@sap/cds 8.3.0 → 8.4.0

package/libx/_runtime/common/error/frontend.js

@@ -51,7 +51,7 @@ const _rewriteError = error => {
     (code.startsWith('SQLITE_CONSTRAINT') && (message.match(/COMMIT/) || message.match(/FOREIGN KEY/))) ||
     (code === '155' && message.match(/fk constraint violation/))
   ) {
-    // > foreign key constaint violation no sqlite/ hana
+    // > foreign key constaint violation on sqlite/ hana
     error.code = '400'
     error.message = 'FK_CONSTRAINT_VIOLATION'
     return
@@ -63,17 +63,33 @@ const _rewriteError = error => {
   }
 }
 
+const _isInHttpResponseCodeRange = errorCode => errorCode >= 300 && errorCode <= 599
+
+const BAD_REQUEST_ERRORS = new Set(['ENTITY_ALREADY_EXISTS', 'FK_CONSTRAINT_VIOLATION', 'UNIQUE_CONSTRAINT_VIOLATION'])
+
 const _normalize = (err, locale, formatterFn = _getFiltered) => {
   // REVISIT: code and message rewriting
   _rewriteError(err)
 
+  const { message: originalMessage } = err
+
   // message (i18n)
   err.message = getErrorMessage(err, locale)
 
   // ensure code is set and a string
   err.code = String(err.code || 'null')
 
-  let statusCode = err.status || err.statusCode || (_isAllowedError(err.code) && err.code)
+  // determine status code from error
+  let statusCode = err.status || err.statusCode //> REVISIT: why prefer status over statusCode?
+  // well-defined bad request errors
+  if (!statusCode && BAD_REQUEST_ERRORS.has(originalMessage)) statusCode = 400
+  if (!statusCode && _isInHttpResponseCodeRange(err.code)) {
+    if ('sqlState' in err) {
+      // HANA/ database error -> don't use code as status code
+    } else {
+      statusCode = err.code
+    }
+  }
 
   // details
   if (err.details) {
@@ -95,8 +111,6 @@ const _normalize = (err, locale, formatterFn = _getFiltered) => {
   return { error, statusCode }
 }
 
-const _isAllowedError = errorCode => errorCode >= 300 && errorCode < 505
-
 // - for one unique value, we use it
 // - if at least one 5xx exists, we use 500
 // - else if at least one 4xx exists, we use 400

package/libx/_runtime/common/generic/auth/restrict.js

@@ -5,8 +5,6 @@ const { reject, getRejectReason, resolveUserAttrs, getAuthRelevantEntity } = req
 const { DRAFT_EVENTS, MOD_EVENTS } = require('./constants')
 const { getNormalizedPlainRestrictions } = require('./restrictions')
 
-const { cqn2cqn4sql } = require('../../utils/cqn2cqn4sql')
-
 const _getResolvedApplicables = (applicables, req) => {
   const resolvedApplicables = []
 
@@ -189,7 +187,7 @@ const _getRestrictedCount = async (req, model, resolvedApplicables) => {
   const restrictionForTarget = _getRestrictionForTarget(resolvedApplicables, req.target)
   if (restrictionForTarget) selectRestricted.where(restrictionForTarget)
 
-  const { n } = await dbtx.run(cqn2cqn4sql(selectRestricted, model, { suppressSearch: true }))
+  const { n } = await dbtx.run(selectRestricted)
   return n
 }
 

package/libx/_runtime/common/generic/sorting.js

@@ -76,7 +76,7 @@ const commonGenericSorting = function (req) {
 
   if (select.from && select.from.SELECT) {
     // add default sort to root query
-    if (select.orderBy) _addDefaultSortOrder(req, select)
+    _addDefaultSortOrder(req, select)
 
     // apply default sort to bottom-most sub-query
     while (select.from.SELECT) select = select.from.SELECT

package/libx/_runtime/common/utils/compareJson.js

@@ -1,3 +1,4 @@
+const cds = require('../../cds')
 const { DRAFT_COLUMNS_MAP } = require('../constants/draft')
 
 const _deepEqual = (val1, val2) => {
@@ -18,12 +19,7 @@ const _getCorrespondingEntryWithSameKeys = (source, entry, keys) => {
 const _getIdxCorrespondingEntryWithSameKeys = (source, entry, keys) =>
   source.findIndex(sourceEntry => keys.every(key => _deepEqual(sourceEntry[key], entry[key])))
 
-const _getKeysOfEntity = entity =>
-  Object.keys(entity.keys).filter(key => !(key in DRAFT_COLUMNS_MAP) && !entity.elements[key].isAssociation)
-
-const _getCompositionsOfEntity = entity => Object.keys(entity.elements).filter(e => entity.elements[e].isComposition)
-
-const _createToBeDeletedEntries = (oldEntry, entity, keys, compositions) => {
+const _createToBeDeletedEntries = (oldEntry, entity, keys, compositions, metaCache) => {
   const toBeDeletedEntry = {
     _op: 'delete'
   }
@@ -35,20 +31,18 @@ const _createToBeDeletedEntries = (oldEntry, entity, keys, compositions) => {
     if (keys.includes(prop)) {
       toBeDeletedEntry[prop] = oldEntry[prop]
     } else if (compositions.includes(prop) && oldEntry[prop]) {
+      const target = entity.elements[prop]._target
+      const cache = metaCache.get(target)
       toBeDeletedEntry[prop] = entity.elements[prop].is2one
         ? _createToBeDeletedEntries(
             oldEntry[prop],
             entity.elements[prop]._target,
-            _getKeysOfEntity(entity.elements[prop]._target),
-            _getCompositionsOfEntity(entity.elements[prop]._target)
+            cache.keys,
+            cache.compositions,
+            metaCache
           )
         : oldEntry[prop].map(entry =>
-            _createToBeDeletedEntries(
-              entry,
-              entity.elements[prop]._target,
-              _getKeysOfEntity(entity.elements[prop]._target),
-              _getCompositionsOfEntity(entity.elements[prop]._target)
-            )
+            _createToBeDeletedEntries(entry, target, cache.keys, cache.compositions, metaCache)
           )
     } else {
       toBeDeletedEntry._old = toBeDeletedEntry._old || {}
@@ -77,7 +71,7 @@ const _hasOpDeep = (entry, element) => {
   return false
 }
 
-const _addCompositionsToResult = (result, entity, prop, newValue, oldValue, opts) => {
+const _addCompositionsToResult = (result, entity, prop, newValue, oldValue, opts, buckets, metaCache) => {
   /*
    * REVISIT: the current impl results in {} instead of keeping null for compo to one.
    *          unfortunately, many follow-up errors occur (e.g., prop in null checks) if changed.
@@ -89,9 +83,23 @@ const _addCompositionsToResult = (result, entity, prop, newValue, oldValue, opts
     !Array.isArray(newValue[prop]) &&
     Object.keys(newValue[prop]).length === 0
   ) {
-    composition = compareJsonDeep(entity.elements[prop]._target, undefined, oldValue && oldValue[prop], opts)
+    composition = compareJsonDeep(
+      entity.elements[prop]._target,
+      undefined,
+      oldValue && oldValue[prop],
+      opts,
+      buckets,
+      metaCache
+    )
   } else {
-    composition = compareJsonDeep(entity.elements[prop]._target, newValue[prop], oldValue && oldValue[prop], opts)
+    composition = compareJsonDeep(
+      entity.elements[prop]._target,
+      newValue[prop],
+      oldValue && oldValue[prop],
+      opts,
+      buckets,
+      metaCache
+    )
   }
   if (composition.some(c => _hasOpDeep(c, entity.elements[prop]))) {
     result[prop] = entity.elements[prop].is2one ? composition[0] : composition
@@ -118,14 +126,17 @@ const _addKeysToResult = (result, prop, newValue, oldValue) => {
   }
 }
 
-const _addToBeDeletedEntriesToResult = (results, entity, keys, newValues, oldValues) => {
+const _addToBeDeletedEntriesToResult = (results, entity, keys, newValues, oldValues, newBucketMap, metaCache) => {
+  const cache = metaCache.get(entity)
   // add to be deleted entries
   for (const oldEntry of oldValues) {
-    const entry = _getCorrespondingEntryWithSameKeys(newValues, oldEntry, keys)
+    const entry = cds.env.features.diff_optimization
+      ? _getCorrespondingEntryWithSameKeysFromBucket(newBucketMap, oldEntry, entity, keys, cache)
+      : _getCorrespondingEntryWithSameKeys(newValues, oldEntry, keys)
 
     if (!entry) {
       // prepare to be deleted (deep) entry without manipulating oldData
-      const toBeDeletedEntry = _createToBeDeletedEntries(oldEntry, entity, keys, _getCompositionsOfEntity(entity))
+      const toBeDeletedEntry = _createToBeDeletedEntries(oldEntry, entity, keys, cache.compositions, metaCache)
       results.push(toBeDeletedEntry)
     }
   }
@@ -149,54 +160,115 @@ const _skipToMany = (entity, prop) => {
   return entity.elements[prop] && entity.elements[prop].is2many && _skip(entity, prop)
 }
 
-// Returns all property names from the new entry and add missing managed elements
-const _propertiesAndManaged = (newEntry, entity) => {
-  return [
-    ...Object.getOwnPropertyNames(newEntry),
-    ...Object.keys(entity.elements).filter(
-      elementName => newEntry[elementName] === undefined && entity.elements[elementName]['@cds.on.update']
-    )
-  ]
-}
+const _iteratePropsInNewEntry = (newEntry, keys, result, oldEntry, entity, opts, buckets, metaCache) => {
+  const cache = metaCache.get(entity)
 
-const _iteratePropsInNewEntry = (newEntry, keys, result, oldEntry, entity, opts) => {
   // On app-service layer, generated foreign keys are not enumerable,
   // include them here too.
-  for (const prop of _propertiesAndManaged(newEntry, entity)) {
-    if (keys.includes(prop)) {
+  for (const prop of cache.props) {
+    if (cache.keys.includes(prop)) {
       _addKeysToResult(result, prop, newEntry, oldEntry)
       continue
     }
 
-    // if value did not change --> ignored
-    if (
-      newEntry[prop] === (oldEntry && oldEntry[prop]) ||
-      (oldEntry && entity.elements[prop]?.['@Core.Immutable']) ||
-      (opts.ignoreDraftColumns && prop in DRAFT_COLUMNS_MAP)
-    ) {
+    if (newEntry[prop] === undefined && !cache.onUpdate.includes(prop)) continue
+
+    if (cache.compositions.includes(prop)) {
+      _addCompositionsToResult(result, entity, prop, newEntry, oldEntry, opts, buckets, metaCache)
       continue
     }
 
-    if (_skipToMany(entity, prop)) {
-      continue
+    // if value did not change --> ignored
+    if (newEntry[prop] === (oldEntry && oldEntry[prop])) continue
+
+    // existing immutable --> ignored
+    if (oldEntry && cache.immutables.includes(prop)) continue
+
+    _addPrimitiveValuesAndOperatorToResult(result, prop, newEntry, oldEntry)
+  }
+}
+
+const _isSimpleKey = element => !element._isStructured && element.type != 'cds.Binary'
+
+const _getMetaCache = (entity, metaCache, opts) => {
+  if (metaCache.get(entity)) return
+
+  const cache = { keys: [], props: [], compositions: [], immutables: [], onUpdate: [] }
+  metaCache.set(entity, cache)
+  for (let prop in entity.elements) {
+    const element = entity.elements[prop] || {}
+    if (prop in entity.keys && !(prop in DRAFT_COLUMNS_MAP) && !element.isAssociation) cache.keys.push(prop)
+    if (_skipToMany(entity, prop) || _skipToOne(entity, prop)) continue
+    if (opts.ignoreDraftColumns && prop in DRAFT_COLUMNS_MAP) continue
+
+    if (element?.isComposition) {
+      cache.compositions.push(prop)
+      _getMetaCache(element._target, metaCache, opts)
     }
 
-    if (_skipToOne(entity, prop)) {
-      continue
+    if (element?.['@Core.Immutable']) cache.immutables.push(prop)
+    if (element?.['@cds.on.update']) cache.onUpdate.push(prop)
+
+    cache.props.push(prop)
+  }
+
+  let getKeyHash
+  if (cache.keys.length === 1 && _isSimpleKey(entity.elements[cache.keys[0]])) {
+    getKeyHash = (entry, keys) => entry[keys[0]].toString()
+  } else if (cache.keys.map(key => entity.elements[key]).every(key => _isSimpleKey(key))) {
+    getKeyHash = (entry, keys) => keys.reduce((hash, key) => `${hash},${key}=${entry[key].toString()}`, '')
+  } else {
+    getKeyHash = (entry, keys) => {
+      const keyObj = keys.reduce((hash, key) => {
+        hash[key] = entry[key]
+        return hash
+      }, {})
+
+      return JSON.stringify(keyObj)
     }
+  }
+  cache.getKeyHash = getKeyHash
+}
 
-    if (entity.elements[prop] && entity.elements[prop].isComposition) {
-      _addCompositionsToResult(result, entity, prop, newEntry, oldEntry, opts)
-      continue
+const _addBucket = (entity, entry, bucketMap, metaCache) => {
+  if (!entry) return
+  const entries = _normalizeToArray(entry)
+  const cache = metaCache.get(entity)
+
+  entries.forEach(e => {
+    const keyHash = cache.getKeyHash(e, cache.keys)
+    let entityMap = bucketMap.get(entity)
+    if (!entityMap) {
+      entityMap = new Map()
+      bucketMap.set(entity, entityMap)
     }
+    entityMap.set(keyHash, e)
 
-    _addPrimitiveValuesAndOperatorToResult(result, prop, newEntry, oldEntry)
-  }
+    for (const prop of cache.props) {
+      if (cache.compositions.includes(prop)) _addBucket(entity.elements[prop]._target, e[prop], bucketMap, metaCache)
+    }
+  })
+}
+
+const _getBucketMap = (value, entity, metaCache) => {
+  const bucketMap = new Map()
+  _addBucket(entity, value, bucketMap, metaCache)
+
+  return bucketMap
+}
+
+const _getCorrespondingEntryWithSameKeysFromBucket = (bucketMap, entry, entity, keys, cache) => {
+  const bucket = bucketMap.get(entity)
+  if (!bucket) return
+
+  const keyHash = cache.getKeyHash(entry, keys)
+  return bucket.get(keyHash)
 }
 
-const compareJsonDeep = (entity, newValue = [], oldValue = [], opts) => {
+const compareJsonDeep = (entity, newValue = [], oldValue = [], opts, buckets, metaCache) => {
   const resultsArray = []
-  const keys = _getKeysOfEntity(entity)
+  const cache = metaCache.get(entity)
+  const keys = cache.keys
 
   // normalize input
   const newValues = _normalizeToArray(newValue)
@@ -205,12 +277,17 @@ const compareJsonDeep = (entity, newValue = [], oldValue = [], opts) => {
   // add to be created and to be updated entries
   for (const newEntry of newValues) {
     const result = {}
-    const oldEntry = _getCorrespondingEntryWithSameKeys(oldValues, newEntry, keys)
-    _iteratePropsInNewEntry(newEntry, keys, result, oldEntry, entity, opts)
+    let oldEntry
+    if (oldValues.length) {
+      oldEntry = cds.env.features.diff_optimization
+        ? _getCorrespondingEntryWithSameKeysFromBucket(buckets.oldBucketMap, newEntry, entity, keys, cache)
+        : _getCorrespondingEntryWithSameKeys(oldValues, newEntry, keys)
+    }
+    _iteratePropsInNewEntry(newEntry, keys, result, oldEntry, entity, opts, buckets, metaCache)
     resultsArray.push(result)
   }
 
-  _addToBeDeletedEntriesToResult(resultsArray, entity, keys, newValues, oldValues)
+  _addToBeDeletedEntriesToResult(resultsArray, entity, keys, newValues, oldValues, buckets.newBucketMap, metaCache)
 
   return resultsArray
 }
@@ -266,7 +343,16 @@ const compareJsonDeep = (entity, newValue = [], oldValue = [], opts) => {
  */
 const compareJson = (newValue, oldValue, entity, opts = {}) => {
   const options = Object.assign({ ignoreDraftColumns: false }, opts)
-  const result = compareJsonDeep(entity, newValue, oldValue, options)
+
+  let newBucketMap,
+    oldBucketMap,
+    metaCache = new Map()
+  _getMetaCache(entity, metaCache, opts)
+  if (oldValue && (!Array.isArray(oldValue) || oldValue.length) && cds.env.features.diff_optimization) {
+    newBucketMap = _getBucketMap(newValue, entity, metaCache)
+    oldBucketMap = _getBucketMap(oldValue, entity, metaCache)
+  }
+  const result = compareJsonDeep(entity, newValue, oldValue, options, { newBucketMap, oldBucketMap }, metaCache)
 
   // in case of batch insert, result is an array
   // in all other cases it is an array with just one entry

package/libx/_runtime/common/utils/resolveView.js

@@ -65,9 +65,7 @@ const revertData = (data, transition, service) => {
     : _newData(data, inverseTransition, true, service)
 }
 
-const _newSubData = (newData, key, transition, el, inverse, service) => {
-  const val = newData[key]
-
+const _newSubData = (val, key, transition, el, inverse, service) => {
   if ((!Array.isArray(val) && typeof val === 'object') || (Array.isArray(val) && val.length !== 0)) {
     let mapped = transition.mapping.get(key)
     if (!mapped) {
@@ -81,11 +79,12 @@ const _newSubData = (newData, key, transition, el, inverse, service) => {
     }
 
     if (Array.isArray(val)) {
-      newData[key] = val.map(singleVal => _newData(singleVal, mapped.transition, inverse, service))
+      return val.map(singleVal => _newData(singleVal, mapped.transition, inverse, service))
     } else {
-      newData[key] = _newData(val, mapped.transition, inverse, service)
+      return _newData(val, mapped.transition, inverse, service)
     }
   }
+  return val //Case of empty array
 }
 
 const _newNestedData = (queryTarget, newData, ref, value) => {
@@ -112,40 +111,37 @@ const _newData = (data, transition, inverse, service) => {
   // no transition -> nothing to do
   if (transition.target && transition.target.name === transition.queryTarget.name) return data
 
-  // REVISIT this does not copy deep
-  const newData = { ...data }
+  const newData = {}
   const queryTarget = transition.queryTarget
 
-  for (const key in newData) {
+  for (const key in data) {
     const el = queryTarget && queryTarget?.elements[key]
     const isAssoc = el && el.isAssociation
 
-    if (isAssoc) {
-      if (newData[key] || (newData[key] === null && service.name === 'db')) {
-        _newSubData(newData, key, transition, el, inverse, service)
-      }
-    }
-
     const mapped = transition.mapping.get(key)
     if (!mapped) {
-      // if there is no mapping and no element with the same name in the target, then we don't need the data
-      if ((typeof newData[key] !== 'object' || newData[key] === null) && !transition.target.elements[key])
-        delete newData[key]
+      //In this condition the data is needed
+      if (
+        ((typeof data[key] === 'object' && data[key] !== null) || transition.target.elements[key]) &&
+        newData[key] === undefined
+      )
+        newData[key] = data[key]
       continue
     }
+    let value = data[key]
+    if (isAssoc) {
+      if (value || (value === null && service.name === 'db')) {
+        value = _newSubData(value, key, transition, el, inverse, service)
+      }
+    }
 
     if (!isAssoc && mapped.transition) {
-      _newSubData(newData, key, transition, el, inverse)
-      const value = newData[key]
-      delete newData[key]
+      value = _newSubData(value, key, transition, el, inverse)
       Object.assign(newData, value)
     }
 
     if (mapped.ref) {
-      const value = newData[key]
-      delete newData[key]
       const { ref } = mapped
-
       if (ref.length === 1) {
         newData[ref[0]] = value
         if (mapped.alternatives) mapped.alternatives.forEach(({ ref }) => (newData[ref[0]] = value))

package/libx/_runtime/fiori/lean-draft.js

@@ -389,7 +389,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
         return req._messages
       }
     })
-    if (req.tx) _req.tx = req.tx
+    if (req.tx && !_req.tx) _req.tx = req.tx
 
     return _req
   }
@@ -1209,7 +1209,7 @@ function _cleanseParams(params, target) {
       if (key === 'IsActiveEntity') {
         const value = params[key]
         delete params[key]
-        Object.defineProperty(params, key, { value, enumerable: false })
+        Object.defineProperty(params, key, { value, enumerable: false, writeable: true })
       }
     }
   }

package/libx/_runtime/messaging/kafka.js

@@ -209,12 +209,18 @@ function _getKeyFn(topicOrEvent) {
 
 async function _getConfig(srv) {
   const caCerts = await _getCaCerts(srv)
+
+  const allBrokers =
+    srv.options.credentials.cluster?.['brokers.client_ssl'] ||
+    srv.options.credentials['cluster.public']?.['brokers.client_ssl']
+  const brokers = allBrokers.split(',')
+
   return {
     clientId: srv.appId,
     // logLevel: 4,
     connectionTimeout: 15000,
     authenticationTimeout: 15000,
-    brokers: srv.options.credentials.cluster?.['brokers.client_ssl'].split(','),
+    brokers,
     ssl: {
       rejectUnauthorized: true,
       ca: caCerts,

package/libx/_runtime/remote/utils/data.js

@@ -1,4 +1,5 @@
 const { big } = require('@sap/cds-foss')
+const cds = require('../../cds')
 
 // Code adopted from @sap/cds-odata-v2-adapter-proxy
 // https://www.w3.org/TR/xmlschema11-2/#nt-duDTFrag
@@ -68,31 +69,36 @@ const _convertValue = (ieee754Compatible, exponentialDecimals) => (value, elemen
   if (value == null) return value
 
   const type = _elementType(element)
-  if (type === 'cds.Boolean') {
-    if (value === 'true') {
-      value = true
-    } else if (value === 'false') {
-      value = false
-    }
-  } else if (type === 'cds.Integer' || type === 'cds.UInt8' || type === 'cds.Int16' || type === 'cds.Int32') {
-    value = parseInt(value, 10)
-  } else if (
-    type === 'cds.Decimal' ||
-    type === 'cds.DecimalFloat' ||
-    type === 'cds.Integer64' ||
-    type === 'cds.Int64'
-  ) {
-    const bigValue = big(value)
-    if (ieee754Compatible) {
-      // TODO test with arrayed => element.items.scale?
-      value = exponentialDecimals ? bigValue.toExponential(element.scale) : bigValue.toFixed(element.scale)
-    } else {
-      // OData V2 does not even mention ieee754Compatible, but V4 requires JSON number if ieee754Compatible=false
-      value = bigValue.toNumber()
+
+  if (cds.env.features.odata_v2_result_conversion) {
+    cds.utils.deprecated({ old: 'flag cds.env.features.odata_v2_result_conversion' })
+    if (type === 'cds.Boolean') {
+      if (value === 'true') {
+        value = true
+      } else if (value === 'false') {
+        value = false
+      }
+    } else if (type === 'cds.Integer' || type === 'cds.UInt8' || type === 'cds.Int16' || type === 'cds.Int32') {
+      value = parseInt(value, 10)
+    } else if (
+      type === 'cds.Decimal' ||
+      type === 'cds.DecimalFloat' ||
+      type === 'cds.Integer64' ||
+      type === 'cds.Int64'
+    ) {
+      const bigValue = big(value)
+      if (ieee754Compatible) {
+        // TODO test with arrayed => element.items.scale?
+        value = exponentialDecimals ? bigValue.toExponential(element.scale) : bigValue.toFixed(element.scale)
+      } else {
+        // OData V2 does not even mention ieee754Compatible, but V4 requires JSON number if ieee754Compatible=false
+        value = bigValue.toNumber()
+      }
+    } else if (type === 'cds.Double') {
+      value = parseFloat(value)
     }
-  } else if (type === 'cds.Double') {
-    value = parseFloat(value)
-  } else if (type === 'cds.Time') {
+  }
+  if (type === 'cds.Time') {
     const match = value.match(DurationRegex)
 
     if (match) {

package/libx/odata/ODataAdapter.js

@@ -73,13 +73,6 @@ class ODataAdapter extends HttpAdapter {
           if (req.method === 'POST' && req.headers['content-type']?.match(/multipart\/mixed/)) {
             return next()
           }
-          if (req.method in { POST: 1, PUT: 1, PATCH: 1 } && req.headers['content-type']) {
-            const parts = req.headers['content-type'].split(';')
-            // header ending with semicolon is not allowed
-            if (!parts[0].match(/^application\/json$/) || parts[1] === '') {
-              throw cds.error('415', { statusCode: 415, code: '415' }) // FIXME: use res.status
-            }
-          }
           // POST with empty body is allowed by actions
           if (req.method in { PUT: 1, PATCH: 1 }) {
             if (req.headers['content-length'] === '0') {
@@ -87,6 +80,18 @@ class ODataAdapter extends HttpAdapter {
               return
             }
           }
+          if (req.method in { POST: 1, PUT: 1, PATCH: 1 }) {
+            const contentType = req.headers['content-type'] ?? ''
+            let contentLength = req.headers['content-length']
+            contentLength = contentLength ? parseInt(contentLength) : 0
+
+            const parts = contentType.split(';')
+            // header ending with semicolon is not allowed
+            if ((contentLength && !parts[0].match(/^application\/json$/)) || parts[1] === '') {
+              res.status(415).json({ error: { message: 'Unsupported Media Type', statusCode: 415, code: '415' } })
+              return
+            }
+          }
 
           return jsonBodyParser(req, res, next)
         })

package/libx/odata/middleware/batch.js

@@ -342,6 +342,8 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
           : {}
       }
 
+      request.headers['content-type'] ??= req.headers['content-type']
+
       const { atomicityGroup } = request
 
       if (!atomicityGroup || atomicityGroup !== previousAtomicityGroup) {
@@ -465,6 +467,7 @@ const _multipartBatch = async (srv, router, req, res, next) => {
     const { requests } = await multipartToJson(req.body, boundary)
     _processBatch(srv, router, req, res, next, { requests }, 'MULTIPART', boundary)
   } catch (e) {
+    // REVISIT: (how) handle multipart accepts?
     next(e)
   }
 }

package/libx/odata/middleware/error.js

@@ -3,11 +3,17 @@ const cds = require('../../../lib')
 const _log = require('../../_runtime/common/error/log')
 
 const { normalizeError, unwrapMultipleErrors } = require('../../_runtime/common/error/frontend')
+const { isStandardError } = require('../../_runtime/common/error/standardError')
 
 module.exports = () => {
   return function odata_error(err, req, res, next) {
     if (err == 401 || err.code == 401) return next(err) // speed up logins, at least temporary until we reviewed and eliminated overhead that may be involved below
 
+    // if error already has statusCode, it comes from express, don't throw
+    if (!err.statusCode && isStandardError(err) && cds.env.server.shutdown_on_uncaught_errors) {
+      return next(err)
+    }
+
     // REVISIT: keep?
     // log the error (4xx -> warn)
     _log(err)

package/libx/odata/parse/afterburner.js

@@ -504,13 +504,12 @@ function _addKeys(columns, target) {
 function _removeDuplicateAsterisk(columns) {
   let hasExpandStar = false
 
-  for (let i = columns.length - 1; i > 0; i--) {
-    const column = columns[i]
-    if (!hasExpandStar && !column.ref && column?.expand?.[0] === '*') hasExpandStar = true
-    else if (hasExpandStar && !column.ref && column?.expand[0] === '*') {
-      columns.splice(i, 1)
+  columns.forEach((column, i) => {
+    if (!column.ref && column.expand?.[0] === '*') {
+      if (hasExpandStar) columns.splice(i, 1)
+      hasExpandStar = true
     }
-  }
+  })
 }
 
 const _structProperty = (ref, target) => {