@sap/cds 7.4.2 → 7.5.1

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -94,6 +94,7 @@ class EndpointRegistry {
           }
         })
       } catch (error) {
+        LOG.error(error)
         return res.sendStatus(500)
       }
     })

package/libx/_runtime/messaging/enterprise-messaging.js

@@ -85,7 +85,7 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
     const doNotDeploy = cds.requires.multitenancy && !this.options.deployForProvider
     if (doNotDeploy) this.LOG._info && this.LOG.info('Skipping deployment of messaging artifacts for provider account')
     super.startListening({ doNotDeploy })
-    if (!doNotDeploy && (this._listenToAll || this.subscribedTopics.size)) {
+    if (!doNotDeploy && (this._listenToAll.value || this.subscribedTopics.size)) {
       const management = this.getManagement()
       // Webhooks will perform an OPTIONS call on creation to check the availability of the app.
       // On systems like Cloud Foundry the app URL will only be advertised once

package/libx/_runtime/messaging/file-based.js

@@ -36,7 +36,7 @@ class FileBasedMessaging extends MessagingService {
   }
 
   startWatching() {
-    if (!this._listenToAll && !this.subscribedTopics.size) return
+    if (!this._listenToAll.value && !this.subscribedTopics.size) return
     const watcher = async () => {
       if (!(await touched(this.file, this.recent))) return // > not touched since last check
       // REVISIT: Bad if lock file wasn't cleaned up (due to crashes...)

package/libx/_runtime/messaging/service.js

@@ -6,15 +6,11 @@ const appId = require('./common-utils/appId')
 
 const _topic = declared => declared['@topic'] || declared.name
 
-let usedTopicOnce = false
-const _warnAndStripTopicPrefix = (event, LOG) => {
+const _warnAndStripTopicPrefix = event => {
   if (event.startsWith('topic:')) {
+    cds._logDeprecation('The topic prefix `topic:` is deprecated and has no effect. Please remove it.')
     // backwards compatibility
     event = event.replace(/topic:/, '')
-    if (!usedTopicOnce) {
-      LOG._warn && LOG.warn('The topic prefix `topic:` is deprecated and has no effect. Please remove it.')
-    }
-    usedTopicOnce = true
   }
   return event
 }
@@ -25,6 +21,7 @@ class MessagingService extends cds.Service {
     // enables queued async operations (without awaiting)
     this.queued = queued()
     this.subscribedTopics = new Map()
+    this._listenToAll = { value: false }
     this.LOG = cds.log(this.kind ? `${this.kind}|messaging` : 'messaging')
     // Only for one central `messaging` service, otherwise all technical services would register themselves
     if (this.name === 'messaging') {
@@ -89,10 +86,10 @@ class MessagingService extends cds.Service {
   }
 
   on(event, cb) {
-    const _event = _warnAndStripTopicPrefix(event, this.LOG)
+    const _event = _warnAndStripTopicPrefix(event)
     // save all subscribed topics (not needed for local-messaging)
     if (event !== '*') this.subscribedTopics.set(this.prepareTopic(_event, true), _event)
-    else this._listenToAll = true
+    else this._listenToAll.value = true
     return super.on(_event, cb)
   }
 
@@ -119,7 +116,7 @@ class MessagingService extends cds.Service {
 
   message4(msg) {
     const _msg = { ...msg }
-    _msg.event = _warnAndStripTopicPrefix(_msg.event, this.LOG)
+    _msg.event = _warnAndStripTopicPrefix(_msg.event)
     if (!_msg.headers) _msg.headers = {}
     if (!_msg.inbound) {
       _msg.headers = { ..._msg.headers } // don't change the original object
@@ -129,7 +126,7 @@ class MessagingService extends cds.Service {
       const subscribedEvent =
         this.subscribedTopics.get(_msg.event) ||
         (this.wildcarded && this.subscribedTopics.get(this.wildcarded(_msg.event)))
-      if (!subscribedEvent && !this._listenToAll)
+      if (!subscribedEvent && !this._listenToAll.value)
         throw new Error(`No handler for incoming message with topic '${_msg.event}' found.`)
       _msg.event = subscribedEvent || _msg.event
     }

package/libx/_runtime/remote/Service.js

@@ -1,30 +1,12 @@
 const cds = require('../cds')
-const LOG = cds.log('remote')
 
 const { run, getReqOptions } = require('./utils/client')
+const { getCloudSdk, getCloudSdkConnectivity, getCloudSdkResilience } = require('./utils/cloudSdkProvider')
 const { hasAliasedColumns } = require('./utils/data')
-
 const { resolveView, getTransition, restoreLink, findQueryTarget } = require('../common/utils/resolveView')
 const { postProcess } = require('../common/utils/postProcessing')
-
 const { formatVal } = require('../../odata/utils')
 
-let _cloudSdkConnectivity
-const _getCloudSdkConnectivity = () => {
-  if (_cloudSdkConnectivity) return _cloudSdkConnectivity
-  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-  _cloudSdkConnectivity = require('@sap-cloud-sdk/connectivity')
-  return _cloudSdkConnectivity
-}
-
-let _cloudSdkResilience
-const _getCloudSdkResilience = () => {
-  if (_cloudSdkResilience) return _cloudSdkResilience
-  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-  _cloudSdkResilience = require('@sap-cloud-sdk/resilience')
-  return _cloudSdkResilience
-}
-
 const _isSimpleCqnQuery = q => typeof q === 'object' && q !== null && !Array.isArray(q) && Object.keys(q).length > 0
 
 const _setHeaders = (defaultHeaders, req) => {
@@ -183,7 +165,7 @@ const resolvedTargetOfQuery = q => {
 const _resolveSelectionStrategy = options => {
   if (typeof options?.selectionStrategy !== 'string') return
 
-  options.selectionStrategy = _getCloudSdkConnectivity().DestinationSelectionStrategies[options.selectionStrategy]
+  options.selectionStrategy = getCloudSdkConnectivity().DestinationSelectionStrategies[options.selectionStrategy]
   if (typeof options?.selectionStrategy !== 'function') {
     throw new Error(`Unsupported destination selection strategy "${options.selectionStrategy}".`)
   }
@@ -207,8 +189,6 @@ const _getDestination = (name, credentials) => {
   return { name, ...credentials }
 }
 
-let logged
-
 class RemoteService extends cds.Service {
   init() {
     this.kind = _getKind(this.options) // TODO: Simplify
@@ -227,24 +207,17 @@ class RemoteService extends cds.Service {
       this.path = this.options.credentials.path
 
       // `requestTimeout` API is kept as it was public
-      this.requestTimeout = this.options.credentials.requestTimeout
-      if (this.requestTimeout == null) this.requestTimeout = 60000
+      this.requestTimeout = this.options.credentials.requestTimeout ?? 60000
+
+      this.csrf = this.options.csrf
+      this.csrfInBatch = this.options.csrfInBatch
 
       // we're using this as an object to allow remote services without the need for Cloud SDK
       // required for BAS creating remote services only for events
       // at first request the middlewares are created
-      this._resilienceMiddlewares = {}
-
-      // REVISIT: remove cds.env.features.fetch_csrf in next major ^7
-      this.csrf = cds.env.features.fetch_csrf ?? this.options.csrf
-      this.csrfInBatch = this.options.csrfInBatch
-      if (cds.env.features.fetch_csrf && !logged) {
-        // for logging once for all remote services
-        logged = true
-        LOG._warn &&
-          LOG.warn(
-            'Configuration option "cds.env.features.fetch_csrf" is deprecated.\n Please use "csrf"/"csrfInBatch" as described in https://cap.cloud.sap/docs/node.js/remote-services'
-          )
+      this.middlewares = {
+        timeout: getCloudSdkResilience().timeout(this.requestTimeout),
+        csrf: this.csrf && getCloudSdk().csrf(this.csrf)
       }
     } else if ([...this.entities].length || [...this.operations].length) {
       throw new Error(`No credentials configured for "${this.name}".`)
@@ -261,9 +234,7 @@ class RemoteService extends cds.Service {
       }
     }
 
-    for (const each of this.operations) {
-      _addHandlerActionFunction(this, each)
-    }
+    for (const each of this.operations) _addHandlerActionFunction(this, each)
 
     this.on('*', async (req, next) => {
       const { query } = req
@@ -273,16 +244,14 @@ class RemoteService extends cds.Service {
       // ideally, that's done on bootstrap of the remote service
       if (typeof this.destination === 'object' && !this.destination.url)
         throw new Error(`"url" or "destination" property must be configured in "credentials" of "${this.name}".`)
-      if (this._resilienceMiddlewares && !this._resilienceMiddlewares.timeout)
-        this._resilienceMiddlewares.timeout = _getCloudSdkResilience().timeout(this.requestTimeout)
 
       const reqOptions = getReqOptions(req, query, this)
       reqOptions.headers = _setHeaders(reqOptions.headers, req)
 
-      const { kind, destination, destinationOptions, csrf, csrfInBatch } = this
+      const { kind, destination, destinationOptions } = this
       const resolvedTarget = resolvedTargetOfQuery(query) || getTransition(req.target, this).target
       const returnType = req._returnType
-      const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions, csrf, csrfInBatch }
+      const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions }
 
       const jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
       if (jwt) additionalOptions.jwt = jwt
@@ -300,7 +269,7 @@ class RemoteService extends cds.Service {
 
   // FIXME: This is a dirty hack for this situation:
   // - This PR has cds.Service.model setter to always consistently apply cds.compile.for.odata, also for RemoteServices, which wasn't the case before
-  // - because of that tests/_runtime/remote/__tests__/integration/odata.test.js fails, which relies on the former behavoir of RemoteServices
+  // - because of that tests/_runtime/remote/__tests__/integration/odata.test.js fails, which relies on the former behavior of RemoteServices
   // NOTE: that test would never have worked for RemoteServices bootstrapped from single cds.model, which is always cds.compiled.for.odata
   // REVISIT: should become obsolete with Universal CSN
   // set model(m) {
@@ -321,10 +290,12 @@ class RemoteService extends cds.Service {
 
     if (req.target && req.target.name && this.definition && req.target.name.startsWith(this.definition.name + '.')) {
       const result = await super.handle(req)
+
       // only post process if alias was explicitly set in query
       if (_selectOnlyWithAlias(req.query)) {
         return postProcess(req.query, result, this, true)
       }
+
       return result
     }
 
@@ -349,5 +320,4 @@ class RemoteService extends cds.Service {
 }
 
 RemoteService.prototype.isExternal = true
-
 module.exports = RemoteService

package/libx/_runtime/remote/utils/client.js

@@ -1,14 +1,11 @@
 const cds = require('../../cds')
 const LOG = cds.log('remote')
+const { getCloudSdk } = require('./cloudSdkProvider')
 
 const SANITIZE_VALUES = process.env.NODE_ENV === 'production' && cds.env.log.sanitize_values !== false
-
 const { convertV2ResponseData, deepSanitize, convertV2PayloadData } = require('./data')
 
-let _cloudSdk
-
-const PPPD = { POST: 1, PUT: 1, PATCH: 1, DELETE: 1 }
-const KINDS_SUPPORTING_BATCH = { odata: 1, 'odata-v2': 1, 'odata-v4': 1 }
+const KINDS_SUPPORTING_BATCH = { odata: true, 'odata-v2': true, 'odata-v4': true }
 
 const _sanitizeHeaders = headers => {
   // REVISIT: is this in-place modification intended?
@@ -16,14 +13,14 @@ const _sanitizeHeaders = headers => {
   return headers
 }
 
-const _executeHttpRequest = async ({ requestConfig, destination, destinationOptions, jwt, csrf, csrfInBatch }) => {
-  const { executeHttpRequestWithOrigin } = _getCloudSdk()
+const _executeHttpRequest = async ({ requestConfig, destination, destinationOptions, jwt }) => {
+  const { executeHttpRequestWithOrigin } = getCloudSdk()
 
   if (typeof destination === 'string') {
     destination = {
       destinationName: destination,
       ...destinationOptions,
-      ...{ jwt: destinationOptions?.jwt !== undefined ? destinationOptions.jwt : jwt }
+      ...{ jwt: destinationOptions?.jwt === undefined ? jwt : destinationOptions.jwt }
     }
     if (destination.jwt !== undefined && !destination.jwt) delete destination.jwt // don't pass any value
   } else if (destination.forwardAuthToken) {
@@ -37,11 +34,6 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
     else LOG._warn && LOG.warn('Missing JWT token for forwardAuthToken')
   }
 
-  let requestOptions
-  if (PPPD[requestConfig.method]) {
-    requestOptions = { fetchCsrfToken: requestConfig._autoBatch ? csrfInBatch === true : csrf === true }
-  }
-
   if (LOG._debug) {
     const req2log = { headers: _sanitizeHeaders({ ...requestConfig.headers }) }
     if (requestConfig.method !== 'GET' && requestConfig.method !== 'DELETE')
@@ -61,19 +53,15 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
     ...(maxBodyLength && { maxBodyLength })
   }
 
+  // set `fetchCsrfToken` to `false` because we mount a custom CSRF middleware
+  const requestOptions = { fetchCsrfToken: false }
   return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
 }
 
-const _getCloudSdk = () => {
-  if (_cloudSdk) return _cloudSdk
-  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-  _cloudSdk = require('@sap-cloud-sdk/http-client')
-  return _cloudSdk
-}
-
 /**
  * Rest Client
  */
+
 /**
  * Normalizes server path.
  *
@@ -136,6 +124,7 @@ function _normalizeMetadata(prefix, data, results) {
 
   return target
 }
+
 const _getPurgedRespActionFunc = (data, returnType) => {
   // return type is primitive value or inline/complex type
   if (returnType.kind === 'type' && !returnType.items && Object.values(data).length === 1) {
@@ -238,9 +227,7 @@ const run = async (requestConfig, options) => {
       requestConfig,
       destination,
       destinationOptions,
-      jwt,
-      csrf,
-      csrfInBatch
+      jwt
     })
   } catch (e) {
     // > axios received status >= 400 -> gateway error
@@ -248,16 +235,13 @@ const run = async (requestConfig, options) => {
     e.message = msg ? 'Error during request to remote service: \n' + msg : 'Request to remote service failed.'
     const sanitizedError = _getSanitizedError(e, requestConfig, { suppressRemoteResponseBody })
     const err = Object.assign(new Error(e.message), { statusCode: 502, reason: sanitizedError })
-
     LOG._warn && LOG.warn(err)
     throw err
   }
 
   // text/html indicates a redirect -> reject
   if (
-    response.headers &&
-    response.headers['content-type'] &&
-    response.headers['content-type'].includes('text/html') &&
+    response.headers?.['content-type']?.includes('text/html') &&
     !(
       requestConfig.headers.accept.includes('text/html') ||
       requestConfig.headers.accept.includes('text/*') ||
@@ -284,6 +268,7 @@ const run = async (requestConfig, options) => {
     // 2. entry contains request status code and request headers
     // 3. entry contains data or error
     const responseDataSplitted = response.data.split('\r\n\r\n')
+
     // remove closing batch id
     const [content] = responseDataSplitted[2].split('\r\n')
     const contentJSON = JSON.parse(content)
@@ -303,7 +288,6 @@ const run = async (requestConfig, options) => {
       })
 
       LOG._warn && LOG.warn(err)
-
       throw err
     }
   }
@@ -313,6 +297,7 @@ const run = async (requestConfig, options) => {
   if (kind === 'odata-v2') return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
   if (kind === 'odata') {
     if (typeof response.data !== 'object') return response.data
+
     // try to guess if we need to purge v2 or v4
     if (response.data.d) return _purgeODataV2(response.data, resolvedTarget, returnType, requestConfig.headers)
     return _purgeODataV4(response.data)
@@ -396,9 +381,6 @@ const getReqOptions = (req, query, service) => {
 
   reqOptions.headers = { accept: 'application/json,text/plain' }
 
-  // add resilience middlewares for Cloud SDK
-  reqOptions.middleware = [service._resilienceMiddlewares.timeout]
-
   if (!_hasHeader(req.headers, 'accept-language')) {
     // Forward the locale properties from the original request (including region variants or weight factors),
     // if not given, it's taken from the user's locale (normalized and simplified)
@@ -428,11 +410,11 @@ const getReqOptions = (req, query, service) => {
       if (!_hasHeader(req.headers, 'content-type')) reqOptions.headers['content-type'] = 'application/octet-stream'
     }
   }
+
   reqOptions.url = formatPath(reqOptions.url)
 
   // batch envelope if needed
-  const maxGetUrlLength =
-    service.options.max_get_url_length || (cds.env.remote && cds.env.remote.max_get_url_length) || 1028
+  const maxGetUrlLength = service.options.max_get_url_length ?? cds.env.remote?.max_get_url_length ?? 1028
   if (KINDS_SUPPORTING_BATCH[service.kind] && reqOptions.method === 'GET' && reqOptions.url.length > maxGetUrlLength) {
     reqOptions._autoBatch = true
     reqOptions.data = [
@@ -453,6 +435,11 @@ const getReqOptions = (req, query, service) => {
     reqOptions.url = '/$batch'
   }
 
+  // mount resilience and csrf middlewares for SAP Cloud SDK
+  reqOptions.middleware = [service.middlewares.timeout]
+  const fetchCsrfToken = !!(reqOptions._autoBatch ? service.csrfInBatch : service.csrf)
+  if (fetchCsrfToken) reqOptions.middleware.push(service.middlewares.csrf)
+
   if (service.path) reqOptions.url = `${encodeURI(service.path)}${reqOptions.url}`
 
   // set axios responseType to 'arraybuffer' if returning binary in rest

package/libx/_runtime/remote/utils/cloudSdkProvider.js

@@ -0,0 +1,30 @@
+let _cloudSdkConnectivity
+const getCloudSdkConnectivity = () => {
+  if (_cloudSdkConnectivity) return _cloudSdkConnectivity
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+  _cloudSdkConnectivity = require('@sap-cloud-sdk/connectivity')
+  return _cloudSdkConnectivity
+}
+
+let _cloudSdkResilience
+const getCloudSdkResilience = () => {
+  if (_cloudSdkResilience) return _cloudSdkResilience
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+  _cloudSdkResilience = require('@sap-cloud-sdk/resilience')
+  return _cloudSdkResilience
+}
+
+let _cloudSdk
+const getCloudSdk = () => {
+  if (_cloudSdk) return _cloudSdk
+
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+  _cloudSdk = require('@sap-cloud-sdk/http-client')
+  return _cloudSdk
+}
+
+module.exports = {
+  getCloudSdkConnectivity,
+  getCloudSdkResilience,
+  getCloudSdk
+}

package/libx/_runtime/sqlite/Service.js

@@ -72,7 +72,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
   }
 
   _registerBeforeHandlers() {
-    this.before(['CREATE', 'UPDATE'], '*', this._input) // > has to run before rewrite
+    this.before(['CREATE', 'UPDATE', 'UPSERT'], '*', this._input) // > has to run before rewrite
     this.before(['CREATE', 'READ', 'UPDATE', 'DELETE', 'UPSERT'], '*', this._rewrite)
 
     if (cds.env.fiori.lean_draft && !cds.db?.cqn2sql) this.before('READ', '*', convertDraftAdminPathExpression)
@@ -125,7 +125,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
 
       dbc._queued = []
 
-      if (cds.env.features.assert_integrity && cds.env.features.assert_integrity_type == 'DB') {
+      if (cds.env.features.assert_integrity === 'db') {
         await new Promise((resolve, reject) => {
           dbc.exec('PRAGMA foreign_keys = ON', err => {
             if (err) reject(err)

package/libx/odata/afterburner.js

@@ -177,7 +177,7 @@ function _convertVal(element, value) {
     case 'cds.Integer':
     case 'cds.Int16':
     case 'cds.Int32':
-      if (!/^-?\d+$/.test(value)) throw new Error('Not a valid integer')
+      if (!/^-?\+?\d+$/.test(value)) throw new Error('Not a valid integer')
       // eslint-disable-next-line no-case-declarations
       const n = Number(value)
       if (!Number.isSafeInteger(n)) throw new Error('Not a valid integer')
@@ -216,6 +216,30 @@ function _processSegments(from, model, namespace, cqn) {
   let incompleteKeys = false
   let one
   let target
+  
+  function _handleCollectionBoundActions(i) {
+    let action
+    if (current.actions) {
+      const nextRef = typeof ref[i + 1] === 'string' && ref[i + 1]
+      const shortName = nextRef && nextRef.replace(namespace + '.', '')
+      action = shortName && current.actions[shortName]
+    }
+  
+    incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
+  
+    if (incompleteKeys && action) {
+      if (
+        action['@cds.odata.bindingparameter.collection'] ||
+        (action.params && Object.values(action.params).some(e => e?.items?.type === '$self'))
+      ) {
+        incompleteKeys = false
+      } else {
+        const msg = `"${action.name}" must be called on a single instance of "${current.name}".`
+        throw Object.assign(new Error(msg), { statusCode: 400 })
+      }
+    }
+  }
+  
   for (let i = 0; i < ref.length; i++) {
     const seg = ref[i].id || ref[i]
     const whereRef = ref[i].where
@@ -291,26 +315,7 @@ function _processSegments(from, model, namespace, cqn) {
         target = current
         one = !!(ref[i].where || current._isSingleton)
 
-        let action
-        if (current.actions) {
-          const nextRef = typeof ref[i + 1] === 'string' && ref[i + 1]
-          const shortName = nextRef && nextRef.replace(namespace + '.', '')
-          action = shortName && current.actions[shortName]
-        }
-
-        incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
-
-        if (incompleteKeys && action) {
-          if (
-            action['@cds.odata.bindingparameter.collection'] ||
-            (action.params && Object.values(action.params).some(e => e?.items?.type === '$self'))
-          ) {
-            incompleteKeys = false
-          } else {
-            const msg = `"${action.name}" must be called on a single instance of "${current.name}".`
-            throw Object.assign(new Error(msg), { statusCode: 400 })
-          }
-        }
+        _handleCollectionBoundActions(i)
 
         if (whereRef) {
           keyCount += addRefToWhereIfNecessary(whereRef, current)
@@ -341,6 +346,9 @@ function _processSegments(from, model, namespace, cqn) {
         incompleteKeys = one || i === ref.length - 1 ? false : true
         current = model.definitions[current.target]
         target = current
+
+        _handleCollectionBoundActions(i)
+
         if (ref[i].where) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
           _resolveAliasesInXpr(ref[i].where, current)

package/libx/odata/cqn2odata.js

@@ -119,7 +119,7 @@ const _format = (cur, elementName, target, kind, isLambda, func) => {
   if (typeof cur !== 'object') return encodeURIComponent(formatVal(cur, elementName, target, kind))
   if (hasValidProps(cur, 'ref'))
     return encodeURIComponent(isLambda ? [LAMBDA_VARIABLE, ...cur.ref].join('/') : cur.ref[0].id || cur.ref.join('/'))
-  if (hasValidProps(cur, 'val')) return encodeURIComponent(formatVal(cur.val, elementName, target, kind, func))
+  if (hasValidProps(cur, 'val')) return encodeURIComponent(formatVal(cur.val, elementName, target, kind, func, cur.literal))
   if (hasValidProps(cur, 'xpr')) return `(${_xpr(cur.xpr, target, kind, isLambda)})`
   // REVISIT: How to detect the types for all functions?
   if (hasValidProps(cur, 'func')) {

package/libx/odata/error.js

@@ -0,0 +1,7 @@
+module.exports = srv => (err, req, res, next) => {
+  if (err.code >= 400 && err.code < 500) {
+    return res.status(err.code).send(err.message)
+  }
+
+  return res.status(500).send('Internal Server Error')
+}

package/libx/odata/grammar.peggy

@@ -26,17 +26,21 @@
 
 //
 // ---------- JavaScript Helpers -------------
+
   {
 
+    const TECHNICAL_OPTS = ['$value'] // odata parts to be handled somewhere else
+    const OPERATORS = { eq: '=', ne: '!=', lt: '<', gt: '>', le: '<=', ge: '>=' }
+    const SUPPORTED_APPLY_TRANSFORMATIONS = { topcount: true, bottomcount: true, topsum: false, bottomsum: false, toppercent: false, bottompercent: false }
+
     const $ = Object.assign
     const { strict, minimal } = options
     const stack = []
     let SELECT, count
-    const TECHNICAL_OPTS = ['$value'] // odata parts to be handled somewhere else
-    // we keep that here to allow for usage in https://peggyjs.org/online
+
     const safeNumber =
       options.safeNumber ||
-      function (inputString) {
+      function (inputString) { //> keep that here to allow for usage in https://peggyjs.org/online
         if (typeof inputString !== 'string') return inputString
         // Try to parse the input string as a floating-point number using parseFloat
           const parsedFloat = parseFloat(inputString)
@@ -104,7 +108,6 @@
           newCqn[i] = _addNormalQueryOptions(newCqn[i], cqn, onlyColumnsFromExpand)
         }
       } else newCqn = _addNormalQueryOptions(newCqn, cqn, onlyColumnsFromExpand)
-
       return newCqn
     }
     const _addNormalQueryOptions = (cqn, topCqn, onlyColumnsFromExpand) => {
@@ -239,7 +242,7 @@
       }
       ;(SELECT.limit || (SELECT.limit = {})).offset = { val }
     }
-    //Second parameter needed, to assure that order is correct
+    // Second parameter needed, to assure that order is correct
     const _setOrderBy = (appendObj, first = false) => {
       SELECT.orderBy = SELECT.orderBy
         ? first
@@ -397,7 +400,7 @@
     "$search="      o s:search { if (s) SELECT.search = s } /
     "$count="       o count /
     "$apply="       o trafos:transformations { return trafos } /
-    //Workaround to support empty expand even if not OData compliant old adapter supported it and did not crash
+    // Workaround to support empty expand even if not OData compliant old adapter supported it and did not crash
     "$expand=" {return null}
 
   temporal = ("$at" / "$from" / "$toInclusive" / "$to") "=" date
@@ -451,7 +454,7 @@
       })
     
 
-//REVISIT: per OData spec $apply should be also supported inside of $expand
+// REVISIT: per OData spec $apply should be also supported inside of $expand
   expand
   = (
       c:('*' / ref) {
@@ -589,8 +592,8 @@
     })* {
     	if(mainTransformation === undefined) return
       additionalTransformation = (Array.isArray(additionalTransformation)) ? additionalTransformation : [additionalTransformation] 
-      //Loop through additionalTransformation
-      //Loop through each element, add it to current level, if element is already part of result, increase level
+      // Loop through additionalTransformation
+      // Loop through each element, add it to current level, if element is already part of result, increase level
       for(let trafos of additionalTransformation) {
         for(const trafo in trafos) {
           if (trafo === 'limit' && trafos.limit && mainTransformation.limit && mainTransformation.limit.offset && trafos.limit.rows)
@@ -635,10 +638,10 @@
 
 //
 // ---------- Expressions ------------
+
   comparison
     = a:operand _ o:$("eq" / "ne" / "lt" / "gt" / "le" / "ge") _ b:operand {
-      const op = { eq:'=', ne:'!=', lt:'<', gt:'>', le:'<=', ge:'>=' }[o] || o
-      return [ a, op, b ]
+      return [ a, OPERATORS[o] || o, b ]
     }
 
   listFilterParam = aliased:aliasedParam { return { list: aliased } } / listRoundBrackets
@@ -742,20 +745,12 @@
 
       // REVISIT: All transformations below need improvment
       "search" search:searchTrafo{return search} /
-      "concat" con:concatTrafo{return con} / //Return con so that concat string is not returned
+      "concat" con:concatTrafo{return con} / //> Return con so that concat string is not returned
       "compute" compute:computeTrafo{return compute} /
       "top" top:topTrafo{return top} /
       "skip" skip:skipTrafo{return skip} /
       "orderby" order:orderbyTrafo{return order} /
       func:("topcount"i/"bottomcount"i/"topsum"i/"bottomsum"i/"toppercent"i/"bottompercent"i) args:commonFuncTrafo {
-        const SUPPORTED_APPLY_TRANSFORMATIONS = {
-          "topcount": true,
-          "bottomcount": true,
-          "topsum": false,
-          "bottomsum": false,
-          "toppercent": false,
-          "bottompercent": false
-        }
         func = func.toLowerCase()
         if (!SUPPORTED_APPLY_TRANSFORMATIONS[func]) {
           throw Object.assign(new Error(`Transformation "${func}" in $apply is not yet supported.`), { statusCode: 501 })
@@ -850,6 +845,7 @@
     = OPEN o o:orderby o2:( COMMA o2:orderby{return o2} )* o CLOSE {
       return {orderBy: [o,...o2]}
     }
+
 //
 // ---------- Literals -----------