@sap/cds 7.9.4 → 8.0.4

package/libx/odata/utils/result.js

@@ -1,6 +1,3 @@
-const getTemplate = require('../../_runtime/common/utils/template')
-const templateProcessor = require('../../_runtime/common/utils/templateProcessor')
-
 const METADATA = {
   $context: '@odata.context',
   $count: '@odata.count',
@@ -26,6 +23,7 @@ const METADATA = {
 }
 
 const KEYSTOCLEANUP = {
+  // REVISIT: should probably be handled in RemoteService's handle()
   // do not set "@odata.context" as it may be inherited of remote service
   $context: true,
   // REVISIT: okra doesn't support content disposition
@@ -33,161 +31,57 @@ const KEYSTOCLEANUP = {
   $mediaContentDispositionType: true
 }
 
-const _metadataRoot = (result, odataResult) => {
-  for (const key in METADATA) {
-    if (!(key in result)) continue
-    if (!KEYSTOCLEANUP[key]) odataResult[METADATA[key]] = result[key]
-  }
-}
-
-const _metadata = (result, propertyName, odataResult) => {
+const _rewriteMetadataDeep = result => {
   for (const key in result) {
-    if (typeof result[key] === 'object') _metadata(result[key])
-    if (!(key in METADATA)) continue
-    if (!KEYSTOCLEANUP[key]) {
-      if (propertyName) odataResult[METADATA[key]] = result[key]
-      else result[METADATA[key]] = result[key]
-    }
-    if (!propertyName) delete result[key]
-  }
-}
-
-const _cleanupMetadata = (propertyName, result) => {
-  if (typeof result !== 'object') return odataResult
-
-  const odataResult = {}
-  if (propertyName) {
-    odataResult.value = result[propertyName]
-  } else {
-    odataResult.value = result
-  }
-
-  if (Array.isArray(result)) _metadataRoot(result, odataResult)
-  _metadata(result, propertyName, odataResult)
-
-  return odataResult
-}
-
-const _setContext = (odataResult, info, isCollection) => {
-  if (info && info.metadata) {
-    const result = isCollection || info.metadata.propertyName ? odataResult : odataResult.value
-
-    if (result != null) Object.assign(result, { [METADATA.$context]: info.metadata.contextUrl })
-  }
-  return odataResult
-}
-
-const _getParent = (model, name) => {
-  const target = model.definitions[name]
-
-  if (target && target.elements) {
-    for (const elementName in target.elements) {
-      const element = target.elements[elementName]
-      if (element._anchor && element._anchor._isContained) return element._anchor
-    }
-  }
-
-  return null
-}
-
-const addEtags = (row, key) => {
-  if (!row[key]) return
-  row['$etag'] = row[key].startsWith('W/') ? row[key] : `W/"${row[key]}"`
-}
-
-const _processCategory = (category, elementInfo) => {
-  const { row, key } = elementInfo
-
-  switch (category) {
-    case '@odata.etag':
-      addEtags(row, key)
-      break
-    case '@cds.api.ignore':
-      delete row[key]
-      break
-    // no default
-  }
-}
-
-const _processorFn = () => elementInfo => {
-  const { row, key, plain } = elementInfo
-  if (typeof row !== 'object' || !Object.prototype.hasOwnProperty.call(row, key)) return
-  const categories = plain.categories
-
-  for (const category of categories) {
-    _processCategory(category, elementInfo)
-  }
-}
-
-const _pick = element => {
-  const categories = []
-  if (element['@odata.etag']) categories.push('@odata.etag')
-  if (element['@cds.api.ignore']) categories.push('@cds.api.ignore')
-  if (categories.length) return { categories }
-}
-
-const postProcess = (target, service, result, isMinimal) => {
-  const { model } = service
-  if (!target || !result || !model || !model.definitions[target.name]) return
-
-  const cacheKey = isMinimal ? 'postProcessMinimal' : 'postProcess'
-  const parent = _getParent(model, target.name)
-  const template = getTemplate(
-    cacheKey,
-    service,
-    target,
-    { pick: _pick, ignore: isMinimal ? el => el.isAssociation : undefined },
-    parent
-  )
-
-  if (template.elements.size === 0) return
-
-  // normalize result to rows
-  result = result.value != null && Object.keys(result).filter(k => !k.match(/^\W/)).length === 1 ? result.value : result
-
-  if (typeof result === 'object' && result != null) {
-    const rows = Array.isArray(result) ? result : [result]
-
-    // process each row
-    const processFn = _processorFn()
-    for (const row of rows) {
-      templateProcessor({
-        processFn,
-        row,
-        template
-      })
+    if (typeof result[key] === 'object' && result[key] != null) _rewriteMetadataDeep(result[key])
+    if (key in METADATA && !KEYSTOCLEANUP[key]) {
+      result[METADATA[key]] = result[key]
+      delete result[key]
     }
   }
 }
 
 /**
- * Convert any result to the result object structure, which is expected of odata-v4.
+ * Constructs the odata result object from the result of the service call as well as the provided metadata and additional options.
  *
- * @param {*} result
- * @param {*} [info]
- * @returns {string | object}
+ * @param {*} result - the result of the service call, i.e., the payload to return to the client
+ * @param {object} metadata - odata metadata
+ * @param {string} metadata.context - @odata.context
+ * @param {object} [options] - additional options/ instructions
+ * @param {boolean} [options.isCollection] - whether the result shall be a collection
+ * @param {string} [options.property] - the name of the requested single property, if any
+ * @returns {object} - the odata result
  */
-const toODataResult = (result, info) => {
+module.exports = function getODataResult(result, metadata, options = {}) {
   if (result == null) return ''
 
-  let propertyName, isCollection
-  if (info) {
-    propertyName = info.metadata.propertyName
-    isCollection = info.metadata.isCollection
-  }
+  const { isCollection, property } = options
 
   if (isCollection && !Array.isArray(result)) result = [result]
   else if (!isCollection && Array.isArray(result)) result = result[0]
 
-  const odataResult = _cleanupMetadata(propertyName, result)
+  // make sure @odata.context is the first element (per OData spec)
+  const odataResult = {
+    [METADATA.$context]: metadata.context
+  }
+
+  // copy metadata from result to odataResult
+  for (const key in METADATA) {
+    if (!(key in result)) continue
+    if (!KEYSTOCLEANUP[key]) odataResult[METADATA[key]] = result[key]
+  }
 
-  // REVISIT: Support exponential decimals header
-  // REVISIT: we always assume minimal metadata right now
-  _setContext(odataResult, info, isCollection)
+  // rewrite metadata in result
+  _rewriteMetadataDeep(result)
 
-  if (!isCollection && !propertyName) return odataResult.value
+  // add result to odataResult
+  if (isCollection) {
+    Object.assign(odataResult, { value: result })
+  } else if (property) {
+    Object.assign(odataResult, { value: result[property] })
+  } else {
+    Object.assign(odataResult, result)
+  }
 
   return odataResult
 }
-
-module.exports = { toODataResult, postProcess }

package/libx/outbox/index.js

@@ -42,7 +42,7 @@ const hasPersistentOutbox = tenant => {
 const _safeJSONParse = string => {
   try {
     return string && JSON.parse(string)
-  } catch (_e) {
+  } catch {
     // Don't throw
   }
 }
@@ -56,6 +56,7 @@ const processMessages = async (service, tenant, _opts = {}) => {
   outboxRunner.run({ name, tenant }, () => {
     let letAppCrash = false
     const config = tenant ? { tenant, user: cds.User.privileged } : { user: cds.User.privileged }
+    config.after = 1 // make sure spawn puts its cb on the `timer` queue (via setTimeout), which is also used by `outboxRunner`
     const spawn = cds.spawn(async () => {
       let messages
       try {
@@ -149,7 +150,7 @@ const processMessages = async (service, tenant, _opts = {}) => {
             if ((await _handleWithErr(msg)) === false) break
           }
         }
-      } catch (e) {
+      } catch {
         letAppCrash = true
       }
 
@@ -277,7 +278,7 @@ function outboxed(srv, customOpts) {
     }
 
     if (!context[$stored_reqs]) {
-      context[$stored_reqs] = [] 
+      context[$stored_reqs] = []
       context.on('succeeded', async () => {
         // REVISIT: Also allow maxAttempts for in-memory outbox?
         for (const _req of context[$stored_reqs]) {

package/libx/rest/RestAdapter.js

@@ -1,201 +1,134 @@
 const cds = require('../_runtime/cds')
 
-// eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
-const express = require('express')
+const parse = require('./middleware/parse')
+const create = require('./middleware/create')
+const read = require('./middleware/read')
+const update = require('./middleware/update')
+const deleet = require('./middleware/delete')
+const operation = require('./middleware/operation')
+const error = require('./middleware/error')
 
-const parse_factory = require('./middleware/parse')
+const { bufferToBase64 } = require('../_runtime/common/utils/binary')
 
-const create_factory = require('./middleware/create')
-const read_factory = require('./middleware/read')
-const update_factory = require('./middleware/update')
-const delete_factory = require('./middleware/delete')
-const operation_factory = require('./middleware/operation')
+const HttpAdapter = require('../../lib/srv/protocols/http')
+const bodyParser4 = require('../odata/middleware/body-parser')
 
-const error_factory = require('./middleware/error')
+// REVISIT: ugly hack -> eliminate
+const { NoaRequest } = require('../odata/ODataAdapter')
+class RestRequest extends NoaRequest {
+  get protocol() {
+    return 'rest'
+  }
+}
 
-const { bufferToBase64 } = require('../_runtime/common/utils/binary')
-const { getAccessRestrictions } = require('../_runtime/common/utils/restrictions')
-
-const RestAdapter = function (srv) {
-  const router = express.Router()
-
-  // -----------------------------------------------------------------------------------------
-  // check @requires as soon as possible (DoS)
-  //
-  const accessRestrictions = getAccessRestrictions(srv)
-  router.use((req, res, next) => {
-    // ensure there always is a user going forward (not always the case with old or custom auth)
-    if (!req.user) req.user = new cds.User.default()
-
-    // check @restrict and @requires as soon as possible (DoS)
-    if (!accessRestrictions.some(r => req.user.is(r))) {
-      // > unauthorized or forbidden?
-      if (req.user._is_anonymous) {
-        // NOTE: "return req._login()" would not invoke custom error handlers
-        if (req._login) res.set('www-authenticate', `Basic realm="Users"`)
-        else if (req.user._challenges) res.set('www-authenticate', req.user._challenges.join(';'))
-        throw cds.error('Unauthorized', { statusCode: 401, code: '401' })
-      }
-      throw cds.error('Forbidden', { statusCode: 403, code: '403' })
-    }
-
-    next()
-  })
-
-  // -----------------------------------------------------------------------------------------
-  // service root
-  //
-  router.head('/', (_, res) => res.json({}))
-  router.get('/', (_, res) =>
-    res.json({
-      entities: Object.keys(srv.entities).map(e => ({ name: e, url: e }))
-    })
-  )
-
-  // -----------------------------------------------------------------------------------------
-  // parse / validate
-  //
-  // content-type check
-  router.use((req, res, next) => {
-    // REVISIT: move that into parse function
-    if (req.method in { POST: 1, PUT: 1, PATCH: 1 }) {
-      const contentType = req.headers['content-type'] && req.headers['content-type'].split(';')
-      if (
-        contentType &&
-        (!contentType[0].match(/^application\/json$/) || (typeof contentType[1] === 'string' && !contentType[1]))
-      ) {
-        throw cds.error('INVALID_CONTENT_TYPE_ONLY_JSON', { statusCode: 415, code: '415' }) // FIXME: better i18n + use res.status
-      }
+class RestAdapter extends HttpAdapter {
+  request4(args) {
+    return new RestRequest(args)
+  }
 
-      if (req.method in { PUT: 1, PATCH: 1 }) {
-        if (Array.isArray(req.body)) {
-          throw cds.error(`INVALID_${req.method}`, { statusCode: 400, code: '400' }) // FIXME: better i18n + use res.status
-        }
+  get router() {
+    const srv = this.service
+    const router = super.router
+
+    const jsonBodyParser = bodyParser4(this)
+
+    // service root
+    router.head('/', (_, res) => res.json({}))
+    const entities = Object.keys(srv.entities).map(e => ({ name: e, url: e }))
+    router.get('/', (_, res) => res.json({ entities }))
 
-        // REVISIT: empty object length is not 0
-        // REVISIT: also check for POST?
-        // check for empty payload body
+    // validate headers
+    router.use((req, res, next) => {
+      if (req.method in { POST: 1, PUT: 1, PATCH: 1 } && req.headers['content-type']) {
+        const parts = req.headers['content-type'].split(';')
+        if (!parts[0].match(/^application\/json$/) || parts[1] === '') {
+          throw cds.error('INVALID_CONTENT_TYPE_ONLY_JSON', { statusCode: 415, code: '415' }) // FIXME: better i18n + use res.status
+        }
+      }
+      if (req.method in { PUT: 1, PATCH: 1 }) {
         if (req.headers['content-length'] === '0') {
-          res.status(400).json({ error: { message: 'Malformed patch document', statusCode: 400, code: '400' } })
+          res.status(400).json({ error: { message: 'Malformed document', statusCode: 400, code: '400' } })
           return
         }
       }
-    }
-    next()
-  })
-  router.use(express.json())
-  router.use(parse_factory(srv))
-
-  // -----------------------------------------------------------------------------------------
-  // begin tx
-  //
-  router.use((req, res, next) => {
-    // REVISIT: -> move to actual handler(s)
-    const tenant = req.tenant || req.user?.tenant
-    // create tx and set as cds.context
-    cds.context = srv.tx(new cds.EventContext({ user: req.user, req, res, tenant }))
-    next()
-  })
-
-  // -----------------------------------------------------------------------------------------
-  // Actual handlers for HEAD, GET, PUT, POST, PATCH, DELETE
-  //
-  const operation = operation_factory(srv)
-  const create = create_factory(srv)
-  const read = read_factory(srv)
-  const update = update_factory(srv)
-  const deleet = delete_factory(srv)
-  router.use(async (req, res, next) => {
-    try {
-      let result, status, location
-
-      if (req._operation) {
-        // actions and functions
-        ;({ result, status } = await operation(req, res))
-      } else {
-        // CRUD
-        switch (req.method) {
-          case 'POST':
-            ;({ result, status, location } = await create(req))
-            break
-          case 'HEAD':
-          case 'GET':
-            ;({ result, status } = await read(req))
-            break
-          case 'PUT':
-          case 'PATCH':
-            ;({ result, status } = await update(req))
-            break
-          case 'DELETE':
-            ;({ result, status } = await deleet(req))
-            break
+
+      return next()
+    })
+    router.use(jsonBodyParser)
+    router.use(parse(this))
+
+    // handle
+    const operation_middleware = operation(this)
+    const create_middleware = create(this)
+    const read_middleware = read(this)
+    const update_middleware = update(this)
+    const delete_middleware = deleet(this)
+    router.use(async function dispatch(req, res, next) {
+      try {
+        let result, status, location
+
+        if (req._operation) {
+          // actions and functions
+          ;({ result, status } = await operation_middleware(req, res))
+        } else {
+          // CRUD
+          switch (req.method) {
+            case 'POST':
+              ;({ result, status, location } = await create_middleware(req, res))
+              break
+            case 'HEAD':
+            case 'GET':
+              ;({ result, status } = await read_middleware(req, res))
+              break
+            case 'PUT':
+            case 'PATCH':
+              // eslint-disable-next-line no-case-declarations
+              const _res = await update_middleware(req, res, next)
+              if (_res) ({ result, status } = _res)
+              break
+            case 'DELETE':
+              ;({ result, status } = await delete_middleware(req, res))
+              break
+          }
+        }
+
+        if (status || result !== undefined) {
+          req._result = { result, status, location }
+          return next()
         }
+      } catch (e) {
+        next(e)
       }
+    })
 
-      req._result = { result, status, location }
-      return next()
-    } catch (e) {
-      next(e)
-    }
-  })
-
-  // -----------------------------------------------------------------------------------------
-  // end tx (i.e., commit or rollback)
-  //
-  router.use(async (req, res, next) => {
-    const { result, status, location } = req._result // REVISIT: Ugly voodoo _req._result channel -> eliminate
-
-    // unfortunately, express doesn't catch async errors -> try catch needed
-    try {
-      await cds.context?.tx?.commit(result)
-    } catch (e) {
-      return next(e)
-    }
-
-    // if authentication or something else within the processing of a cds.Request terminates the request, no need to continue
-    if (res.headersSent) return
-
-    // convert binaries
-    let definition = req._operation || req._query.__target
-    if (typeof definition === 'string')
-      definition =
-        srv.model.definitions[definition] ||
-        srv.model.definitions[definition.split(':$:')[0]].actions[definition.split(':$:')[1]]
-    if (result && srv && definition) bufferToBase64(result, srv, definition)
-
-    // only set status if not yet modified
-    if (status && res.statusCode === 200) res.status(status) // REVISIT: Why only when res.statusCode === 200?
-    if (location) res.set('location', location) // REVISIT: When do we redirect?
-    if (req.method === 'HEAD')
-      // REVISIT: Move that to the implementation of HEAD
-      res
-        .set({
-          'content-type': 'application/json; charset=utf-8',
-          'content-length': JSON.stringify(result).length
-        })
-        .end()
-    // need to convert number to string because express interprets integer as status code
-    else res.send(typeof result === 'number' ? result.toString() : result) // REVISIT: use req.json() instead?
-  })
-
-  // -----------------------------------------------------------------------------------------
-  // error handling
-  //
-  router.use(async (err, req, res, next) => {
-    // REVISIT: should not be neccessary!
-    // request may fail during processing or during commit -> both caught here
-
-    // REVISIT: rollback needed if error occured before commit attempted -> how to distinguish?
-    await cds.context?.tx?.rollback(err).catch(() => {}) // REVISIT: silently ?!?
-
-    next(err)
-  })
-
-  if (!cds.env.features.rest_error_handler) {
-    router.use(error_factory(srv)) // FIXME: nope -> call next()
-  }
+    // handle result
+    router.use((req, res) => {
+      const { result, status, location } = req._result // REVISIT: Ugly voodoo _req._result channel -> eliminate
 
-  return router
+      // if authentication or something else within the processing of a cds.Request terminates the request, no need to continue
+      if (res.headersSent) return
+
+      // convert binaries
+      let definition = req._operation || req._query.__target
+      if (typeof definition === 'string')
+        definition =
+          srv.model.definitions[definition] ||
+          srv.model.definitions[definition.split(':$:')[0]].actions[definition.split(':$:')[1]]
+      if (result && srv && definition) bufferToBase64(result, srv, definition)
+
+      if (status && res.statusCode === 200) res.status(status) //> only set status if not yet modified
+      if (location && !res.getHeader('location')) res.set('location', location)
+
+      // prettier-ignore
+      if (req.method === 'HEAD') res.type('json').set({ 'content-length': JSON.stringify(result).length }).end()
+      else res.send(typeof result === 'number' ? result.toString() : result)
+    })
+
+    // error handling
+    router.use(error(this))
+
+    return router
+  }
 }
 
 module.exports = RestAdapter

package/libx/rest/middleware/create.js

@@ -1,36 +1,40 @@
 const cds = require('../../_runtime/cds')
 const { INSERT } = cds.ql
 
-const RestRequest = require('../RestRequest')
-
 const _error4 = rejected =>
   rejected.length > 1
     ? Object.assign(new Error('MULTIPLE_ERRORS'), { details: rejected.map(r => r.reason) })
     : rejected[0].reason
 
-module.exports = srv => async _req => {
-  const { _query: query, _target, _data, _params } = _req
+module.exports = adapter => {
+  const { service } = adapter
 
-  let result, location
+  return async function create(req, res) {
+    const { _query: query, _data, _params: params } = req
 
-  // add the data
-  query.entries(_data)
-  if (query.INSERT.entries.length > 1) {
-    // > batch insert
-    const reqs = query.INSERT.entries.map(
-      entry => new RestRequest({ query: INSERT.into(query.INSERT.into).entries(entry), _target, params: _params })
-    )
-    const ress = await Promise.allSettled(reqs.map(req => srv.dispatch(req)))
-    const rejected = ress.filter(r => r.status === 'rejected')
-    if (rejected.length) throw _error4(rejected)
-    result = ress.map(r => r.value)
-  } else {
-    // > single insert
-    const req = new RestRequest({ query, _target, params: _params })
-    result = await srv.dispatch(req)
-    location = `../${req.entity.replace(srv.name + '.', '')}` // REVISIT: Is it guaranteed that the GET works? Why do we need relative urls?
-    for (const k in req.target.keys) location += `/${result[k]}`
-  }
+    let result, location
 
-  return { result, status: 201, location }
+    // add the data
+    query.entries(_data)
+    if (query.INSERT.entries.length > 1) {
+      // > batch insert
+      const cdsReqs = query.INSERT.entries.map(entry => {
+        return adapter.request4({ query: INSERT.into(query.INSERT.into).entries(entry), params, req, res })
+      })
+      const ress = await Promise.allSettled(cdsReqs.map(req => service.dispatch(req)))
+      const rejected = ress.filter(r => r.status === 'rejected')
+      if (rejected.length) throw _error4(rejected)
+      result = ress.map(r => r.value)
+    } else {
+      // > single insert
+      const cdsReq = adapter.request4({ query, params, req, res })
+      result = await service.dispatch(cdsReq)
+      // REVISIT: location is a restful feature -> share with odata
+      // REVISIT: Is it guaranteed that the GET works? Why do we need relative urls?
+      location = `../${cdsReq.entity.replace(service.definition.name + '.', '')}`
+      for (const k in cdsReq.target.keys) location += `/${result[k]}`
+    }
+
+    return { result, status: 201, location }
+  }
 }

package/libx/rest/middleware/delete.js

@@ -1,14 +1,11 @@
-const RestRequest = require('../RestRequest')
+module.exports = adapter => {
+  const { service } = adapter
 
-module.exports = srv => async _req => {
-  const { _query: query, _target, _data, _params } = _req
+  return async function deleet(req, res) {
+    const { _query: query, _data: data, _params: params } = req
 
-  const req = new RestRequest({ query, _target, params: _params, data: _data })
+    await service.dispatch(adapter.request4({ query, data, params, req, res }))
 
-  // req.data is filled with keys during read and delete
-  if (_params) req.data = Object.assign(_data, _params[_params.length - 1]) // REVISIT: We should avoid that!
-
-  await srv.dispatch(req)
-
-  return { result: null, status: 204 }
+    return { result: null, status: 204 }
+  }
 }