@sap/cds 7.6.4 → 7.7.1

package/libx/_runtime/common/utils/stream.js

@@ -117,25 +117,11 @@ const enhanceStreamResult = async (req, query, result, model) => {
 }
 
 const pick = element => {
-  return element['@Core.IsURL']
+  return element['@Core.IsURL'] || element['@Core.MediaType']
 }
 
 const processFn = ({ row, key }) => {
-  row[`${key}@odata.mediaReadLink`] = row[key]
   delete row[key]
 }
 
-function transformRedirectProperties(req, service, result) {
-  if (!result) return
-  if (!Array.isArray(result)) result = [result]
-  if (result.length === 0) return
-
-  const template = getTemplate('redirect-properties', service, req.target, { pick })
-  if (template && template.elements.size) {
-    for (const row of result) {
-      templateProcessor({ processFn, row, template })
-    }
-  }
-}
-
-module.exports = { enhanceStreamResult, transformRedirectProperties }
+module.exports = { enhanceStreamResult }

package/libx/_runtime/common/utils/streamProp.js

@@ -2,7 +2,8 @@ const cds = require('../../cds')
 const { ensureNoDraftsSuffix, ensureUnlocalized } = require('../../fiori/utils/handler')
 const { isDuplicate } = require('./rewriteAsterisks')
 
-const _addColumn = (name, type, columns) => {
+const _addColumn = (name, type, columns, url) => {
+  if (cds.env.features.odata_new_adapter) return
   if (typeof type === 'object') {
     let mType = type['='].replaceAll(/\./g, '_')
     const ref = {
@@ -14,13 +15,22 @@ const _addColumn = (name, type, columns) => {
     const val = { val: type, as: `${name}@odata.mediaContentType` }
     if (!columns.find(isDuplicate(val))) columns.push(val)
   }
+
+  if (url) {
+    const ref = {
+      ref: [name],
+      as: `${name}@odata.mediaReadLink`
+    }
+    if (!columns.find(isDuplicate(ref))) columns.push(ref)
+  }
 }
 
 const _addColumns = (target, columns) => {
+  if (cds.env.features.odata_new_adapter) return
   for (const k in target.elements) {
     const el = target.elements[k]
     if (el['@Core.MediaType']) {
-      _addColumn(el.name, el['@Core.MediaType'], columns)
+      _addColumn(el.name, el['@Core.MediaType'], columns, el['@Core.IsURL'])
     }
   }
 }
@@ -38,11 +48,11 @@ const handleStreamProperties = (target, columns, model) => {
 
     if (col === '*') {
       _addColumns(target, columns)
-    } else if (col.ref && type === 'cds.LargeBinary') {
+    } else if (col.ref && (type === 'cds.LargeBinary' || mediaType)) {
       if (mediaType) {
-        _addColumn(name, mediaType, columns)
-      }
-      if ((mediaType || !cds.env.features.stream_compat) && !element['@Core.IsURL']) {
+        _addColumn(name, mediaType, columns, element['@Core.IsURL'])
+        columns.splice(index, 1)
+      } else if (!cds.env.features.stream_compat) {
         columns.splice(index, 1)
       }
     } else if (col.expand && col.ref) {

package/libx/_runtime/common/utils/ucsn.js

@@ -100,6 +100,7 @@ const _cleanup = (row, definition, cleanupNull, cleanupStruct, errors, prefix =
   }
 }
 
+// REVISIT: when needed?
 function convertStructured(service, definition, data, { cleanupNull = false, cleanupStruct = false, errors } = {}) {
   if (!definition) return
   // REVISIT check `structs` mode only for now as uCSN is not yet available

package/libx/_runtime/db/expand/expandCQNToJoin.js

@@ -803,7 +803,7 @@ class JoinCQNFromExpanded {
       return 'DRAFT.DraftAdministrativeData'
     }
 
-    if (isActiveRequired && !defaultLanguage) {
+    if (this._SELECT.localized !== false && isActiveRequired && !defaultLanguage) {
       const locale = this._locale ? `${this._locale}.` : ''
       const localized = `localized.${locale}${target}`
       if (this._csn.definitions[localized]) {

package/libx/_runtime/db/sql-builder/InsertBuilder.js

@@ -243,7 +243,7 @@ class InsertBuilder extends BaseBuilder {
     if (this.uuidKeys) {
       for (const key of this.uuidKeys) {
         if (!flattenColumnMap.get(key)) {
-          columns.push(...this.uuidKeys.map(key => this._quoteElement(key)))
+          columns.push(this._quoteElement(key))
         }
       }
     }

package/libx/_runtime/db/utils/columns.js

@@ -3,6 +3,10 @@ const resolveStructured = require('../../common/utils/resolveStructured')
 
 const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
 
+const _isStreamProperty = element => {
+  return element.type === 'cds.LargeBinary' || element['@Core.IsURL']
+}
+
 /**
  * This method gets all columns for an entity.
  * It includes the generated foreign keys from managed associations, structured elements and complex and custom types.
@@ -11,7 +15,7 @@ const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
  * @param entity - the csn entity
  * @returns {Array} - array of columns
  */
-const getColumns = (entity, { _4db, onlyKeys } = { _4db: true, onlyKeys: false }) => {
+const getColumns = (entity, { _4db, onlyKeys, omitStream } = { _4db: true, onlyKeys: false, omitStream: false }) => {
   // REVISIT is this correct or just a problem that occurs because of new structure we do not deal with yet?
   if (!(entity && entity.elements)) return []
   const columnNames = []
@@ -23,6 +27,7 @@ const getColumns = (entity, { _4db, onlyKeys } = { _4db: true, onlyKeys: false }
     const element = elements[elementName]
     if (element['@cds.api.ignore']) continue
     if (onlyKeys && !element.key) continue
+    if (omitStream && _isStreamProperty(element)) continue
     if (element.isAssociation) continue
     if (!lean_draft && _4db && entity._isDraftEnabled && elementName in DRAFT_COLUMNS_MAP) continue
     if (structs && element.elements) {

package/libx/_runtime/fiori/generic/activate.js

@@ -171,9 +171,17 @@ const fioriGenericActivate = async function (req, next) {
     })
   ])
 
-  // REVISIT: we need to use okra API here because it must be set in the batched request
-  // status code must be set in handler to allow overriding for FE V2
-  if (event === 'CREATE') req?._?.odataRes?.setStatusCode(201, { overwrite: true })
+  if (event === 'CREATE') {
+    // REVISIT: we need to use okra API here because it must be set in the batched request
+    //          status code must be set in handler to allow overriding for FE V2
+    // REVISIT: needs reworking for new adapter, especially re $batch
+    if (req._?.odataRes) {
+      req._?.odataRes?.setStatusCode(201, { overwrite: true })
+    } else if (req.http?.res) {
+      req.http.res.status(201)
+    }
+  }
+
   return result
 }
 

package/libx/_runtime/fiori/generic/edit.js

@@ -141,8 +141,14 @@ const fioriGenericEdit = async function (req, next) {
   await Promise.all(insertCQNs.map(CQN => dbtx.run(CQN)))
 
   // REVISIT: we need to use okra API here because it must be set in the batched request
-  // status code must be set in handler to allow overriding for FE V2
-  req?._?.odataRes?.setStatusCode(201, { overwrite: true })
+  //          status code must be set in handler to allow overriding for FE V2
+  // REVISIT: needs reworking for new adapter, especially re $batch
+  if (req._?.odataRes) {
+    req._?.odataRes?.setStatusCode(201, { overwrite: true })
+  } else if (req.http?.res) {
+    req.http.res.status(201)
+  }
+
   return results[0][0]
 }
 

package/libx/_runtime/fiori/lean-draft.js

@@ -8,31 +8,71 @@ const original = Symbol('original')
 const DRAFT_PARAMS = Symbol('draftParams')
 const AGGREGATION_FUNCTIONS = ['sum', 'min', 'max', 'avg', 'count']
 
+const calcTimeMs = timeout => {
+  const match = timeout.match(/^([0-9]+)(w|d|h|hrs|min)$/)
+  if (!match) return
+  const [, val, t] = match
+  switch (t) {
+    case 'w':
+      return val * 1000 * 3600 * 24 * 7
+    case 'd':
+      return val * 1000 * 3600 * 24
+    case 'h':
+    case 'hrs':
+      return val * 1000 * 3600
+    case 'min':
+      return val * 1000 * 60
+    default:
+      return val
+  }
+}
+
+const _config_to_ms = (config, _default) => {
+  const timeout = cds.env.fiori?.[config]
+  let timeout_ms
+  if (timeout === true) {
+    timeout_ms = calcTimeMs(_default)
+  } else if (typeof timeout === 'string') {
+    timeout_ms = calcTimeMs(timeout)
+    if (!timeout_ms)
+      throw new Error(`
+${timeout} is an invalid value for \`cds.fiori.${config}\`.
+Please provide a value in format /^([0-9]+)(w|d|h|hrs|min)$/.
+`)
+  } else {
+    timeout_ms = timeout
+  }
+
+  return timeout_ms
+}
+
 const DEL_TIMEOUT = {
   get value() {
-    const delTimeout = cds.env.fiori?.draft_deletion_timeout
-    const timeout = delTimeout && delTimeout !== false && delTimeout === true ? '30d' : delTimeout
-    let parts
-    if (typeof timeout === 'string') {
-      parts = timeout.match(/^([0-9]+)(d|h)$/)
-      if (!parts && !Number(timeout)) throw new Error('Invalid value for `cds.fiori.draft_deletion_timeout`')
+    const timeout_ms = _config_to_ms('draft_deletion_timeout', '30d')
+    Object.defineProperty(DEL_TIMEOUT, 'value', { value: timeout_ms })
+    return timeout_ms
+  }
+}
+
+const LOCK_TIMEOUT = {
+  get value() {
+    let timeout_ms = _config_to_ms('draft_lock_timeout', '15min')
+
+    const deprecated = cds.env.drafts?.cancellationTimeout // in min
+    if (deprecated) {
+      // in order to still support legacy use cases for tests, e. g. 0.000001
+      timeout_ms = deprecated * 1000 * 60
     }
-    const result =
-      parts && parts.length
-        ? parts[2] === 'd'
-          ? Number(parts[1]) * 1000 * 3600 * 24
-          : Number(parts[1]) * 1000 * 3600
-        : Number(timeout) || 0
-
-    Object.defineProperty(DEL_TIMEOUT, 'value', { value: result })
-    return result
+
+    Object.defineProperty(LOCK_TIMEOUT, 'value', { value: timeout_ms })
+    return timeout_ms
   }
 }
 
 const reject_bypassed_draft = req => {
   const msg =
     !cds.profiles?.includes('production') &&
-    '`cds.env.fiori.bypass_draft` must be enabled to support the directly modification of active instances.'
+    '`cds.env.fiori.bypass_draft` must be enabled or the entity must be annotated with `@odata.draft.bypass` to support the directly modification of active instances.'
   return req.reject(501, msg)
 }
 
@@ -116,13 +156,10 @@ const _inProcessByUserXpr = lockShiftedNow => ({
 
 const _lock = {
   get shiftedNow() {
-    return new Date(Math.max(0, Date.now() - DRAFT_CANCEL_TIMEOUT_IN_MIN() * 60 * 1000)).toISOString()
+    return new Date(Math.max(0, Date.now() - LOCK_TIMEOUT.value)).toISOString()
   }
 }
 
-const DRAFT_CANCEL_TIMEOUT_IN_MIN = () =>
-  (cds.env.drafts?.cancellationTimeout && Number(cds.env.drafts?.cancellationTimeout)) || 15
-
 const _redirectRefToDrafts = (ref, model) => {
   const [root, ...tail] = ref
   const draft = model.definitions[root.id || root].drafts
@@ -281,7 +318,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
   if (req.event === 'NEW' || req.event === 'CANCEL' || req.event === 'draftPrepare') {
     if (req.event === 'draftPrepare' && draftParams.IsActiveEntity) req.reject(400)
     if (req.event === 'NEW' && req.data?.IsActiveEntity === true) {
-      if (!cds.env.fiori.bypass_draft) return reject_bypassed_draft(req)
+      if (!cds.env.fiori.bypass_draft && !req.target['@odata.draft.bypass']) return reject_bypassed_draft(req)
       const containsDraftRoot =
         this.model.definitions[query.INSERT.into?.ref?.[0]?.id || query.INSERT.into?.ref?.[0] || query.INSERT.into][
           '@Common.DraftRoot.ActivationAction'
@@ -390,6 +427,19 @@ cds.ApplicationService.prototype.handle = async function (req) {
     const HasActiveEntity = res.HasActiveEntity
     delete res.HasActiveEntity
 
+    if (cds.env.features.cds_assert) {
+      const assertOptions = { path: [req.target.actions[req.event]['@cds.odata.bindingparameter.name'] || 'in'] }
+      const errs = cds.assert(res, req.target, assertOptions)
+      if (errs) {
+        if (errs.length === 1) throw Object.assign(errs[0], { '@Common.numericSeverity': 4 })
+        throw Object.assign(new Error('MULTIPLE_ERRORS'), {
+          statusCode: 400,
+          details: errs,
+          '@Common.numericSeverity': 4 //> TODO: should not be needed here
+        })
+      }
+    }
+
     // First run the handlers as they might need access to DraftAdministrativeData or the draft entities
     const result = await run(
       HasActiveEntity
@@ -402,12 +452,18 @@ cds.ApplicationService.prototype.handle = async function (req) {
       DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID: DraftAdministrativeData_DraftUUID })
     ])
 
-    if (!HasActiveEntity) req?._?.odataRes?.setStatusCode(201, { overwrite: true })
+    if (!HasActiveEntity) {
+      // REVISIT: we need to use okra API here because it must be set in the batched request
+      //          status code must be set in handler to allow overriding for FE V2
+      // REVISIT: needs reworking for new adapter, especially re $batch
+      if (req._?.odataRes) {
+        req._?.odataRes?.setStatusCode(201, { overwrite: true })
+      } else if (req.http?.res) {
+        req.http.res.status(201)
+      }
+    }
 
     return Object.assign(result, { IsActiveEntity: true })
-
-    // REVISIT: we need to use okra API here because it must be set in the batched request
-    // status code must be set in handler to allow overriding for FE V2
   }
 
   if (req.target.actions?.[req.event] && draftParams.IsActiveEntity === false) {
@@ -457,7 +513,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
 
     LOG.debug('patch active')
 
-    if (!cds.env.fiori.bypass_draft) return reject_bypassed_draft(req)
+    if (!cds.env.fiori.bypass_draft && !req.target['@odata.draft.bypass']) return reject_bypassed_draft(req)
 
     const entityRef = query.UPDATE.entity.ref
 
@@ -1056,7 +1112,10 @@ function _cleansed(query, model) {
       }
       if (ignoredElements.has(e) && xpr[i + 2]) {
         let { val } = xpr[i + 2]
-        draftParams[x.ref.join('_')] = xpr[i + 1] === '!=' ? (typeof val === 'boolean' ? !val : 'not ' + val) : val
+        const param = x.ref.join('_')
+        // outer-most parameters win
+        if (draftParams[param] === undefined)
+          draftParams[param] = xpr[i + 1] === '!=' ? (typeof val === 'boolean' ? !val : 'not ' + val) : val
         i += 2
         const last = cleansed[cleansed.length - 1]
         if (last === 'and' || last === 'or') cleansed.pop()
@@ -1298,7 +1357,7 @@ async function onEdit(req) {
   }
 
   if (!res) req.reject(404)
-  const preserveChanges = req.context?.data?.PreserveChanges
+  const preserveChanges = req.data?.PreserveChanges
   const inProcessByUser = draft?.DraftAdministrativeData?.InProcessByUser
 
   if (draft) {
@@ -1332,8 +1391,13 @@ async function onEdit(req) {
   await INSERT.into(targetDraft).entries(res)
 
   // REVISIT: we need to use okra API here because it must be set in the batched request
-  // status code must be set in handler to allow overriding for FE V2
-  req?._?.odataRes?.setStatusCode(201, { overwrite: true })
+  //          status code must be set in handler to allow overriding for FE V2
+  // REVISIT: needs reworking for new adapter, especially re $batch
+  if (req._?.odataRes) {
+    req._?.odataRes?.setStatusCode(201, { overwrite: true })
+  } else if (req.http?.res) {
+    req.http.res.status(201)
+  }
 
   return { ...res, IsActiveEntity: false } // REVISIT: Flatten?
 }

package/libx/_runtime/hana/execute.js

@@ -15,6 +15,7 @@ const {
   readStreamWithHdb
 } = require('./streaming')
 const { convertStream } = require('../db/utils/stream')
+const { isBase64String } = require('../../common/assert/utils')
 
 function _cqnToSQL(model, query, user, locale, txTimestamp) {
   return sqlFactory(
@@ -48,8 +49,6 @@ function _getBinaries(stmt) {
   }, [])
 }
 
-const BASE64 = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}={2})$/
-
 function _getProcedureNameAndSchema(sql) {
   // name delimited with "" allows any character
   const match = sql
@@ -142,9 +141,7 @@ function _executeAsPreparedStatement(dbc, sql, values, reject, resolve) {
         const vals = Array.isArray(values[0]) ? values : [values]
         for (const i of binaries) {
           for (const row of vals) {
-            if (row[i] && typeof row[i] === 'string' && row[i].match(BASE64)) {
-              row[i] = Buffer.from(row[i], 'base64')
-            }
+            if (row[i] && isBase64String(row[i])) row[i] = Buffer.from(row[i], 'base64')
           }
         }
       }

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -17,15 +17,15 @@ class EndpointRegistry {
     if (isSecured()) {
       if (cds.requires.auth.impl) {
         if (cds.env.requires.middlewares !== false) {
-          paths.forEach(path => cds.app.use(path, cds.middlewares.before)) // contains auth, trace, context
+          cds.app.use(basePath, cds.middlewares.before) // contains auth, trace, context
         } else {
           const impl = _require(cds.resolve(cds.requires.auth.impl))
-          paths.forEach(path => cds.app.use(path, impl))
+          cds.app.use(basePath, impl)
         }
       } else {
         if (cds.env.requires.middlewares !== false) {
           const jwt_auth = require('../../../../lib/auth/jwt-auth.js')
-          paths.forEach(path => cds.app.use(path, jwt_auth(cds.requires.auth)))
+          cds.app.use(basePath, jwt_auth(cds.requires.auth))
         } else {
           const JWTStrategy = require('../../auth/strategies/JWT.js')
           // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
@@ -33,28 +33,22 @@ class EndpointRegistry {
           // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
           //          In principle, user-facing endpoints might differ from messaging ones.
           passport.use(new JWTStrategy(cds.requires.auth.credentials))
-          paths.forEach(path => {
-            cds.app.use(path, passport.initialize())
-            cds.app.use(path, passport.authenticate('JWT', { session: false }))
-          })
+          cds.app.use(basePath, passport.initialize())
+          cds.app.use(basePath, passport.authenticate('JWT', { session: false }))
         }
       }
       // unsuccessful auth doesn't automatically reject!
-      paths.forEach(path => {
-        cds.app.use(path, (req, res, next) => {
-          // REVISIT: we should probably pass an error into next so that a (custom) error middleware can handle it
-          if (!req.user) res.status(401).json({ error: ODATA_UNAUTHORIZED })
-          next()
-        })
+      cds.app.use(basePath, (req, res, next) => {
+        // REVISIT: we should probably pass an error into next so that a (custom) error middleware can handle it
+        if (!req.user) res.status(401).json({ error: ODATA_UNAUTHORIZED })
+        next()
       })
     } else if (process.env.NODE_ENV === 'production') {
       LOG.warn('Messaging endpoints not secured')
     }
-    paths.forEach(path => {
-      cds.app.use(path, express.json({ type: 'application/*+json' }))
-      cds.app.use(path, express.json())
-      cds.app.use(path, express.urlencoded({ extended: true }))
-    })
+    cds.app.use(basePath, express.json({ type: 'application/*+json' }))
+    cds.app.use(basePath, express.json())
+    cds.app.use(basePath, express.urlencoded({ extended: true }))
     LOG._debug && LOG.debug('Register inbound endpoint', { basePath, method: 'OPTIONS' })
 
     // Clear cds.context as it would interfere with subsequent transactions
@@ -62,10 +56,6 @@ class EndpointRegistry {
       cds.context = undefined
       next()
     })
-    cds.app.use(deployPath, (_req, _res, next) => {
-      cds.context = undefined
-      next()
-    })
 
     cds.app.options(basePath, (req, res) => {
       try {

package/libx/_runtime/messaging/service.js

@@ -126,8 +126,12 @@ class MessagingService extends cds.Service {
       const subscribedEvent =
         this.subscribedTopics.get(_msg.event) ||
         (this.wildcarded && this.subscribedTopics.get(this.wildcarded(_msg.event)))
-      if (!subscribedEvent && !this._listenToAll.value)
-        throw new Error(`No handler for incoming message with topic '${_msg.event}' found.`)
+      if (!subscribedEvent && !this._listenToAll.value) {
+        const err = new Error(`No handler for incoming message with topic '${_msg.event}' found.`)
+        err.code = 'NO_HANDLER_FOUND' // consumers might want to react to that
+        throw err
+      }
+
       _msg.event = subscribedEvent || _msg.event
     }
     return _msg