@sap/cds 7.5.3 → 7.6.2

package/CHANGELOG.md

@@ -4,6 +4,64 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 7.6.2 - 2024-02-09
+
+### Fixed
+
+- Introduce i18n `BATCH_TOO_MANY_REQ` key for error message: "Batch request contains too many requests"
+- Properly handle `$orderby` in lean draft
+- View resolving in combination with `@cap-js/cds-db`
+- Allow `cds.requires.someService.outbox` to be a string
+- `cds.log`: errors, when not the first argument, were considered objects carrying custom fields
+- `accept` header parsing for OData requests if quality factor `q` is included
+- Broken links on index page if multiple protocols are configured
+
+## Version 7.6.1 - 2024-01-30
+
+### Fixed
+
+- Garbage collection of draft is configured with `cds.fiori.draft_deletion_timeout`
+
+## Version 7.6.0 - 2024-01-29
+
+### Added
+
+- `cds.upsert` as shortcut for `cds.db.upsert`
+- Automatic deletion of stale drafts. Feature is enabled if `cds.env.fiori.deletionTimeout` is set to a value of `true`; `true` uses the default timeout of `30d` (30 days).
+- Support for default exports (ESM/TS) in custom authentication
+- Support for executing SAP HANA procedures from SYS schema
+- Support for more complex on-conditions in case of READ requests
+- Best effort mechanism for supporting lambda expressions targeting remote odata-v2 services
+- Support for actions and functions which are bound to singletons
+
+### Changed
+
+- Draft: Standard Sorting Behavior for SAP Fiori List Report Floorplan
+- Use new CDS schema for validation and code completion in `package.json` and `.cdsrc.json` files
+- Media Data Streaming
+  + OData: Large binaries without `@Core.MediaType` annotation were previously returned as base64-encoded buffer. Starting from this `@sap/cds` version also not-annotated large binaries are ignored by OData. It is strongly recommended to annotate all large binary properties with `@Core.MediaType` and use it according to streaming scenarios.
+  + Custom Handlers: `SELECT` with explicitely listed `SELECT.columns` of type `cds.LargeBinary` returns them as Readable streams. Large binary columns requested implicitely by `SELECT` (for example, with `.columns('*')`) are ignored.
+  + Streaming API: `cds.stream()` and `srv.stream()` are deprecated and will be removed with the next major release. Use `SELECT` with a single `cds.LargeBinary` column instead. The resulting object will contain the name of the column and a stream value. For example, `SELECT.one.from(E).columns(['image']).where(...)` returns `{ image: <media stream> }`.
+  + Backward Compatibility: To restore previous behavior use `stream_compat`.
+
+### Fixed
+
+- `cds.minify` returned a shallow clone. When callers like 2sql `cds.linked` that subsequently, this left the passed-in csn in a broken, partially linked state. Now, `cds.minify` doesn't clone anymore, but modifies the passed in csn.
+- Handling of read-only fields in drafts
+- Event Mesh: Better error message for incoming messages without a topic
+- `cds build` now logs a better error message if an incompatible `@sap/cds` version is used.
+- Better error message for runtime requests to non-existing tenants in extensibility scenario.
+- Do not generate UUIDs for association key during `CREATE` operation.
+- OData aggregation with lean draft
+- Sorting in new odata parser with nested select statements. The default sort order is now added to the outer select statement.
+- Server crash in case of misformatted `groupby` transformation in `$apply`
+- Switched EM webhook endpoints to also use new authentication implementation
+- `odata_new_parser`: better error message and code for expand on non-existing elements
+
+### Removed
+
+- Experimental `STREAM` CQN is removed and cannot be used anymore
+
 ## Version 7.5.3 - 2024-01-23
 
 ### Fixed
@@ -34,7 +92,7 @@
 ### Added
 
 - Support for expressions in where clause of `@restrict` annotation.
-  - Example: `@(restrict : [{ grant : ['*'], where : (NAME = $user) }])`
+  + Example: `@(restrict : [{ grant : ['*'], where : (NAME = $user) }])`
 - Function `cds.unboxed(srv)` to get the non-outboxed variant of the service
 - Service implementations can now be provided in .mjs modules.
 - Remote services: advanced configurable `CSRF` token fetching HTTP method and the URL.
@@ -55,9 +113,9 @@
   ```
 - `cds.log`'s built-in JSON formatter:
   + Extract custom fields (`cds.env.log.als_custom_fields`) and categories from args (not only error-like first objects)
-    * Example: `LOG.info('foo', { query: 'SELECT * FROM DUMMY' }, 'bar', { categories: ['baz'] })`
+    + Example: `LOG.info('foo', { query: 'SELECT * FROM DUMMY' }, 'bar', { categories: ['baz'] })`
   + `cds.env.log.mask_headers = [...]` allows to specify a list of matchers for which the header value shall be masked (i.e., printed as `***`)
-    * Default: `['/authorization/i', '/cookie/i']`
+    + Default: `['/authorization/i', '/cookie/i']`
 - `cds.env.fiori.bypass_draft` feature flag, designed to enable direct modifications via `POST` and `PATCH` of
 active instances in lean draft mode (`cds.env.fiori.lean_draft=true`). For example:
 
@@ -68,29 +126,29 @@ POST /Orders
 }
 ```
 
-- Auth kind `ias`: same SAML attr api as auth kind `xsuaa` for easier migration
+- Auth kind `ias`: same SAML attr API as auth kind `xsuaa` for easier migration
 
 ### Changed
 
 - Removed and integrated former `ctx-auth` middleware into `cds.auth` middleware
 - `cds.log`:
   + `cds.env.log.format = 'plain'|'json'` allows to configure which built-in formatter is used. Defaults to `json` in production, `plain` otherwise.
-  + If built-in JSON formatter is used:
-    * Field `tenant_subdomain` is filled if running on CF and information is available through authentication
-    * Additional CF-related fields are filled if running on CF
-    * Custom fields (`cds.env.log.als_custom_fields`) are filled if bound to an instance of Application Logging Service
-    * Field `categories` is filled if bound to an instance of Application Logging Service
-  + Config `cds.env.log.kibana_custom_fields` changed to `cds.env.log.als_custom_fields` (ALS = Application Logging Service) with compatibility until next major
+  + If a built-in JSON formatter is used:
+    + Field `tenant_subdomain` is filled if running on CF and information is available through authentication
+    + Additional CF-related fields are filled if running on CF
+    + Custom fields (`cds.env.log.als_custom_fields`) are filled if bound to an instance of Application Logging Service
+    + Field `categories` is filled if bound to an instance of Application Logging Service
+  + Config `cds.env.log.kibana_custom_fields` changed to `cds.env.log.als_custom_fields` (ALS = Application Logging Service) with compatibility until the next major
 - Package `passport` is no longer required (if `cds.env.requires.middlewares` is not set to `false`)
 - Type definitions for the APIs of this package are now maintained in package [`@cap-js/cds-types`](https://npmjs.com/package/@cap-js/cds-types).
-  - If you used one of the types `CSN`, `Definitions`, `entity` of _@sap/cds/apis/reflect_, use the `Linked` counterparts instead.
-  - If you used the type `CQNQuery` of _@sap/cds/apis/cqn_, use `SELECT` or a union type instead.
-  - This also includes various fixes to Typings for
-    - `req.subject` like `SELECT.from(req.subject)`
-    - `SELECT.columns([...])`
-    - `cds.db`
-    - `cds.util`
-    - `cds.context.features`
+  + If you used one of the types `CSN`, `Definitions`, `entity` of _@sap/cds/apis/reflect_, use the `Linked` counterparts instead.
+  + If you used the type `CQNQuery` of _@sap/cds/apis/cqn_, use `SELECT` or a union type instead.
+  + This also includes various fixes to Typings for
+    + `req.subject` like `SELECT.from(req.subject)`
+    + `SELECT.columns([...])`
+    + `cds.db`
+    + `cds.util`
+    + `cds.context.features`
 - The number of files logged on `cds serve` is now limited to 30 by default. You can run with `DEBUG=serve` to show all files.
 - `express.static` is only mounted if the target folder (`cds.folders.app`) exists
 - `cds.outbox.Messages` no longer uses aspect `cuid` to reduce model size impact in case `@sap/cds/common` is not used otherwise
@@ -108,18 +166,18 @@ POST /Orders
 - Use original logic (based on `NODE_ENV`) to load cds plugins from `devDependencies`
 - Property `tenant` also available on express' `req` object with basic and mocked auth
 - Empty `req.data` in before `DELETE` handler in draft
-- Loading `cds-plugins` now offers a hook to add more flexible plugin loader, e.g. for corrupt `package.json` files.
+- Loading `cds-plugins` now offers a hook to add a more flexible plugin loader, e.g., for corrupt `package.json` files.
 - Ignore default values of associations for draft entities
 - OData: client-side errors (4xx) logged as warnings instead of errors
 - IAS authentication: use `tokenInfo.getClientId()` instead of `payload.azp` as it implements a fallback
 - Deep updates with binary keys
 - Allow `null` values in `cds.env` (example package.json excerpt: `{ "cds": { "features": { "foo": null } } }`)
-- Collection bound actions/functions called via navigation
+- Collection-bound actions/functions called via navigation
 
 ### Removed
 
 - Deprecated global configuration feature flag `cds.env.features.fetch_csrf`.
-  Instead, please use `csrf` and `csrfInBatch` in the configuration of your remote services.
+  Instead, please use `csrf` and `csrfInBatch` to configure your remote services.
   These options will allow to configure CSRF-token handling.
 - Compat for deprecated `cds.env.auth.passport`. Use `cds.env.requires.auth` instead.
 

package/app/index.js

@@ -1,17 +1,17 @@
 const cds = require('../lib')
 const { find, path, fs } = cds.utils
 
-module.exports = { get html(){
+const odata = srv => srv.endpoints?.[0]?.kind.startsWith('odata')
+const metadata = srv => odata(srv) ? ` / <a href="${srv.path}/$metadata">$metadata</a>` : ``
 
-  const odata = srv => srv._adapters && Object.keys(srv._adapters).find (a => a.startsWith ('odata'))
-  const metadata = srv => odata(srv) ? ` / <a href="${srv.path}/$metadata">$metadata</a>` : ``
+module.exports = { get html(){
 
   let html = fs.readFileSync(path.join(__dirname,'index.html'),'utf-8')
   // .replace ('{{subtitle}}', 'Version ' + cds.version)
   .replace (/{{package}}/g, _project())
   .replace (/{{app}}/g, cds.env.folders.app.replace(/*trailing slash*/ /\/$/, ''))
   .replace ('{{apps}}', _app_links().map(
-      html => `\n<li><a href="${html}">/${html.replace(/^[/]/,'')}</a></li>`
+      html => `\n<li><a href="${html}">/${html.replace(/^\//,'').replace('/index.html','')}</a></li>`
     ).join('\n') || '— none —'
   )
   .replace ('{{services}}', cds.service.providers.map (srv => srv._is_dark ? '' : `
@@ -26,17 +26,6 @@ module.exports = { get html(){
         </ul>
   `).join(''))
 
-  // add /graphql
-  if (cds.env.features.graphql) {
-    html = html.replace(/\n\s*<footer>/, `
-
-        <h3>
-          <a href="/graphql">/graphql</a>
-        </h3>
-
-        <footer>`)
-  }
-
   Object.defineProperty (this,'html',{value:html})
   return html
 
@@ -64,12 +53,12 @@ function _entities_in (service) {
 }
 
 function _moreLinks (srv, entity) {
-  return (srv.$linkProviders || [])
+  return odata(srv) ? (srv.$linkProviders || [])
     .map (linkProv => linkProv(entity))
     .filter (l => l && l.href && l.name)
     .sort ((l1, l2) => l1.name.localeCompare(l2))
     .map (l => ` <a class="preview" href="${l.href}" title="${l.title||l.name}"> &rarr; ${l.name}</a>`)
-    .join (' ')
+    .join (' ') : ''
 }
 
 function _project(){

package/lib/auth/index.js

@@ -39,6 +39,9 @@ module.exports = function auth_factory (o) {
   cds.log().info ('using auth strategy', config, '\n')
   let auth = require (impl)
 
+  // default export of ESM / .ts auth
+  if (auth && auth.default) auth = auth.default
+
   // if auth is a factory itself, call it to get the middleware
   if (typeof auth === 'function' && auth.length < 3) auth = auth(options)
 

package/lib/compile/extend.js

@@ -1,6 +1,11 @@
-const compile = require ('./cds-compile')
+const cds = new class { get compile(){ return super.compile = require ('./cds-compile') }}
 const { extend } = require ('../lazy')
 
+/** @type <T> (target:T) => ({
+  with <X,Y,Z> (x:X, y:Y, z:Z): ( T & X & Y & Z )
+  with <X,Y> (x:X, y:Y): ( T & X & Y )
+  with <X> (x:X): ( T & X )
+}) */
 module.exports = o => o.definitions ? { with(...csns) {
 
   // merge all extension csns
@@ -11,9 +16,9 @@ module.exports = o => o.definitions ? { with(...csns) {
   }
 
   // extend given base csn with merged extensions
-  const extended = compile({
-    'base.csn': compile.to.json(csn),
-    'ext.csn': compile.to.json(merged)
+  const extended = cds.compile({
+    'base.csn': cds.compile.to.json(csn),
+    'ext.csn': cds.compile.to.json(merged)
   })
 
   // handle localized extension elements

package/lib/compile/for/lean_drafts.js

@@ -123,12 +123,11 @@ module.exports = function cds_compile_for_lean_drafts(csn) {
       for (const key in newEl) {
         if (
           key.startsWith('@assert') ||
-          key.startsWith('@FieldControl') ||
-          key.startsWith('@Common.FieldControl') ||
           key.startsWith('@PersonalData') ||
+          key === '@Common.FieldControl' && newEl[key]?.['#'] === 'Mandatory' ||
+          key === '@Common.FieldControl.Mandatory' ||
+          key === '@FieldControl.Mandatory' ||
           key === '@mandatory' ||
-          key === '@readonly' ||
-          key === '@Core.Computed' ||
           key === '@Core.Immutable'
         )
           newEl[key] = undefined

package/lib/compile/load.js

@@ -2,22 +2,21 @@ const cds = require('..')
 const TRACE = cds.debug('trace')
 
 module.exports = exports = function load (files, options) {
-  const all = cds.resolve(files,options)
-  if (!all) return Promise.reject (new cds.error ({
+  const any = cds.resolve(files,options)
+  if (!any) return Promise.reject (new cds.error ({
     message: `Couldn't find a CDS model for '${files}' in ${cds.root}`,
     code: 'MODEL_NOT_FOUND', files,
   }))
-  return this.get (all,options,'inferred')
+  return this.get (any,options,'inferred')
 }
 
 
-exports.parsed = function cds_get (files, options, _flavor) { // NOSONAR
-
+exports.parsed = function cds_get (files, options, _flavor) {
   const o = typeof options === 'string' ? { flavor:options } : options || {}
-  if (!o.silent) TRACE?.time('cds.load model ')
   if (!files) files = ['*']; else if (!Array.isArray(files)) files = [files]
   if (o.files || o.flavor === 'files') return cds.resolve(files,o)
   if (o.sources || o.flavor === 'sources') return _sources4 (cds.resolve(files,o))
+  if (!o.silent) TRACE?.time('cds.load model')
 
   const csn = cds.compile (files,o,
     o.parse  ? 'parsed' :
@@ -25,15 +24,12 @@ exports.parsed = function cds_get (files, options, _flavor) { // NOSONAR
     o.clean  ? 'xtended' : // for compatibility
     o.flavor || _flavor || 'parsed'
   )
-  return csn.then
-    ? csn.then (_csn => _finalize(_csn,o)) // async compile
-    : _finalize (csn,o) // synchronous compile
-}
-
-const _finalize = (csn,o) => {
-  if (!o.silent) cds.emit ('loaded', csn)
-  if (!o.silent) TRACE?.timeEnd('cds.load model ')
-  return csn
+  return csn.then?.(_finalize) || _finalize(csn)
+  function _finalize (csn) {
+    if (!o.silent) cds.emit ('loaded', csn)
+    if (!o.silent) TRACE?.timeEnd('cds.load model ')
+    return csn
+  }
 }
 
 const _sources4 = async (files) => {

package/lib/compile/minify.js

@@ -1,8 +1,7 @@
 const cds = require('../index')
 const DEBUG = cds.debug('minify')
 
-module.exports = function cds_minify (csn, _roots) { // IMPORTANT: don't add cds.env.features.skip_unused as default for _roots here, as that will break VSCode's IntelliSense
-  const roots = _roots !== undefined ? _roots : cds.env.features.skip_unused
+module.exports = function cds_minify (csn, roots = cds.env.features.skip_unused) {
   if (roots === false) return csn
   if (csn[_minified]) return csn
   const all = csn.definitions, reached = new Set
@@ -56,8 +55,7 @@ module.exports = function cds_minify (csn, _roots) { // IMPORTANT: don't add cds
     for (let a in d.actions)  _visit (d.actions[a])
     for (let p in d.params)   _visit (d.params[p])
   }
-  const minified = Object.create (csn.__proto__, Object.getOwnPropertyDescriptors(csn))
-  const less = minified.definitions = {}
+  const minified = csn, less = minified.definitions = {}
   for (let n in all) if (reached.has(all[n])) less[n] = all[n]
   else DEBUG?.('skipping', all[n].kind, n)
   Object.defineProperty (minified,_minified,{value:true})

package/lib/compile/to/sql.js

@@ -4,7 +4,8 @@ const keywords = require("@sap/cds-compiler").to.sql.sqlite.keywords
 const { unfold_ddl } = require ('../etc/_localized')
 
 function cds_compile_to_sql (csn,_o) {
-  csn = _extended(cds.minify(csn))
+  csn = cds.minify(csn)
+  csn = _extended(csn)
   const o = cdsc._options.for.sql(_o) //> used twice below...
   const all = cdsc.to.sql(csn,o) .map (each => each.replace(/^-- .+\n/,''))  //> strip comments
   const sql = unfold_ddl(all, csn, o)
@@ -58,12 +59,13 @@ module.exports = Object.assign (cds_compile_to_sql, {
 
 /////////////////////////////////////////////////////////////////////////////
 // UI Flex - read extensions__ to views, when ext fields are read
+// REVISIT: We planned to remove the uiflex feature -> should do so
 const _extended = (csn) => {
   const defs = cds.linked(csn).definitions
   for (let each in defs) {
-    const d = defs[each], q = d.query // TODO: q may have SET instead of SELECT
-    if (q && q.SELECT && q.SELECT.columns && _is_extensible(d)) {
-      if (!q.SELECT.columns.some(({ref}) => ref && ref[0] === _extensions)) q.SELECT.columns.push({ref:[_extensions]})
+    const d = defs[each], columns = d.query?.SELECT?.columns || d.projection?.columns
+    if (columns && _is_extensible(d)) {
+      if (!columns.some(({ref}) => ref?.[0] === _extensions)) columns.push({ref:[_extensions]})
     }
   }
   return csn

package/lib/compile/to/yaml.js

@@ -28,7 +28,7 @@ module.exports = function _2yaml (object, options={}) { // NOSONAR
     if (typeof o === 'string') {
       if (o.indexOf('\n')>=0)  return '|'+'\n'+indent+ o.replace(/\n/g,'\n'+indent)
       let s = o.trim()
-      return  !s || /^[@#:,*]/.test(s)  ? '"'+ o +'"'  :  s
+      return  !s || /^[\^@#:,*]/.test(s)  ? '"'+ o.replace(/\\/g,'\\\\') +'"'  :  s
     }
     else return o
 

package/lib/dbs/cds-deploy.js

@@ -21,14 +21,14 @@ module.exports = exports = function cds_deploy (model,options,csvs) {
       TRACE?.time('cds.deploy db  ')
 
       if (!model) throw new Error('Must provide a model or a path to model, received: ' + model)
-      if (model && !model.definitions) model = await cds.load(model).then(cds.minify)
+      if (!model?.definitions) model = await cds.load(model).then(cds.minify)
 
       if (o.mocked) exports.include_external_entities_in(model)
       else exports.exclude_external_entities_in(model)
 
       if (!db.run) db = await cds.connect.to(db)
       if (!cds.db) cds.db = cds.services.db = db
-      if (!db.model) db.model = model
+      if (!db.model) db.model = model // NOTE: this calls compile.for.nodejs!
 
       // eslint-disable-next-line no-console
       const LOG = o.silent || o.dry || !cds.log('deploy')._info ? () => {} : console.log
@@ -99,7 +99,7 @@ exports.create = async function cds_deploy_create (db, csn=db.model, o) {
     drops = d
   } else {
     // cds deploy -- w/o auto schema evoution > drop-create db
-    creas = cds.compile.to.sql(csn, o)
+    creas = cds.compile.to.sql(csn,o) // NOTE: this used to call cds.linked(cds.minify) and thereby corrupted the passed in csn
   }
 
   if (!drops) {
@@ -125,8 +125,6 @@ exports.create = async function cds_deploy_create (db, csn=db.model, o) {
     return
   }
 
-  // Set the context model while deploying for cqn42sql in new db layers
-  db.model = cds.compile.for.nodejs(csn)
   await db.run(drops)
   await db.run(creas)
   return true
@@ -140,12 +138,9 @@ exports.create = async function cds_deploy_create (db, csn=db.model, o) {
     if (o.dry) return {}
 
     let [table_exists] = await db.run(
-      // REVISIT: prettier forced this horrible, unreadable formatting:
-      db.kind === 'postgres'
-        ? `SELECT 1 from pg_tables WHERE tablename = 'cds_model' and schemaname = current_schema()`
-        : db.kind === 'sqlite'
-        ? `SELECT 1 from sqlite_schema WHERE name = 'cds_model'`
-        : cds.error`Schema evolution is not supported for ${db.kind} databases`,
+      db.kind === 'postgres' ? `SELECT 1 from pg_tables WHERE tablename = 'cds_model' and schemaname = current_schema()` :
+      db.kind === 'sqlite' ? `SELECT 1 from sqlite_schema WHERE name = 'cds_model'` :
+      cds.error`Schema evolution is not supported for ${db.kind} databases`,
     )
 
     if (o['model-only'])
@@ -209,7 +204,7 @@ exports.init = async function cds_deploy_init (db, csn=db.model, o, srces, log=(
   const t = cds.context?.tenant; if (t && t === cds.requires.multitenancy?.t0) return
   return db.run (async tx => {
 
-    const m = tx.model = cds.compile.for.nodejs(csn) //> use correct model while deploying
+    const m = tx.model = cds.compile.for.nodejs(csn) // NOTE: this used to create a redundant 4nodejs model for tha same csn
     const data = await exports.data (m,srces)
     const query = _queries4 (db,m)
     const INSERT_from = INSERT_from4 (db,m,o)
@@ -432,4 +427,3 @@ if (!module.parent) (async () => {
     await db?.disconnect?.()
   }
 })().catch(console.error)
-

package/lib/env/defaults.js

@@ -19,12 +19,6 @@ const defaults = module.exports = {
     'hcql' : { path: '/hcql' },
   },
 
-  // kept for backwards compatibility
-  schemas: {
-    'cds-rc.json': join(__dirname, 'schemas/cds-rc.json'),
-    'cds-package.json': join(__dirname, 'schemas/cds-package.json'),
-  },
-
   features: {
     folders: 'fts/*', // where to find feature toggles -> switch on by default when released
     live_reload: !production,
@@ -65,10 +59,7 @@ const defaults = module.exports = {
     '[production]': { format: 'json' },
     levels: {
       compile: 'warn',
-      cli: 'warn',
-      deploy: 'info',
-      serve:  'info',
-      server: 'info'
+      cli:    'warn'
     },
     service: false,
     // the rest is only applicable for the json formatter

package/lib/env/schemas/cds-package.js

@@ -0,0 +1,27 @@
+const cds = require('../../index')
+
+module.exports = {
+  _version: cds.version,
+
+  // base schema file for package.json
+  // includes cdsRoot schema from cds-rc.js to enforce cds configuration only in cds section
+  // and not in the root of the package.json
+
+  title: 'JSON schema for CDS configuration in package.json',
+  $schema: 'https://json-schema.org/draft/2020-12/schema',
+  description: 'This is a JSON schema representation of the CDS project configuration inside a project root level package.json',
+  type: 'object',
+  properties: {
+    extends: {
+      description: 'Name of the application that shall be extended',
+      type: 'string'
+    },
+    cds: {
+      type: 'object',
+      additionalProperties: true,
+      $ref: 'cdsJsonSchema://schemas/cds-rc.json#/$defs/cdsRoot',
+      description: 'CDS configuration',
+      default: {}
+    }
+  }
+}