@sap/cds 7.8.2 → 7.9.1

package/lib/utils/cds-utils.js

@@ -1,7 +1,7 @@
 const cwd = process.env._original_cwd || process.cwd()
 const cds = require('../index')
 
-const ux = module.exports = exports = new class {
+module.exports = exports = new class {
   get inflect() { return super.inflect = require('./inflect') }
   get inspect() { return super.inspect = require('util').inspect }
   get uuid() { return super.uuid = require('crypto').randomUUID }
@@ -11,7 +11,7 @@ const ux = module.exports = exports = new class {
 }
 
 const path = exports.path = require('path'), { dirname, extname, join, resolve, relative } = path
-const fs = exports.fs = Object.assign (ux,require('fs')) //> for compatibility
+const fs = exports.fs = Object.assign (exports,require('fs')) //> for compatibility
 
 
 /**
@@ -98,7 +98,12 @@ exports.readdir = async function (x) {
 exports.read = async function read (file, _encoding) {
   const f = resolve (cds.root,file)
   const src = await fs.promises.readFile (f, _encoding !== 'json' && _encoding || 'utf8')
-  return _encoding === 'json' || !_encoding && f.endsWith('.json') ? JSON.parse(src) : src
+  if (_encoding === 'json' || !_encoding && f.endsWith('.json')) try {
+    return JSON.parse(src)
+  } catch(e) {
+    throw new Error (`Failed to parse JSON in ${f}: ${e.message}`)
+  }
+  else return src
 }
 
 exports.write = function write (file, data, o) {
@@ -206,7 +211,7 @@ exports.deprecated = (fn, { kind = 'Method', old = fn.name+'()', use } = {}) =>
         '\nDEPRECATED:', old, '\n',
         '\n  ', (kind ? `${kind} ${old}` : old), 'is deprecated and will be removed in upcoming releases!',
         use ? `\n   => Please use ${use} instead.` : '', '\n',
-        o.stack.replace(/^Error\n\s*at.*\n/,'\n'), '\n',
+        o.stack.replace(/^Error:\s*at.*\n/,'\n'), '\n',
         '\n------------------------------------------------------------------------------\n',
         reset
       )

package/libx/_runtime/cds-services/adapter/odata-v4/ODataRequest.js

@@ -95,7 +95,7 @@ function _handleStreamProperties(target, query, model) {
  * @extends cds.Request
  *
  * @param {string} type - The OData request type (a.k.a. "Component")
- * @param {import('../../services/Service')} service - The underlying CAP service
+ * @param {import('../../../common/Service')} service - The underlying CAP service
  * @param {import('./okra/odata-server/core/OdataRequest')} odataReq - OKRA's req
  * @param {import('./okra/odata-server/core/OdataResponse')} odataRes - OKRA's res
  */

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/action.js

@@ -29,7 +29,7 @@ const _postProcess = async (req, odataReq, odataRes, tx, result) => {
 /**
  * The handler that will be registered with odata-v4.
  *
- * @param {import('../../../services/Service')} service
+ * @param {import('../../../../common/Service')} service
  * @returns {function}
  */
 const action = service => {

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/create.js

@@ -15,7 +15,7 @@ const { getSapMessages } = require('../../../../common/error/frontend')
 /**
  * The handler that will be registered with odata-v4.
  *
- * @param {import('../../../services/Service')} service
+ * @param {import('../../../../common/Service')} service
  * @returns {function}
  */
 const create = service => {

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/delete.js

@@ -11,7 +11,7 @@ const { validateResourcePath } = require('../utils/request')
 /**
  * The handler that will be registered with odata-v4.
  *
- * @param {import('../../../services/Service')} service
+ * @param {import('../../../../common/Service')} service
  * @returns {function}
  */
 const del = service => {

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/metadata.js

@@ -39,12 +39,9 @@ const metadata = service => {
           edmx = await mps.getEdmx({ tenant, model: service.model, service: service.definition.name, locale })
         }
       } else {
-        edmx = cds.localize(
-          service.model,
-          locale,
-          // REVISIT: we could cache this in model._cached
-          cds.compile.to.edmx(service.model, { service: service.definition.name })
-        )
+        edmx = await cds.compile.to.edmx.files.get(service)
+        edmx ??= cds.compile.to.edmx(service.model, { service: service.definition.name })
+        edmx = cds.localize(service.model, locale, edmx)
       }
 
       return next(null, toODataResult(edmx))

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/read.js

@@ -150,12 +150,22 @@ const _getResult = (nameArr, result) => {
   return _getResult(nameArr.slice(1), result[nameArr[0]])
 }
 
+const validateIfNoneMatch = (req, result) => {
+  if (req.target._etag && req.headers['if-none-match']) {
+    let header = req.headers['if-none-match']
+    if (header.startsWith('W/')) header = header.substring(2)
+    if (header.startsWith('"') && header.endsWith('"')) header = header.substring(1, header.length - 1)
+    if (header === '*') return true
+    if (result[req.target._etag.name] === header) return true
+  }
+}
+
 /**
  * Reads the entire entity or only property of it is alike.
  *
  * In case of an entity, odata-v4 wants the value an object structure, in case of a property as scalar.
  *
- * @param {import('../../../../cds-services/services/Service')} tx
+ * @param {import('../../../../common/Service')} tx
  * @param {import('../../../../cds-services/adapter/odata-v4/ODataRequest')} req
  * @param {Array<import('../okra/odata-commons/uri/UriResource')>} segments
  * @returns {Promise}
@@ -175,14 +185,15 @@ const _readEntityOrProperty = async (tx, req, segments) => {
    *     If no entity is related, the service returns 204 No Content.
    */
   if (result == null) {
-    if (req.headers['if-none-match']) {
-      req._.odataRes.setStatusCode(304)
-      return
-    }
     if (_isNavigationToOne(segments)) return toODataResult(null)
     throw getError(404)
   }
 
+  if (validateIfNoneMatch(req, result)) {
+    req._.odataRes.setStatusCode(304)
+    return
+  }
+
   if (!Array.isArray(result)) result = [result]
 
   if (result.length === 0 && _isNavigationToOne(segments)) return toODataResult(null)
@@ -373,10 +384,6 @@ const _readStream = async (tx, req) => {
 
   // Reading one entity or a property of it should yield only a result length of one.
   if (result.length === 0 || result[0] === undefined) {
-    if (req.headers['if-none-match']) {
-      req._.odataRes.setStatusCode(304)
-      return
-    }
     throw getError(404)
   }
 
@@ -386,6 +393,11 @@ const _readStream = async (tx, req) => {
 
   result = result[0]
 
+  if (validateIfNoneMatch(req, result)) {
+    req._.odataRes.setStatusCode(304)
+    return
+  }
+
   const readable = cds.env.features.stream_compat
     ? result.value
     : Object.values(result).find(v => v instanceof Readable)
@@ -511,7 +523,7 @@ const _ensureStream = result => {
  * If the single entity to be read does not exist, calls next with error to return a 404.
  * In all other failure cases it calls next with error to return a 500.
  *
- * @param {import('../../../services/Service')} service
+ * @param {import('../../../../common/Service')} service
  * @returns {function}
  */
 const read = service => {

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/request.js

@@ -27,8 +27,8 @@ module.exports = srv => {
     // in case of $batch we need to challenge directly, as the header is not processed if in $batch response body
     if (containsRestrictions && path.endsWith('/$batch') && req.user._is_anonymous) {
       // NOTE: "return req._login()" would not invoke custom error handlers
-      if (req._login) res.set('WWW-Authenticate', `Basic realm="Users"`)
-      else if (user._challenges) res.set('WWW-Authenticate', user._challenges.join(';'))
+      if (req._login) res.set('www-authenticate', `Basic realm="Users"`)
+      else if (user._challenges) res.set('www-authenticate', user._challenges.join(';'))
       return next(ODATA_UNAUTHORIZED)
     }
 
@@ -37,8 +37,8 @@ module.exports = srv => {
       // > unauthorized or forbidden?
       if (req.user._is_anonymous) {
         // NOTE: "return req._login()" would not invoke custom error handlers
-        if (req._login) res.set('WWW-Authenticate', `Basic realm="Users"`)
-        else if (user._challenges) res.set('WWW-Authenticate', user._challenges.join(';'))
+        if (req._login) res.set('www-authenticate', `Basic realm="Users"`)
+        else if (user._challenges) res.set('www-authenticate', user._challenges.join(';'))
         return next(ODATA_UNAUTHORIZED)
       }
       return next(ODATA_FORBIDDEN)

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/update.js

@@ -105,9 +105,10 @@ const _updateThenCreate = async (req, odataReq, odataRes, tx) => {
       (e.code === 412 || e.status === 412 || e.statusCode === 412) && req.headers['if-none-match'] === '*'
     if ((is404 || isForcedInsert) && _isUpsertAllowed(req)) {
       // PUT/ PATCH with if-match header means "only if already exists", i.e., no insert if not
-      if (req.headers['if-match'])
+      if (req.headers['if-match']) {
         throw Object.assign(new Error('412'), { statusCode: 412 })
-        // REVISIT: remove error (and child?) from tx.context? -> would require a unique req.id
+      }
+      // REVISIT: remove error (and child?) from tx.context? -> would require a unique req.id
       ;[result, req] = await _create(req, odataReq, odataRes, tx)
       odataRes.setStatusCode(201, { overwrite: true })
     } else {
@@ -148,7 +149,7 @@ const _getStructValue = (prop, result, segments) => {
  * In case of success it calls next with the number of updated entries as result.
  * In case of error it calls next with error.
  *
- * @param {import('../../../services/Service')} service
+ * @param {import('../../../../common/Service')} service
  * @returns {function}
  */
 const update = service => {

package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/ExpressionToCQN.js

@@ -57,7 +57,7 @@ class ExpressionToCQN {
             return { val: new Date(value).toISOString().replace(/\.\d\d\dZ$/, 'Z') }
           return { val: normalizeTimestamp(value) }
         } catch (e) {
-          throw Object.assign(new Error(`The type 'Edm.DateTimeOffset' is not compatible with '${value}'`), {
+          throw Object.assign(new Error(`The type Edm.DateTimeOffset is not compatible with "${value}"`), {
             status: 400
           })
         }

package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/applyToCQN.js

@@ -84,6 +84,7 @@ const _addCount = aggregateExpression => {
 
 const _createColumnsForAggregateExpressions = (aggregateExpressions, entity) => {
   const columns = []
+  let defaultAggregation
   for (const aggregateExpression of aggregateExpressions) {
     // custom aggregates
     if (aggregateExpression.getPathSegments() && aggregateExpression.getPathSegments().length === 1) {
@@ -97,7 +98,9 @@ const _createColumnsForAggregateExpressions = (aggregateExpressions, entity) =>
         entity.elements[name][AGGREGATION_DEFAULT] &&
         entity.elements[name][AGGREGATION_DEFAULT]['#']
       ) {
-        columns.push({ [`${entity.elements[name][AGGREGATION_DEFAULT]['#'].toLowerCase()}(${name})`]: name })
+        defaultAggregation = entity.elements[name][AGGREGATION_DEFAULT]['#'].toLowerCase()
+        if (defaultAggregation === 'count_distinct') defaultAggregation = 'countdistinct'
+        columns.push({ [`${defaultAggregation}(${name})`]: name })
         continue
       }
     }

package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/expandToCQN.js

@@ -9,7 +9,7 @@ const {
 const { getFeatureNotSupportedError } = require('../../../util/errors')
 const orderByToCQN = require('./orderByToCQN')
 const ExpressionToCQN = require('./ExpressionToCQN')
-const { getColumns } = require('../../../services/utils/columns')
+const { getColumns } = require('../../../../common/utils/columns')
 const { addLimit, isSameArray } = require('./utils')
 const { findCsnTargetFor } = require('../../../../common/utils/csn')
 const getError = require('../../../../common/error')

package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/index.js

@@ -9,7 +9,44 @@ const readToCQN = require('./readToCQN')
 const updateToCQN = require('./updateToCQN')
 const createToCQN = require('./createToCQN')
 const deleteToCQN = require('./deleteToCQN')
-const parseToCqn = require('../../../../../odata/parse/parseToCqn')
+
+const parseToCqn = (component, service, target, data, odataReq, upsert) => {
+  let query = cds.odata.parse(odataReq.getIncomingRequest().url, { service })
+
+  // for concat
+  if (component === 'READ' && Array.isArray(query)) return query
+
+  const _target = query.SELECT && query.SELECT.from
+
+  const {
+    SELECT: { one }
+  } = query
+
+  switch (component) {
+    case 'CREATE':
+      // create
+      // error in cases like `POST Books(1)` i.e. `POST` with navigation to single entity
+      if (one && !upsert) cds.error('POST not allowed on entity', { code: 400 })
+      return INSERT.into(_target).entries(data)
+    case 'DELETE':
+      if (!one) cds.error('DELETE not allowed on collection', { code: 400 })
+      // eslint-disable-next-line no-case-declarations
+      const last = query._propertyAccess || (_target.ref && _target.ref[_target.ref.length - 1])
+      if (target.elements[last] || target.elements[query._propertyAccess]) {
+        // delete simple property
+        const ref = { ref: query._propertyAccess ? _target.ref : _target.ref.slice(0, -1) }
+        return UPDATE(ref).data({ [last]: null })
+      } else {
+        return DELETE.from(_target)
+      }
+    case 'UPDATE':
+      // eslint-disable-next-line no-throw-literal
+      if (!one) throw { statusCode: 400, code: '400', message: `INVALID_${odataReq.getMethod()}` }
+      return UPDATE(_target).data(data)
+    default:
+      return query
+  }
+}
 
 /**
  * This method transforms an odata request into a CQN object.

package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/readToCQN.js

@@ -217,12 +217,12 @@ const _checkViewWithParamCall = (isView, segments, kind, name) => {
   }
 
   if (segments.length < 2) {
-    throw cds.error(`Invalid call to "${name}". You need to navigate to Set`, { status: 400, code: 400 })
+    throw cds.error(`Invalid call to "${name}". You need to navigate to Set`, { statusCode: 400, code: 400 })
   }
 
   // if the last segment is count, check if previous segment is Set, otherwise check if the last segment equals Set
   if (!_isSet(segments[segments.length - (_isCount(kind) ? 2 : 1)])) {
-    throw cds.error(`Invalid call to "${name}". You need to navigate to Set`, { status: 400, code: 400 })
+    throw cds.error(`Invalid call to "${name}". You need to navigate to Set`, { statusCode: 400, code: 400 })
   }
 }
 

package/libx/_runtime/cds-services/adapter/odata-v4/to.js

@@ -1,19 +1,29 @@
 const cds = require('../../../cds')
+// prettier-ignore
+const OkraAdapter = Object.assign (require('./OData'), {
+  for (srv, model, edm) {
+    return new this (edm, model, srv.options).addCDSServiceToChannel(srv)
+  }
+})
 
 /**
  * This is the express handler for a specific OData endpoint.
  * Note: the same service can be served at different endpoints.
  */
-module.exports = srv => {
-  const okra = new OkraAdapter(srv)
-  return okra.process.bind(okra)
-}
-
-let OData
-function OkraAdapter(srv, model = srv.model) {
-  const edm = cds.compile.to.edm(model, { service: srv.definition?.name || srv.name })
-  OData ??= require('./OData')
-  return new OData(edm, model, srv.options).addCDSServiceToChannel(srv)
+// prettier-ignore
+const adapter4 = module.exports = function (srv) {
+  const csn = srv.model
+  let okra, pre_compiled_edm = cds.compile.to.edmx.files.get (srv, 'edm.json', csn)
+  if (pre_compiled_edm) okra = { // using a lazy-loading okra proxy
+    process: (...args) => pre_compiled_edm.then (edm => {
+      okra = OkraAdapter.for (srv, csn, edm) // replacing the proxy for subsequent calls
+      return okra.process (...args)         // delegating the first call
+    })
+  }; else {
+    let edm = cds.compile.to.edm (csn, { service: srv.definition?.name || srv.name })
+    okra = OkraAdapter.for (srv, csn, edm)
+  }
+  return (...args) => okra.process (...args)
 }
 
 //////////////////////////////////////////////////////////////////////////////
@@ -21,21 +31,22 @@ function OkraAdapter(srv, model = srv.model) {
 //  REVISIT: Move to ExtensibilityService
 //
 if (cds.requires.extensibility || cds.requires.toggles) {
-  let unique = 0
+  /**
+   * Creates new OkraAdapter for new models with tenant-specific extensions.
+   * The created adapters are cached in `model._cache`.
+   * Note: As the adapters cache is attached to the model, they get disposed
+   * when models are evicted from the models cache.
+   */
   module.exports = srv => {
     const id = `${++unique} - ${srv.path}` // REVISIT: this is to allow running multiple express apps serving same endpoints, as done by some questionable tests
+    // prettier-ignore
     return function ODataAdapter(req, res) {
       const model = cds.context?.model || srv.model
-      if (!model._cached) Object.defineProperty(model, '_cached', { value: { touched: Date.now() } })
-
-      // Note: cache is attached to model cache so they get disposed when models are evicted from cache
-      let adapters = model._cached._odata_adapters || (model._cached._odata_adapters = {})
-      let okra = adapters[id]
-      if (!okra) {
-        const _srv = { __proto__: srv, _real_srv: srv, model } // REVISIT: we need to do that better in new adapters
-        okra = adapters[id] = new OkraAdapter(_srv, model)
-      }
-      return okra.process(req, res)
+      if (!model._cached) Object.defineProperty (model, '_cached', { value: { touched: Date.now() } })
+      const adapters = model._cached._odata_adapters ??= {}
+      const okra = adapters[id] ??= new adapter4 ({ __proto__: srv, _real_srv: srv, model })
+      return okra (req, res)
     }
   }
+  let unique = 0
 }

package/libx/_runtime/cds-services/adapter/odata-v4/utils/data.js

@@ -249,7 +249,7 @@ const _getCopiedData = (odataReq, segments, service, target) => {
  *
  * @param {string} component - odata-v4 component which processes this request
  * @param {import('../okra/odata-server/core/OdataRequest')} odataReq - OKRA's req
- * @param {import('../../../services/Service')} service - Service, which will process this request
+ * @param {import('../../../../common/Service')} service - Service, which will process this request
  * @returns {object | Array}
  * @private
  */

package/libx/_runtime/cds-services/adapter/odata-v4/utils/metaInfo.js

@@ -375,8 +375,7 @@ const _getQueryInfo = (query, service, data, eventType) => {
 
   // store original columns before they are polluted by drafts, db and so on
   const columns = _partialCopyColumns(Array.isArray(query) ? query[0] : query)
-  const isServiceEntity =
-    _findEdmNameFor(returnType, namespace) in model.entities(namespace) && !returnType._isContained
+  const isServiceEntity = _findEdmNameFor(returnType, namespace) in service.entities && !returnType._isContained
   const event = _getEvent(eventType, namespace, data, _pathInfo)
   return Object.assign(_pathInfo, {
     columns,

package/libx/_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite.js

@@ -83,16 +83,6 @@ const readAfterWrite = async (req, srv, { operation, isBefore, columns } = { isB
     const _req = new Request({ query, event: 'READ', _: req._, params: req.params })
     result = await srv.dispatch(_req)
     if (result && req.target._isDraftEnabled) removeDraftUUIDIfNecessary(req)(result)
-    if (result == null && !isBefore && (_isWriteWithResponse(req) || _isDraftAction(req))) {
-      // > something must be written and no READ error <=> @restrict or static where
-      _req.reject({
-        code: 404,
-        internal: {
-          reason: `No data found for "READ" after "${req.method}" of "${query._target.name}"`,
-          source: `"@restrict" or "where" of "${query._target.name}" or underlying entities`
-        }
-      })
-    }
   } catch (e) {
     _handleReadError(e, req)
     result = null

package/libx/_runtime/cds-services/adapter/odata-v4/utils/request.js

@@ -49,7 +49,9 @@ const validateResourcePath = (odataReq, service) => {
         // combination GET && @cds.autoexposed && @cds.autoexpose is OK
         return
       }
-      throw getError(405, 'ENTITY_IS_AUTOEXPOSED', [entity.name])
+      throw getError(405, entity['@cds.autoexpose'] ? 'ENTITY_IS_AUTOEXPOSE_READONLY' : 'ENTITY_IS_AUTOEXPOSED', [
+        entity.name
+      ])
     }
   }
 }