@sap/cds 7.7.3 → 7.8.0

package/libx/odata/middleware/operation.js

@@ -1,78 +1,126 @@
 const cds = require('../../../')
 
-const { toODataResult } = require('../utils/result')
-const { cds2edm } = require('../utils')
+const { toODataResult, postProcess } = require('../utils/result')
+const { cds2edm, calculateLocationHeader, getKeysAndParamsFromPath, handleSapMessages } = require('../utils')
 
 const { deepCopy } = require('../../_runtime/common/utils/copy')
 
 // REVISIT: move to or rewrite in libx/odata
+const { readAfterWrite } = require('../../_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite')
 const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
 
-module.exports = srv => (req, res, next) => {
-  let { operation, args } = req._query.SELECT.from.ref.slice(-1)[0]
-  if (!operation) return next() //> create or read
-
-  // unbound vs. bound
-  let entity
-  if (srv.model.definitions[operation]) {
-    operation = srv.model.definitions[operation]
-  } else {
-    req._query.SELECT.from.ref.pop()
-    // TODO: this does not work when navigating to the entity
-    const lastRef = req._query.SELECT.from.ref.slice(-1)[0]
-    entity = lastRef.id || lastRef
-    entity = srv.model.definitions[entity]
-    operation = entity.actions[operation]
-  }
+const DRAFT_EVENTS = { draftActivate: 1, EDIT: 1, draftPrepare: 1 }
 
-  const data = args || deepCopy(req.body)
+module.exports = srv =>
+  function operation(req, res, next) {
+    let { operation, args } = req._query.SELECT?.from.ref?.slice(-1)[0] || {}
+    if (!operation) return next() //> create or read
 
-  // assert payload
-  const assertOptions = { filter: true, http: { req }, mandatories: true }
-  const errs = cds.assert(data, operation, assertOptions)
-  if (errs) {
-    if (errs.length === 1) throw errs[0]
-    throw Object.assign(new Error('MULTIPLE_ERRORS'), { statusCode: 400, details: errs })
-  }
+    // unbound vs. bound
+    let entity, /* keys, */ params
+    if (srv.model.definitions[operation]) {
+      operation = srv.model.definitions[operation]
+    } else {
+      req._query.SELECT.from.ref.pop()
+      let cur = { elements: srv.model.definitions }
+      for (const each of req._query.SELECT.from.ref) {
+        cur = cur.elements[each.id || each]
+        if (cur._target) cur = cur._target
+      }
+      operation = cur.actions[operation]
+      entity = cur
+      const keysAndParams = getKeysAndParamsFromPath(req._query.SELECT.from, srv)
+      params = keysAndParams.params
+    }
+
+    // payload & params
+    const data = args || deepCopy(req.body)
 
-  // REVISIT: when is operation.name actually prefixed with the service name?
-  const event = operation.name.replace(`${srv.name}.`, '')
+    // assert payload
+    const assertOptions = { filter: true, http: { req }, mandatories: true }
+    const errs = cds.assert(data, operation, assertOptions)
+    if (errs) {
+      if (errs.length === 1) throw errs[0]
+      throw Object.assign(new Error('MULTIPLE_ERRORS'), { statusCode: 400, details: errs })
+    }
 
-  // TODO: params
-  const cdsReq = new cds.Request({ query: entity ? req._query : undefined, event, data, params: [] })
+    // event
+    // REVISIT: when is operation.name actually prefixed with the service name?
+    let event = operation.name.replace(`${srv.name}.`, '')
+    // REVISIT: rewrite draft event -> do centrally in draft impl
+    if (event === 'draftEdit') event = 'EDIT'
 
-  srv
-    .dispatch(cdsReq)
-    .then(result => {
-      // REVISIT:  result === undefined valid for modelled return type?
-      if (!operation.returns || result === undefined) return res.sendStatus(204)
+    const query = entity ? req._query : undefined
 
-      if (operation.returns._type?.match?.(/^cds\./)) {
-        // TODO: check result type
-        return res.json({
-          '@odata.context': `${entity ? '../' : ''}$metadata#${cds2edm[operation.returns._type]}`,
-          value: result
+    // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
+    const cdsReq = new cds.Request({ query, event, data, params, target: query?.target, req, res })
+    Object.defineProperty(cdsReq, 'protocol', { value: 'odata-v4' })
+
+    // REVISIT: only via srv.run in combination with srv.dispatch inside
+    //          we automatically either use a single auto-managed tx for the req (i.e., insert and read after write in same tx)
+    //          or the auto-managed tx opened for the respective atomicity group, if exists
+    return srv
+      .run(() => {
+        return srv.dispatch(cdsReq).then(result => {
+          handleSapMessages(cdsReq, req, res)
+
+          // FIXME: should be handled in draft impl
+          if (event in /* { draftActivate: 1, EDIT: 1 } */ DRAFT_EVENTS /* && cdsReq._.readAfterWrite */) {
+            let columns
+            const queryOptions = req.url.split('?')[1]
+            if (queryOptions) columns = cds.odata.parse(`/X?${queryOptions}`).SELECT.columns
+            return readAfterWrite(cdsReq, srv, { operation: { result, returnType: operation.returns }, columns })
+          }
+
+          return result
         })
-      }
+      })
+      .then(result => {
+        // we use an extra then block, after getting the result, so the transaction is commited, before sending the response
+        if (!operation.returns || result == null) return res.status(204).end()
 
-      const assertOptions = { mandatories: true } //> TODO: more needed?
-      // TODO: error targets are not correct if return type is "many X"
-      const assertDefinition = operation.returns.items || operation.returns
-      const errs = cds.assert(result, assertDefinition, assertOptions)
-      if (errs) {
-        // TODO: proper error handling
-      }
+        if (operation.returns._type?.match?.(/^cds\./)) {
+          // TODO: check result type
+          return res.set('Content-Type', 'application/json;IEEE754Compatible=true').send({
+            '@odata.context': `${entity ? '../' : ''}$metadata#${cds2edm[operation.returns._type]}`,
+            value: result
+          })
+        }
+
+        const info = metaInfo(req._query, event, srv, result, req)
+
+        // FIXME: info.metadata.isCollection and contextUrl are incorrect for draft events
+        if (event in /* { draftActivate: 1, EDIT: 1 } */ DRAFT_EVENTS) {
+          info.metadata.isCollection = false
+          info.metadata.contextUrl += '/$entity'
+        }
+
+        // FIXME: info.metadata.isCollection is incorrect
+        if (!operation.returns.items) info.metadata.isCollection = false
 
-      const info = metaInfo(req._query, event, srv, result, req)
-      // FIXME: info.metadata.isCollection is incorrect for draftActivate
-      if (event === 'draftActivate') info.metadata.isCollection = false
-      result = toODataResult(result, info)
+        if (info.metadata.returnType) {
+          postProcess(info.metadata.returnType, srv, result)
+          if (result['$etag']) res.set('etag', result['$etag'])
+        }
 
-      // TODO: toODataResult() doesn't seem to handle this case
-      if (entity && !result['@odata.context'].match(/^\.\.\//))
-        result['@odata.context'] = '../' + result['@odata.context']
+        result = toODataResult(result, info)
 
-      res.json(result)
-    })
-    .catch(next)
-}
+        // FIXME: draftActivate needs location header -> move to draft impl
+        // FIXME: draftActivate needs HasActiveEntity and HasDraftEntity -> move to draft impl
+        if (event in /* { draftActivate: 1, EDIT: 1 } */ DRAFT_EVENTS) {
+          res.set('location', '../' + calculateLocationHeader(cdsReq.target, srv, result))
+          result.HasDraftEntity = false
+          if (event === 'draftActivate' || event === 'draftPrepare') result.HasActiveEntity = false
+        }
+
+        // // FIXME: draftEdit needs HasDraftEntity -> move to draft impl
+        // if (event === 'EDIT') result.HasDraftEntity = false
+
+        // FIXME: toODataResult() doesn't seem to handle this case
+        if (entity && !result['@odata.context'].match(/^\.\.\//))
+          result['@odata.context'] = '../' + result['@odata.context']
+
+        res.set('Content-Type', 'application/json;IEEE754Compatible=true').send(result)
+      })
+      .catch(next)
+  }

package/libx/odata/middleware/parse.js

@@ -1,11 +1,19 @@
 const cds = require('../../../')
 
-module.exports = srv => (req, _, next) => {
-  // if not a GET, use req.path instead of req.url to ignore query parameters
-  req._query = cds.odata.parse(req.method === 'GET' ? req.url : req.path, { service: srv, baseUrl: req.baseUrl })
+module.exports = srv =>
+  function parse(req, _, next) {
+    // REVISIT: can't we register the batch handler before the parse handler to avoid this?
+    if (req.path.startsWith('/$batch')) return next()
 
-  const preferReturn = req.headers.prefer?.match(/\W?return=(\w+)/i)
-  if (preferReturn) req._preferReturn = preferReturn[1]
+    // if not a GET, use req.path instead of req.url to ignore query parameters
+    req._query = cds.odata.parse(req.method === 'GET' ? req.url : req.path, {
+      service: srv,
+      baseUrl: req.baseUrl,
+      strict: true
+    })
 
-  next()
-}
+    const preferReturn = req.headers.prefer?.match(/\W?return=(\w+)/i)
+    if (preferReturn) req._preferReturn = preferReturn[1]
+
+    next()
+  }

package/libx/odata/middleware/read.js

@@ -1,13 +1,12 @@
 const cds = require('../../../')
-const { toODataResult } = require('../utils/result')
+const { toODataResult, postProcess } = require('../utils/result')
 const querystring = require('node:querystring')
-const { getPageSize } = require('../../_runtime/common/generic/paging')
+const { getKeysAndParamsFromPath, handleSapMessages } = require('../utils')
 const { handleStreamProperties } = require('../../_runtime/common/utils/streamProp')
 
-const { getKeysFromPath } = require('../utils')
-
 // REVISIT: move to or rewrite in libx/odata
 const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
+const { getPageSize } = require('../../_runtime/common/generic/paging')
 
 const _getCount = result =>
   Array.isArray(result)
@@ -17,7 +16,7 @@ const _getCount = result =>
     : result.$count || result._counted_ || 0
 
 const _calculateNextLink = (req, result) => {
-  const $skiptoken = _calculateSkiptoken(req, result)
+  const $skiptoken = result.$nextLink ?? _calculateSkiptoken(req, result)
   if ($skiptoken) {
     const queryParamsWithSkipToken = { ...req.http.req.query, $skiptoken }
     // REVISIT: slice replaces leading '/'. Always starts with '/'?
@@ -65,26 +64,140 @@ const _reliablePagingPossible = req => {
   )
 }
 
+const _checkExpandDeep = (column, entity, namespace) => {
+  const { expand } = column
+  if (expand.length > 1 || expand[0] !== '*') {
+    for (const expandColumn of expand) {
+      if (expandColumn === '*') continue
+      if (expandColumn.expand) {
+        _checkExpandDeep(expandColumn, entity.elements[expandColumn.ref[0]]._target, namespace)
+      }
+    }
+  }
+  if (!entity.name.startsWith(namespace) && !entity._service) {
+    // proxy, only add keys
+    const asteriskIndex = column.expand.findIndex(e => e === '*')
+    column.expand.splice(asteriskIndex)
+    for (const key in entity.keys) {
+      if (entity.elements[key].isAssociation) continue
+      column.expand.push({ ref: [key] })
+    }
+  }
+}
+
+const resolveProxyExpands = ({ SELECT: { columns }, target: entity }, service) => {
+  if (!columns) return
+
+  for (const column of columns) {
+    if (column.expand) {
+      _checkExpandDeep(column, entity.elements[column.ref[0]]._target, service.namespace)
+    }
+  }
+}
+
+const _isNullableSingleton = query => query._target._isSingleton && query._target['@odata.singleton.nullable']
+
+const _isToOneAssoc = query =>
+  query.SELECT.from.ref.length > 1 && typeof query.SELECT.from.ref.slice(-1)[0] === 'string'
+
+// basically stolen from old read handler without understanding it ^^
+const _handleArrayOfQueries = (srv, req, res, next) => {
+  const info = metaInfo(req._query, 'READ', srv, {}, req, false)
+  const cdsReq = new cds.Request({ query: req._query, req, res })
+  srv
+    .dispatch(cdsReq)
+    .then(result => {
+      handleSapMessages(cdsReq, req, res)
+
+      if (req.url.match(/\/\$count/)) {
+        const count = Array.isArray(result)
+          ? result.reduce((acc, val) => {
+              return (
+                acc + ((val && (val.$count || val._counted_)) || (val[0] && (val[0].$count || val[0]._counted_))) || 0
+              )
+            }, 0)
+          : result.$count || result._counted_ || 0
+        return res.set('Content-Type', 'text/plain').send(count.toString())
+      }
+
+      const adjustedResult = []
+      if (cdsReq.query[0].SELECT.count) adjustedResult.$count = 0
+      adjustedResult.push(...result[0])
+      adjustedResult.$count += result[0].$count ? result[0].$count : 0
+      for (let i = 1; i < result.length; i++) {
+        adjustedResult.push(...result[i])
+        adjustedResult.$count += result[i].$count ? result[i].$count : 0
+        // Add OData context, if it deviates from main context
+        if (info.metadata.contextUrl !== info.metadata.additionalContextUrl[i - 1])
+          result[i].forEach(entry => (entry['@odata.context'] = info.metadata.additionalContextUrl[i - 1]))
+      }
+      result.splice(0, result.length, ...adjustedResult)
+      if (cdsReq.query[0].SELECT.count) result.$count = adjustedResult.$count || 0
+      result = toODataResult(result, info)
+      res.set('Content-Type', 'application/json;IEEE754Compatible=true').send(result)
+    })
+    .catch(next)
+}
+
 module.exports = srv =>
   function read(req, res, next) {
+    // disable express etag checks
+    req.headers['cache-control'] = 'no-cache'
+
     if (req._preferReturn) {
-      const message = `The 'return' preference is not allowed in ${req.method} requests`
-      return res.status(400).json({ error: { code: '400', message } })
+      throw Object.assign(new Error(`The 'return' preference is not allowed in ${req.method} requests`), {
+        statusCode: 400
+      })
     }
 
+    // $apply with concat -> multiple queries with special handling
+    if (Array.isArray(req._query)) return _handleArrayOfQueries(srv, req, res, next)
+
+    // REVISIT: better solution for _propertyAccess
+    let {
+      SELECT: { from },
+      target,
+      _propertyAccess
+    } = req._query
     const { _query: query } = req
 
-    // mainly for @odata.context
+    // payload & params
+    const { keys, params } = getKeysAndParamsFromPath(from, srv)
+    const data = keys //> for read and delete, we provide keys in req.data
+
+    // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
+    const cdsReq = new cds.Request({ query, data, params, req, res })
+    Object.defineProperty(cdsReq, 'protocol', { value: 'odata-v4' })
+
+    // REVISIT: what is this for? some tests fail without it... we should find a better solution!
+    Object.defineProperty(query.SELECT, '_4odata', { value: true })
+
+    // do now to get meta info before the query is rewritten + to know return type
     const info = metaInfo(query, 'READ', srv, {}, req, false)
 
+    // FIXME: wrong contextUrl for SiblingEntity
+    if (info.metadata.contextUrl.match(/\/SiblingEntity\//)) {
+      const split = info.metadata.contextUrl.split('/')
+      const i = split.findIndex(s => s === 'SiblingEntity')
+      split.splice(i, 1)
+      if (split[i - 1].match(/IsActiveEntity=false/)) {
+        split[i - 1] = split[i - 1].replace('IsActiveEntity=false', 'IsActiveEntity=true')
+        info.metadata.contextUrl = split.join('/')
+      } else {
+        info.metadata.contextUrl = split.join('/').replace(/IsActiveEntity=true/g, 'IsActiveEntity=false')
+      }
+    }
+
     const lastPathElement = req.path.split('/').slice(-1)[0]
 
-    handleStreamProperties(query.target, query.SELECT.columns, srv.model)
+    query.SELECT.columns ??= ['*']
+
+    if (cds.env.effective.odata.proxies && cds.env.effective.odata.xrefs) {
+      // REVISIT check above is still not perfect solution
+      resolveProxyExpands(query, srv)
+    }
 
-    // we need the cds request, so we can access the modified query, which is cloned due to lean-draft, so we need to use dispatch here and pass a cds req
-    const cdsReq = new cds.Request({ query })
-    // for read and delete, we provide keys in req.data
-    cdsReq.data = getKeysFromPath(query.SELECT.from, srv)
+    handleStreamProperties(target, query.SELECT.columns, srv.model)
 
     // REVISIT: what is this for? some tests fail without it... we should find a better solution!
     Object.defineProperty(query.SELECT, '_4odata', { value: true })
@@ -92,25 +205,38 @@ module.exports = srv =>
     return srv
       .dispatch(cdsReq)
       .then(result => {
-        if (result == null && query._target._isSingleton && query._target['@odata.singleton.nullable'])
-          return res.sendStatus(204)
+        handleSapMessages(cdsReq, req, res)
 
-        if (lastPathElement === '$count') {
-          result = _getCount(result)
-          return res.send(result.toString())
-        } else if (lastPathElement === '$value' && query._propertyAccess) {
-          return res.send(result[query._propertyAccess].toString())
+        if (cdsReq.target._etag && result == null && cdsReq.headers['if-none-match']) {
+          return res.status(304).end()
         }
 
-        if (query._propertyAccess && result[query._propertyAccess] === null) return res.sendStatus(204)
+        if (result == null) {
+          if (_isNullableSingleton(query) || _isToOneAssoc(query)) return res.sendStatus(204)
+          throw Object.assign(new Error(`Not Found`), {
+            statusCode: 404
+          })
+        }
+
+        if (_propertyAccess && result[_propertyAccess] === null) return res.sendStatus(204)
 
-        if (result == null) return res.status(404).json({ error: { code: '404', message: 'Not Found' } })
+        if (lastPathElement === '$count') {
+          result = _getCount(result)
+          return res.set('Content-Type', 'text/plain').send(result.toString())
+        } else if (lastPathElement === '$value' && _propertyAccess) {
+          return res.set('Content-Type', 'text/plain').send(result[_propertyAccess].toString())
+        }
 
-        if (info.metadata.isCollection && !result.$nextLink) _calculateNextLink(cdsReq, result)
+        if (info.metadata.isCollection) _calculateNextLink(cdsReq, result)
+        postProcess(cdsReq.target, srv, result)
+        if (result['$etag']) res.set('etag', result['$etag'])
         result = toODataResult(result, info)
 
         // Express interprets numbers as HTTP status codes
-        res.send(typeof result === 'number' ? result.toString() : result)
+        const isNumber = typeof result === 'number'
+        res
+          .set('Content-Type', isNumber ? 'text/plain' : 'application/json;IEEE754Compatible=true')
+          .send(isNumber ? result.toString() : result)
       })
       .catch(next)
   }

package/libx/odata/middleware/service-document.js

@@ -1,14 +1,15 @@
 const cds = require('../../../')
 
 const crypto = require('crypto')
+const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
 
 const normalize_header = value => {
   return value.split(',').map(str => str.trim())
 }
 
-const validate_etag = (ifNoneMatch, etag) => {
-  const ifNoneMatchEtags = normalize_header(ifNoneMatch)
-  return ifNoneMatchEtags.includes(etag) || ifNoneMatchEtags.includes('*')
+const validate_etag = (header, etag) => {
+  const normalized = normalize_header(header)
+  return normalized.includes(etag) || normalized.includes('*') || normalized.includes('"*"')
 }
 
 const generateEtag = s => {
@@ -19,13 +20,20 @@ module.exports = srv =>
   function service_document(req, res) {
     if (req.method === 'HEAD') return res.end()
     if (req.method !== 'GET')
-      return res.status(405).json({
-        error: { code: 'METHOD_NOT_ALLOWED', message: `Method ${req.method} not allowed for service document.` }
+      throw Object.assign(new Error(`Method ${req.method} not allowed for service document.`), {
+        statusCode: 405
       })
 
     const m = cds.context.model || cds.model
     const csnService = (cds.context.model || cds.model).definitions[srv.name]
 
+    if (req.headers['if-match']) {
+      if (csnService.srvDocEtag) {
+        const valid = validate_etag(req.headers['if-match'], csnService.srvDocEtag)
+        if (!valid) return res.status(412).end()
+      }
+    }
+
     if (req.headers['if-none-match']) {
       if (csnService.srvDocEtag) {
         const unchanged = validate_etag(req.headers['if-none-match'], csnService.srvDocEtag)
@@ -44,8 +52,11 @@ module.exports = srv =>
 
     csnService.srvDocEtag = generateEtag(JSON.stringify(exposedEntities))
     res.set('Etag', csnService.srvDocEtag)
+
+    const info = metaInfo({ SELECT: { from: { ref: [srv.name] } } }, 'READ', srv, {}, req, false)
+
     return res.json({
-      '@odata.context': `$metadata`,
+      '@odata.context': info.metadata.contextUrl,
       '@odata.metadataEtag': csnService.srvDocEtag,
       value: exposedEntities.map(e => {
         const e_ = e.replace(/\./g, '_')

package/libx/odata/middleware/stream.js

@@ -3,7 +3,7 @@ const { Readable } = require('node:stream')
 const getError = require('../../_runtime/common/error')
 const { getTransition } = require('../../_runtime/common/utils/resolveView')
 const LOG = cds.log('odata')
-const { getKeysFromPath } = require('../utils')
+const { getKeysAndParamsFromPath, handleSapMessages } = require('../utils')
 
 const _resolveContentProperty = (target, annotName, resolvedProp) => {
   if (target.elements[resolvedProp]) {
@@ -25,7 +25,7 @@ const isStream = query => {
 }
 
 const isStreamByDollarValue = (query, previous, last) => {
-  return query.SELECT.one && last === '$value' && !(previous in query.target.elements)
+  return query.SELECT?.one && last === '$value' && !(previous in query.target.elements)
 }
 
 const _addMetadataProperty = (query, property, annotName, odataName) => {
@@ -82,11 +82,7 @@ const validateStream = (req, res, result) => {
 
   // Reading one entity or a property of it should yield only a result length of one.
   if (result.length === 0 || result[0] === undefined) {
-    if (req.headers['if-none-match']) {
-      // TODO this should probably end the request?
-      res.status(304)
-      return
-    }
+    if (req.headers['if-none-match']) return
     throw getError(404)
   }
 
@@ -122,6 +118,8 @@ const _ensureStream = stream => {
 }
 
 const normalizeStream = (result, propertyName, lastPathElement, target) => {
+  if (!result) return null
+
   let readable = result
   if (typeof result === 'object') {
     if (propertyName && result[propertyName] !== undefined) {
@@ -174,6 +172,9 @@ const stream = srv =>
   function streamHandler(req, res, next) {
     const { _query: query } = req
 
+    // $apply with concat -> multiple queries with special handling -> read only, no stream?
+    if (Array.isArray(query)) return next(null, req, res)
+
     const [previous, lastPathElement] = req.path.split('/').slice(-2)
     const _isStreamByDollarValue = isStreamByDollarValue(query, previous, lastPathElement)
 
@@ -198,37 +199,53 @@ const stream = srv =>
     if (!query.target['@cds.persistence.skip']) addStreamMetadata(query)
 
     // we need the cds request, so we can access the modified query, which is cloned due to lean-draft, so we need to use dispatch here and pass a cds req
-    const cdsReq = new cds.Request({ query })
+    const cdsReq = new cds.Request({ query, req, res })
+    Object.defineProperty(cdsReq, 'protocol', { value: 'odata-v4' })
+
     // for read and delete, we provide keys in req.data
-    cdsReq.data = getKeysFromPath(query.SELECT.from, srv)
+    // payload & params
+    const { keys } = getKeysAndParamsFromPath(query.SELECT.from, srv)
+    cdsReq.data = keys
 
     // REVISIT: what is this for? some tests fail without it... we should find a better solution!
     Object.defineProperty(query.SELECT, '_4odata', { value: true })
 
-    return srv.tx(() => {
-      return srv
-        .dispatch(cdsReq)
-        .then(async result => {
+    return srv
+      .tx(() => {
+        return srv.dispatch(cdsReq).then(async result => {
+          handleSapMessages(cdsReq, req, res)
           validateStream(req, res, result)
 
           const stream = normalizeStream(result, query._propertyAccess, lastPathElement, query.target)
           if (stream === null) {
             if (req.headers['if-none-match']) {
-              return res.status(304).json({})
+              res.status(304)
+              return
             }
-            return res.status(204).json({})
+            res.status(204)
+            return
           }
 
           setStreamingHeaders(result, res)
 
           return new Promise((resolve, reject) => {
+            if (res.destroyed) return reject(new Error('Response is closed while streaming'))
             stream.pipe(res)
             stream.on('end', () => resolve(result))
             stream.once('error', reject)
+            let finished = false
+            res.on('finish', () => {
+              finished = true
+            })
+            res.on('close', () => !finished && reject(new Error('Response is closed while streaming')))
           })
         })
-        .catch(next)
-    })
+      })
+      .then(() => {
+        // we use an extra then block, after getting the result, so the transaction is commited, before sending the response
+        res.end()
+      })
+      .catch(next) // catch outside of transaction, so tx is rolled back automatically in case of error
   }
 
 module.exports = {