@sap/cds 8.1.0 → 8.1.1

package/CHANGELOG.md

@@ -4,6 +4,21 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 8.1.1 - 2024-08-08
+
+### Fixed
+
+- For `accept-language`, ignore additional options
+- Global `describe`, `before`, `beforeAll`, `afterAll` hooks are now writable again. They were accidentally made read-only in 8.0.0.
+- Expand to `DraftAdministrativeData` for active instances of draft-enabled entities over drafts
+- Deduplication of columns for certain on conditions for the legacy database driver
+- For legacy-sqlite/-hana: Add keys to expands with only non-key elements to ensure not returning null for expand.
+- New parser was to restrictive regarding an empty line at the end of batch body.
+- Error target for operations with complex parameters
+- Remote services: JWT gets found in authorization header
+- Search with invalid characters
+- Invoke `srv.on('error')` for each failing batch subrequest
+
 ## Version 8.1.0 - 2024-07-26
 
 ### Added

package/lib/index.js

@@ -137,8 +137,9 @@ extend (global) .with (class {
 
 // ensure cds.test is loaded for running tests w/ node --test
 'describe' in global || ['describe','before','beforeAll','afterAll'].forEach (p => {
-  Object.defineProperty (global,p, { configurable:1, set(v){Object.defineProperty(global,p,{value:v})},
-    get(){ return cds.test, global[p] }
+  Object.defineProperty (global,p, { configurable:1,
+    set(v){ Object.defineProperty (global,p,{ value:v, writable:true }) },
+    get(){ cds.test; return global[p] }
   })
 })
 

package/lib/linked/validate.js

@@ -26,15 +26,16 @@ class Validation {
     const err = (this.errors ??= new ValidationErrors).add (code)
     if (this.options.path) path = [ this.options.path, ...path ] // e.g. used to prefic 'in/' for actions
     if (path) err.target = (!leaf ? path : path.concat(leaf)).reduce?.((p,n)=> (
-      n?.row ? p + this.filter4(n) :     //> some/entity(ID=1)...
+      n?.row ? p + this.filter4(n) :          //> some/entity(ID=1)...
       typeof n === 'number' ? p + `[${n}]` :  //> some/array[1]...
-      p && n ? p+'/'+n : n                    //> some/element/...
+      p && n ? p+'/'+n : n                    //> some/element...
     ),'')
     if (val) err.args = [ val, ...args ]
     return err
   }
 
   filter4 ({ def, row, index }) {
+    if (this.target.kind in { 'action': 1, 'function': 1 }) return '' //> no filter for operations
     const entity = def._target || def, filter=[]
     for (let k in entity.keys) {
       let v = row[k]

package/lib/req/context.js

@@ -132,6 +132,7 @@ class EventContext {
     if (h) super.headers = h
   }
   get headers() {
+    // REVISIT: isn't "this._.req?.headers" deprecated? shouldn't it be "this.http?.req?.headers"?
     let headers = this._.req?.headers
     if (!headers) { headers={}
       const outer = this._propagated.headers

package/lib/req/locale.js

@@ -22,7 +22,7 @@ const from_req = req => req && (
 
 function req_locale (req) {
   const locale = from_req(req); if (!locale) return i18n.default_language
-  const loc = locale.replace(/-/g,'_')
+  const loc = locale.replace(/-/g,'_').match(/^[^,; ]*/)[0]
   return INCLUDE_LIST[loc]
   || /^([a-z]+)/i.test(loc) && RegExp.$1.toLowerCase()
   || i18n.default_language

package/lib/srv/srv-tx.js

@@ -96,6 +96,7 @@ class Transaction {
      * synchronous modification of passed error only
      * err is undefined if nested tx (cf. "root.before ('failed', ()=> this.rollback())")
      */
+    // FIXME: with noa, this.context === cds.context and not the individual cds.Request
     if (err) for (const each of this._handlers._error) each.handler.call(this, err, this.context)
 
     if (this.ready) { //> nothing to do if no transaction started at all

package/libx/_runtime/common/utils/cqn2cqn4sql.js

@@ -760,7 +760,16 @@ const _convertSelect = (query, model, _options) => {
       query.SELECT.search = query.SELECT.search[0].val
         .match(/("")|("(?:[^"]|\\")*(?:[^\\]|\\\\)")|(\S*)/g)
         .filter(el => el.length)
-        .map(el => (el.match(/^["](.*)["]$/) ? JSON.parse(el) : el))
+        .map(el => {
+          if (el[0] === '"' && el.at(-1) === '"') {
+            try {
+              return JSON.parse(el)
+            } catch {
+              return el
+            }
+          }
+          return el
+        })
         .reduce((arr, val, i) => {
           if (i > 0) arr.push('and')
           arr.push({ val })

package/libx/_runtime/db/expand/expandCQNToJoin.js

@@ -779,6 +779,20 @@ class JoinCQNFromExpanded {
     })
 
     const targetEntity = this._getEntityForTable(target)
+
+    // ignore structured keys for now
+    let targetKeys = entity_keys(targetEntity).filter(key => !targetEntity.keys[key]._isStructured)
+    // ignore groupBy for now
+    if (targetKeys.length > 0 && !readToOneCQN.groupBy) {
+      const notOnlyExpandInColumns = !givenColumns.some(col => col.expand)
+      if (notOnlyExpandInColumns) {
+        const missingKeys = targetKeys.filter(keyName => !givenColumns.some(col => keyName === col.ref?.[0]))
+        if (missingKeys.length) {
+          givenColumns.push(...missingKeys.map(keyName => ({ ref: [keyName] })))
+        }
+      }
+    }
+
     if (
       'IsActiveEntity' in targetEntity.elements &&
       this._isNotIncludedIn(givenColumns)('IsActiveEntity') &&
@@ -1365,11 +1379,28 @@ class JoinCQNFromExpanded {
     const columns = []
     const outerColumns = []
 
+    const _sameRef = (col1, col2) => {
+      if (!col1.ref || !col2.ref) return false // only handle refs
+      if (col1.ref.length !== col2.ref.length) return false
+      if (col1.as !== col2.as) return false
+      for (let i = 0; i < col1.ref.length; i++) {
+        if (col1.ref[i] !== col2.ref[i]) return false
+      }
+      return true
+    }
+
     for (const entry of on) {
       if (entry.xpr) {
         const { columns: cols, outerColumns: outerCols } = this._getFilterColumns(readToOneCQN, entry.xpr, parentAlias)
-        columns.push(...cols)
-        outerColumns.push(...outerCols)
+
+        // de-duplicate
+        for (const col of cols) {
+          if (!columns.some(c => _sameRef(c, col))) columns.push(col)
+        }
+        for (const col of outerCols) {
+          if (!outerColumns.some(c => _sameRef(c, col))) outerColumns.push(col)
+        }
+
         continue
       }
 

package/libx/_runtime/fiori/lean-draft.js

@@ -1081,14 +1081,23 @@ function _cleansed(query, model) {
       }
       cds.infer(draftsQuery, model.definitions)
       // draftsQuery._target = draftsQuery._target?.drafts || draftsQuery._target
-      if (query.SELECT.columns && query._target.drafts)
-        draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
+      if (query.SELECT.columns && query._target.drafts) {
+        if (draftsQuery._target.isDraft)
+          draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
+        else draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, DRAFT_ELEMENTS, draft)
+      }
 
-      if (query.SELECT.where && query._target.drafts)
-        draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
+      if (query.SELECT.where && query._target.drafts) {
+        if (draftsQuery._target.isDraft)
+          draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
+        else draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS)
+      }
 
-      if (query.SELECT.orderBy && query._target.drafts)
-        draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
+      if (query.SELECT.orderBy && query._target.drafts) {
+        if (draftsQuery._target.isDraft)
+          draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
+        else draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, DRAFT_ELEMENTS)
+      }
 
       if (draftsQuery._target.name.endsWith('.DraftAdministrativeData')) {
         draftsQuery.SELECT.columns = _tweakAdminCols(draftsQuery.SELECT.columns)

package/libx/_runtime/remote/Service.js

@@ -261,7 +261,9 @@ class RemoteService extends cds.Service {
       const returnType = req._returnType
       const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions }
 
-      const jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
+      // REVISIT: i don't believe req.context.headers is an official API
+      let jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
+      if (!jwt) jwt = req?.context?.http?.req?.headers?.authorization?.split(/^bearer /i)[1]
       if (jwt) additionalOptions.jwt = jwt
 
       // hidden compat flag in order to suppress logging response body of failed request

package/libx/odata/middleware/create.js

@@ -85,6 +85,11 @@ module.exports = (adapter, isUpsert) => {
       .catch(err => {
         handleSapMessages(cdsReq, req, res)
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }

package/libx/odata/middleware/delete.js

@@ -62,6 +62,11 @@ module.exports = adapter => {
       .catch(err => {
         handleSapMessages(cdsReq, req, res)
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }

package/libx/odata/middleware/error.js

@@ -7,6 +7,7 @@ const { normalizeError, unwrapMultipleErrors } = require('../../_runtime/common/
 module.exports = () => {
   return function odata_error(err, req, res, next) {
     if (err == 401 || err.code == 401) return next(err) // speed up logins, at least temporary until we reviewed and eliminated overhead that may be involved below
+
     // REVISIT: keep?
     // log the error (4xx -> warn)
     _log(err)

package/libx/odata/middleware/operation.js

@@ -134,6 +134,12 @@ module.exports = adapter => {
       })
       .catch(err => {
         handleSapMessages(cdsReq, req, res)
+
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }

package/libx/odata/middleware/read.js

@@ -164,6 +164,11 @@ const _handleArrayOfQueriesFactory = adapter => {
       .catch(err => {
         handleSapMessages(cdsReq, req, res)
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }
@@ -264,9 +269,13 @@ module.exports = adapter => {
         res.send(result)
       })
       .catch(err => {
-        // REVISIT: move error middleware -> applies to all these anti patterns
         handleSapMessages(cdsReq, req, res)
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         next(err)
       })
   }

package/libx/odata/middleware/update.js

@@ -127,13 +127,13 @@ module.exports = adapter => {
         result = getODataResult(result, metadata, { property: _propertyAccess })
         res.send(result)
       })
-      .catch(e => {
+      .catch(err => {
         handleSapMessages(cdsReq, req, res)
 
         // if UPSERT is allowed, redirect to POST
-        const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
+        const is404 = err.code === 404 || err.status === 404 || err.statusCode === 404
         const isForcedInsert =
-          (e.code === 412 || e.status === 412 || e.statusCode === 412) &&
+          (err.code === 412 || err.status === 412 || err.statusCode === 412) &&
           extractIfNoneMatch(req.headers?.['if-none-match']) === '*'
         if (!_propertyAccess && (is404 || isForcedInsert) && _isUpsertAllowed({ target, data, event: req.method })) {
           // PUT / PATCH with if-match header means "only if already exists" -> no insert if it does not
@@ -147,8 +147,13 @@ module.exports = adapter => {
           return next()
         }
 
+        // REVISIT: invoke service.on('error') for failed batch subrequests
+        if (cdsReq.http.req.path.startsWith('/$batch') && service._handlers._error.length) {
+          for (const each of service._handlers._error) each.handler.call(service, err, cdsReq)
+        }
+
         // continue with caught error
-        next(e)
+        next(err)
       })
   }
 }

package/libx/odata/parse/multipartToJson.js

@@ -105,7 +105,7 @@ const parseStream = async function* (body, boundary) {
       chunk = `${leftover}${chunk}`
       const lastBoundary = chunk.lastIndexOf('--')
       const lastCRLF = chunk.lastIndexOf(CRLF)
-      if (lastBoundary > lastCRLF) {
+      if (lastBoundary > lastCRLF && lastBoundary + 2 < chunk.length) {
         leftover = chunk.slice(lastBoundary)
         chunk = chunk.slice(0, lastBoundary)
       } else {

package/libx/rest/middleware/error.js

@@ -54,6 +54,7 @@ module.exports = () => {
 
   return function rest_error(err, req, res, next) {
     if (err == 401 || err.code == 401) return next(err) // speed up logins, at least temporary until we reviewed and eliminated overhead that may be involved below
+
     // REVISIT: keep?
     // log the error (4xx -> warn)
     _log(err)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "8.1.0",
+  "version": "8.1.1",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [