@sap/cds 7.7.0 → 7.7.2

package/CHANGELOG.md

@@ -4,6 +4,23 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 7.7.2 - 2024-03-11
+
+### Fixed
+
+- Requests to actions/functions on entities in draft state via navigation.
+- PUT/PATCH with if-none-match: * forces insert
+
+## Version 7.7.1 - 2024-03-06
+
+### Fixed
+
+- JWT authentication for Event Mesh endpoints
+- `cds.log`'s json formatter: ensure `type` is set (required on kubernetes until CLS defaults this)
+- Erroneously generated foreign keys in `req.data` for UPDATE using path expressions
+- `INSERT.columns.rows` for multiple nested composition of aspects
+- Paths passed to `tar` on Windows are now normalized to use forward slashes.
+
 ## Version 7.7.0 - 2024-02-26
 
 ### Added

package/lib/compile/cds-compile.js

@@ -6,7 +6,6 @@ const compile = module.exports = Object.assign (cds_compile, {
   for: new class {
     get java(){ return super.java = require('./for/java') }
     get nodejs() { return super.nodejs = require('./for/nodejs') }
-    get drafts() { return super.drafts = require('./for/drafts') }
     get lean_drafts() { return super.lean_drafts = require('./for/lean_drafts') }
     get odata() { return super.odata = require('./for/odata') }
     get sql() { return super.sql = require('./for/sql') }

package/lib/compile/etc/_localized.js

@@ -98,21 +98,7 @@ function unfold_csn (m) { // NOSONAR
 }
 
 
-const _is_localized = (
-	!env.features._ucsn_ ? d => d.own('$localized') // as set by compiler in compile.for.odata
-	: (d,_path={}) => d.own('$localized', ()=>{    // calculate our own for effective CSNs
-		// if (d.elements.texts && d.elements.texts.target === `${d.name}.texts`) return d.set($localized,true)
-		if (!d.elements || d.name.endsWith('.texts')) return false
-		for (let each in d.elements) {
-			const e = d.elements [each]
-			if (e.localized || e._target && !(_path && e._target.name in _path) && _is_localized(e._target,Object.assign(_path, { [d.name]:1 }))) {
-				return true
-			}
-		}
-		return false
-	})
-)
-
+const _is_localized = d => d.own('$localized') // as set by compiler in compile.for.odata
 
 // feature-toggled exports
 module.exports = { unfold_csn, unfold_ddl }

package/lib/compile/for/java.js

@@ -1,9 +1,23 @@
+// The only entry point to produce CSNs consumed by the Java Runtime
+
 const cds = require ('../../index')
 
+// TODO: compiler functions to clarify - publish as individual API functions or
+// have a compiler API function for.java?
+function _4java (csn,o) {
+  const compile = require ('../cdsc');
+  const { addTenantFields } = require ('@sap/cds-compiler/lib/transform/addTenantFields');
+  const _4draft = require ('@sap/cds-compiler/lib/transform/draft/odata');
+  const dsn = JSON.parse (JSON.stringify (csn)) // REVISIT: workaround for bad test setup
+  o = compile._options.for.odata(o); // get compiler options, see compile.for.odata
+  if (o.tenantDiscriminator) addTenantFields (dsn, o);
+  return _4draft (dsn, o);
+}
+
 module.exports = function cds_compile_for_java (csn,o) {
   if ('_4java' in csn) return csn._4java
-  let dsn = csn // cds.minify (csn)
-  dsn = cds.compile.for.drafts (csn,o)
+  // cds.minify (csn) ?
+  const dsn = (!cds.env.features._ucsn_) ? cds.compile.for.odata (csn,o||{}) : _4java (csn,o||{});
   if (dsn.definitions) for (let [name,d] of Object.entries(dsn.definitions)) {
     // Add @cds.external to external services
     if (d.kind === 'service' && name in cds.requires) d['@cds.external'] = true
@@ -16,4 +30,4 @@ module.exports = function cds_compile_for_java (csn,o) {
   Object.defineProperty (csn, '_4java', {value:dsn})
   Object.defineProperty (dsn, '_4java', {value:dsn})
   return dsn
-}
+}

package/lib/compile/for/nodejs.js

@@ -6,7 +6,7 @@ module.exports = function cds_compile_for_nodejs (csn,o) {
   if ('_4nodejs' in csn) return csn._4nodejs
   TRACE?.time('cds.compile 4nodejs'.padEnd(22))
   let dsn = csn // cds.minify (csn)
-  dsn = cds.compile.for.drafts (csn,o) //> creates a partial copy -> avoid any cds.linked() before
+  dsn = cds.compile.for.odata (csn,o) //> creates a partial copy -> avoid any cds.linked() before
   dsn = unfold_csn (dsn)
   dsn = cds.linked (dsn)
   if (cds.env.fiori.lean_draft) cds.compile.for.lean_drafts(dsn, o)

package/lib/log/format/json.js

@@ -86,6 +86,9 @@ module.exports = function format(module, level, ...args) {
   // append remaining args via util.format()
   if (args.length) toLog.msg = toLog.msg ? util.format(toLog.msg, ...args) : util.format(...args)
 
+  // ensure type (required on kubernetes if logs are pulled instead of pushed through binding)
+  toLog.type ??= 'log'
+
   // REVISIT: should not be necessary with new protocol adapters
   // 4xx: lower to warning (if error)
   if (toLog.level && toLog.level.match(/error/i) && _is4xx(toLog)) toLog.level = 'warn'

package/lib/utils/tar.js

@@ -11,7 +11,7 @@ const _resolve = (...x) => path.resolve (cds.root,...x)
 // tar does not work properly on Windows (by npm/jest tests) w/o this change
 const win = path => {
   if (!path) return path
-  if (typeof path === 'string') return path.replace('C:', '//localhost/c$')
+  if (typeof path === 'string') return path.replace('C:', '//localhost/c$').replace(/\\+/g, '/')
   if (Array.isArray(path)) return path.map(el => win(el))
 }
 

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/update.js

@@ -101,7 +101,9 @@ const _updateThenCreate = async (req, odataReq, odataRes, tx) => {
     result = await tx.dispatch(req)
   } catch (e) {
     const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
-    if (is404 && _isUpsertAllowed(req)) {
+    const isForcedInsert =
+      (e.code === 412 || e.status === 412 || e.statusCode === 412) && req.headers['if-none-match'] === '*'
+    if ((is404 || isForcedInsert) && _isUpsertAllowed(req)) {
       // PUT/ PATCH with if-match header means "only if already exists", i.e., no insert if not
       if (req.headers['if-match'])
         throw Object.assign(new Error('412'), { statusCode: 412 })

package/libx/_runtime/common/utils/cqn.js

@@ -37,7 +37,7 @@ function where2obj(where, target = null, data = {}) {
     // optional validation if target is passed
     if (target) {
       const colEl = target.elements[colName]
-      if (!colEl || !(colEl.key || colEl.__foreignKey4)) continue
+      if (!colEl || !colEl.key) continue
     }
     const opWhere = where[i + 1]
     const valWhere = where[i + 2]

package/libx/_runtime/db/expand/expandCQNToJoin.js

@@ -803,7 +803,7 @@ class JoinCQNFromExpanded {
       return 'DRAFT.DraftAdministrativeData'
     }
 
-    if (isActiveRequired && !defaultLanguage) {
+    if (this._SELECT.localized !== false && isActiveRequired && !defaultLanguage) {
       const locale = this._locale ? `${this._locale}.` : ''
       const localized = `localized.${locale}${target}`
       if (this._csn.definitions[localized]) {

package/libx/_runtime/db/sql-builder/InsertBuilder.js

@@ -243,7 +243,7 @@ class InsertBuilder extends BaseBuilder {
     if (this.uuidKeys) {
       for (const key of this.uuidKeys) {
         if (!flattenColumnMap.get(key)) {
-          columns.push(...this.uuidKeys.map(key => this._quoteElement(key)))
+          columns.push(this._quoteElement(key))
         }
       }
     }

package/libx/_runtime/fiori/lean-draft.js

@@ -469,9 +469,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
   if (req.target.actions?.[req.event] && draftParams.IsActiveEntity === false) {
     if (query.SELECT?.from?.ref) query.SELECT.from.ref = _redirectRefToDrafts(query.SELECT.from.ref, this.model)
     const rootQuery = query.clone()
-    const columns = entity_keys(query._target).map(k => ({ ref: [k] }))
-    columns.push({ ref: ['DraftAdministrativeData'], expand: [{ ref: ['InProcessByUser'] }] })
-    rootQuery.SELECT.columns = columns
+    rootQuery.SELECT.columns = [{ ref: ['DraftAdministrativeData'], expand: [{ ref: ['InProcessByUser'] }] }]
     rootQuery.SELECT.one = true
     rootQuery.SELECT.from = { ref: [query.SELECT.from.ref[0]] }
     const root = await cds.run(rootQuery)

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -17,15 +17,15 @@ class EndpointRegistry {
     if (isSecured()) {
       if (cds.requires.auth.impl) {
         if (cds.env.requires.middlewares !== false) {
-          paths.forEach(path => cds.app.use(path, cds.middlewares.before)) // contains auth, trace, context
+          cds.app.use(basePath, cds.middlewares.before) // contains auth, trace, context
         } else {
           const impl = _require(cds.resolve(cds.requires.auth.impl))
-          paths.forEach(path => cds.app.use(path, impl))
+          cds.app.use(basePath, impl)
         }
       } else {
         if (cds.env.requires.middlewares !== false) {
           const jwt_auth = require('../../../../lib/auth/jwt-auth.js')
-          paths.forEach(path => cds.app.use(path, jwt_auth(cds.requires.auth)))
+          cds.app.use(basePath, jwt_auth(cds.requires.auth))
         } else {
           const JWTStrategy = require('../../auth/strategies/JWT.js')
           // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
@@ -33,28 +33,22 @@ class EndpointRegistry {
           // REVISIT: It's unclear if the credentials from cds.requires.auth need to be used here.
           //          In principle, user-facing endpoints might differ from messaging ones.
           passport.use(new JWTStrategy(cds.requires.auth.credentials))
-          paths.forEach(path => {
-            cds.app.use(path, passport.initialize())
-            cds.app.use(path, passport.authenticate('JWT', { session: false }))
-          })
+          cds.app.use(basePath, passport.initialize())
+          cds.app.use(basePath, passport.authenticate('JWT', { session: false }))
         }
       }
       // unsuccessful auth doesn't automatically reject!
-      paths.forEach(path => {
-        cds.app.use(path, (req, res, next) => {
-          // REVISIT: we should probably pass an error into next so that a (custom) error middleware can handle it
-          if (!req.user) res.status(401).json({ error: ODATA_UNAUTHORIZED })
-          next()
-        })
+      cds.app.use(basePath, (req, res, next) => {
+        // REVISIT: we should probably pass an error into next so that a (custom) error middleware can handle it
+        if (!req.user) res.status(401).json({ error: ODATA_UNAUTHORIZED })
+        next()
       })
     } else if (process.env.NODE_ENV === 'production') {
       LOG.warn('Messaging endpoints not secured')
     }
-    paths.forEach(path => {
-      cds.app.use(path, express.json({ type: 'application/*+json' }))
-      cds.app.use(path, express.json())
-      cds.app.use(path, express.urlencoded({ extended: true }))
-    })
+    cds.app.use(basePath, express.json({ type: 'application/*+json' }))
+    cds.app.use(basePath, express.json())
+    cds.app.use(basePath, express.urlencoded({ extended: true }))
     LOG._debug && LOG.debug('Register inbound endpoint', { basePath, method: 'OPTIONS' })
 
     // Clear cds.context as it would interfere with subsequent transactions
@@ -62,10 +56,6 @@ class EndpointRegistry {
       cds.context = undefined
       next()
     })
-    cds.app.use(deployPath, (_req, _res, next) => {
-      cds.context = undefined
-      next()
-    })
 
     cds.app.options(basePath, (req, res) => {
       try {

package/libx/odata/utils/index.js

@@ -295,9 +295,13 @@ const getKeysFromPath = (from, srv) => {
           const join = [...relation[0].xpr]
           while (join.length >= 3) {
             const [left, _, right] = join.splice(0, 4)
-            if (left.ref?.[0] === 'target') keys[left.ref[1]] = 'val' in right ? right.val : seg_keys[right.ref[1]]
-            else if (right.ref?.[0] === 'target') keys[right.ref[1]] = 'val' in left ? left.val : seg_keys[left.ref[1]]
-            else {
+            if (left.ref?.[0] === 'target') {
+              if (left.ref[1] in keys) break // we already added the foreign key for the last segment
+              keys[left.ref[1]] = 'val' in right ? right.val : seg_keys[right.ref[1]]
+            } else if (right.ref?.[0] === 'target') {
+              if (right.ref[1] in keys) break // we already added the foreign key for the last segment
+              keys[right.ref[1]] = 'val' in left ? left.val : seg_keys[left.ref[1]]
+            } else {
               // REVISIT: what to do here?
             }
           }

package/libx/rest/middleware/update.js

@@ -22,7 +22,10 @@ module.exports = srv => async _req => {
     result = await srv.dispatch(new RestRequest({ query, _target, method: _req.method, params: _params }))
     if (_params && result) Object.assign(result, _params[_params.length - 1])
   } catch (e) {
-    if ((e.code === 404 || e.status === 404 || e.statusCode === 404) && UPSERT_ALLOWED) {
+    const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
+    const isForcedInsert =
+      (e.code === 412 || e.status === 412 || e.statusCode === 412) && _req.headers['if-none-match'] === '*'
+    if ((is404 || isForcedInsert) && UPSERT_ALLOWED) {
       query = INSERT.into(query.UPDATE.entity).entries(
         _params ? Object.assign(_data, _params[_params.length - 1]) : _data
       )

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "7.7.0",
+  "version": "7.7.2",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [

package/lib/compile/for/drafts.js

@@ -1,8 +0,0 @@
-let _unfold = (..._) => (_unfold = require ('@sap/cds-compiler/lib/transform/draft/odata')) (..._)
-const cds = require ('../../index')
-module.exports = function cds_compile_for_drafts (csn,o) {
-  if (!cds.env.features._ucsn_) return cds.compile.for.odata (csn,o)
-  csn = JSON.parse (JSON.stringify (csn)) // REVISIT: workaround for bad test setup
-  csn = _unfold (csn,o||{})
-  return csn
-}