@sap/cds 7.5.3 → 7.6.2

package/libx/_runtime/sqlite/Service.js

@@ -39,7 +39,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
 
     // REVISIT: official db api
     this._insert = this._queries.insert(execute.insert)
-    this._read = this._queries.read(execute.select, execute.stream)
+    this._read = this._queries.read(execute.select, execute.stream, execute.convert)
     this._update = this._queries.update(execute.update, execute.select)
     this._delete = this._queries.delete(execute.delete, execute.update)
     this._run = this._queries.run(this._insert, this._read, this._update, this._delete, execute.cqn, execute.sql)

package/libx/_runtime/sqlite/execute.js

@@ -9,6 +9,7 @@ const cds = require('../cds')
 const LOG = cds.log('sqlite|db|sql')
 // && {_debug:true, debug(sql){ cds._debug && console.log(sql+';\n') }} //> please keep that for debugging stakeholder tests
 const coloredTxCommands = require('../db/utils/coloredTxCommands')
+const { convertStream } = require('../db/utils/stream')
 const { inspect } = require('util')
 
 const SANITIZE_VALUES = process.env.NODE_ENV === 'production' && cds.env.log.sanitize_values !== false
@@ -234,10 +235,12 @@ function executeInsertSQL(dbc, sql, values, query) {
   })
 }
 
-function _convertStreamValues(values) {
+// REVISIT: optimize - now sub-arrays are called sequentially
+async function _convertStreamValues(values) {
   let any
-  values.forEach((v, i) => {
-    if (v && typeof v.pipe === 'function') {
+  for (let i = 0; i < values.length; i++) {
+    const v = values[i]
+    if (v instanceof Readable) {
       any = values[i] = new Promise(resolve => {
         const chunks = []
         v.on('data', chunk => chunks.push(chunk))
@@ -247,8 +250,10 @@ function _convertStreamValues(values) {
           v.push(null)
         })
       })
+    } else if (Array.isArray(v)) {
+      values[i] = await _convertStreamValues(v)
     }
-  })
+  }
   return any ? Promise.all(values) : values
 }
 
@@ -295,13 +300,19 @@ function executeGenericCQN(model, dbc, cqn, user, locale, txTimestamp) {
   return executePlainSQL(dbc, sql, values)
 }
 
-async function executeSelectStreamCQN(model, dbc, query, user, locale, txTimestamp) {
+// REVISIT: consider deleting this function after removing stream_compat
+async function executeSelectStreamCQN({ model, dbc, query, user, locale, txTimestamp }) {
   const result = await executeSelectCQN(model, dbc, query, user, locale, txTimestamp)
 
   if (result == null || result.length === 0) {
     return
   }
 
+  if (!cds.env.features.stream_compat) {
+    convertStream(query.SELECT.columns, query.target, result, query.SELECT.one)
+    return result
+  }
+
   let val = Array.isArray(result) ? Object.values(result[0])[0] : Object.values(result)[0]
   if (val === null) {
     return null
@@ -323,6 +334,7 @@ module.exports = {
   update: executeUpdateCQN,
   select: executeSelectCQN,
   stream: executeSelectStreamCQN,
+  convert: convertStream,
   cqn: executeGenericCQN,
   sql: executePlainSQL
 }

package/libx/odata/afterburner.js

@@ -4,6 +4,7 @@ const { where2obj, resolveFromSelect } = require('../_runtime/common/utils/cqn')
 const { findCsnTargetFor } = require('../_runtime/common/utils/csn')
 const normalizeTimestamp = require('../_runtime/common/utils/normalizeTimestamp')
 const { rewriteExpandAsterisk } = require('../_runtime/common/utils/rewriteAsterisks')
+const resolveStructured = require('../_runtime/common/utils/resolveStructured')
 
 const _addKeysDeep = (keys, keysCollector, ignoreManagedBacklinks) => {
   for (const keyName in keys) {
@@ -44,21 +45,20 @@ function _getDefinition(definition, name, namespace) {
   )
 }
 
-function _resolveAliasInParams(params, entity) {
-  if (!entity._alias2ref) return
-  const paramKeys = Object.keys(params)
-  for (const paramKey of paramKeys) {
-    if (entity._alias2ref[paramKey]) {
-      params[entity._alias2ref[paramKey].join('_')] = params[paramKey]
-      params[paramKey] = undefined
-    }
-  }
-}
-
 function _resolveAliasesInRef(ref, target) {
   if (ref.length === 1) {
     if (target.keys[ref[0]]) return ref
-    if (target._alias2ref && target._alias2ref[ref[0]]) return [...target._alias2ref[ref[0]]]
+    // resolve multi-part refs for innermost ref in url
+    if (target._flattenedKeys === undefined) {
+      const flattenedKeys = []
+      for (const key in target.keys) {
+        if (!target.keys[key].elements) continue
+        flattenedKeys.push(...resolveStructured({ element: target.keys[key], structProperties: [] }, false, true))
+      }
+      target._flattenedKeys = flattenedKeys.length ? flattenedKeys : null
+    }
+    const fk = target._flattenedKeys?.find(fk => fk.key === ref[0])
+    if (fk) return [...fk.resolved]
   }
   for (const seg of ref) {
     target = target.elements[seg.id || seg]
@@ -143,7 +143,7 @@ function _processWhere(where, entity) {
 
     if (operator in forbidden) {
       // xpr check needs to be done first, else it could happen, that we ignore xpr OR xpr
-      continue;
+      continue
     }
 
     let valIndex = -1
@@ -216,7 +216,7 @@ function _processSegments(from, model, namespace, cqn) {
   let incompleteKeys = false
   let one
   let target
-  
+
   function _handleCollectionBoundActions(i) {
     let action
     if (current.actions) {
@@ -224,9 +224,9 @@ function _processSegments(from, model, namespace, cqn) {
       const shortName = nextRef && nextRef.replace(namespace + '.', '')
       action = shortName && current.actions[shortName]
     }
-  
+
     incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
-  
+
     if (incompleteKeys && action) {
       if (
         action['@cds.odata.bindingparameter.collection'] ||
@@ -239,7 +239,7 @@ function _processSegments(from, model, namespace, cqn) {
       }
     }
   }
-  
+
   for (let i = 0; i < ref.length; i++) {
     const seg = ref[i].id || ref[i]
     const whereRef = ref[i].where
@@ -286,7 +286,6 @@ function _processSegments(from, model, namespace, cqn) {
         if (whereRef) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
           _resolveAliasesInXpr(ref[i].where, current)
-          _resolveAliasInParams(params, current)
           _processWhere(ref[i].where, current)
         }
 
@@ -320,7 +319,6 @@ function _processSegments(from, model, namespace, cqn) {
         if (whereRef) {
           keyCount += addRefToWhereIfNecessary(whereRef, current)
           _resolveAliasesInXpr(whereRef, current)
-          _resolveAliasInParams(params, current)
           // in case of Foo(1), params will be {} (before addRefToWhereIfNecessary was called)
           if (!Object.keys(params).length) params = where2obj(ref[i].where)
           _processWhere(ref[i].where, current)
@@ -513,6 +511,41 @@ const _checkAllKeysProvided = (params, entity) => {
   }
 }
 
+function _cleanupIgnoredXpr(xpr, ignoredColumns, target, isOne) {
+  if (!xpr) return
+
+  for (const x of xpr) {
+    if (x.xpr) {
+      _cleanupIgnoredXpr(x.xpr, ignoredColumns, target, isOne)
+      continue
+    }
+
+    if (x.ref && ignoredColumns.includes(x.ref[0])) {
+      cds.error(
+        `Property '${x.ref}' does not exist in type '${
+          isOne ? target.name.replace(`${target._service.name}.`, '') : target.name
+        }'`,
+        {
+          code: 400
+        }
+      )
+    }
+
+    if (x.func) {
+      _cleanupIgnoredXpr(x.args, ignoredColumns, target, isOne)
+      continue
+    }
+  }
+}
+
+function _cleanupIgnored(SELECT, ignoredColumns, target, isOne) {
+  _cleanupIgnoredXpr(SELECT.columns, ignoredColumns, target, isOne)
+  _cleanupIgnoredXpr(SELECT.orderBy, ignoredColumns, target, isOne)
+  _cleanupIgnoredXpr(SELECT.where, ignoredColumns, target, isOne)
+  _cleanupIgnoredXpr(SELECT.groupBy, ignoredColumns, target, isOne)
+  _cleanupIgnoredXpr(SELECT.having, ignoredColumns, target, isOne)
+}
+
 function _4service(service) {
   const { namespace, model } = service
   if (!model) return cqn => cqn
@@ -563,6 +596,12 @@ function _4service(service) {
      */
     _processColumns(cqn, current)
 
+    const ignoredColumns = Object.values(root.elements ?? {})
+      .filter(element => element['@cds.api.ignore'])
+      .map(element => element.name)
+
+    _cleanupIgnored(cqn.SELECT, ignoredColumns, root, one)
+
     return cqn
   }
 }

package/libx/odata/cqn2odata.js

@@ -177,7 +177,12 @@ function _xpr(expr, target, kind, isLambda) {
       } else if (_isLambda(cur, expr[i + 1])) {
         const { where, id } = expr[i + 1].ref.slice(-1)[0]
         const nav = [...expr[i + 1].ref.slice(0, -1), id].join('/')
-        if (!where) res.push(`${nav}/any()`)
+        // odata-v2 does not support lambda expressions but successfactors allows filter like for to-one assocs
+        if (kind === 'odata-v2') {
+          cds.log('remote').info(`OData V2 does not support lambda expressions. Using path expression as best effort.`)
+          isLambda = false
+          res.push(`${id}%2F${_xpr(where, target, kind)}`)
+        } else if (!where) res.push(`${nav}/any()`)
         else res.push(`${nav}/any(${LAMBDA_VARIABLE}:${_xpr(where, target, kind, true)})`)
         i++
       } else {
@@ -216,13 +221,6 @@ const _keysOfWhere = (where, kind, target) => {
   const res = []
   for (const cur of where) {
     if (hasValidProps(cur, 'ref')) {
-      if (target && target._alias2ref) {
-        const alias = target._alias2ref.__2alias[cur.ref.join('/')]
-        if (alias) {
-          res.push(_format({ ref: [alias] }))
-          continue
-        }
-      }
       res.push(_format(cur))
     } else if (hasValidProps(cur, 'val')) {
       // find previous ref

package/libx/odata/create.js

@@ -0,0 +1,44 @@
+const cds = require('../../')
+const { odataError } = require('./utils')
+const { INSERT } = require('../../lib/ql/cds-ql')
+const { readAfterWrite } = require('../_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite')
+const metaInfo = require('../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
+const { toODataResult } = require('./result')
+
+module.exports = srv =>
+  function create(req, res, next) {
+    const query = cds.odata.parse(req.url, { service: srv, baseUrl: req.baseUrl })
+
+    const {
+      SELECT: { one }
+    } = query
+
+    if (one) {
+      const singleton = query.target._isSingleton
+      const error = odataError('405', `Method ${req.method} not allowed for ${singleton ? 'SINGLETON' : 'ENTITY'}`)
+      return res.status(405).json(error)
+    }
+
+    const queryPathXpr = query.SELECT?.from
+
+    const insertQuery = INSERT.into(queryPathXpr).entries(req.body)
+
+    const cdsReq = new cds.Request({ query: insertQuery })
+    return srv
+      .dispatch(cdsReq)
+      .then(async result => {
+        if (cdsReq._.readAfterWrite) {
+          // TODO see if in old odata impl for other checks that should happen
+          result = await readAfterWrite(cdsReq, srv, { operation: { result } })
+        }
+
+        if (result == null) {
+          res.status(204)
+        }
+
+        const info = metaInfo(insertQuery, 'CREATE', srv, req.body, req, false)
+
+        return res.status(201).send(toODataResult(result, info))
+      })
+      .catch(next)
+  }

package/libx/odata/delete.js

@@ -0,0 +1,25 @@
+const cds = require('../../')
+const { odataError } = require('./utils')
+
+module.exports = srv =>
+  function deleete(req, res, next) {
+    const query = cds.odata.parse(req.url, { service: srv, baseUrl: req.baseUrl })
+
+    let {
+      SELECT: { one }
+    } = query
+
+    if (!one) {
+      return res.status(405).json(odataError('405', `Method DELETE not allowed for ENTITY.COLLECTION`))
+    }
+
+    const _target = query.SELECT && query.SELECT.from
+    const deleteQuery = DELETE.from(_target)
+
+    return srv
+      .run(deleteQuery)
+      .then(() => {
+        return res.send(204)
+      })
+      .catch(next)
+  }

package/libx/odata/error.js

@@ -1,6 +1,11 @@
-module.exports = srv => (err, req, res, next) => {
-  if (err.code >= 400 && err.code < 500) {
-    return res.status(err.code).send(err.message)
+const { normalizeError } = require('../_runtime/common/error/frontend')
+const { odataError } = require('./utils')
+
+module.exports = _srv => (err, req, res, _next) => {
+  const { error, statusCode } = normalizeError(err, req)
+
+  if (statusCode >= 400 && statusCode < 500) {
+    return res.status(statusCode).json(odataError(`${err.code}`, error.message))
   }
 
   return res.status(500).send('Internal Server Error')

package/libx/odata/metadata.js

@@ -1,7 +1,7 @@
 const cds = require('../../lib')
 const LOG = cds.log('odata')
 const crypto = require('crypto')
-const { join } = require('path')
+const { odataError } = require('./utils')
 
 const _requestedFormat = (queryOption, header) => {
   if (queryOption) return queryOption.match(/json/i) ? 'json' : 'xml'
@@ -43,18 +43,16 @@ const generateEtag = s => {
   return `W/"${crypto.createHash('sha256').update(s).digest('base64')}"`
 }
 
-const odata_error = (code, message) => ({ error: { code, message } })
-
 const mpSupportsEmptyLocale = () => {
   const pkg = require(require.resolve('@sap/cds-mtxs/package.json'))
   const [major, minor] = pkg.version.split('.').map(Number)
-  return major > 1 || major === 1 && minor >= 12
+  return major > 1 || (major === 1 && minor >= 12)
 }
 
 module.exports = srv =>
-  async function metadata(req, res, next) {
+  async function metadata(req, res, _next) {
     if (req.method !== 'GET')
-      return res.status(405).json(odata_error('METHOD_NOT_ALLOWED', `Method ${req.method} not allowed for $metadata.`))
+      return res.status(405).json(odataError('METHOD_NOT_ALLOWED', `Method ${req.method} not allowed for $metadata.`))
 
     const tenant = cds.context.tenant
     const locale = cds.context.locale
@@ -82,7 +80,7 @@ module.exports = srv =>
         res
           .status(400)
           .json(
-            odata_error(
+            odataError(
               'UNSUPPORTED_METADATA_TYPE',
               'JSON metadata is not supported if cds.requires.extensibilty: true.'
             )
@@ -113,7 +111,7 @@ module.exports = srv =>
           LOG.error(e)
         }
 
-        return res.status(503).json(odata_error('SERVICE_UNAVAILABLE', 'Service unavailable'))
+        return res.status(503).json(odataError('SERVICE_UNAVAILABLE', 'Service unavailable'))
       }
     }
 

package/libx/odata/service-document.js

@@ -15,7 +15,7 @@ const generateEtag = s => {
 }
 
 module.exports = srv =>
-  function service_document(req, res, next) {
+  function service_document(req, res) {
     if (req.method === 'HEAD') return res.end()
     if (req.method !== 'GET')
       return res.status(405).json({

package/libx/odata/update.js

@@ -0,0 +1,110 @@
+const cds = require('../../')
+const metaInfo = require('../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
+const { readAfterWrite } = require('../_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite')
+const { where2obj } = require('../_runtime/common/utils/cqn')
+const { toODataResult } = require('./result')
+const { odataError } = require('./utils')
+
+const _isUpsertAllowed = ({ target, data, event }) => {
+  return (
+    !(cds.env.runtime && cds.env.runtime.allow_upsert === false) &&
+    !(target && target._isDraftEnabled && (!cds.env.fiori.lean_draft || (!data.IsActiveEntity && event === 'PATCH')))
+  )
+}
+
+const _isNavigationWithKeyInParent = (keys, data, pathExpression, model) => {
+  // keys not in data
+  if (keys && Object.keys(keys).some(key => key in data)) {
+    return false
+  }
+
+  const nav = pathExpression.ref && pathExpression.ref.length !== 0 && pathExpression.ref[1]
+  const parent = pathExpression.ref && pathExpression.ref[0].id
+
+  // not a navigation
+  if (!parent || !nav) {
+    return false
+  }
+
+  const navID = typeof nav === 'string' ? nav : nav.id
+  const navElement = model.definitions[parent].elements[navID]
+
+  // not a containment
+  if (!navElement._isContained) {
+    return false
+  }
+
+  const where = pathExpression.ref[0].where
+  return parent && navElement && where
+}
+
+module.exports = srv =>
+  function update(req, res, next) {
+    const query = cds.odata.parse(req.url, { service: srv, baseUrl: req.baseUrl })
+
+    const {
+      SELECT: { one }
+    } = query
+
+    if (!one) {
+      return res.status(405).json(odataError('405', `Method ${req.method} not allowed for ENTITY.COLLECTION`))
+    }
+
+    const queryPathXpr = query.SELECT && query.SELECT.from
+
+    const isPrimitive = query._propertyAccess
+    const data = isPrimitive ? { [query._propertyAccess]: req.body.value } : req.body
+
+    const updateQuery = UPDATE.entity(queryPathXpr).with(data)
+
+    // we need the cds request, so we can access req._.readAfterWrite
+    const cdsReq = new cds.Request({ query: updateQuery })
+
+    const info = metaInfo(query, 'UPDATE', srv, data, req, false)
+
+    if (!isPrimitive && queryPathXpr.ref?.[queryPathXpr.ref.length - 1].where) {
+      Object.assign(data, where2obj(queryPathXpr.ref?.[queryPathXpr.ref.length - 1].where))
+    }
+
+    return srv
+      .dispatch(cdsReq)
+      .then(async result => {
+        if (!isPrimitive && cdsReq._.readAfterWrite) {
+          // TODO see if in old odata impl for other checks that should happen
+          result = await readAfterWrite(cdsReq, srv, { operation: { result } })
+        }
+
+        if (result == null) {
+          res.status(204)
+        }
+
+        return res.send(toODataResult(result, info))
+      })
+      .catch(async e => {
+        // UPSERT
+        const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
+        if (is404 && !isPrimitive && _isUpsertAllowed({ target: query.target, data: req.body, event: req.method })) {
+          // PUT / PATCH with if-match header means "only if already exists", i.e., no insert if not
+          if (req.headers['if-match']) throw Object.assign(new Error('412'), { statusCode: 412 })
+
+          if (_isNavigationWithKeyInParent(query.target.keys, data, queryPathXpr, srv.model)) {
+            // REVISIT better error message
+            return res.status(422).json(odataError('422', `Unprocessable Entity`))
+          }
+
+          // REVISIT: up_XX needs to be looked up -> composition of aspect
+          const insertQuery = INSERT.into(queryPathXpr).entries(data)
+          const cdsReq = new cds.Request({ query: insertQuery })
+          let result = await srv.dispatch(cdsReq)
+
+          if (cdsReq._.readAfterWrite) {
+            // TODO see if in old odata impl for other checks that should happen
+            result = await readAfterWrite(cdsReq, srv, { operation: { result } })
+          }
+
+          return res.status(201).send(toODataResult(result, info))
+        }
+        throw e
+      })
+      .catch(next)
+  }

package/libx/odata/utils.js

@@ -3,18 +3,20 @@ const cds = require('../_runtime/cds')
 
 const MATH_FUNC = { round: 1, floor: 1, ceiling: 1 }
 
+const odataError = (code, message) => ({ error: { code, message } })
+
 const getSafeNumber = inputString => {
   if (typeof inputString !== 'string') return inputString
   // Try to parse the input string as a floating-point number using parseFloat
   const parsedFloat = parseFloat(inputString)
-    
+
   // Check if the parsed value is not NaN and is equal to the original input string
   if (!isNaN(parsedFloat) && String(parsedFloat) === inputString) {
     return parsedFloat
-  } 
-  
+  }
+
   // Try to parse the input string as an integer using parseInt
-  const parsedInt = parseInt(inputString);
+  const parsedInt = parseInt(inputString)
   // special case like '3.00000000000001', the precision is not lost and string is returned
   if (!isNaN(parsedInt) && String(parsedInt) === inputString.replace(/^-?\d+\.0+$/, inputString.split('.')[0])) {
     return parsedInt
@@ -156,7 +158,7 @@ const _v4 = (val, element) => {
 const formatVal = (val, elementName, csnTarget, kind, func, literal) => {
   if (val === null || val === 'null') return 'null'
   if (typeof val === 'boolean') return val
-  if (typeof val === 'string' && literal === 'number' ) return `${val}`
+  if (typeof val === 'string' && literal === 'number') return `${val}`
   if (typeof val === 'string') {
     if (!csnTarget && UUID.test(val)) return kind === 'odata-v2' ? `guid'${val}'` : val
     if (func in MATH_FUNC) return val
@@ -231,5 +233,6 @@ const skipToken = (token, cqn) => {
 module.exports = {
   getSafeNumber,
   formatVal,
-  skipToken
+  skipToken,
+  odataError
 }