@sap/cds 8.0.3 → 8.0.4

package/CHANGELOG.md

@@ -4,6 +4,14 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 8.0.4 - 2024-07-19
+
+### Fixed
+
+- Atomicity group handling in `$batch`
+- `$batch` im combination with `commit` hooks
+- `continue-on-error` preference for JSON `$batch`
+
 ## Version 8.0.3 - 2024-07-12
 
 ### Added

package/lib/env/cds-requires.js

@@ -233,6 +233,7 @@ const _messaging = {
   },
   "event-broker": {
     impl: `${_runtime}/messaging/event-broker.js`,
+    format: 'cloudevents',
     vcap: {
       label: "eventmesh-sap2sap-internal"
     }

package/libx/_runtime/common/composition/insert.js

@@ -82,7 +82,7 @@ const hasDeepInsert = (model, cqn) => {
 const getDeepInsertCQNs = (model, cqn) => {
   const into = (cqn.INSERT.into.ref && cqn.INSERT.into.ref[0]) || cqn.INSERT.into.name || cqn.INSERT.into
   const entityName = ensureNoDraftsSuffix(into)
-  const draft = entityName !== into
+  const draft = entityName !== into || into.endsWith('.drafts') //lean draft
   const dataEntries = cqn.INSERT.entries ? deepCopy(cqn.INSERT.entries) : []
   const entity = model.definitions[entityName]
   const compositionTree = getCompositionTree({

package/libx/_runtime/db/query/read.js

@@ -60,17 +60,26 @@ const read = (executeSelectCQN, executeStreamCQN, convertStreams) => (model, dbc
 
   if (query.SELECT.count) {
     if (query.SELECT.limit) {
+      // IMPORTANT: do not change order!
+      // 1. create the count query synchronously, because it works on a copy
+      // 2. run the result query, duplicate names ( SELECT ID, ID ...) throw an error synchronously
+      // 3. run the count query
+      // reason is that executeSelectCQN modifies the query
       const countQuery = _createCountQuery(query)
-      const countResultPromise = executeSelectCQN(model, dbc, countQuery, user, locale, isoTs)
-      if (query.SELECT.limit?.rows?.val === 0) {
-        // We don't need to perform our result query
-        return countResultPromise.then(countResults => _arrayWithCount([], countValue(countResults)))
-      }
+      const resultPromise =
+        query.SELECT.limit?.rows?.val === 0
+          ? Promise.resolve([])
+          : executeSelectCQN(model, dbc, query, user, locale, isoTs)
+      const countPromise = executeSelectCQN(model, dbc, countQuery, user, locale, isoTs)
 
-      const resultPromise = executeSelectCQN(model, dbc, query, user, locale, isoTs)
-      return Promise.all([countResultPromise, resultPromise]).then(([countResults, result]) =>
-        _arrayWithCount(result, countValue(countResults))
-      )
+      // use allSettled here, so all executions are awaited before we rollback
+      return Promise.allSettled([countPromise, resultPromise]).then(results => {
+        const rejection = results.find(p => p.status === 'rejected')
+        if (rejection) throw rejection.reason
+
+        const [{ value: countResult }, { value: result }] = results
+        return _arrayWithCount(result, countValue(countResult))
+      })
     }
 
     return executeSelectCQN(model, dbc, query, user, locale, isoTs).then(result =>

package/libx/_runtime/fiori/lean-draft.js

@@ -824,7 +824,7 @@ const Read = {
       else ownNewDrafts.push(draft)
     }
 
-    const $count = ownDrafts.length + (isCount ? actives[0]?.$count : actives.$count ?? 0)
+    const $count = ownDrafts.length + (isCount ? actives[0]?.$count : (actives.$count ?? 0))
     if (isCount) return { $count }
 
     Read.merge(query._target, ownDrafts, [], row => {

package/libx/_runtime/messaging/event-broker.js

@@ -1,5 +1,6 @@
 const cds = require('../cds')
 
+const normalizeIncomingMessage = require('./common-utils/normalizeIncomingMessage')
 const express = require('express')
 const https = require('https')
 const crypto = require('crypto')
@@ -141,30 +142,57 @@ class EventBroker extends cds.MessagingService {
 
     // TODO: What if we're in single tenant variant?
     try {
-      const ceSource = `${this.options.credentials.ceSource[0]}/${cds.context.tenant}`
       const hostname = this.options.credentials.eventing.http.x509.url.replace(/^https?:\/\//, '')
-      // TODO Cloud Events Handler CAP
+
+      // take over and cleanse cloudevents headers
+      const headers = { ...(msg.headers ?? {}) }
+
+      const ceId = headers.id
+      delete headers.id
+
+      const ceSource = headers.source
+      delete headers.source
+
+      const ceType = headers.type
+      delete headers.type
+
+      const ceSpecversion = headers.specversion
+      delete headers.specversion
+
+      // const ceDatacontenttype = headers.datacontenttype // not part of the HTTP API
+      delete headers.datacontenttype
+
+      // const ceTime  = headers.time // not part of the HTTP API
+      delete headers.time
+
       const options = {
         hostname: hostname,
         method: 'POST',
         headers: {
-          'ce-id': cds.utils.uuid(),
+          'ce-id': ceId,
           'ce-source': ceSource,
-          'ce-type': msg.event,
-          'ce-specversion': '1.0',
-          'Content-Type': 'application/json'
+          'ce-type': ceType,
+          'ce-specversion': ceSpecversion,
+          'Content-Type': 'application/json' // because of { data, ...headers } format
         },
         agent: this.agent
       }
       this.LOG.debug('HTTP headers:', JSON.stringify(options.headers))
       this.LOG.debug('HTTP body:', JSON.stringify(msg.data))
-      await request(options, msg.data) // TODO: fetch does not work with mTLS as of today, requires another module. see https://github.com/nodejs/node/issues/48977
+      // what about headers?
+      // TODO: Clarify if we should send `{ data, ...headers }` vs.  `data` + HTTP headers (`ce-*`)
+      await request(options, { data: msg.data, ...headers }) // TODO: fetch does not work with mTLS as of today, requires another module. see https://github.com/nodejs/node/issues/48977
       if (this.LOG._info) this.LOG.info('Emit', { topic: msg.event })
     } catch (e) {
       this.LOG.error('Emit failed:', e.message)
     }
   }
 
+  prepareHeaders(headers, event) {
+    if (!('source' in headers)) headers.source = `${this.options.credentials.ceSource[0]}/${cds.context.tenant}`
+    super.prepareHeaders(headers, event)
+  }
+
   async registerWebhookEndpoints() {
     const webhookBasePath = this.options.webhookPath || '/-/cds/event-broker/webhook'
     cds.app.post(webhookBasePath, _validateCertificate.bind(this))
@@ -176,17 +204,27 @@ class EventBroker extends cds.MessagingService {
     try {
       const event = req.headers['ce-type'] // TG27: type contains namespace, so there's no collision
       const tenant = req.headers['ce-sapconsumertenant']
-      const msg = {
-        inbound: true,
-        event,
-        tenant,
-        data: req.body ? req.body : undefined,
-        headers: req.headers
+
+      // take over cloudevents headers (`ce-*`) without the prefix
+      const headers = {}
+      for (const header in req.headers) {
+        if (header.startsWith('ce-')) headers[header.slice(3)] = req.headers[header]
       }
-      cds.context = { user: cds.User.privileged }
-      if (tenant) cds.context.tenant = tenant // TODO: In single tenant case, we don't need a tenant
-      const tx = await this.tx()
-      await tx.emit(msg)
+
+      const msg = normalizeIncomingMessage(req.body)
+      msg.event = event
+      Object.assign(msg.headers, headers)
+      if (tenant) msg.tenant = tenant
+
+      // for cds.context.http
+      msg._ = {}
+      msg._.req = req
+      msg._.res = res
+
+      const context = { user: cds.User.privileged, _: msg._ }
+      if (msg.tenant) context.tenant = msg.tenant
+
+      await this.tx(context, tx => tx.emit(msg))
       this.LOG.debug('Event processed successfully.')
       return res.status(200).json({ message: 'OK' })
     } catch (e) {

package/libx/odata/middleware/batch.js

@@ -13,8 +13,6 @@ const HTTP_METHODS = { GET: 1, POST: 1, PUT: 1, PATCH: 1, DELETE: 1 }
 const CT = { JSON: 'application/json', MULTIPART: 'multipart/mixed' }
 const CRLF = '\r\n'
 
-const CONTINUE_ON_ERROR = /odata\.continue-on-error/
-
 /*
  * common
  */
@@ -99,16 +97,17 @@ const _validateBatch = body => {
         _validateProperty('dependent request ID', dependsOnId, 'string')
 
         const dependency = ids[dependsOnId]
-        if (!dependency)
-          throw _deserializationError(`Request ID '${dependsOnId}' used in dependsOn has not been defined before.`)
-
-        const dependencyAtomicityGroup = dependency.atomicityGroup
-        if (
-          dependencyAtomicityGroup &&
-          dependencyAtomicityGroup !== atomicityGroup &&
-          !request.dependsOn.includes(dependencyAtomicityGroup)
-        )
-          request.dependsOn.push(dependencyAtomicityGroup)
+        if (!dependency) {
+          throw _deserializationError(
+            `"${dependsOnId}" does not match the id or atomicity group of any preceding request`
+          )
+        }
+
+        // automatically add the atomicityGroup of the dependency as a dependency (actually a client error)
+        const dag = dependency.atomicityGroup
+        if (dag && dag !== atomicityGroup && !request.dependsOn.includes(dag)) {
+          request.dependsOn.push(dag)
+        }
       })
     }
 
@@ -227,7 +226,7 @@ const _getNextForLookalike = lookalike => {
 const _transaction = async srv => {
   return new Promise(res => {
     const ret = {}
-    const _tx = srv.tx(
+    const _tx = (ret._tx = srv.tx(
       async () =>
         (ret.promise = new Promise((resolve, reject) => {
           const proms = []
@@ -253,10 +252,49 @@ const _transaction = async srv => {
           }
           res(ret)
         }))
-    )
+    ))
   })
 }
 
+const _tx_done = async (tx, responses, isJson) => {
+  let rejected
+  try {
+    rejected = await tx.done()
+  } catch (e) {
+    // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
+    rejected = 'rejected'
+    // construct commit error
+    let statusCode = e.statusCode || e.status || (e.code && Number(e.code))
+    if (isNaN(statusCode)) statusCode = 500
+    const code = String(e.code || statusCode)
+    const message = e.message || 'Internal Server Error'
+    const error = { error: { ...e, code, message } }
+    // replace all responses with commit error
+    for (const res of responses) {
+      res.status = 'fail'
+      // REVISIT: should error go through any error middleware/ customization logic?
+      if (isJson) {
+        let txt = ''
+        for (let i = 0; i < res.txt.length; i++) txt += Buffer.isBuffer(res.txt[i]) ? res.txt[i].toString() : res.txt[i]
+        txt = JSON.parse(txt)
+        txt.status = statusCode
+        txt.body = error
+        // REVISIT: content-length needed? not there in multipart case...
+        delete txt.headers['content-length']
+        res.txt = [JSON.stringify(txt)]
+      } else {
+        let txt = res.txt[0]
+        txt = txt.replace(/HTTP\/1\.1 \d\d\d \w+/, `HTTP/1.1 ${statusCode} ${message}`)
+        txt = txt.split(/\r\n/)
+        txt.splice(-1, 1, JSON.stringify(error))
+        txt = txt.join('\r\n')
+        res.txt = [txt]
+      }
+    }
+  }
+  return rejected
+}
+
 const _processBatch = async (srv, router, req, res, next, body, ct, boundary) => {
   body ??= req.body
   ct ??= 'JSON'
@@ -268,6 +306,14 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
   }
   const _formatResponse = isJson ? _formatResponseJson : _formatResponseMultipart
 
+  // continue-on-error defaults to true in json batch
+  let continue_on_error = req.headers.prefer?.match(/odata\.continue-on-error(=(\w+))?/)
+  if (!continue_on_error) {
+    continue_on_error = isJson ? true : false
+  } else {
+    continue_on_error = continue_on_error[2] === 'false' ? false : true
+  }
+
   try {
     const ids = _validateBatch(body) // REVISIT: we will not be able to validate the whole once we stream
 
@@ -304,13 +350,13 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
         if (tx) {
           // Each change in `atomicityGroup` results in a new transaction. We execute them in sequence to avoid too many database connections.
           // In the future, we might make this configurable (e.g. allow X parallel connections per HTTP request).
-          const rejected = await tx.done()
+          const rejected = await _tx_done(tx, responses, isJson)
           if (tx.failed?.res.statusCode === 401 && req._login) return req._login()
           else sendPreludeOnce()
           isJson
             ? _writeResponseJson(responses, res)
             : _writeResponseMultipart(responses, res, rejected, previousAtomicityGroup, boundary)
-          if (rejected && !CONTINUE_ON_ERROR.test(req.headers.prefer)) {
+          if (rejected && !continue_on_error) {
             tx = null
             break
           }
@@ -318,7 +364,7 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
 
         responses = []
         tx = await _transaction(srv)
-        if (atomicityGroup) ids[atomicityGroup].promise = tx.promise
+        if (atomicityGroup) ids[atomicityGroup].promise = tx._tx
       }
 
       tx.add(() => {
@@ -329,12 +375,13 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
             const results = await Promise.allSettled(dependencies)
             const dependendOnFailed = results.some(({ status }) => status === 'rejected')
             if (dependendOnFailed) {
+              tx.id = request.id
               tx.res = {
                 getHeaders: () => {},
-                statusCode: 404,
+                statusCode: 424,
                 _chunk: JSON.stringify({
-                  status: 404,
-                  message: `Dependency for Request ${request.id} failed to execute`
+                  code: '424',
+                  message: 'Failed Dependency'
                 })
               }
               throw tx
@@ -375,14 +422,14 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
           const resp = { status: 'ok' }
           if (separator) resp.separator = separator
           else separator = isJson ? Buffer.from(',') : Buffer.from(CRLF)
-          resp.txt = _formatResponse(req, boundary)
+          resp.txt = _formatResponse(req, atomicityGroup)
           responses.push(resp)
         })
         .catch(failedReq => {
           const resp = { status: 'fail' }
           if (separator) resp.separator = separator
           else separator = isJson ? Buffer.from(',') : Buffer.from(CRLF)
-          resp.txt = _formatResponse(failedReq, boundary)
+          resp.txt = _formatResponse(failedReq, atomicityGroup)
           tx.failed = failedReq
           responses.push(resp)
         })
@@ -392,7 +439,7 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
 
     if (tx) {
       // The last open transaction must be finished
-      const rejected = await tx.done()
+      const rejected = await _tx_done(tx, responses, isJson)
       if (tx.failed?.res.statusCode === 401 && req._login) return req._login()
       else sendPreludeOnce()
       isJson
@@ -479,19 +526,19 @@ const _formatStatics = {
   close: Buffer.from('}')
 }
 
-const _formatResponseJson = request => {
+const _formatResponseJson = (request, atomicityGroup) => {
   const { id, res: response } = request
 
-  const raw = Buffer.from(
-    JSON.stringify({
-      id,
-      status: response.statusCode,
-      headers: {
-        ...response.getHeaders(),
-        'content-type': 'application/json' //> REVISIT: why?
-      }
-    })
-  )
+  const chunk = {
+    id,
+    status: response.statusCode,
+    headers: {
+      ...response.getHeaders(),
+      'content-type': 'application/json' //> REVISIT: why?
+    }
+  }
+  if (atomicityGroup) chunk.atomicityGroup = atomicityGroup
+  const raw = Buffer.from(JSON.stringify(chunk))
 
   // body?
   if (!response._chunk) return [raw]

package/libx/odata/middleware/read.js

@@ -109,7 +109,7 @@ const _count = result => {
     ? result.reduce((acc, val) => {
         return acc + (val?.$count ?? val?._counted_ ?? (Array.isArray(val) && _count(val))) || 0
       }, 0)
-    : result.$count ?? result._counted_ ?? 0
+    : (result.$count ?? result._counted_ ?? 0)
 }
 
 // REVISIT: integrate with default handler

package/libx/odata/utils/metadata.js

@@ -35,7 +35,7 @@ const _odataContext = (query, options) => {
     path = '../'.repeat(ref.length - 1) + path
   }
   const lastRef = ref.at(-1)
-  let entityName = isNavToDraftAdmin ? ref[0].id ?? ref[0] : query._target.name ?? edmName
+  let entityName = isNavToDraftAdmin ? (ref[0].id ?? ref[0]) : (query._target.name ?? edmName)
   const serviceName = query._target._service?.name
 
   if (query._target._isContained) {

package/libx/rest/middleware/error.js

@@ -1,7 +1,7 @@
-/*
-
 const cds = require('../../_runtime/cds')
 
+/*
+
 // requesting logger without module on purpose!
 const LOG = cds.log()
 
@@ -44,7 +44,14 @@ const _log = require('../../_runtime/common/error/log')
 
 const { normalizeError } = require('../../_runtime/common/error/frontend')
 
+function noop_error_middleware(err, req, res, next) {
+  next(err)
+}
+
 module.exports = () => {
+  // REVISIT: unofficial hack for afc!!!
+  if (cds.env.features.rest_error_handler === false) return noop_error_middleware
+
   return function rest_error(err, req, res, next) {
     if (err == 401 || err.code == 401) return next(err) // speed up logins, at least temporary until we reviewed and eliminated overhead that may be involved below
     // REVISIT: keep?

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "8.0.3",
+  "version": "8.0.4",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [