@sap/cds 7.8.2 → 7.9.0

package/libx/_runtime/ucl/Service.js

@@ -0,0 +1,259 @@
+const cds = require('../cds')
+const LOG = cds.log('ucl')
+
+const https = require('https')
+
+class UCLService extends cds.Service {
+  async init() {
+    await super.init()
+    this.validate()
+    this._register()
+    this.agent = this.getAgent()
+  }
+
+  getAgent() {
+    try {
+      if (this.options.x509.certPath && this.options.x509.pkeyPath) {
+        return new https.Agent({
+          cert: cds.utils.fs.readFileSync(cds.utils.path.resolve(cds.root, this.options.x509.certPath)),
+          key: cds.utils.fs.readFileSync(cds.utils.path.resolve(cds.root, this.options.x509.pkeyPath))
+        })
+      }
+    } catch (error) {
+      if (LOG) LOG.error('GetCredentials', { error: error.message })
+      throw error
+    }
+  }
+
+  async _registerProvisioningEvents() {
+    var provisioning
+    try {
+      provisioning = await cds.connect.to('cds.xt.SaasProvisioningService')
+    } catch (error) {
+      throw new Error(
+        "Provisioning service 'cds.xt.SaasProvisioningService' can not be found, therefore mode is not multitenant. Single tenant applications are not supported."
+      )
+    }
+    if (provisioning) {
+      provisioning.prepend(() => {
+        provisioning.on('dependencies', async (_, next) => {
+          let dependencies = await next()
+          const xsappnameCMPClone = await this._getUCLDependency()
+          dependencies.push({ xsappname: xsappnameCMPClone })
+          return dependencies
+        })
+      })
+    }
+  }
+
+  validate() {
+    if (!this.options.namespace) {
+      throw new Error(
+        'UCL integrator requires an application namespace. You can set environment variable SAP_APPLICATION_NAMESPACE or you can give namespace as an option in your cds.requires section as described in documentation'
+      )
+    }
+    if (!cds.requires.multitenancy && cds.env.profile !== 'mtx-sidecar') {
+      throw new Error('[ucl] - Currently only multitenant applications are supported.')
+    }
+    if (!this.options.systemType || !this.options.systemDescription) {
+      throw new Error(
+        'systemType and systemDescription is obligatory parameters, please fill as shown in documentation'
+      )
+    }
+  }
+
+  async readTemplate() {
+    const xsappname = this.options.credentials.xsappname
+    const query = `
+      query ($key: String!, $value: String!) {
+        applicationTemplates(filter: { key: $key, query: $value }) {
+          data {
+            id
+            name
+            description
+            placeholders {
+              name
+              description
+            }
+            applicationInput
+            labels
+            webhooks {
+              type
+            }
+          }
+        }
+      }
+    `
+    const variables = { key: 'xsappname', value: `"${xsappname}"` }
+    return (await this.request(query, variables)).applicationTemplates.data[0]
+  }
+
+  async _createTemplate() {
+    const xsappname = this.options.credentials.xsappname
+    const query = `mutation {
+          result: createApplicationTemplate (
+              in: {
+              name: "${this.options.systemType}"
+              description: "${this.options.systemDescription}"
+              applicationInput: {
+                  name: "${this.options.systemType}" 
+                  description: "${this.options.systemDescription}"
+                  providerName: "${this.options.provider}" 
+                  localTenantID: "{{tenant-id}}"
+                  labels: {
+                  displayName: "{{subdomain}}"
+                  }
+              }
+              placeholders: [
+                  { name: "subdomain", description: "The subdomain of the consumer tenant" }
+                  { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedSubaccountId" }
+              ]
+              labels: {
+                  managed_app_provisioning: true
+                  xsappname: "${xsappname}"
+              }
+              applicationNamespace: "${this.options.namespace}"
+              accessLevel: GLOBAL
+              }
+          ) {
+              id
+              name
+              labels
+              applicationInput 
+              applicationNamespace
+          }
+      }`
+    try {
+      return this.handleResponse(await this.request(query))
+    } catch (e) {
+      this.handleResponse(e)
+    }
+  }
+
+  handleResponse(result) {
+    if (result.response && result.response.errors) {
+      let errorMessage = result.response.errors[0].message
+      throw new Error(errorMessage)
+    } else {
+      return result.result
+    }
+  }
+
+  async deleteTemplate() {
+    const template = await this.readTemplate()
+    if (!template) return
+    const query = `mutation {
+            result: deleteApplicationTemplate(
+              id: "${template.id}"
+            ){
+                id
+                name
+                description
+            }
+        }`
+    return this.handleResponse(await this.request(query))
+  }
+
+  async _getUCLDependency() {
+    if (!this.template) {
+      throw Error('Application template not found on UCL!')
+    }
+    return this.template.labels.xsappnameCMPClone
+  }
+
+  // Replace with fetch
+  async request(query, variables) {
+    const opts = {
+      host: this.options.host,
+      path: this.options.path,
+      agent: this.agent,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      }
+    }
+    return new Promise((resolve, reject) => {
+      const req = https.request(opts, res => {
+        const chunks = []
+
+        res.on('data', chunk => {
+          chunks.push(chunk)
+        })
+
+        res.on('end', () => {
+          const response = {
+            statusCode: res.statusCode,
+            headers: res.headers,
+            body: Buffer.concat(chunks).toString()
+          }
+          resolve(JSON.parse(response.body).data)
+        })
+      })
+
+      req.on('error', error => {
+        reject(error)
+      })
+
+      if (query) {
+        req.write(JSON.stringify({ query, variables }))
+      }
+      req.end()
+    })
+  }
+
+  async _registerApplicationTemplate() {
+    this.template = await this.readTemplate()
+    if (!this.template) {
+      LOG.info('Application Template cannot be found therefore created.')
+      await this._createTemplate()
+    } else {
+      await this._updateTemplate(this.template)
+    }
+  }
+
+  async _updateTemplate(template) {
+    const query = `mutation {
+    result: updateApplicationTemplate(
+      id: "${template.id}"
+      in: {
+        name: "${this.options.systemType}"
+        description: "${this.options.systemDescription}"
+        applicationInput: {
+          name: "${this.options.systemType}"
+          description: "${this.options.systemDescription}"
+          providerName: "${this.options.provider}" 
+          localTenantID: "{{tenant-id}}"
+          labels: { displayName: "{{subdomain}}" }
+        }
+        applicationNamespace: "${this.options.namespace}"
+        placeholders: [
+            { name: "subdomain", description: "The subdomain of the consumer tenant" }
+            { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedSubaccountId" }
+        ]
+        accessLevel: GLOBAL
+      }
+    ) {
+      id
+      name
+      description
+      applicationInput
+    }
+  }`
+    try {
+      const response = this.handleResponse(await this.request(query))
+      LOG.info('Application template updated successfully.')
+      return response
+    } catch (e) {
+      this.handleResponse(e)
+    }
+  }
+
+  _register() {
+    cds.once('listening', async () => {
+      await this._registerApplicationTemplate()
+      this._registerProvisioningEvents()
+    })
+  }
+}
+
+module.exports = UCLService

package/libx/common/assert/index.js

@@ -2,14 +2,14 @@ const { cds } = global
 
 const typeCheckers = require('./type')
 const { checkMandatory, checkEnum, checkRange, checkFormat } = require('./validation')
-const { getNested, getTarget, resolveCDSType, resolveSegment } = require('./utils')
+const { getNested, getNormalizedDecimal, getTarget, resolveCDSType, resolveSegment } = require('./utils')
 
 const NUMBER_TYPES = new Set(['cds.UInt8', 'cds.Int16', 'cds.Int32', 'cds.Integer', 'cds.Double'])
 
 const _no_op = () => {}
 
 const _reject_unknown = (_, k, def, errs) =>
-  errs.push(new cds.error(`Property ${k} does not exist in ${def.name}`, { statusCode: 400, code: '400' }))
+  errs.push(new cds.error(`Property "${k}" does not exist in ${def.name}`, { statusCode: 400, code: '400' }))
 
 const _filter_unknown = (obj, k) => delete obj[k]
 
@@ -141,15 +141,9 @@ function _process(obj, def, errs, opts) {
       // if used in protocol adapter, adjust val/ checker if necessary
       if (opts.http) {
         if (typeof v !== 'boolean') {
-          if (NUMBER_TYPES.has(type)) v = Number(v)
-          else if (type === 'cds.Double') v = parseFloat(v)
-
-          // REVISIT: consider ieee754 and exp dec headers?
-          // const ieee = opts.http.req?.headers['content-type'].match(/IEEE754Compatible=(\w+)/i)
-          // const exp = opts.http.req?.headers['content-type'].match(/ExponentialDecimals=(\w+)/i)
-          // if (type === 'cds.Decimal') {
-          //   TODO
-          // }
+          if (type === 'cds.Decimal') v = getNormalizedDecimal(v)
+          else if (type === 'cds.Int64') v = String(v)
+          else if (NUMBER_TYPES.has(type)) v = Number(v)
         }
       }
 

package/libx/common/assert/validation.js

@@ -73,7 +73,12 @@ const checkMandatory = (v, ele, errs, path, k) => {
 const checkEnum = (v, ele, errs, path, k) => {
   const enumElements = _getEnumElement(ele)
   const enumValues = enumElements && _enumValues(enumElements)
-  if (enumElements && !enumValues.includes(v)) {
+  const includes = (enumValues, v) => {
+    if (ele._type in { 'cds.Decimal': 1, 'cds.Int64': 1 }) {
+      return enumValues.map(ev => String(ev)).includes(String(v))
+    } else return enumValues.includes(v)
+  }
+  if (enumElements && !includes(enumValues, v)) {
     const args =
       typeof v === 'string'
         ? ['"' + v + '"', enumValues.map(ele => '"' + ele + '"').join(', ')]

package/libx/odata/index.js

@@ -9,28 +9,59 @@ const afterburner = require('./parse/afterburner')
 const { getSafeNumber: safeNumber } = require('./utils')
 const getError = require('../_runtime/common/error')
 
+// used for function validation in peggy parser
+// -----  should all be lowercase, as peggy compares to lowercase  -----
+// (plus: odata is case insensitive)
 const strict = {
   functions: {
+    // --- String + Collection: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31360980
+    concat: 1,
     contains: 1,
-    startswith: 1,
     endswith: 1,
-    tolower: 1,
-    toupper: 1,
-    length: 1,
     indexof: 1,
+    length: 1,
+    startswith: 1,
     substring: 1,
+    // --- Collection: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31360988
+    // REVISIT: not supported
+    // hassubset:1,
+    // hassubsequence:1,
+    // --- String: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31360991
+    matchespattern: 1,
+    tolower: 1,
+    toupper: 1,
     trim: 1,
-    concat: 1,
-    year: 1,
-    month: 1,
+    // --- Date + Time: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31360996
+    date: 1,
     day: 1,
+    fractionalseconds: 1,
     hour: 1,
+    maxdatetime: 1,
+    mindatetime: 1,
     minute: 1,
+    month: 1,
+    now: 1,
     second: 1,
     time: 1,
-    now: 1,
+    totaloffsetminutes: 1,
+    totalseconds: 1,
+    year: 1,
+    // --- Arithemetic: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31361011
+    ceiling: 1,
+    floor: 1,
     round: 1,
-    date: 1
+    // --- Type: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31361015
+    // REVISIT: not supported
+    // cast: 1,
+    // REVISIT: has to be implemented inside the odata adapter
+    // isof: 1,
+    // --- Geo: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31361018
+    // REVISIT: not supported
+    // 'geo.distance': 1,
+    // 'geo.intersects': 1,
+    // 'geo.length': 1,
+    // --- Conditional: https://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part2-url-conventions.html#_Toc31361022
+    case: 1
   }
 }
 
@@ -67,10 +98,8 @@ module.exports = {
   parse: (url, options = {}) => {
     // first arg may also be req
     if (url.url) url = url.url
-    // REVISIT: for okra, remove when no longer needed
-    else if (url.getIncomingRequest) url = url.getIncomingRequest().url
 
-    url = decodeURIComponent(url) // REVISIT: do we need that?
+    url = decodeURIComponent(url)
 
     options = options === 'strict' ? { strict } : options.strict ? { ...options, strict } : options
     if (options.service) Object.assign(options, { minimal: true, afterburner: afterburner.for(options.service) })
@@ -81,18 +110,13 @@ module.exports = {
     try {
       cqn = odata2cqn(url, options)
     } catch (err) {
-      if (err.statusCode === 501) {
-        throw getError(err.statusCode, err.message)
-      }
+      if (err.statusCode === 501) throw getError(err.statusCode, err.message)
 
       let offset = err.location && err.location.start.offset
-      if (!offset && err.statusCode && err.message) {
-        throw err
-      }
-      if (options.baseUrl) {
-        // we need to add the number of chars from base url to the offset
-        offset += options.baseUrl.length
-      }
+      if (!offset && err.statusCode && err.message) throw err
+
+      // we need to add the number of chars from base url to the offset
+      offset += options.baseUrl ? options.baseUrl.length : 0
 
       // TODO adjust this to behave like above
       err.message = `Parsing URL failed at position ${offset}: ${err.message}`
@@ -102,9 +126,7 @@ module.exports = {
 
     // cqn is an array, if concat is used
     if (Array.isArray(cqn)) {
-      for (let i = 0; i < cqn.length; i++) {
-        cqn[i] = enhanceCqn(cqn[i], options)
-      }
+      for (let i = 0; i < cqn.length; i++) cqn[i] = enhanceCqn(cqn[i], options)
     } else {
       cqn = enhanceCqn(cqn, options)
     }

package/libx/odata/middleware/batch.js

@@ -4,6 +4,8 @@ const { AsyncResource } = require('async_hooks')
 // eslint-disable-next-line cds/no-missing-dependencies
 const express = require('express')
 const { STATUS_CODES } = require('http')
+const qs = require('querystring')
+const { URL } = require('url')
 
 const multipartToJson = require('../parse/multipartToJson')
 
@@ -35,6 +37,9 @@ const _validateBatch = body => {
 
   _validateProperty('requests', requests, 'Array')
 
+  if (requests.length > cds.env.odata.batch_limit)
+    cds.error('BATCH_TOO_MANY_REQ', { code: 'BATCH_TOO_MANY_REQ', statusCode: 429 })
+
   const ids = {}
 
   let previousAtomicityGroup
@@ -115,15 +120,11 @@ const _createExpressReqResLookalike = (request, _req, _res) => {
 
   req.method = method.toUpperCase()
   req.url = url
-  req.query = {}
+  const u = new URL(url, 'http://cap')
+  req.query = qs.parse(u.search.slice(1))
   req.headers = request.headers || {}
   req.body = request.body
 
-  // propagate user, tenant and locale
-  req.user = _req.user
-  req.tenant = _req.tenant
-  req.locale = _req.locale
-
   const res = (ret.res = new express.response.constructor(req))
   res.__proto__ = express.response
 
@@ -270,7 +271,7 @@ const _formatResponseMultipart = (request, res, boundary) => {
       let meta = [],
         data = []
       for (const [k, v] of Object.entries(_json)) {
-        if (k.startsWith('@')) meta.push(`"${k}":"${v}"`)
+        if (k.startsWith('@')) meta.push(`"${k}":"${v.replaceAll('"', '\\"')}"`)
         else data.push(JSON.stringify({ [k]: v }).slice(1, -1))
       }
       const _json_as_txt = '{' + meta.join(',') + (meta.length && data.length ? ',' : '') + data.join(',') + '}'

package/libx/odata/middleware/create.js

@@ -2,13 +2,18 @@ const cds = require('../../../')
 const { INSERT } = cds.ql
 
 const { toODataResult, postProcess } = require('../utils/result')
-const { calculateLocationHeader, getKeysAndParamsFromPath, handleSapMessages } = require('../utils')
+const {
+  calculateLocationHeader,
+  getKeysAndParamsFromPath,
+  handleSapMessages,
+  getPreferReturnHeader
+} = require('../utils')
+const { getDeepSelect, getSimpleSelectCQN } = require('../utils/handler')
 
 const { deepCopy } = require('../../_runtime/common/utils/copy')
 
-// REVISIT: move to or rewrite in libx/odata
-const { readAfterWrite } = require('../../_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite')
-const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
+const readAfterWrite = require('../utils/readAfterWrite')
+const metaInfo = require('../utils/metaInfo')
 
 module.exports = srv =>
   function create(req, res, next) {
@@ -17,12 +22,12 @@ module.exports = srv =>
       target
     } = req._query
 
-    if (one) {
-      // REVISIT: don't use "SINGLETON" or "ENTITY" as that are okra terms
-      throw Object.assign(
-        new Error(`Method ${req.method} not allowed for ${target._isSingleton ? 'SINGLETON' : 'ENTITY'}`),
-        { statusCode: 405 }
-      )
+    // req.__proto__.method is set in case of upsert
+    const isUpsert = req.__proto__.method in { PUT: 1, PATCH: 1 }
+
+    if (one && !isUpsert) {
+      const msg = 'Method POST is not allowed for singletons and individual entities'
+      throw Object.assign(new Error(msg), { statusCode: 405 })
     }
 
     // payload & params
@@ -42,10 +47,17 @@ module.exports = srv =>
     // query
     const query = INSERT.into(from).entries(data)
 
+    // cdsReq.headers should contain merged headers of envelope and subreq
+    const headers = { ...cds.context.http.req.headers, ...req.headers }
+
     // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
-    const cdsReq = new cds.Request({ query, params, req, res })
+    const cdsReq = new cds.Request({ query, params, headers, req, res })
     Object.defineProperty(cdsReq, 'protocol', { value: 'odata-v4' })
 
+    // API for subrequests of $batch (or incoming request)
+    cdsReq.req = req
+    cdsReq.res = res
+
     // rewrite event for draft-enabled entities
     if (target._isDraftEnabled) cdsReq.event = 'NEW'
 
@@ -57,8 +69,12 @@ module.exports = srv =>
         return srv.dispatch(cdsReq).then(result => {
           handleSapMessages(cdsReq, req, res)
 
+          // generic handlers indicate that read after write is required
           if (cdsReq._.readAfterWrite) {
-            return readAfterWrite(cdsReq, srv, { operation: { result } })
+            // const keys = cdsReq.target.keys?.filter(k => !k.isAssociation)?.reduce((prev, k) => { prev[k] = result[k]; return prev}, {}  )
+            // const query = SELECT.one(cdsReq.query.INSERT.into, keys)
+            const query = cdsReq.event === 'NEW' ? getSimpleSelectCQN(cdsReq.target, result) : getDeepSelect(cdsReq)
+            return readAfterWrite(cdsReq, srv, query)
           }
 
           return result
@@ -66,15 +82,25 @@ module.exports = srv =>
       })
       .then(result => {
         // we use an extra then block, after getting the result, so the transaction is commited, before sending the response
+
+        // determine calculation based on result with req.data as fallback
+        if (!target._isSingleton)
+          res.set('location', calculateLocationHeader(cdsReq.target, srv, result || cdsReq.data))
+
         if (result == null) return res.sendStatus(204)
-        const isMinimal = req._preferReturn === 'minimal'
+        const isMinimal = getPreferReturnHeader(req) === 'minimal'
         postProcess(cdsReq.target, srv, result, isMinimal)
+
         if (result['$etag']) res.set('etag', result['$etag'])
-        res.set('location', calculateLocationHeader(cdsReq.target, srv, result))
         if (isMinimal) return res.sendStatus(204)
+
         const info = metaInfo(query, 'CREATE', srv, result, req)
         result = toODataResult(result, info)
-        res.status(201).set('Content-Type', 'application/json;IEEE754Compatible=true').send(result)
+        res.set('content-type', 'application/json;IEEE754Compatible=true')
+        res.status(201).send(result)
+      })
+      .catch(err => {
+        handleSapMessages(cdsReq, req, res)
+        next(err)
       })
-      .catch(next) // should be outside, so tx can be rolled back in case of errors
   }

package/libx/odata/middleware/delete.js

@@ -1,14 +1,13 @@
 const cds = require('../../../')
 const { UPDATE, DELETE } = cds.ql
 
-const { getKeysAndParamsFromPath, handleSapMessages } = require('../utils')
+const { getKeysAndParamsFromPath, handleSapMessages, getPreferReturnHeader } = require('../utils')
 
 module.exports = srv =>
   function deleete(req, res, next) {
-    if (req._preferReturn) {
-      throw Object.assign(new Error(`The 'return' preference is not allowed in ${req.method} requests`), {
-        statusCode: 400
-      })
+    if (getPreferReturnHeader(req)) {
+      const msg = "The 'return' preference is not allowed in DELETE requests"
+      throw Object.assign(new Error(msg), { statusCode: 400 })
     }
 
     // REVISIT: better solution for query._propertyAccess
@@ -19,8 +18,7 @@ module.exports = srv =>
     } = req._query
 
     if (!one) {
-      // REVISIT: don't use "ENTITY.COLLECTION" as that's an okra term
-      throw Object.assign(new Error('Method DELETE not allowed for ENTITY.COLLECTION'), { statusCode: 405 })
+      throw Object.assign(new Error('Method DELETE is not allowed for entity collections'), { statusCode: 405 })
     }
 
     // payload & params
@@ -31,20 +29,29 @@ module.exports = srv =>
     // query
     const query = _propertyAccess ? UPDATE(from).set({ [_propertyAccess]: null }) : DELETE.from(from)
 
+    // cdsReq.headers should contain merged headers of envelope and subreq
+    const headers = { ...cds.context.http.req.headers, ...req.headers }
+
     // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
-    const cdsReq = new cds.Request({ query, data, params, req, res })
+    const cdsReq = new cds.Request({ query, data, headers, params, req, res })
     Object.defineProperty(cdsReq, 'protocol', { value: 'odata-v4' })
 
+    // API for subrequests of $batch (or incoming request)
+    cdsReq.req = req
+    cdsReq.res = res
+
     // rewrite event for draft-enabled entities
     if (target._isDraftEnabled && cdsReq.data.IsActiveEntity === false) cdsReq.event = 'CANCEL'
 
     return srv
       .dispatch(cdsReq)
-      .then(result => {
+      .then(() => {
         handleSapMessages(cdsReq, req, res)
 
-        if (result === 0) throw Object.assign(new Error('Not found'), { statusCode: 404 })
         res.sendStatus(204)
       })
-      .catch(next)
+      .catch(err => {
+        handleSapMessages(cdsReq, req, res)
+        next(err)
+      })
   }