation, LinkedEntity, linked } from './linked'
-import * as csn from './csn'
-import { service } from './server'
-
-// These are classes actually -> using the new() => interface trick
-export type Association = new(_?:object) => LinkedAssociation
-export type Composition = new(_?:object) => LinkedAssociation
-export type entity = new(_?:object) => LinkedEntity
-export type event = new(_?:object) => linked & csn.struct
-export type type = new(_?:object) => linked & csn.type
-export type array = new(_?:object) => linked & csn.type
-export type struct = new(_?:object) => linked & csn.struct
-
-export default class cds {
-  // infer (query : cqn, model : csn) : LinkedDefinition
-
-  builtin: {
-    /**
-     * Base classes of linked definitions from reflected models.
-     * @see [capire](https://cap.cloud.sap/docs/node.js/cds-reflect#cds-builtin-classes)
-     */
-    classes: {
-      Association: Association
-      Composition: Composition
-      entity: entity
-      event: event
-      type: type
-      array: array
-      struct: struct
-      service: service
-    }
-    types: {}
-  }
-
-  /**
-   * Base class for linked Associations from reflected models.
-   * @see [capire](https://cap.cloud.sap/docs/node.js/cds-reflect#cds-Association)
-   */
-  Association: Association
-
-  /**
-   * Base class for linked Compositions from reflected models.
-   * @see [capire](https://cap.cloud.sap/docs/node.js/cds-reflect#cds-Association)
-   */
-  Composition: Composition
-
-  /**
-   * Base class for linked entities from reflected models.
-   * @see [capire](https://cap.cloud.sap/docs/node.js/cds-reflect#cds-entity)
-   */
-  entity: entity
-
-  event: event
-  type: type
-  array: array
-  struct: struct
-
-  /**
-   * Add aspects to a given object, for example:
-   *
-   *    extend (Object.prototype) .with (class {
-   *       get foo() { return ... }
-   *       bar() {...}
-   *    }.prototype)
-   */
-  extend<T>(target: T): {
-    with<E extends readonly unknown[]>(...ext: E): T & Intersect<E>
-  }
-
-  /**
-   * Equip a given facade object with getters for lazy-loading modules instead
-   * of static requires. Example:
-   *
-   *    const facade = lazify ({
-   *       sub: lazy => require ('./sub-module')
-   *    })
-   *
-   * The first usage of `facade.sub` will load the sub module
-   * using standard Node.js's `module.require` functions.
-   */
-  lazify <T>(target: T) : T
-
-  /**
-   * Prepare a node module for lazy-loading submodules instead
-   * of static requires. Example:
-   *
-   *    require = lazify (module) //> turns require into a lazy one
-   *    const facade = module.exports = {
-   *       sub: require ('./sub-module')
-   *    })
-   *
-   * The first usage of `facade.sub` will load the sub module
-   * using standard Node.js's `module.require` functions.
-   */
-  lazified <T>(target: T) : T
-
-}
-
-type Intersect<T extends readonly unknown[]> = T extends [infer Head, ...infer Tail]
-  ? Head & Intersect<Tail>
-  : unknown
+/**
+ * DO NO LONGER IMPORT THIS FILE
+ *
+ * Instead use:
+ *
+ * @example
+ * ```
+ *   import * as cds from '@sap/cds'
+ *   cds.Request
+ * or
+ *   import { Request } from '@sap/cds'
+ * or
+ *   @type { import('@sap/cds').Request }
+ * ```
+ *
+ * @deprecated
+ */
+export * from '@cap-js/cds-types/apis/core'
+
+// this was moved to 'events' with 7.4
+export { User } from '@cap-js/cds-types'

package/apis/cqn.d.ts

@@ -1,76 +1,18 @@
-import { entity } from "./csn" // cyclic dependency
-
-// FIXME: a union type would be more appropriate here
-export type Query = Partial<SELECT & INSERT & UPDATE & DELETE & CREATE & DROP & UPSERT>
-
-export type SELECT = {SELECT:{
-	distinct?: true
-	one? : boolean
-	from : source
-	mixin?: {[key:string]: expr}
-	columns? : column_expr[]
-	excluding? : string[]
-	where? : predicate
-	having? : predicate
-	groupBy? : expr[]
-	orderBy? : ordering_term[]
-	limit?: { rows:val, offset:val }
-}}
-
-export type INSERT = {INSERT:{
-	into : ref | name
-	entries : data[]
-	columns : string[]
-	values : scalar[]
-	rows : scalar[][]
-	as : SELECT
-}}
-
-export type UPSERT = {UPSERT:{
-	into : ref | name
-	columns : string[]
-	entries : data[]
-	values : scalar[]
-	rows : scalar[][]
-}}
-
-export type UPDATE = {UPDATE:{
-	entity : ref | name
-	data : { [key:string] : expr }
-	where? : predicate
-}}
-
-export type DELETE = {DELETE:{
-	from : ref | name
-	where? : predicate
-}}
-
-export type CREATE = {CREATE:{
-	entity : entity | name
-	as: SELECT
-}}
-
-export type DROP = {DROP:{
-	entity : name
-	table: ref
-	view: ref
-}}
-
-type scalar = number | string | boolean | null
-type data = Record<string,any>
-type name = string
-type source = ( ref | SELECT ) & { as?: name, join?:name, on?:xpr }
-export type column_expr = expr & { as?: name, cast?:any, expand?: column_expr[], inline?: column_expr[] }
-export type predicate = _xpr
-type ordering_term = expr & { sort?: "asc"|"desc", nulls?: "first"|"last" }
-
-export type expr = ref | val | xpr | function_call | SELECT
-type ref = {ref:( name & { id?:string, where?:expr, args?:expr[] } )[]}
-type val = {val:any}
-type xpr = {xpr:_xpr}
-type _xpr = ( expr | operator ) []
-type operator = string
-type function_call = {func: string, args: {[key: string]: unknown}[]}
-
-export type enum_literal = {"#": string}
-export type expr_literal = {"=": string}
+/**
+ * DO NO LONGER IMPORT THIS FILE
+ *
+ * Instead use:
+ *
+ * @example
+ * ```
+ *   import * as cds from '@sap/cds'
+ *   cds.Request
+ * or
+ *   import { Request } from '@sap/cds'
+ * or
+ *   @type { import('@sap/cds').Request }
+ * ```
+ *
+ * @deprecated
+ */
+export * from '@cap-js/cds-types/apis/cqn'

package/apis/csn.d.ts

@@ -1,117 +1,21 @@
-import { SELECT, ref, predicate } from './cqn'
-
-/**
- * A parsed CDS model in CSN object notation.
- */
-export interface CSN {
-  /**
-   * The assigned namespace. If parsed from multiple sources,
-   * this is the topmost model's namespace, if any, not the
-   * ones of imported models.
-   */
-  namespace?: string
-
-  /**
-   * The list of usings in this parsed model. Not available after
-   * imports have been resolved into a merged model.
-   */
-  requires?: string[]
-
-  /**
-   * All definitions in the model including those from imported models.
-   */
-  definitions?: Record<FQN, Definition>
-
-  /**
-   * All extensions in the model including those from imported models.
-   * Not available after extensions have been applied.
-   */
-  extensions?: Extension[]
-
-  /**
-   * The names of the files from which this model has been loaded.
-   */
-  $sources?: string[]
-}
-
-/**
- * The fully-quality name of a definition.
- */
-export type FQN = string
-
 /**
- * Definitions are the central elements of a CDS model.
+ * DO NO LONGER IMPORT THIS FILE
+ *
+ * Instead use:
+ *
+ * @example
+ * ```
+ *   import * as cds from '@sap/cds'
+ *   cds.Request
+ * or
+ *   import { Request } from '@sap/cds'
+ * or
+ *   @type { import('@sap/cds').Request }
+ * ```
+ *
+ * @deprecated
  */
-export type Definition = context & service & type & struct & entity & Association
-// NOTE: If we use & instead of | CSN.definitions values would be reduced to <never>
-
-/**
- * Extensions capture extend Foo with { ... } directives.
- */
-export type Extension = {
-  extend: FQN
-  elements?: { [name: string]: Element }
-  includes?: FQN[]
-}
-
-export type Element = type & struct & Association
-
-export type kinds = 'type' | 'entity' | 'event' | 'service' | 'context' | 'struct'
-
-export interface any_ { kind?: kinds }
-export interface context extends any_ { }
-export interface service extends any_ { }
-
-export interface type extends any_ {
-  type?: FQN
-  items?: type
-}
-
-export interface struct extends type {
-  /**
-   * References to definitions to be included.
-   * Not available after extensions have been applied.
-  */
-  includes?: FQN[]
-  elements: { [name: string]: Element }
-}
-
-export interface entity extends Omit<struct,'elements'> {
-  /**
-   * Entities with a query signify a view
-   */
-  query?: SELECT
-  /**
-   * Elements of entities may have additional qualifiers
-   */
-  elements : EntityElements
-  // REVISIT: following should move to LinkedCSN
-  keys: { [name: string]: Definition }
-  drafts: entity
-}
-
-export type EntityElements = {
-    [name:string]: Element & {
-        key? : boolean
-        virtual? : boolean
-        unique? : boolean
-        notNull? : boolean
-    }
-}
+export * from '@cap-js/cds-types/apis/csn'
 
-export interface Association extends type {
-  type: 'cds.Association' | 'cds.Composition'
-  target: FQN
-  /**
-   * The specified cardinality. to-one = {max:1}, to-many = {max:'*'}
-   */
-  cardinality?: { src?: 1; min?: 1 | 0; max?: 1 | '*' }
-  /**
-   * The parsed on condition in case of unmanaged Associations
-   */
-  on?: predicate
-  /**
-   * The optionally specified keys in case of managed Associations
-   */
-  keys?: (ref & { as: string })[]
-}
+// this got moved to 'linked' with 7.4
+export { Definitions } from '@cap-js/cds-types/apis/linked'

package/apis/events.d.ts

@@ -1,125 +1,18 @@
-import { LinkedDefinition } from './linked'
-import { Query } from './cqn'
-import { ref } from './cqn'
-import * as express from "express"
-
-
-export default class cds {
-
-  /**
-   * @see [capire docs](https://cap.cloud.sap/docs/node.js/events)
-   */
-  EventContext: typeof EventContext
-
-  /**
-   * @see [capire docs](https://cap.cloud.sap/docs/node.js/events)
-   */
-  Event: typeof Event
-
-  /**
-   * @see [capire docs](https://cap.cloud.sap/docs/node.js/events)
-   */
-  Request: typeof Request
-
-  /**
-   * Represents the user in a given context.
-   * @see [capire docs](https://cap.cloud.sap/docs/node.js/authentication#cds-user)
-   */
-  User: typeof User
-}
-
-
 /**
- * Represents the invocation context of incoming request and event messages.
- * @see [capire docs](https://cap.cloud.sap/docs/node.js/events)
+ * DO NO LONGER IMPORT THIS FILE
+ *
+ * Instead use:
+ *
+ * @example
+ * ```
+ *   import * as cds from '@sap/cds'
+ *   cds.Request
+ * or
+ *   import { Request } from '@sap/cds'
+ * or
+ *   @type { import('@sap/cds').Request }
+ * ```
+ *
+ * @deprecated
  */
-export class EventContext {
-  constructor(properties:{event:string, data?:object, query?:object, headers:object});
-  http?: {req: express.Request, res: express.Response}
-  tenant: string
-  user: User
-  id: string
-  locale: `${string}_${string}`
-  timestamp: Date
-}
-
-/**
- * @see [capire docs](https://cap.cloud.sap/docs/node.js/events)
- */
-export class Event extends EventContext {
-  event: string
-  data: any
-  headers: any
-}
-
-/**
- * @see [capire docs](https://cap.cloud.sap/docs/node.js/events)
- */
-export class Request extends Event {
-  params: (string | {})[]
-  method: string
-  path: string
-  target: LinkedDefinition
-  /**
-   * Shortcut to {@link target.name}
-   * @see https://cap.cloud.sap/docs/node.js/events#req-entity
-   */
-  entity: string
-  query: Query
-  subject: ref
-
-  reply(results: any): void
-
-  notify(code: number, message: string, target?: string, args?: any[]): Error
-  info(code: number, message: string, target?: string, args?: any[]): Error
-  warn(code: number, message: string, target?: string, args?: any[]): Error
-  error(code: number, message: string, target?: string, args?: any[]): Error
-  reject(code: number, message: string, target?: string, args?: any[]): Error
-
-  notify(code: number, message: string, args?: any[]): Error
-  info(code: number, message: string, args?: any[]): Error
-  warn(code: number, message: string, args?: any[]): Error
-  error(code: number, message: string, args?: any[]): Error
-  reject(code: number, message: string, args?: any[]): Error
-
-  notify(message: string, target?: string, args?: any[]): Error
-  info(message: string, target?: string, args?: any[]): Error
-  warn(message: string, target?: string, args?: any[]): Error
-  error(message: string, target?: string, args?: any[]): Error
-  reject(message: string, target?: string, args?: any[]): Error
-
-  notify(message: { code?: number | string; message: string; target?: string; args?: any[] }): Error
-  info(message: { code?: number | string; message: string; target?: string; args?: any[] }): Error
-  warn(message: { code?: number | string; message: string; target?: string; args?: any[] }): Error
-  error(message: { code?: number | string; message: string; target?: string; args?: any[], status?: number }): Error
-  reject(message: { code?: number | string; message: string; target?: string; args?: any[], status?: number }): Error
-}
-
-
-export class User {
-  constructor(obj?: string | { id: string; attr: Record<string, string>; roles: Record<string, string> } | User)
-  id: string
-
-  /**
-   * @deprecated Use https://cap.cloud.sap/docs/node.js/events#locale instead
-   */
-  locale: string
-
-  /**
-   * @deprecated Use https://cap.cloud.sap/docs/node.js/events#tenant instead
-   */
-  tenant: string | undefined
-
-  attr: Record<string, string>
-  roles: Array<string> | Record<string, string>
-  static Privileged: typeof Privileged
-  is(role: string): boolean
-}
-
-/**
- * Subclass for executing code with superuser privileges.
- */
-declare class Privileged extends User {
-  constructor()
-  is(): boolean
-}
+export * from '@cap-js/cds-types/apis/events'