@sap/cds 7.5.3 → 7.6.2

package/lib/index.js

@@ -1,9 +1,23 @@
-if (process.env.CDS_STRICT_NODE_VERSION !== 'false') require('./utils/check-version')
+if (process.env.CDS_STRICT_NODE_VERSION !== 'false') require ('./utils/check-version')
+!(global.__cds_loaded_from ??= new Set).add(__filename) // track from where we loaded cds
+
+/** @typedef { import('../apis/linked.js').LinkedCSN } Linked */
+/** @typedef { import('./srv/srv-api') } Service */
 
 const { EventEmitter } = require('node:events')
 const { extend, lazify } = require('./lazy')
 
-const cds = module.exports = new class cds extends EventEmitter {
+const cds = module.exports = global.cds = new class cds extends EventEmitter {
+
+  async emit (eve, ...args) {
+    if (eve === 'served') for (let l of this.listeners(eve)) await l.call(this,...args)
+    else return super.emit (eve, ...args)
+  }
+
+  /** CLI args */ cli = { command:'', options:{}, argv:[] }
+  /** Working dir */ root = process.cwd()
+  /** @type Linked */ model = undefined
+  /** @type Service */ db = undefined
 
   // Configuration & Information
   get requires() { return super.requires = this.env.requires._resolved() }
@@ -12,8 +26,6 @@ const cds = module.exports = new class cds extends EventEmitter {
   get env()      { return super.env = require('./env/cds-env').for('cds',this.root) }
   get home()     { return super.home = __dirname.slice(0,-4) }
   get schema()   { return super.schema = require('./env/schemas') } // REVISIT: Better move that to cds-dk?
-  cli = { command:'', options:{}, argv:[] }
-  root = process.cwd()
 
   // Loading and Compiling Models
   get compiler() { return super.compiler = require('./compile/cdsc') }
@@ -26,10 +38,9 @@ const cds = module.exports = new class cds extends EventEmitter {
   get extend()   { return super.extend = require('./compile/extend') }
   get deploy()   { return super.deploy = require('./dbs/cds-deploy') }
   get localize() { return super.localize = require('./i18n/localize') }
-  /** @type {{definitions:{},extensions:[]}} */ model = undefined
-  /** @type Service */ db = undefined
 
   // Model Reflection, Builtin types and classes
+  get entities()    { return this.db?.entities || this.model?.entities }
   get reflect()     { return super.reflect = this.linked }
   get linked()      { return super.linked = require('./linked/models') }
   get infer()       { return super.infer = require('./ql/infer') }
@@ -47,10 +58,10 @@ const cds = module.exports = new class cds extends EventEmitter {
   })}
 
   // Providing and Consuming Services
-  /** @type {{ [name:string]: Service }} */
-  services = Object.defineProperties (new class { *[Symbol.iterator](){ for (let e in this) yield this[e] } },{
-    _pending: {value:{}}
-  })
+  /** @type { Record<string,Service> } */ services = Object.defineProperties (
+    new class { *[Symbol.iterator](){ for (let e in this) yield this[e] } },
+    { _pending: {value:{}} }
+  )
   get server() { return super.server = require('../server') }
   get serve() { return super.serve = require('./srv/cds-serve') }
   get connect() { return super.connect = require('./srv/cds-connect') }
@@ -60,14 +71,7 @@ const cds = module.exports = new class cds extends EventEmitter {
   get odata() { return super.odata = require('../libx/odata') }
   get auth() { return super.auth = require('./auth') }
 
-  // awaiting async functions for some events
-  async emit (eve, ...args) {
-    if (eve === 'served') for (let l of this.listeners(eve)) await l.call(this,...args)
-    else return super.emit (eve, ...args)
-  }
-
   // Core Services API
-  /** @typedef {import './srv/srv-api'} Service */
   get Service() { return super.Service = require('./srv/srv-api') }
   get EventContext() { return super.EventContext = require('./req/context') }
   get Request() { return super.Request = require('./req/request') }
@@ -85,7 +89,6 @@ const cds = module.exports = new class cds extends EventEmitter {
   get context()  { return this._context._for(this) }
   set context(_) { this._context._for(this,_) }
   get spawn()    { return super.spawn = this._context.spawn }
-  tx(..._) { return (this.db || this.Service.prototype) .tx (..._) }
 
   // Helpers
   get utils() { return super.utils = require('./utils/cds-utils') }
@@ -94,31 +97,29 @@ const cds = module.exports = new class cds extends EventEmitter {
   get test() { return super.test = require('./utils/cds-test') }
   get log() { return super.log = require('./log/cds-log') }
   get debug() { return super.debug = this.log.debug }
-  get lazify(){ return lazify }
-  get lazified(){ return lazify }
-  clone(m) { return JSON.parse (JSON.stringify(m)) }
+  get lazify() { return lazify }
+  get lazified() { return lazify }
+  get clone() { return super.clone = this.utils.clone }
   exit(code){ return cds.shutdown ? cds.shutdown() : process.exit(code) }
 
   // Querying and Databases
-  get ql() { return super.ql = require('./ql/cds-ql') }
-  get entities()     { return this.db?.entities || this.model?.entities }
-  run         (..._) { return (this.db||this.error._no_primary_db).run(..._) }
-  foreach     (..._) { return (this.db||this.error._no_primary_db).foreach(..._) }
-  stream      (..._) { return (this.db||this.error._no_primary_db).stream(..._) }
-  read        (..._) { return (this.db||this.error._no_primary_db).read(..._) }
-  create      (..._) { return (this.db||this.error._no_primary_db).create(..._) }
-  insert      (..._) { return (this.db||this.error._no_primary_db).insert(..._) }
-  update      (..._) { return (this.db||this.error._no_primary_db).update(..._) }
-  delete      (..._) { return (this.db||this.error._no_primary_db).delete(..._) }
-  disconnect  (..._) { return (this.db||this.error._no_primary_db).disconnect(..._) }
-  transaction (..._) { return (this.db||this.error._no_primary_db).transaction(..._) }
+  get ql()   { return super.ql = require('./ql/cds-ql') }
+  tx         (..._) { return (this.db || this.Service.prototype) .tx (..._) }
+  run        (..._) { return (this.db || this.error._no_primary_db).run(..._) }
+  foreach    (..._) { return (this.db || this.error._no_primary_db).foreach(..._) }
+  stream     (..._) { return (this.db || this.error._no_primary_db).stream(..._) }
+  read       (..._) { return (this.db || this.error._no_primary_db).read(..._) }
+  create     (..._) { return (this.db || this.error._no_primary_db).create(..._) }
+  insert     (..._) { return (this.db || this.error._no_primary_db).insert(..._) }
+  update     (..._) { return (this.db || this.error._no_primary_db).update(..._) }
+  upsert     (..._) { return (this.db || this.error._no_primary_db).upsert(..._) }
+  delete     (..._) { return (this.db || this.error._no_primary_db).delete(..._) }
+  disconnect (..._) { return (this.db || this.error._no_primary_db).disconnect(..._) }
 
   // legacy and to be moved stuff -> hidden for tools in cds.__proto__
-  /** @deprecated */ in (cwd) { return !cwd ? this : {__proto__:this, cwd, env: this.env.for('cds',cwd) } }
-  get build() { return () => cds.error('\
-    This application uses @sap/cds version >= 7, which is not compatible with the installed @sap/cds-dk version 6. \
-    Either update @sap/cds-dk to version 7 or downgrade @sap/cds to version 6 instead.\
-  ')}
+  /** @deprecated */ transaction (..._) { return (this.db||this.error._no_primary_db).transaction(..._) }
+  /** @deprecated */ get build() { return super.build = this.error._outdated_dk }
+  /** @deprecated */ get in() { return super.in = cwd => !cwd ? this : {__proto__:this, cwd, env: this.env.for('cds',cwd) } }
 }
 
 // add global cds.ql commands
@@ -128,7 +129,6 @@ extend (global) .with (class {
   static get UPSERT() { return cds.ql.UPSERT }
   static get UPDATE() { return cds.ql.UPDATE }
   static get DELETE() { return cds.ql.DELETE }
-  static get STREAM() { return cds.ql.STREAM }
   static get CREATE() { return cds.ql.CREATE }
   static get DROP() { return cds.ql.DROP }
   static get CDL() { return cds.parse.CDL }
@@ -136,15 +136,8 @@ extend (global) .with (class {
   static get CXL() { return cds.parse.CXL }
 })
 
-// can be used to later check that one has only one cds object
-;(global.__cds_loaded_from ??= new Set).add(__filename)
-global.cds = cds // REVISIT: using global.cds seems wrong
-
 // install jest util if jest is defined
 if (process.env.CDS_JEST_MEM_FIX && typeof jest !== 'undefined') require('./utils/jest.js')
 
 // Allow for import cds from '@sap/cds' without esModuleInterop
-Object.defineProperties(module.exports, {
-  default: { value: module.exports },
-  __esModule: { value: true },
-})
+Object.defineProperties(module.exports, { default: {value:module.exports}, __esModule: {value:true} })

package/lib/log/cds-error.js

@@ -85,3 +85,9 @@ exports._no_primary_db = new Proxy ({},{ get: function fn(_,p) { error (`Not con
   cds ${process.argv[2]} --in-memory` : ''}`
 
 ,{},fn) }})
+
+
+exports._outdated_dk = () => error `
+  This application uses @sap/cds version >= 7, which is not compatible with the installed @sap/cds-dk version 6.
+  Either update @sap/cds-dk to version 7 or downgrade @sap/cds to version 6 instead.
+`

package/lib/log/format/aspects/als.js

@@ -3,6 +3,7 @@ const cds = require('../../..')
 const $remove = Symbol('remove')
 
 const _is_custom_fields = (arg, custom_fields) => {
+  if (!Object.keys(arg).length) return false
   for (const k in arg) if (!(k in custom_fields)) return false
   return true
 }

package/lib/log/format/json.js

@@ -65,10 +65,14 @@ module.exports = function format(module, level, ...args) {
   }
   toLog.timestamp = new Date()
 
+  // start message with leading string args (if any)
+  const i = args.findIndex(arg => typeof arg === 'object' && arg.message)
+  if (i > 0 && args.slice(0, i).every(arg => typeof arg === 'string')) toLog.msg = args.splice(0, i).join(' ')
+
   // merge toLog with passed Error (or error-like object)
   if (args.length && typeof args[0] === 'object' && args[0].message) {
     const err = args.shift()
-    toLog.msg = err.message
+    toLog.msg = `${toLog.msg ? toLog.msg + ' ' : ''}${err.message}`
     if (typeof err.stack === 'string' && !_is4xx(err)) toLog.stacktrace = err.stack.split(/\s*\r?\n\s*/)
     if (Array.isArray(err.details))
       for (const d of err.details)

package/lib/ql/Query.js

@@ -33,7 +33,8 @@ class Query {
   get then() {
     const srv = this._srv || cds.db || cds.error `Can't execute query as no primary database is connected.`
     const q = new AsyncResource('await cds.query')
-    return (r,e) => q.runInAsyncScope (srv.run, srv, this) .then (r,e)
+    // Temporary solution for cds.stream in .then. Remove with the next major release.
+    return (r,e) => q.runInAsyncScope (srv.run, srv, this) .then(rt => { rt = this._stream && rt ? Object.values(rt)[0] : rt; r(rt) }, e)
   }
 
   _target4 (...args) {

package/lib/ql/cds-ql.js

@@ -14,8 +14,7 @@ require = path => { // eslint-disable-line no-global-assign
 }
 
 module.exports = exports = {
-  Query,
-  STREAM: require('./STREAM'),
+  Query,  
   SELECT: require('./SELECT'),
   INSERT: require('./INSERT'),
   UPSERT: require('./UPSERT'),

package/lib/ql/infer.js

@@ -11,8 +11,6 @@ function infer (q, defs, _get_source) {
     || q.UPSERT?.into
     || q.UPDATE?.entity
     || q.DELETE?.from
-    || q.STREAM?.from
-    || q.STREAM?.into
   let source = infer_from (from, defs)
   let target = source?.SELECT ? infer(source, defs) : source
 

package/lib/req/cds-context.js

@@ -55,4 +55,4 @@ module.exports = new class extends AsyncLocalStorage {
   }
 }
 
-const _error = (err, cds) => { cds.log().error(`ERROR occured in background job:`, err); return err }
+const _error = (err, cds) => { cds.log().error(`ERROR occurred in background job:`, err); return err }

package/lib/req/request.js

@@ -41,8 +41,7 @@ class Request extends require('./event') {
       if (q.INSERT) return this._set ('path', _path4 (q.INSERT,'into'))
       if (q.UPSERT) return this._set ('path', _path4 (q.UPSERT,'into'))
       if (q.UPDATE) return this._set ('path', _path4 (q.UPDATE,'entity'))
-      if (q.DELETE) return this._set ('path', _path4 (q.DELETE,'from'))
-      if (q.STREAM) return this._set ('path', _path4 (q.STREAM,'from') || _path4 (q.STREAM,'into'))
+      if (q.DELETE) return this._set ('path', _path4 (q.DELETE,'from'))      
     }
     const {_} = this
     if (_.target) return this._set ('path', _.target.name)
@@ -66,8 +65,7 @@ class Request extends require('./event') {
       q?.INSERT?.into ||
       q?.UPSERT?.into ||
       q?.UPDATE?.entity ||
-      q?.DELETE?.from ||
-      q?.STREAM?.from || q?.STREAM?.into
+      q?.DELETE?.from
     )
 
     const {target} = this; if (!target) return undefined
@@ -171,8 +169,7 @@ const Http2Crud = {
   DELETE: 'DELETE',
 }
 
-const SQL2Crud = {
-  STREAM:   'STREAM',
+const SQL2Crud = {  
   SELECT:   'READ',
   INSERT:   'CREATE',
   UPSERT:   'UPSERT',

package/lib/srv/middlewares/trace.js

@@ -55,9 +55,9 @@ function _instrument_cds_services (_get_perf) {
     const perf = _get_perf(req)
     if (perf) {
       const pe = perf.log (this.name, '-', req.event, req.path||'')
-      var _done = r => { perf.done(pe); return r }
+      var _done = () => perf.done(pe)
     }
-    return handle.apply (this, arguments) .then (_done)
+    return handle.apply (this, arguments) .finally (_done)
   }
 }
 

package/lib/srv/protocols/hcql.js

@@ -1,37 +1,51 @@
-const cds = require('../../index'), { decodeURIComponent } = cds.utils
-const LOG = cds.log('hcql')
 const express = require('express') // eslint-disable-line cds/no-missing-dependencies
+const cds = require('../../index')
 
-module.exports = function HCQLAdapter (srv) {
-
-  return express.Router()
-  .use(express.json()) //> for application/json -> cqn
-  .use(express.text()) //> for text/plain -> cql -> cqn
-
-  /** Returns CSN schema in response to /<srv>/$csn requests */
-  .get('/\\$csn', (_, res) => {
-    let csn = cds.minify (cds.model, { service: srv.name })
-    res.json(csn)
-  })
-
-  /** Convenience route for REST-style request formats like that: */
-  .get('/:entity/:id?(%20:tail)?', (req, _, next) => {
-    let { entity, id, tail } = req.params, q = SELECT.from(entity, id)
-    if (is_string(req.body)) tail = req.body
-    else if (is_array(req.body)) q.columns(req.body)
-    else Object.assign(q.SELECT, req.body)
-    if (tail) q = { SELECT: { ...CQL(`SELECT from _ ${tail}`).SELECT, ...q.SELECT } }
-    req.body = q; next() // delegating to main handler
-  })
-
-  /** The actual protocol adapter. */
-  .use((req, res, next) => {
-    let q = req.body; if (is_string(q)) q = CQL(q)
-    LOG.info (req.method, decodeURIComponent(req.originalUrl), { ...q })
-    return srv.run(q).then(r => res.json(r)).catch(next)
-  })
+class HCQLAdapter extends require('./http') {
 
+  schema4 (srv) {
+    return cds.minify (cds.model, { service: srv.name })
+  }
+
+  router4 (srv) { return super.router4 (srv)
+
+    /** Return CSN schema in response to /<srv>/$csn requests */
+    .get('/\\$csn', (_, res) => res.json (this.schema4(srv)))
+
+    .use(express.json()) //> for application/json -> cqn
+    .use(express.text()) //> for text/plain -> cql -> cqn
+
+    /**
+     * Convenience route for REST-style request formats like that:
+     * GET /browse/Books { ID, title, author.name as author } where stock < 100
+     * GET /browse/Books/201 { ID, title, author.name as author }
+     */
+    .get('/:entity/:id?(%20:tail)?', (req, _, next) => {
+      let { entity, id, tail } = req.params, q = SELECT.from(entity, id)
+      if (is_string(req.body)) tail = req.body
+      else if (is_array(req.body)) q.columns(req.body)
+      else Object.assign(q.SELECT, req.body)
+      if (tail) q = { SELECT: { ...CQL(`SELECT from _ ${tail}`).SELECT, ...q.SELECT } }
+      req.body = q; next() // delegating to main handler
+    })
+
+    /**
+     * The actual protocol adapter, handling all requests.
+     */
+    .use((req, res, next) => {
+      let q = this.query4(req)
+      this.log(req,q)
+      return srv.run(q).then(r => res.json(r)).catch(next)
+    })
+  }
+
+  query4 (req) {
+    if (typeof req.body === 'string') return cds.parse.cql (req.body)
+    return req.body //> a plain CQN object
+  }
 }
 
 const is_string = x => typeof x === 'string'
 const is_array = Array.isArray
+
+module.exports = HCQLAdapter

package/lib/srv/protocols/http.js

@@ -0,0 +1,60 @@
+const express = require('express') // eslint-disable-line cds/no-missing-dependencies
+const cds = require('../../index')
+const { inspect } = require('util')
+
+
+module.exports = class HttpAdapter {
+
+  constructor (srv) {
+    this.kind = this.constructor.name.replace(/Adapter$/,'').toLowerCase()
+    this.log = cds.log (this.kind)
+    return this.router4 (srv)
+  }
+
+  router4 (srv) {
+    return express.Router()
+    .use(this.early_access_check4(srv))
+  }
+
+  log (req, cqn) {
+    this.log.info (req.method, decodeURIComponent(req.originalUrl), inspect(cqn,{colors:true,depth:11}))
+  }
+
+  /** Does early checks on required roles to reject early */
+  early_access_check4 (srv) {
+
+    // Resolve required roles statically once....
+    const d = srv.definition
+    const roles = d['@requires'] || d['@restrict']?.map(r => r.to).flat()
+    || cds.env.requires.auth?.restrict_all_services !== false && ['authenticated-user']
+
+    // ... and return a handler function accordingly -> PROBLEM: Extensibility
+    if (!roles) return (req, res, next) => next() //> no handlers required
+
+    const required_roles = Array.isArray(roles) ? roles : [roles]
+    return function early_access_check (req, res, next) {
+      let u = req.user; if (!u?.is) u = new cds.User(u) // revisit
+      if (required_roles.some(r => u.is(r))) return next()
+      // Following demonstrates how to directly send responses from here...
+      // However, in order to allow others to plug in error handlers throwing errors is better.
+      // For example, also for ourselves to obfucscate error details in production mode.
+      // throw cds.error ({ status: 403, code: 'REQUIRES_AUTH_USER', details: `Requires any of [ ${roles} ]` })
+      if (!u._is_anonymous) return res.status(403).send(`User '${u.id}' is lacking required roles: [ ${roles} ]`)
+      else if (!req._login) return res.status(401).send('Requires authenticated user')
+      else return req._login()
+    }
+  }
+}
+
+/*
+function MTXRouter (srv) {
+  this.routers = {
+    t1_fta: 'new HCQLAdapter(srv.for(t1))',
+    t1_fta_ftb: 'new HCQLAdapter(srv.for(t1))',
+    t2: 'new HCQLAdapter(srv.for(t2))',
+  }
+  return express.Router().use((req,res,next) => {
+    return this.routers[req.tenant].handle(req,res,next)
+  })
+}
+*/

package/lib/srv/protocols/index.js

@@ -185,12 +185,5 @@ const _slugified = name => (
 )
 
 
-const using_old_paths = (path) => `PLEASE NOTE:\n
-  With @sap/cds version 7, default service paths have changed to '${path}/<srv>'.
-  If you use SAP Fiori Elements, make sure to adapt the 'dataSources.uri' paths
-  in 'manifest.json' files accordingly. For more information, see the release notes at
-  https://cap.cloud.sap/docs/releases/jun23.
-`
-
 module.exports = new Protocols
 if (!cds.requires.middlewares) require('./_legacy')

package/lib/srv/protocols/odata-v4.js

@@ -29,10 +29,16 @@ module.exports = function ODataAdapter(srv) {
     router.use(/^\/$/, require('../../../libx/odata/service-document')(srv))
     router.use('/\\$metadata', require('../../../libx/odata/metadata')(srv))
     router.get('*', require('../../../libx/odata/read')(srv))
+    router.delete('*', require('../../../libx/odata/delete')(srv))
+    // REVISIT do we want to build our own body parser logic?
+    router.use(express.json())
+    router.post('*', require('../../../libx/odata/create')(srv))
+    router.put('*', require('../../../libx/odata/update')(srv))
+    router.patch('*', require('../../../libx/odata/update')(srv))
     router.use(require('../../../libx/odata/error')(srv))
+  } else {
+    router.use(libx.to.odata_v4(srv))
   }
 
-  router.use(libx.to.odata_v4(srv))
-
   return router
 }