@sap/cds 7.9.2 → 7.9.4

package/CHANGELOG.md

@@ -4,6 +4,28 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+
+## Version 7.9.4 - 2024-07-18
+
+### Fixed
+
+- View resolving for `cds.features.lean_draft`
+- Error in `enterprise-messaging` deploy script
+- Properly forward path expression infront of lamda functions for `odata-v2` remote services
+- OData queries selecting the same column with `$count=true`
+- Closed higher end of version range for dependency on `cds-types`
+
+## Version 7.9.3 - 2024-06-27
+
+### Fixed
+
+- `cds compile --to serviceinfo` returns the correct URL path for Java applications.
+- Prevent HANA deadlocks when processing outbox table
+- Invalid cache for `SiblingEntity` requests
+- `cds.test` recommends version 7 of `chai-as-promised`.  Version 8 is ESM-only and does not work with `cds.test` at the moment.
+- Loading of `cds.plugins` now respects the (internal!) property `cds.env.plugins` again.
+- `req.data` and `req.INSERT.entries` were not pointing to same object if it contains more than one entry.
+
 ## Version 7.9.2 - 2024-05-22
 
 ### Fixed
@@ -19,7 +41,7 @@
 ### Fixed
 
 - `cds.compile.to.sql` doesn't fail for older compiler versions if `postgres` keywords aren't defined
-- `cds compile --to serviceinfo` no longer detects a Java project if there is a poml.xml file in a subfolder of `app/`
+- `cds compile --to serviceinfo` no longer detects a Java project if there is a pom.xml file in a subfolder of `app/`
 - `acquireTimeoutMillis` is ensured if custom pool config is provided
 
 ## Version 7.9.0 - 2024-04-30

package/lib/auth/ias-auth.js

@@ -3,7 +3,14 @@ const LOG = cds.log('auth')
 
 // _require for better error message
 const _require = require('../../libx/_runtime/common/utils/require')
-const xssec = _require('@sap/xssec')
+
+let xssec = _require('@sap/xssec')
+let xssec4 = false
+// use v3 compat api
+if (xssec.v3) {
+  xssec = xssec.v3
+  xssec4 = true
+}
 
 // getter function extracted to show deprecation warning only once
 const _getTokenInfo = tokenInfo => tokenInfo
@@ -46,6 +53,13 @@ module.exports = function ias_auth(config) {
 
   return (req, _, next) => {
     const token = req.headers.authorization?.split(/^bearer /i)[1]
+
+    if (!token && xssec4) {
+      LOG._debug && LOG.debug('No authorization header provided, continuing with default user.')
+      req.user = new cds.User.default()
+      return next()
+    }
+
     xssec.createSecurityContext(token, credentials, 'IAS', function (err, securityContext, tokenInfo) {
       // REVISIT: ias impl not as sophisticated as xsuaa impl, so we need to be more tolerant here -> xssec issue 221
       // if (err && !tokenInfo) {

package/lib/auth/jwt-auth.js

@@ -3,7 +3,14 @@ const LOG = cds.log('auth')
 
 // _require for better error message
 const _require = require('../../libx/_runtime/common/utils/require')
-const xssec = _require('@sap/xssec')
+
+let xssec = _require('@sap/xssec')
+let xssec4 = false
+// use v3 compat api
+if (xssec.v3) {
+  xssec = xssec.v3
+  xssec4 = true
+}
 
 // getter function extracted to show deprecation warning only once
 const _getTokenInfo = tokenInfo => tokenInfo
@@ -13,7 +20,7 @@ module.exports = function jwt_auth(config) {
 
   if (!credentials) {
     let msg = `Authentication kind "${kind}" configured, but no XSUAA instance bound to application.`
-    msg += ' Either bind an IAS instance, or switch to an authentication kind that does not require a binding.'
+    msg += ' Either bind an XSUAA instance, or switch to an authentication kind that does not require a binding.'
     throw new Error(msg)
   }
 
@@ -48,6 +55,13 @@ module.exports = function jwt_auth(config) {
 
   return (req, _, next) => {
     const token = req.headers.authorization?.split(/^bearer /i)[1]
+
+    if (!token && xssec4) {
+      LOG._debug && LOG.debug('No authorization header provided, continuing with default user.')
+      req.user = new cds.User.default()
+      return next()
+    }
+
     xssec.createSecurityContext(token, credentials, function (err, securityContext, tokenInfo) {
       if (err && !tokenInfo) {
         // here, there is a general problem, .e.g., bad credentials -> throw the error

package/lib/compile/to/srvinfo.js

@@ -90,7 +90,7 @@ module.exports = (model, options={}) => {
     const javaPrefixDefault = 'odata/v4/'
     const roots = [ cds.env.folders.db, cds.env.folders.srv ].map(d => join(root, d))
     for (let r of roots) {
-      const file = isfile (join (r,'../src/main/resources/application.yaml'))
+      const file = isfile (join (r,'./src/main/resources/application.yaml'))
       if (file) {
         const yaml = cds.load.yaml(file)
         for (let yamlDoc of Array.isArray(yaml) ? yaml : [yaml]) {

package/lib/plugins.js

@@ -30,7 +30,7 @@ exports.fetch = function (DEV = process.env.NODE_ENV !== 'production') {
 exports.activate = async function () {
   const DEBUG = cds.debug ('plugins', {label:'cds'})
   DEBUG && console.time ('[cds] - loaded plugins in')
-  const plugins = exports.fetch(), { local } = cds.utils
+  const { plugins } = cds.env, { local } = cds.utils
   await Promise.all (Object.entries(plugins) .map (async ([ plugin, conf ]) => {
     DEBUG?.(`loading plugin ${plugin}:`, { impl: local(conf.impl) })
     // TODO: support ESM plugins. But see cap/cds/pull/1838#issuecomment-1177200 !

package/lib/utils/cds-test.js

@@ -170,7 +170,7 @@ class Test extends require('./axios') {
     function require (mod) { try { return module.require(mod) } catch(e) {
       if (e.code === 'MODULE_NOT_FOUND') throw new Error (`
       Failed to load required package '${mod}'. Please add it thru:
-      npm add -D chai@4 chai-as-promised chai-subset
+      npm add -D chai@4 chai-as-promised@7 chai-subset
     `)}}
   }
   get assert() { return this.chai.assert }

package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/edm/AbstractEdmStructuredType.js

@@ -194,7 +194,7 @@ class AbstractEdmStructuredType extends EdmType {
     if (!this._navigationProperties) {
       this._navigationProperties = new Map(this.getBaseType() ? this.getBaseType().getNavigationProperties() : [])
       for (const [name, property] of this.getOwnNavigationProperties()) {
-        if (ignoreSibling && name === 'SiblingEntity') continue;
+        if (!cds.env.fiori.lean_draft && ignoreSibling && name === 'SiblingEntity') continue; // This will cause subtle caching bugs but will enable expand=* in old draft
         this._navigationProperties.set(name, property)
       }
     }

package/libx/_runtime/common/composition/insert.js

@@ -4,7 +4,7 @@ const { getCompositionTree } = require('./tree')
 const ctUtils = require('./utils')
 
 const { ensureNoDraftsSuffix } = require('../utils/draft')
-const { deepCopyArray } = require('../utils/copy')
+const { deepCopy } = require('../utils/copy')
 
 /*
  * own utils
@@ -82,8 +82,8 @@ const hasDeepInsert = (model, cqn) => {
 const getDeepInsertCQNs = (model, cqn) => {
   const into = (cqn.INSERT.into.ref && cqn.INSERT.into.ref[0]) || cqn.INSERT.into.name || cqn.INSERT.into
   const entityName = ensureNoDraftsSuffix(into)
-  const draft = entityName !== into
-  const dataEntries = cqn.INSERT.entries ? deepCopyArray(cqn.INSERT.entries) : []
+  const draft = entityName !== into || into.endsWith('.drafts') //lean draft
+  const dataEntries = cqn.INSERT.entries ? deepCopy(cqn.INSERT.entries) : []
   const entity = model.definitions[entityName]
   const compositionTree = getCompositionTree({
     definitions: model.definitions,

package/libx/_runtime/db/generic/rewrite.js

@@ -2,13 +2,32 @@ const cds = require('../../cds')
 const { cqn2cqn4sql } = require('../../common/utils/cqn2cqn4sql')
 const { generateAliases } = require('../utils/generateAliases')
 
+/**
+ * Restores the link of `req.data` and `req.query` in case `req.query` was overwritten.
+ * Only applicable for `UPDATE`s and `INSERT`s.
+ *
+ * @param { import('@sap/cds').Request } req
+ */
 const _restoreLink = req => {
   if (req.query.INSERT?.entries) {
-    return (req.data = Array.isArray(req.query.INSERT.entries) ? req.query.INSERT.entries[0] : req.query.INSERT.entries)
+    if (Array.isArray(req.query.INSERT.entries)) req.data = req.query.INSERT.entries[0]
+    else req.data = req.query.INSERT.entries
+  } else if (req.query.UPDATE?.data) {
+    req.data = req.query.UPDATE.data
   }
+}
+
+const _isLinked = req => {
+  if (req.query.INSERT?.entries) {
+    if (Array.isArray(req.query.INSERT.entries)) return req.data === req.query.INSERT.entries[0]
+    return req.data === req.query.INSERT.entries
+  }
+
   if (req.query.UPDATE?.data) {
-    return (req.data = req.query.UPDATE.data)
+    return req.data === req.query.UPDATE.data
   }
+
+  return false
 }
 
 function handler(req) {
@@ -30,14 +49,17 @@ function handler(req) {
 
   const _streaming = cds.env.features.stream_compat && req.query._streaming
 
+  // for restore link to req.data
+  const linked = _isLinked(req)
+
   // convert to sql cqn
   req.query = cqn2cqn4sql(req.query, this.model, { service: this })
 
+  // REVISIT: should not be necessary
   // restore link to req.data
-  _restoreLink(req)
+  if (linked) _restoreLink(req)
 
   if (_streaming) req.query._streaming = _streaming
-
   generateAliases(req.query)
 }
 

package/libx/_runtime/db/query/read.js

@@ -60,17 +60,26 @@ const read = (executeSelectCQN, executeStreamCQN, convertStreams) => (model, dbc
 
   if (query.SELECT.count) {
     if (query.SELECT.limit) {
+      // IMPORTANT: do not change order!
+      // 1. create the count query synchronously, because it works on a copy
+      // 2. run the result query, duplicate names ( SELECT ID, ID ...) throw an error synchronously
+      // 3. run the count query
+      // reason is that executeSelectCQN modifies the query
       const countQuery = _createCountQuery(query)
-      const countResultPromise = executeSelectCQN(model, dbc, countQuery, user, locale, isoTs)
-      if (query.SELECT.limit?.rows?.val === 0) {
-        // We don't need to perform our result query
-        return countResultPromise.then(countResults => _arrayWithCount([], countValue(countResults)))
-      }
+      const resultPromise =
+        query.SELECT.limit?.rows?.val === 0
+          ? Promise.resolve([])
+          : executeSelectCQN(model, dbc, query, user, locale, isoTs)
+      const countPromise = executeSelectCQN(model, dbc, countQuery, user, locale, isoTs)
 
-      const resultPromise = executeSelectCQN(model, dbc, query, user, locale, isoTs)
-      return Promise.all([countResultPromise, resultPromise]).then(([countResults, result]) =>
-        _arrayWithCount(result, countValue(countResults))
-      )
+      // use allSettled here, so all executions are awaited before we rollback
+      return Promise.allSettled([countPromise, resultPromise]).then(results => {
+        const rejection = results.find(p => p.status === 'rejected')
+        if (rejection) throw rejection.reason
+
+        const [{ value: countResult }, { value: result }] = results
+        return _arrayWithCount(result, countValue(countResult))
+      })
     }
 
     return executeSelectCQN(model, dbc, query, user, locale, isoTs).then(result =>

package/libx/_runtime/fiori/lean-draft.js

@@ -771,7 +771,7 @@ const Read = {
       else ownNewDrafts.push(draft)
     }
 
-    const $count = ownDrafts.length + (isCount ? actives[0]?.$count : actives.$count ?? 0)
+    const $count = ownDrafts.length + (isCount ? actives[0]?.$count : (actives.$count ?? 0))
     if (isCount) return { $count }
 
     Read.merge(query._target, ownDrafts, [], row => {

package/libx/_runtime/messaging/event-broker.js

@@ -195,10 +195,9 @@ class EventBroker extends cds.MessagingService {
         data: req.body ? req.body : undefined,
         headers: req.headers
       }
-      cds.context = { user: cds.User.privileged }
-      if (tenant) cds.context.tenant = tenant // TODO: In single tenant case, we don't need a tenant
-      const tx = await this.tx()
-      await tx.emit(msg)
+      const context = { user: cds.User.privileged }
+      if (tenant) context.tenant = tenant // TODO: In single tenant case, we don't need a tenant
+      await this.tx(context, tx => tx.emit(msg))
       this.LOG.debug('Event processed successfully.')
       return res.status(200).json({ message: 'OK' })
     } catch (e) {

package/libx/odata/middleware/read.js

@@ -104,7 +104,7 @@ const _count = result => {
     ? result.reduce((acc, val) => {
         return acc + (val?.$count ?? val?._counted_ ?? (Array.isArray(val) && _count(val))) || 0
       }, 0)
-    : result.$count ?? result._counted_ ?? 0
+    : (result.$count ?? result._counted_ ?? 0)
 }
 
 // basically stolen from old read handler without understanding it ^^

package/libx/odata/parse/cqn2odata.js

@@ -177,13 +177,13 @@ function _xpr(expr, target, kind, isLambda) {
         if (inExpr) res.push(`(${inExpr})`)
         i += 1
       } else if (_isLambda(cur, expr[i + 1])) {
-        const { where, id } = expr[i + 1].ref.slice(-1)[0]
-        const nav = [...expr[i + 1].ref.slice(0, -1), id].join('/')
+        const { where } = expr[i + 1].ref.at(-1)
+        const nav = expr[i + 1].ref.map(ref => ref?.id ?? ref).join('/')
         // odata-v2 does not support lambda expressions but successfactors allows filter like for to-one assocs
         if (kind === 'odata-v2') {
           cds.log('remote').info(`OData V2 does not support lambda expressions. Using path expression as best effort.`)
           isLambda = false
-          res.push(`${id}%2F${_xpr(where, target, kind)}`)
+          res.push(`${nav}%2F${_xpr(where, target, kind)}`)
         } else if (!where) res.push(`${nav}/any()`)
         else res.push(`${nav}/any(${LAMBDA_VARIABLE}:${_xpr(where, target, kind, true)})`)
         i++

package/libx/outbox/index.js

@@ -61,7 +61,7 @@ const processMessages = async (service, tenant, _opts = {}) => {
       try {
         const messagesQuery = SELECT.from(messagesEntity)
           .where({ target: name })
-          .orderBy('timestamp')
+          .orderBy(['timestamp', 'ID'])
           .limit(opts.chunkSize)
           .forUpdate()
         if (opts.maxAttempts) messagesQuery.where({ attempts: { '<': opts.maxAttempts } })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "7.9.2",
+  "version": "7.9.4",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [
@@ -33,14 +33,9 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@cap-js/cds-types": "<1",
+    "@cap-js/cds-types": "<=0.2.0",
     "@sap/cds-compiler": "^4",
     "@sap/cds-fiori": "^1",
     "@sap/cds-foss": "^5.0.0"
-  },
-  "cds": {
-    "plugins": [
-      "@sap/cds-fiori"
-    ]
   }
 }

package/tasks/enterprise-messaging-deploy.js

@@ -42,7 +42,7 @@ const main = async () => {
     error.code = 'DEPLOY_FAILED'
     error.target = { kind: 'DEPLOYMENT' }
     error.reason = e
-    this.LOG.error(error)
+    LOG.error(error)
     throw error
   }
 }