@sap/cds 8.3.1 → 8.4.0

package/lib/srv/middlewares/errors.js

@@ -1,10 +1,18 @@
+const { isStandardError } = require('../../../libx/_runtime/common/error/standardError')
+
 const production = process.env.NODE_ENV === 'production'
 const cds = require ('../..')
 const LOG = cds.log('error')
 const { inspect } = cds.utils
 
+
 module.exports = () => {
-  return function http_error (error, req, res, _next) { // eslint-disable-line no-unused-vars
+  return async function http_error(error, req, res, next) {
+    if (isStandardError(error) && cds.env.server.shutdown_on_uncaught_errors) {
+      cds.log().error('❗️Uncaught', error)
+      await cds.shutdown(error)
+      return;
+    }
 
     // In case of 401 require login if available by auth strategy
     if (typeof error === 'number') error = { code: error }
@@ -14,7 +22,8 @@ module.exports = () => {
     const status = error.statusCode || error.status || Number(error.code) || 500
     delete error.statusCode
     delete error.status
-    if (!production && error.stack) error.stack = error.stack.replace(/\n {4}at .*(?:node_modules\/express|node:internal).*/g,'')
+    if (!production && error.stack)
+      error.stack = error.stack.replace(/\n {4}at .*(?:node_modules\/express|node:internal).*/g, '')
 
     if (400 <= status && status < 500) {
       LOG.warn (status, '>', inspect(error))
@@ -24,19 +33,23 @@ module.exports = () => {
 
     // Expose as little information as possible in production, and as much as possible in development
     if (production) {
-      Object.defineProperties (error, {
+      Object.defineProperties(error, {
         message: { enumerable: true },
-        user: { enumerable: false },
+        user: { enumerable: false }
       })
     } else {
-      Object.defineProperties (error, {
+      Object.defineProperties(error, {
         message: { enumerable: true },
-        stack: { enumerable: true },
+        stack: { enumerable: true }
       })
     }
 
+    if (res.headersSent) {
+      return next(error)
+    }
+
     // Send the error response
-    return res.status(status).json({error})
+    return res.status(status).json({ error })
 
     // Note: express returns errors as XML, we prefer JSON
     // _next (error)

package/lib/srv/protocols/hcql.js

@@ -1,57 +1,120 @@
+const cds = require('../../index'), {inspect} = cds.utils
 const express = require('express')
-const cds = require('../../index')
-const DEBUG = cds.debug('hcql')
-const { inspect } = require('util')
+const LOG = cds.log('hcql')
 
 class HCQLAdapter extends require('./http') {
 
   get router() {
+
     const srv = this.service
-    return super.router
-
-    /**
-     * Return CSN schema in response to /<srv>/$csn requests
-     */
-    .get('/\\$csn', (_, res) => res.json(this.schema))
-
-    .use(express.json(this.body_parser_options)) //> for application/json -> cqn
-    .use(express.text(this.body_parser_options)) //> for text/plain -> cql -> cqn
-
-    /**
-     * Convenience route for REST-style request formats like that:
-     * GET /browse/Books { ID, title, author.name as author } where stock < 100
-     * GET /browse/Books/201 { ID, title, author.name as author }
-     */
-    .get('/:entity/:id?(%20:tail)?', (req, _, next) => {
-      let { entity, id, tail } = req.params, q = SELECT.from(entity, id)
-      if (is_string(req.body)) tail = req.body
-      else if (is_array(req.body)) q.columns(req.body)
-      else Object.assign(q.SELECT, req.body)
-      if (tail) q = { SELECT: { ...CQL(`SELECT from _ ${tail}`).SELECT, ...q.SELECT } }
-      req.body = q; next() // delegating to main handler
-    })
-
-    /**
-     * The actual protocol adapter, handling all requests.
-     */
-    .use((req, res, next) => {
-      let q = this.query4(req)
-      DEBUG?.(inspect(q,{depth:11,colors:true}))
-      return srv.run(q).then(r => res.json(r)).catch(next)
-    })
+    const router = super.router
+    .get ('/\\$csn', this.schema.bind(this))      //> return the CSN as schema
+    .use (express.json(this.body_parser_options)) //> for application/json -> cqn
+    .use (express.text(this.body_parser_options)) //> for text/plain -> cql -> cqn
+
+    // Route for custom actions and functions ...
+    const action = this.action.bind(this)
+    router.param('action', (req,_,next,a) => { (req.action = a) in srv.actions ? next() : next('route') })
+    router.route('/:action')
+    .post (action)
+    .get (action)
+    .all ((req,res,next) => next(501))
+
+    // Route for REST-style convenience shortcuts with queries in URL + body ...
+    if (process.env.NODE_ENV !== 'production') {
+      const $ = cb => (req,_,next) => { req.body = cb(req.params,req); next() }
+      router.param('entity', (req,_,next,a) => { a in srv.entities ? next() : next(404) })
+      router.route('/:entity/:id?(%20?:tail)?')
+      .get ($(({entity,id,tail}, req) => {
+        const body = typeof req.body === 'string' ? req.body : ''
+        return tail || body ? {SELECT:{
+          ...CQL(`SELECT from _ ${body} ${tail||''}`).SELECT,
+          ...SELECT.from (entity,id).SELECT
+        }} : SELECT.from (entity,id)
+      }))
+      .post   ($(({entity}, {query,body}) => INSERT.into (entity) .entries ({...query,...body})))
+      .put    ($(({entity,id}, {query,body}) => UPDATE (entity,id) .with ({...query,...body})))
+      .patch  ($(({entity,id}, {query,body}) => UPDATE (entity,id) .with ({...query,...body})))
+      .delete ($(({entity,id}) => DELETE.from (entity, id)))
+    }
+
+    // The ultimate handler for CRUD requests
+    router.use (this.crud.bind(this))
+    return router
   }
 
-  get schema() {
-    return cds.minify (cds.model, { service: this.service.name })
+
+  /**
+   * Handle requests to custom actions and functions.
+   */
+  action (req, res, next) {
+    return this.service.send (req.action, { ...req.query, ...req.body })
+    .then (results => this.reply (results, res))
+    .catch (next)
   }
 
-  query4 (req) {
-    if (typeof req.body === 'string') return req.body = cds.parse.cql(req.body)
-    return req.body //> a plain CQN object
+
+  /**
+   * The ultimate handler for all CRUD requests.
+   */
+  crud (req, res, next) {
+    let query = this.query4 (req)
+    return this.service.run (query)
+    .then (results => this.reply (results, res))
+    .catch (next)
   }
-}
 
-const is_string = x => typeof x === 'string'
-const is_array = Array.isArray
+
+  /**
+   * Constructs an instance of cds.ql.Query from an incoming request body,
+   * which is expected to be a plain CQN object or a CQL string.
+   */
+  query4 (/** @type express.Request */ req) {
+    let b = req.body; if (typeof b === 'string') b = cds.parse.cql(b)
+    let q = req.body = cds.ql.query(b); if (!q) return this.error (400, 'Invalid query', { query: req.body })
+    // assert valid target entity
+    if (q.target?._unresolved && this.service.definition) {
+      q.target = q._target = this.service.entities [q.target.name]
+      || this.error (404, `'${q.target.name}' is not an entity served by '${this.service.name}'.`, { query:q })
+    }
+    // handle request headers
+    if (q.SELECT) {
+      if (req.get('Accept-Language')) q.SELECT.localized = true
+      if (req.get('X-Total-Count')) q.SELECT.count = true
+    }
+    // got a valid query
+    if (LOG._debug) LOG.debug (inspect(q))
+    return q
+  }
+
+  /**
+   * Serialize the results into response.
+   */
+  reply (results, /** @type express.Response */ res) {
+    if (!results) return res.end()
+    if (results.$count) res.set ('X-Total-Count', results.$count)
+    if (typeof results === 'object') return res.json (results)
+    else res.send (results)
+  }
+
+  /**
+   * Throw an Error with given status and message.
+   */
+  error (status, message, details) {
+    if (typeof status === 'string') [ message, details, status ] = [ status, message ]
+    let err = Object.assign (new Error(message), details)
+    if (status) err.status = status
+    if (new.target) return err
+    else throw err
+  }
+
+  /**
+   * Return the CSN as schema in response to /<srv>/$csn requests
+   */
+  schema (_, res) {
+    let csn = cds.minify (this.service.model, { service: this.service.name })
+    return res.json (csn)
+  }
+}
 
 module.exports = HCQLAdapter

package/lib/srv/protocols/http.js

@@ -15,9 +15,9 @@ class HttpAdapter {
     return this.router //> constructed by getter
   }
 
-  /** The actual Router factory. Subclasses override this to add specific handlers. */
+  /** The actual Router factory. Subclasses override this to add specific handlers. @returns {express.Router} */
   get router() {
-    let router = super.router = (new express.Router)
+    let router = super.router = new express.Router
     this.use (this.http_log)
     this.use (this.requires_check)
     return router

package/lib/srv/protocols/index.js

@@ -46,7 +46,7 @@ class Protocols {
    */
   serve (srv, /* in: */ app, { before, after } = cds.middlewares) {
 
-    const endpoints = srv.endpoints = this.endpoints4(srv)
+    const endpoints = srv.endpoints ??= this.endpoints4(srv)
     const cached = srv._adapters ??= {}
     let n = 0
 
@@ -101,7 +101,7 @@ class Protocols {
     // get @protocol annotations from service definition
     let annos = o?.to || def['@protocol']
     if (annos) {
-      if (annos === 'none') return
+      if (annos === 'none' || annos['='] === 'none') return []
       if (!annos.reduce) annos = [annos]
     }
     // get @odata, @rest annotations
@@ -117,13 +117,14 @@ class Protocols {
     // canonicalize to { kind, path } objects
     const endpoints = annos.map (each => {
       let { kind = each['='] || each, path } = each
-      if (!(kind in this)) return cds.log('adapters').warn ('ignoring unknown protocol:', kind)
+      if (!(kind in this))
+        return cds.log('adapters').warn ('ignoring unknown protocol:', kind)
       if (typeof path !== 'string') path = o?.at || o?.path || def['@path'] || _slugified(srv.name)
       if (path[0] !== '/') path = this[kind].path + '/' + path // prefix with protocol path
       return { kind, path }
     }) .filter (e => e) //> skipping unknown protocols
 
-    return endpoints.length && endpoints
+    return endpoints //.length ? endpoints : null
   }
 
 
@@ -141,7 +142,8 @@ class Protocols {
    */
   path4 (srv,o) {
     if (!srv.definition) srv = { definition: srv, name: srv.name } // fake srv object
-    return this.endpoints4(srv,o)?.[0]?.path
+    const endpoints = srv.endpoints ??= this.endpoints4(srv,o)
+    return endpoints[0]?.path
   }
 
   /**
@@ -152,11 +154,13 @@ class Protocols {
     const protocols={}; let any
 
     // check @protocol annotation -> deprecated, only for 'none'
-    const anno = def['@protocol']
-
-    if (anno === 'none') return protocols
-    if (typeof anno === 'string') any = protocols [anno] = 1
-    else if (anno) for (let p of anno) any = protocols[p.kind||p] = 1
+    let a = def['@protocol']
+    if (a) {
+      const pa = a['='] || a
+      if (pa === 'none') return protocols
+      if (typeof pa === 'string') any = protocols[pa] = 1
+      else for (let p of pa) any = protocols[p.kind||p] = 1
+    }
 
     // @odata, @rest, ... annotations -> preferred
     else for (let p in this) if (def['@'+p] || def['@protocol.'+p]) any = protocols[p] = 1

package/lib/srv/protocols/odata-v4.js

@@ -1,31 +1,7 @@
-const cds = require('../../index'), { decodeURI } = cds.utils
-
+const cds = require('../../index')
 if (cds.env.features.odata_new_adapter) {
   cds.log().info('using new OData adapter')
-
   module.exports = require('../../../libx/odata/ODataAdapter')
 } else {
-  cds.log().info('using legacy OData adapter')
-
-  const legacy_adapter_factory = require('../../../libx/_runtime/cds-services/adapter/odata-v4/to')
-  const LOG = cds.log('odata')
-
-  module.exports = function ODataAdapter(srv) {
-    const router = require('express').Router()
-
-    router.use(function odata_log(req, _, next) {
-      let url = decodeURI(req.originalUrl)
-      LOG && LOG(req.method, url, req.body || '')
-      if (/\$batch/.test(req.url))
-        req.on('dispatch', req => {
-          let path = decodeURI(req._.odataReq?._rawODataPath || '')
-          LOG && LOG('>', req.event, path, req._queryOptions || '')
-          if (LOG._debug && req.query) LOG.debug(req.query) //> why only for batch subrequests?
-        })
-
-      next()
-    })
-    router.use(legacy_adapter_factory(srv))
-    return router
-  }
+  module.exports = require('./okra')
 }

package/lib/srv/protocols/okra.js

@@ -0,0 +1,24 @@
+const cds = require('../../index'), { decodeURI } = cds.utils
+cds.log().info('using legacy OData adapter')
+
+const legacy_adapter4 = require('../../../libx/_runtime/cds-services/adapter/odata-v4/to')
+const LOG = cds.log('okra')
+
+module.exports = function ODataAdapter(srv) {
+  const router = require('express').Router()
+
+  router.use(function odata_log(req, _, next) {
+    let url = decodeURI(req.originalUrl)
+    LOG && LOG(req.method, url, req.body || '')
+    if (/\$batch/.test(req.url))
+      req.on('dispatch', req => {
+        let path = decodeURI(req._.odataReq?._rawODataPath || '')
+        LOG && LOG('>', req.event, path, req._queryOptions || '')
+        if (LOG._debug && req.query) LOG.debug(req.query) //> why only for batch subrequests?
+      })
+
+    next()
+  })
+  router.use(legacy_adapter4(srv))
+  return router
+}

package/lib/srv/srv-models.js

@@ -73,13 +73,13 @@ class ExtendedModels {
     const model = this[key]; if (!model) return
     if (model.then) return model //> promised model to avoid race conditions
 
-    const {_cached} = model, interval = ExtendedModels.checkInterval
-    if (Date.now() - _cached.touched < interval) return model //> checked recently
+    const { $touched: touched } = model, interval = ExtendedModels.checkInterval
+    if (Date.now() - touched < interval) return model //> checked recently
 
     else return this[key] = (async()=>{ // temporarily replace cache entry by promise to avoid race conditions...
 
       const has_new_extensions = await cds.db.exists('cds.xt.Extensions') .where ({
-        timestamp: { '>': new Date(_cached.touched).toISOString() } // REVISIT: better store epoc time in db?
+        timestamp: { '>': new Date(touched).toISOString() } // REVISIT: better store epoc time in db?
         // REVISIT: GAP: CAP runtime should allow Date objects + Date.now() for all date+time types !
       })
       if (has_new_extensions) { // new extensions arrived -> refresh model in cache
@@ -87,7 +87,7 @@ class ExtendedModels {
         cds.emit('cds.xt.TENANT_UPDATED', { tenant })
         return _get_model4 (tenant, toggles.split(','))
       } else {                        // no new extensions...
-        _cached.touched = Date.now() // check again in 1 min or so
+        model.$touched = Date.now() // check again in 1 min or so
         return model               // keep cached model in cache
       }
 
@@ -107,7 +107,7 @@ class ExtendedModels {
    */
   add (key, model, touched = Date.now()) {
     if (model) {
-      if (!model._cached) Object.defineProperty (model,'_cached',{ value: { touched } })
+      model.$touched ??= touched
       return this[key] = model
     }
   }
@@ -118,10 +118,8 @@ class ExtendedModels {
    */
   startSentinel(){
     this.sentinel = setInterval (()=>{ for (let [key,m] of Object.entries(this)) {
-      if (!m._cached) continue // `m` can also be `this.sentinel`
-      if (Date.now() - m._cached.touched > ExtendedModels.sentinelInterval) {
+      if (Date.now() - m.$touched > ExtendedModels.sentinelInterval)
         delete this [key]
-      }
     }}, ExtendedModels.sentinelInterval).unref()
   }
 

package/lib/{utils → test}/cds-test.js

@@ -35,13 +35,13 @@ class Test extends require('./axios') {
     })
 
     // gracefully shutdown cds server...
-    after (()=>{
-      this.server && cds.shutdown()
+    after (async ()=>{
+      await cds.shutdown()
       // cds.service.providers = []
       // delete cds.services
       // delete cds.plugins
       // delete cds.env
-      return cds.utils.rimraf(process.env.cds_test_temp)
+      await cds.utils.rimraf (process.env.cds_test_temp)
     })
 
     return this
@@ -186,7 +186,7 @@ let _expect = undefined
     global.afterAll   = global.after     = (msg,fn) => repl.on?.('exit',fn||msg)
     global.beforeEach = global.afterEach = ()=>{}
     global.describe   = ()=>{}
-    global.expect = _expect = require('../test/expect')
+    global.expect = _expect = require('./expect')
 
   } else if (is_mocha) { // it's mocha
 
@@ -220,7 +220,7 @@ let _expect = undefined
     global.afterAll = global.after = (msg,fn) => after(fn||msg)
     global.beforeEach = beforeEach
     global.afterEach = afterEach
-    global.expect = _expect = require('../test/expect')
+    global.expect = _expect = require('./expect')
     // suite was introduced in Node 22
     suite?.('<next>', ()=>{}) //> to signal the start of a test file
 

package/lib/utils/check-version.js

@@ -1,16 +1,9 @@
-const required = _major_minor(
-  require('../../package.json').engines.node.match(/>=(.*)/)[1]
-)
-const given = _major_minor(
-  process.version.match(/^v(\d+\.\d+)/)[1]
-)
-
-if (given.major < required.major || given.major === required.major && given.minor < required.minor) process.exit (process.stderr.write (`
-  Node.js v${required.version} or higher is required for @sap/cds.
-  Current v${given.version} does not satisfy this.
-  \n`) || 1)
-
-function _major_minor (version) {
-  let [ major, minor ] = version.split('.').map(x => +x)
-  return { version, major, minor }
+let version = /(\d+)(?:\.(\d+).*)?/ .exec (require('../../package.json').engines.node)
+let given   = /(\d+)(?:\.(\d+).*)?/ .exec (process.version)
+if (+given[1] < +version[1] || given[1] == version[1] && +given[2] < +version[2]) {
+  process.stderr.write (`
+    Node.js version ${version[0]} or higher is required for @sap/cds.
+    Current version ${given[0]} does not satisfy this.
+  \n`)
+  process.exit(1)
 }

package/lib/utils/extend.js

@@ -0,0 +1,20 @@
+/** @type <T> (target:T) => ({
+  with <X,Y,Z> (x:X, y:Y, z:Z): ( T & X & Y & Z )
+  with <X,Y> (x:X, y:Y): ( T & X & Y )
+  with <X> (x:X): ( T & X )
+}) */
+module.exports = (target) => ({ with (...aspects) {
+  const t = is_class(target) ? target.prototype : target
+  const excludes = _excludes [typeof t] || {}
+  for (let each of aspects) {
+    const a = is_class(each) ? each.prototype : each
+    for (let p of Reflect.ownKeys(a)) {
+      if (p in excludes) continue
+      Reflect.defineProperty (t,p, Reflect.getOwnPropertyDescriptor(a,p))
+    }
+  }
+  return target
+}})
+
+const _excludes = { object:{}, function: function(){}, }
+const is_class = (x) => typeof x === 'function' && x.prototype && /^class\b/.test(x)

package/lib/utils/lazify.js

@@ -0,0 +1,33 @@
+/** @type <T>(target:T) => T */
+const lazify = module.exports = (o) => {
+  if (o.constructor === module.constructor) return lazify_module(o)
+  for (let p of Reflect.ownKeys(o)) {
+    const d = Reflect.getOwnPropertyDescriptor(o,p)
+    if (is_lazy(d.value)) Reflect.defineProperty (o,p,{
+      set(v) { Reflect.defineProperty (this,p,{value:v,__proto__:d}) },
+      get() { return this[p] = d.value.call(this,p,this) },
+      configurable: true,
+    })
+  }
+  return o
+}
+
+/**
+ * Used to lazify a module's exports.
+ * @example
+ *  require = lazify (module)
+ *  module.exports = {
+ *     foo: require ('foo') // will be lazy-loaded
+ *  }
+ * @returns {(id:string)=>{}} a funtion to use instead of require
+ */
+const lazify_module = (module) => {
+  // monkey-patch module.exports setter to lazify all
+  Object.defineProperty (module, 'exports',{ set(all) {
+    Object.defineProperty (module, 'exports',{ value:lazify(all) })
+  }})
+  // return a function to use instead of require
+  return (id) => (lazy) => module.require(id) // eslint-disable-line no-unused-vars
+}
+
+const is_lazy = (x) => typeof x === 'function' && /^(function\s?)?\(?lazy[,)\t =]/.test(x)

package/lib/utils/tar.js

@@ -51,6 +51,44 @@ const createTemp = async (root, resources) => {
   return temp
 }
 
+const tarInfo = async (info) => {
+  let cmd, param
+  if (info === 'version') {
+    cmd = 'tar'
+    param = ['--version']
+  } else {
+    cmd = process.platform === 'win32' ? 'where' : 'which'
+    param = ['tar']
+  }
+
+  const c = spawn (cmd, param)
+
+  return {__proto__:c,
+    then (resolve, reject) {
+      let data=[], stderr=''
+      c.stdout.on('data', d => {
+        data.push(d)
+      })
+      c.stderr.on('data', d => stderr += d)
+      c.on('close', code => {
+        code ? reject(new Error(stderr)) : resolve(Buffer.concat(data).toString().replace(/\n/g,'').replace(/\r/g,''))
+      })
+      c.on('error', reject)
+    }
+  }
+}
+
+const logDebugTar = async () => {
+  const LOG = cds.log('tar')
+  if (!LOG?._debug) return 
+  try {
+    LOG (`tar version: ${await tarInfo('version')}`)
+    LOG (`tar path: ${await tarInfo('path')}`)
+  } catch (err) {
+    LOG('tar error', err)
+  }
+}
+
 /**
  * Creates a tar archive, to an in-memory Buffer, or piped to write stream or file.
  * @example ```js
@@ -76,7 +114,7 @@ const createTemp = async (root, resources) => {
  * - `.to()` is a convenient shortcut to pipe the output into a write stream
  */
 exports.create = async (dir='.', ...args) => {
-
+  logDebugTar()
   if (typeof dir === 'string') dir = _resolve(dir)
   if (Array.isArray(dir)) [ dir, ...args ] = [ cds.root, dir, ...args ]
 

package/libx/_runtime/cds-services/adapter/odata-v4/to.js

@@ -42,7 +42,6 @@ if (cds.requires.extensibility || cds.requires.toggles) {
     // prettier-ignore
     return function ODataAdapter(req, res) {
       const model = cds.context?.model || srv.model
-      if (!model._cached) Object.defineProperty (model, '_cached', { value: { touched: Date.now() } })
       const adapters = model._cached._odata_adapters ??= {}
       const okra = adapters[id] ??= new adapter4 ({ __proto__: srv, _real_srv: srv, model })
       return okra (req, res)

package/libx/_runtime/common/generic/auth/restrict.js

@@ -5,8 +5,6 @@ const { reject, getRejectReason, resolveUserAttrs, getAuthRelevantEntity } = req
 const { DRAFT_EVENTS, MOD_EVENTS } = require('./constants')
 const { getNormalizedPlainRestrictions } = require('./restrictions')
 
-const { cqn2cqn4sql } = require('../../utils/cqn2cqn4sql')
-
 const _getResolvedApplicables = (applicables, req) => {
   const resolvedApplicables = []
 
@@ -189,7 +187,7 @@ const _getRestrictedCount = async (req, model, resolvedApplicables) => {
   const restrictionForTarget = _getRestrictionForTarget(resolvedApplicables, req.target)
   if (restrictionForTarget) selectRestricted.where(restrictionForTarget)
 
-  const { n } = await dbtx.run(cqn2cqn4sql(selectRestricted, model, { suppressSearch: true }))
+  const { n } = await dbtx.run(selectRestricted)
   return n
 }
 

package/libx/_runtime/common/generic/sorting.js

@@ -76,7 +76,7 @@ const commonGenericSorting = function (req) {
 
   if (select.from && select.from.SELECT) {
     // add default sort to root query
-    if (select.orderBy) _addDefaultSortOrder(req, select)
+    _addDefaultSortOrder(req, select)
 
     // apply default sort to bottom-most sub-query
     while (select.from.SELECT) select = select.from.SELECT