@sap/cds 7.5.2 → 7.6.1

package/libx/_runtime/fiori/lean-draft.js

@@ -2,9 +2,39 @@ const cds = require('../cds'),
   { Object_keys } = cds.utils
 const { getTransition } = require('../common/utils/resolveView')
 const { getKeyData } = require('./utils/where')
+const { getPageSize } = require('../common/generic/paging')
 const LOG = cds.log('fiori|drafts')
 const original = Symbol('original')
 const DRAFT_PARAMS = Symbol('draftParams')
+const AGGREGATION_FUNCTIONS = ['sum', 'min', 'max', 'avg', 'count']
+
+const DEL_TIMEOUT = {
+  get value() {
+    const delTimeout = cds.env.fiori?.draft_deletion_timeout
+    const timeout = delTimeout && delTimeout !== false && delTimeout === true ? '30d' : delTimeout
+    let parts
+    if (typeof timeout === 'string') {
+      parts = timeout.match(/^([0-9]+)(d|h)$/)
+      if (!parts && !Number(timeout)) throw new Error('Invalid value for `cds.fiori.draft_deletion_timeout`')
+    }
+    const result =
+      parts && parts.length
+        ? parts[2] === 'd'
+          ? Number(parts[1]) * 1000 * 3600 * 24
+          : Number(parts[1]) * 1000 * 3600
+        : Number(timeout) || 0
+
+    Object.defineProperty(DEL_TIMEOUT, 'value', { value: result })
+    return result
+  }
+}
+
+const reject_bypassed_draft = req => {
+  const msg =
+    !cds.profiles?.includes('production') &&
+    '`cds.env.fiori.bypass_draft` must be enabled to support the directly modification of active instances.'
+  return req.reject(501, msg)
+}
 
 const DRAFT_ELEMENTS = new Set([
   'IsActiveEntity',
@@ -28,6 +58,9 @@ const DRAFT_ADMIN_ELEMENTS = [
   'DraftIsProcessedByMe'
 ]
 
+const numericCollator = { numeric: true }
+const emptyObject = {}
+
 const _fillIsActiveEntity = (row, IsActiveEntity, target) => {
   if (target.drafts) row.IsActiveEntity = IsActiveEntity
   for (const key in target.associations) {
@@ -40,6 +73,18 @@ const _fillIsActiveEntity = (row, IsActiveEntity, target) => {
   }
 }
 
+const _filterResultSet = (resultSet, limit, offset) => {
+  const pageResultSet = []
+
+  for (let i = 0; i < resultSet.length; i++) {
+    if (i < offset) continue
+    pageResultSet.push(resultSet[i])
+    if (pageResultSet.length === limit) break
+  }
+
+  return pageResultSet
+}
+
 /// It's important to wait for the completion of all promises, otherwise a rollback might happen too soon
 const _promiseAll = async array => {
   const results = await Promise.allSettled(array)
@@ -90,6 +135,36 @@ const _redirectRefToActives = (ref, model) => {
   return [root.id ? { ...root, id: active.name } : active.name, ...tail]
 }
 
+let lastCheckMap = new Map()
+const _cleanUpOldDrafts = async (service, tenant) => {
+  if (!DEL_TIMEOUT.value) return
+
+  const invalDate = new Date(Date.now() - DEL_TIMEOUT.value).toISOString()
+  const interval = DEL_TIMEOUT.value / 2
+  const lastCheck = lastCheckMap.get(tenant)
+
+  if (lastCheck && Date.now() - lastCheck < Number(interval)) return
+
+  cds.spawn({ tenant, user: cds.User.privileged }, async () => {
+    let invalDrafts = await SELECT.from('DRAFT.DraftAdministrativeData', ['DraftUUID']).where(
+      `LastChangeDateTime <`,
+      invalDate
+    )
+    if (!invalDrafts.length) return
+    invalDrafts = invalDrafts.map(el => el.DraftUUID)
+    const cqns = []
+    for (let name in service.model.definitions) {
+      const target = service.model.definitions[name]
+      if (target.drafts && target['@Common.DraftRoot.ActivationAction'])
+        cqns.push(DELETE.from(target.drafts).where(`DraftAdministrativeData_DraftUUID IN`, invalDrafts))
+    }
+    cqns.push(DELETE.from('DRAFT.DraftAdministrativeData').where(`DraftUUID IN`, invalDrafts))
+    await _promiseAll(cqns)
+  })
+
+  lastCheckMap.set(tenant, Date.now())
+}
+
 const h = cds.ApplicationService.prototype.handle
 
 /* eslint-disable complexity */
@@ -98,13 +173,14 @@ cds.ApplicationService.prototype.handle = async function (req) {
 
   if (
     !req.query ||
+    // REVISIT: Currently all requests in an Object Page to nested composition targets, e.g. Incidents(ID)/conversation are also Draft Requests which seems wrong overkill -> is that required?
+    // req.path.includes('/') ||
     req.query[DRAFT_PARAMS] ||
     (!req.query.SELECT &&
       !req.query.INSERT &&
       // !req.query.UPSERT && // skip UPSERTs (might have an additional INSERT)
       !req.query.UPDATE &&
-      !req.query.DELETE &&
-      !req.query.STREAM)
+      !req.query.DELETE)
   ) {
     return handle(req)
   }
@@ -203,10 +279,11 @@ cds.ApplicationService.prototype.handle = async function (req) {
   }
 
   if (req.event === 'NEW' || req.event === 'CANCEL' || req.event === 'draftPrepare') {
-    if (draftParams.IsActiveEntity && !cds.env.fiori.bypass_draft) req.reject(501)
-    if (req.data.IsActiveEntity === true && cds.env.fiori.bypass_draft) {
+    if (req.event === 'draftPrepare' && draftParams.IsActiveEntity) req.reject(400)
+    if (req.event === 'NEW' && req.data?.IsActiveEntity === true) {
+      if (!cds.env.fiori.bypass_draft) return reject_bypassed_draft(req)
       const containsDraftRoot =
-        this.model.entities[query.INSERT.into?.ref?.[0]?.id || query.INSERT.into?.ref?.[0] || query.INSERT.into][
+        this.model.definitions[query.INSERT.into?.ref?.[0]?.id || query.INSERT.into?.ref?.[0] || query.INSERT.into][
           '@Common.DraftRoot.ActivationAction'
         ]
 
@@ -380,16 +457,11 @@ cds.ApplicationService.prototype.handle = async function (req) {
 
     LOG.debug('patch active')
 
-    if (!cds.env.fiori.bypass_draft) {
-      const msg =
-        !cds.profiles?.includes('production') &&
-        '`cds.env.fiori.bypass_draft` must be enabled to support updating active instances.'
-      return req.reject(403, msg)
-    }
+    if (!cds.env.fiori.bypass_draft) return reject_bypassed_draft(req)
 
     const entityRef = query.UPDATE.entity.ref
 
-    if (!this.model.entities[entityRef[0].id]['@Common.DraftRoot.ActivationAction']) {
+    if (!this.model.definitions[entityRef[0].id]['@Common.DraftRoot.ActivationAction']) {
       req.reject(403, 'DRAFT_MODIFICATION_ONLY_VIA_ROOT')
     }
 
@@ -401,14 +473,6 @@ cds.ApplicationService.prototype.handle = async function (req) {
     return req.data
   }
 
-  if (req.event === 'STREAM' && draftParams.IsActiveEntity === false) {
-    if (query.STREAM.into?.ref) query.STREAM.into.ref = _redirectRefToDrafts(query.STREAM.into.ref, this.model)
-    else if (query.STREAM.from?.ref) query.STREAM.from.ref = _redirectRefToDrafts(query.STREAM.from.ref, this.model)
-    const _req = _newReq(req, query, draftParams, { event: req.event })
-    const result = await handle(_req)
-    return result
-  }
-
   req.query = query
   return handle(req)
 }
@@ -446,7 +510,12 @@ const Read = {
     if (_isCount(query)) return run(query)
     if (query._target.name.endsWith('.DraftAdministrativeData')) return run(query._drafts)
     if (!query._target._isDraftEnabled) return run(query)
-    if (!query.SELECT.groupBy && query.SELECT.columns && !query.SELECT.columns.some(c => c === '*')) {
+    if (
+      !query.SELECT.groupBy &&
+      query.SELECT.columns &&
+      !query.SELECT.columns.some(c => c === '*') &&
+      !query.SELECT.columns.some(c => c.func && AGGREGATION_FUNCTIONS.includes(c.func))
+    ) {
       const keys = entity_keys(query._target)
       for (const key of keys) {
         if (!query.SELECT.columns.some(c => c.ref?.[0] === key)) query.SELECT.columns.push({ ref: [key] })
@@ -482,7 +551,7 @@ const Read = {
     const draftsQuery = query._drafts
     draftsQuery.SELECT.count = undefined
     draftsQuery.SELECT.orderBy = undefined
-    draftsQuery.SELECT.limit = false
+    draftsQuery.SELECT.limit = null
     draftsQuery.SELECT.columns = entity_keys(query._target).map(k => ({ ref: [k] }))
 
     const drafts = await draftsQuery.where({ HasActiveEntity: true })
@@ -528,24 +597,71 @@ const Read = {
   all: async function (run, query) {
     LOG.debug('List Editing Status: All')
     if (!query._drafts) return []
+
     query._drafts.SELECT.count = false
-    query._drafts.SELECT.limit = false // We need all entries for the keys to properly select actives (count)
+    query._drafts.SELECT.limit = null // we need all entries for the keys to properly select actives (count)
     const isCount = _isCount(query._drafts)
     if (isCount) {
       query._drafts.SELECT.columns = entity_keys(query._target).map(k => ({ ref: [k] }))
     }
     if (!query._drafts.SELECT.columns) query._drafts.SELECT.columns = ['*']
-    if (!query._drafts.SELECT.columns.some(c => c.ref?.[0] === 'HasActiveEntity'))
+    if (!query._drafts.SELECT.columns.some(c => c.ref?.[0] === 'HasActiveEntity')) {
       query._drafts.SELECT.columns.push({ ref: ['HasActiveEntity'] })
+    }
 
-    const isFirstPage = !query.SELECT.limit?.offset?.val
+    const orderByExpr = query.SELECT.orderBy
+    const getOrderByColumns = columns => {
+      const selectAll = columns === undefined || columns.includes('*')
+      const queryColumns = !selectAll && columns && columns.map(column => column?.ref?.[0]).filter(c => c)
+      const newColumns = []
+
+      for (const column of orderByExpr) {
+        if (selectAll || !queryColumns.includes(column.ref.join('_'))) {
+          if (column.ref.length === 1 && selectAll) continue
+          const columnClone = { ...column }
+          delete columnClone.sort
+          columnClone.as = columnClone.ref.join('_')
+          newColumns.push(columnClone)
+        }
+      }
 
-    const [ownDrafts, actives] = await Promise.all([
-      isFirstPage
-        ? run(query._drafts.where({ ref: ['DraftAdministrativeData', 'InProcessByUser'] }, '=', cds.context.user.id))
-        : [], // we only show drafts on the first page
-      run(query)
-    ])
+      return newColumns
+    }
+
+    let orderByDraftColumns
+    if (orderByExpr) {
+      orderByDraftColumns = getOrderByColumns(query._drafts.SELECT.columns)
+      if (orderByDraftColumns.length) query._drafts.SELECT.columns.push(...orderByDraftColumns)
+    }
+
+    const ownDrafts = await run(
+      query._drafts.where({ ref: ['DraftAdministrativeData', 'InProcessByUser'] }, '=', cds.context.user.id)
+    )
+    const draftLength = ownDrafts.length
+    const limit = query.SELECT.limit?.rows?.val ?? getPageSize(query._target).max
+    const offset = query.SELECT.limit?.offset?.val ?? 0
+    query.SELECT.limit = {
+      rows: { val: limit + draftLength }, // virtual limit
+      offset: { val: Math.max(0, offset - draftLength) } // virtual offset
+    }
+
+    let orderByColumns
+    if (orderByExpr) {
+      orderByColumns = getOrderByColumns(query.SELECT.columns)
+      if (orderByColumns.length) {
+        query.SELECT.columns = query.SELECT.columns ?? ['*']
+        query.SELECT.columns.push(...orderByColumns)
+      }
+    }
+
+    const queryElements = cds.infer.elements4(query.SELECT.columns, query.source)
+    const actives = await run(query.where(Read.whereNotIn(query._target, ownDrafts)))
+    const removeColumns = (columns, toRemoveCols) => {
+      if (!toRemoveCols) return
+      for (const c of toRemoveCols) columns.forEach((column, index) => c.as === column.as && columns.splice(index, 1))
+    }
+    removeColumns(query._drafts.SELECT.columns, orderByDraftColumns)
+    removeColumns(query.SELECT.columns, orderByColumns)
 
     const ownNewDrafts = []
     const ownEditDrafts = []
@@ -554,23 +670,13 @@ const Read = {
       else ownNewDrafts.push(draft)
     }
 
-    // We can't properly calculate `count`:
-    //   - Not all actives are retrieved (e.g. top = 0), hence there could be more deletes if more actives are requested,
-    //     hence we cannot count deletions based on data.
-    //   - We can't rely on the fact that `HasActiveEntity` always has an active counterpart because the filter
-    //     is applied on draft and active data respectively (you could fetch a draft but not an active instance).
-    //     However, there's not much we can do, so we use use this as a best guess.
-
-    const count = isFirstPage ? ownNewDrafts.length + (isCount ? actives[0]?.$count : actives.$count) : actives.$count
-    if (isCount) return { $count: count }
+    const $count = ownDrafts.length + (isCount ? actives[0]?.$count : actives.$count ?? 0)
+    if (isCount) return { $count }
 
     Read.merge(query._target, ownDrafts, [], row => {
-      Object.assign(row, {
-        HasDraftEntity: false
-      })
+      Object.assign(row, { HasDraftEntity: false })
       _fillIsActiveEntity(row, false, query._drafts._target)
     })
-    Read.delete(query._target, actives, ownEditDrafts)
     const otherEditDrafts = await Read.complementaryDrafts(query, actives)
     Read.merge(query._target, actives, otherEditDrafts, (row, other) => {
       if (other) {
@@ -590,9 +696,64 @@ const Read = {
       }
       _fillIsActiveEntity(row, true, query._target)
     })
-    const res = isFirstPage ? [...ownDrafts, ...actives] : actives
-    if (query.SELECT.count) res.$count = count
-    return _requested(res, query)
+    const resultSet =
+      actives.length > 0 && ownDrafts.length === 0
+        ? actives
+        : ownDrafts.length > 0 && actives.length === 0
+          ? ownDrafts
+          : [...ownDrafts, ...actives]
+
+    // runtime sort required
+    if (ownDrafts.length > 0 && actives.length > 0) {
+      const locale = cds.context.locale.replaceAll('_', '-')
+      const collatorMap = new Map()
+      const elementNamesToSort = orderByExpr.map(orderByExp => orderByExp.ref.join('_'))
+      for (const elementName of elementNamesToSort) {
+        const element = queryElements[elementName]
+        let collatorOptions
+
+        switch (element.type) {
+          case 'cds.Integer':
+          case 'cds.UInt8':
+          case 'cds.Int16':
+          case 'cds.Int32':
+          case 'cds.Integer64':
+          case 'cds.Int64':
+          case 'cds.Decimal':
+          case 'cds.DecimalFloat':
+          case 'cds.Double':
+            collatorOptions = numericCollator
+            break
+
+          default:
+            collatorOptions = emptyObject
+        }
+
+        const collator = Intl.Collator(locale, collatorOptions)
+        collatorMap.set(elementName, collator)
+      }
+
+      const getSortFn =
+        (index = 0) =>
+        (entityA, entityB) => {
+          const orderBy = orderByExpr[index]
+          const elementName = elementNamesToSort[index]
+          const collator = collatorMap.get(elementName)
+          const diff = collator.compare(entityA[elementName], entityB[elementName])
+
+          if (diff === 0 && index + 1 < orderByExpr.length) return getSortFn(index + 1)(entityA, entityB)
+          if (orderBy.sort === 'desc') return diff * -1
+          return diff
+        }
+
+      resultSet.sort(getSortFn())
+    }
+
+    let virtualOffset = offset - draftLength
+    virtualOffset = virtualOffset > 0 ? draftLength : draftLength + virtualOffset
+    const pageResultSet = _filterResultSet(resultSet, limit, virtualOffset)
+    if (query.SELECT.count) pageResultSet.$count = ownDrafts.$count ?? 0 + $count
+    return _requested(pageResultSet, query)
   },
 
   activesFromDrafts: async function (run, query, { isLocked = true }) {
@@ -716,7 +877,7 @@ function _cleanseParams(params, target) {
       if (key === 'IsActiveEntity') {
         const value = params[key]
         delete params[key]
-        if (cds.env.fiori?.draft_compat) Object.defineProperty(params, key, { value, enumerable: false })
+        Object.defineProperty(params, key, { value, enumerable: false })
       }
     }
   }
@@ -786,14 +947,8 @@ function _cleansed(query, model) {
     const target = query._target
     const q = cds.ql.clone(query)
 
-    const ref =
-      q.SELECT?.from.ref ||
-      q.UPDATE?.entity.ref ||
-      q.INSERT?.into.ref ||
-      q.DELETE?.from.ref ||
-      q.STREAM?.into?.ref ||
-      q.STREAM?.from?.ref
-    const cqn = q.SELECT || q.UPDATE || q.INSERT || q.DELETE || q.STREAM
+    const ref = q.SELECT?.from.ref || q.UPDATE?.entity.ref || q.INSERT?.into.ref || q.DELETE?.from.ref
+    const cqn = q.SELECT || q.UPDATE || q.INSERT || q.DELETE
 
     if (ref) {
       let entity
@@ -806,8 +961,6 @@ function _cleansed(query, model) {
       else if (q.DELETE) q.DELETE.from = { ...q.DELETE.from, ref: cleansedRef }
       else if (q.UPDATE) q.UPDATE.entity = { ...q.UPDATE.entity, ref: cleansedRef }
       else if (q.INSERT) q.INSERT.into = { ...q.INSERT.into, ref: cleansedRef }
-      else if (q.STREAM?.from) q.STREAM.from = { ...q.STREAM.from, ref: cleansedRef }
-      else if (q.STREAM?.into) q.STREAM.into = { ...q.STREAM.into, ref: cleansedRef }
 
       // This only works for simple cases of `SiblingEntity`, e.g. `root(ID=1,IsActiveEntity=false)/SiblingEntity`
       // , check if there are more complicated use cases
@@ -927,7 +1080,7 @@ function expandStarStar(target, recursion = new Map()) {
   const columns = []
   for (const el in target.elements) {
     const element = target.elements[el]
-    if (!element.isAssociation && !DRAFT_ELEMENTS.has(el)) columns.push({ ref: [el] })
+    if (!element.isAssociation && !DRAFT_ELEMENTS.has(el) && !element['@odata.draft.skip']) columns.push({ ref: [el] })
     if (!element.isComposition || element._target['@odata.draft.enabled'] === false) continue // happens for texts if not @fiori.draft.enabled
     const _key = target.name + ':' + el
     let cache = recursion.get(_key)
@@ -954,6 +1107,8 @@ async function onNew(req) {
   if (isDirectAccess && !req.target.actives['@Common.DraftRoot.ActivationAction'])
     req.reject(403, 'DRAFT_MODIFICATION_ONLY_VIA_ROOT')
 
+  _cleanUpOldDrafts(this, req.tenant)
+
   let DraftUUID
   if (isDirectAccess) DraftUUID = cds.utils.uuid()
   else {
@@ -1035,6 +1190,8 @@ async function onEdit(req) {
 
   if (draftParams.IsActiveEntity !== true) req.reject(400)
 
+  _cleanUpOldDrafts(this, req.tenant)
+
   const DraftUUID = cds.utils.uuid()
 
   // REVISIT: Later optimization if datasource === db: INSERT FROM SELECT

package/libx/_runtime/hana/Service.js

@@ -41,7 +41,7 @@ class HanaDatabase extends DatabaseService {
 
     // REVISIT: db api
     this._insert = this._queries.insert(execute.insert)
-    this._read = this._queries.read(execute.select, execute.stream)
+    this._read = this._queries.read(execute.select, execute.stream, execute.convert)
     this._update = this._queries.update(execute.update, execute.select)
     this._delete = this._queries.delete(execute.delete, execute.update)
     this._run = this._queries.run(this._insert, this._read, this._update, this._delete, execute.cqn, execute.sql)

package/libx/_runtime/hana/execute.js

@@ -14,6 +14,7 @@ const {
   writeStreamWithHdb,
   readStreamWithHdb
 } = require('./streaming')
+const { convertStream } = require('../db/utils/stream')
 
 function _cqnToSQL(model, query, user, locale, txTimestamp) {
   return sqlFactory(
@@ -49,10 +50,19 @@ function _getBinaries(stmt) {
 
 const BASE64 = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}={2})$/
 
-function _getProcedureName(sql) {
+function _getProcedureNameAndSchema(sql) {
   // name delimited with "" allows any character
-  const match = sql.trim().match(/^call \s*(("\w+"\.)?("(?<delimited>.+)")|(\w+\.)?(?<undelimited>\w+))\s*\(/i)
-  return match && (match.groups.undelimited ?? match.groups.delimited)
+  const match = sql
+    .trim()
+    .match(
+      /^call \s*(("(?<schema_delimited>\w+)"\.)?("(?<delimited>.+)")|(?<schema_undelimited>\w+\.)?(?<undelimited>\w+))\s*\(/i
+    )
+  return (
+    match && {
+      name: match.groups.undelimited ?? match.groups.delimited,
+      schema: match.groups.schema_delimited || match.groups.schema_undelimited
+    }
+  )
 }
 
 function _hdbGetResultForProcedure(rows, args, outParameters) {
@@ -98,13 +108,14 @@ function _hcGetResultForProcedure(stmt, resultSet, outParameters) {
   return result
 }
 
-function _getProcedureMetadata(procedureName, dbc) {
+function _getProcedureMetadata(dbc, name, schema) {
   return new Promise((resolve, reject) => {
     // REVISIT: better?
     if (dbc._closed) return reject(new Error('Transaction is already closed'))
-
     dbc.exec(
-      `SELECT PARAMETER_NAME FROM SYS.PROCEDURE_PARAMETERS WHERE SCHEMA_NAME = CURRENT_SCHEMA AND PROCEDURE_NAME = '${procedureName}' AND PARAMETER_TYPE IN ('OUT', 'INOUT') ORDER BY POSITION`,
+      `SELECT PARAMETER_NAME FROM SYS.PROCEDURE_PARAMETERS WHERE SCHEMA_NAME = ${
+        schema?.toUpperCase?.() === 'SYS' ? `'SYS'` : 'CURRENT_SCHEMA'
+      } AND PROCEDURE_NAME = '${name}' AND PARAMETER_TYPE IN ('OUT', 'INOUT') ORDER BY POSITION`,
       (err, res) => {
         if (err) reject(err)
         else resolve(res)
@@ -141,10 +152,10 @@ function _executeAsPreparedStatement(dbc, sql, values, reject, resolve) {
 
     // procedure call metadata
     let outParameters
-    const procedureName = _getProcedureName(sql)
+    const { name: procedureName, schema: procedureSchema } = _getProcedureNameAndSchema(sql) || {}
     if (procedureName) {
       try {
-        outParameters = await _getProcedureMetadata(procedureName, dbc)
+        outParameters = await _getProcedureMetadata(dbc, procedureName, procedureSchema)
       } catch (e) {
         LOG._warn && LOG.warn('Unable to fetch procedure metadata due to error:', e)
       }
@@ -194,7 +205,7 @@ function _executeSimpleSQL(dbc, sql, values) {
     }
 
     // ensure that stored procedure with parameters is always executed as prepared
-    if (_hasValues(values) || !!_getProcedureName(sql)) {
+    if (_hasValues(values) || !!_getProcedureNameAndSchema(sql)) {
       _executeAsPreparedStatement(dbc, sql, values, reject, resolve)
     } else {
       // REVISIT: better?
@@ -214,7 +225,7 @@ function _executeSimpleSQL(dbc, sql, values) {
 function _executeSelectSQL(dbc, sql, values, isOne, postMapper) {
   return _executeSimpleSQL(dbc, sql, values).then(result => {
     if (isOne) {
-      result = result.length > 0 ? result[0] : null
+      result = result.length > 0 ? result[0] : undefined
     }
 
     return postProcess(result, postMapper)
@@ -360,7 +371,30 @@ function executeGenericCQN(model, dbc, query, user, locale, txTimestamp) {
   return executePlainSQL(dbc, sql, values)
 }
 
-async function executeSelectStreamCQN(model, dbc, query, user, locale, txTimestamp) {
+function _convertNames(rs, columns) {
+  if (!columns) return rs
+
+  const result = {}
+  for (const key in rs) {
+    let key_
+    for (let col of columns) {
+      const name = col.ref?.[col.ref.length - 1]
+      if (name?.toUpperCase() === key) {
+        key_ = col.as || name
+        break
+      }
+    }
+    if (key_) {
+      result[key_] = rs[key]
+    } else {
+      result[key] = rs[key]
+    }
+  }
+
+  return result
+}
+
+async function executeSelectStreamCQN({ model, query, dbc, user, locale, txTimestamp }) {
   const { sql, values = [] } = _cqnToSQL(model, query, user, locale, txTimestamp)
   let result
 
@@ -372,10 +406,14 @@ async function executeSelectStreamCQN(model, dbc, query, user, locale, txTimesta
 
   if (result.length === 0) return
 
-  const val = Object.values(result[0])[0]
-  if (val === null) return null
+  if (cds.env.features.stream_compat) {
+    const val = Object.values(result[0])[0]
+    if (val === null) return null
 
-  return { value: val }
+    return { value: val }
+  } else {
+    return dbc.name === 'hdb' ? result[0] : _convertNames(result[0], query.SELECT?.columns)
+  }
 }
 
 module.exports = {
@@ -384,6 +422,7 @@ module.exports = {
   update: executeUpdateCQN,
   select: executeSelectCQN,
   stream: executeSelectStreamCQN,
+  convert: convertStream,
   cqn: executeGenericCQN,
   sql: executePlainSQL
 }

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -16,19 +16,30 @@ class EndpointRegistry {
     this.deployCallbacks = new Map()
     if (isSecured()) {
       if (cds.requires.auth.impl) {
-        const impl = _require(cds.resolve(cds.requires.auth.impl))
-        paths.forEach(path => cds.app.use(path, impl))
+        if (cds.env.requires.middlewares !== false) {
+          // we use auth factory here to allow custom auth to be a factory as well
+          const custom_auth = require('../../../../lib/auth/index.js')
+          paths.forEach(path => cds.app.use(path, custom_auth()))
+        } else {
+          const impl = _require(cds.resolve(cds.requires.auth.impl))
+          paths.forEach(path => cds.app.use(path, impl))
+        }
       } else {
-        const JWTStrategy = require('../../auth/strategies/JWT.js')
-        // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-        const passport = _require('passport')
-        // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
-        //          In principle, user-facing endpoints might differ from messaging ones.
-        passport.use(new JWTStrategy(cds.requires.auth.credentials))
-        paths.forEach(path => {
-          cds.app.use(path, passport.initialize())
-          cds.app.use(path, passport.authenticate('JWT', { session: false }))
-        })
+        if (cds.env.requires.middlewares !== false) {
+          const jwt_auth = require('../../../../lib/auth/jwt-auth.js')
+          paths.forEach(path => cds.app.use(path, jwt_auth(cds.requires.auth)))
+        } else {
+          const JWTStrategy = require('../../auth/strategies/JWT.js')
+          // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
+          const passport = _require('passport')
+          // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
+          //          In principle, user-facing endpoints might differ from messaging ones.
+          passport.use(new JWTStrategy(cds.requires.auth.credentials))
+          paths.forEach(path => {
+            cds.app.use(path, passport.initialize())
+            cds.app.use(path, passport.authenticate('JWT', { session: false }))
+          })
+        }
       }
       // unsuccessful auth doesn't automatically reject!
       paths.forEach(path => {
@@ -72,12 +83,20 @@ class EndpointRegistry {
       try {
         if (isSecured() && !req.user.is('emcallback')) return res.sendStatus(403)
         const queueName = req.query.q
+        if (!queueName) {
+          LOG.error('Query parameter `q` not found.')
+          return res.sendStatus(400)
+        }
         const xAddress = req.headers['x-address']
-        const topic = xAddress && xAddress.match(/^topic:(.*)/)[1]
+        const topic = xAddress && xAddress.match(/^topic:(.*)/)?.[1]
+        if (!topic) {
+          LOG.error('Incoming message does not contain a topic in header `x-address`: ' + xAddress)
+          return res.sendStatus(400)
+        }
         const payload = req.body
         const cb = this.webhookCallbacks.get(queueName)
-        if (!topic || !payload || !queueName || !cb) return res.sendStatus(200)
-        const tenant = req.tenant || req.user.tenant
+        if (!cb) return res.sendStatus(200)
+        const tenant = req.tenant || req.user?.tenant
         const other = tenant
           ? {
               _: { req, res }, // For `cds.context.http`

package/libx/_runtime/remote/Service.js

@@ -236,7 +236,8 @@ class RemoteService extends cds.Service {
 
     for (const each of this.operations) _addHandlerActionFunction(this, each)
 
-    this.on('*', async (req, next) => {
+    // IMPORTANT: regular function is used on purpose, don't switch to arrow function.
+    this.on('*', async function on_handler(req, next) {
       const { query } = req
       if (!query && !(typeof req.path === 'string')) return next()
 

package/libx/_runtime/remote/utils/client.js

@@ -221,7 +221,7 @@ const _getSanitizedError = (e, reqOptions, options = { suppressRemoteResponseBod
 const run = async (requestConfig, options) => {
   let response
 
-  const { destination, destinationOptions, jwt, csrf, csrfInBatch, suppressRemoteResponseBody } = options
+  const { destination, destinationOptions, jwt, suppressRemoteResponseBody } = options
   try {
     response = await _executeHttpRequest({
       requestConfig,

package/libx/_runtime/sqlite/Service.js

@@ -39,7 +39,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
 
     // REVISIT: official db api
     this._insert = this._queries.insert(execute.insert)
-    this._read = this._queries.read(execute.select, execute.stream)
+    this._read = this._queries.read(execute.select, execute.stream, execute.convert)
     this._update = this._queries.update(execute.update, execute.select)
     this._delete = this._queries.delete(execute.delete, execute.update)
     this._run = this._queries.run(this._insert, this._read, this._update, this._delete, execute.cqn, execute.sql)