@sap/cds 8.3.1 → 8.4.1

package/CHANGELOG.md

@@ -4,6 +4,39 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 8.4.1 - 2024-11-07
+
+### Fixed
+
+- Validate request method for operations
+- Correctly generate CQN for lambda expressions in new OData adapter
+- `req.diff()` on old database with property transitions
+
+## Version 8.4.0 - 2024-10-29
+
+### Added
+
+- Set the maximum allowed size of HTTP headers in bytes for `$batch` subrequests via flag `cds.env.odata.max_batch_header_size` (default: 64 KiB)
+- New OData flag `cds.env.odata.context_with_columns` that adds selected and expanded columns to `@odata.context`. Default is `false`
+- New experimental option `--workers` to `cds watch/run/serve` that allows running a `cds.server` cluster
+  (process env variable `WORKERS` or `CDS_WORKERS` can be used alternatively)
+
+### Changed
+
+- For remote service calls to OData v2 services, less conversions are performed on the returned data
+- Internal API `srv.endpoints` now always is an array of endpoint objects, an empty one if the service is not served to any protocol
+
+### Fixed
+
+- Commands like `cds deploy` now fail with a clear error message if called with an invalid value for `cds.features.assert_integrity` (like `true`)
+- Authentication validation errors (e.g., expired token, wrong audience) are logged as warning
+- Requests using `$apply` will always apply implicit sorting on best effort mechanism
+- Properly handle empty content-type in new OData adapter
+- Error/crash with `cds.features.odata_new_parser` for requests containing `$expand=*` and `$select`, which selects individual columns and star, e.g. `$select=ID,*`
+- Referencing new entities in `$batch` with new OData adapter did not work properly when using non integer content IDs in multipart/mixed
+- `cds.compile.to.serviceinfo` to ignore unknown protocols
+- New OData adapter and `cds.spawn` did not crash on programming errors (for example TypeError)
+
 ## Version 8.3.1 - 2024-10-08
 
 ### Fixed
@@ -128,7 +161,7 @@
 - Expand to `DraftAdministrativeData` for active instances of draft-enabled entities over drafts
 - Deduplication of columns for certain on conditions for the legacy database driver
 - For legacy-sqlite/-hana: Add keys to expands with only non-key elements to ensure not returning null for expand.
-- New parser was to restrictive regarding an empty line at the end of batch body.
+- New parser was too restrictive regarding an empty line at the end of batch body.
 - Error target for operations with complex parameters
 - Remote services: JWT gets found in authorization header
 - Search with invalid characters

package/bin/serve.js

@@ -2,7 +2,7 @@
 module.exports = exports = Object.assign ( serve, {
     options: [
         '--service', '--from', '--to', '--at', '--with',
-        '--port',
+        '--port', '--workers',
     ],
     flags: [
         '--project', '--projects',
@@ -10,7 +10,7 @@ module.exports = exports = Object.assign ( serve, {
         '--mocked', '--with-mocks', '--with-bindings', '--resolve-bindings',
         '--watch',
     ],
-    shortcuts: [ '-s', undefined, '-2', '-a', '-w', undefined, '-p' ],
+    shortcuts: [ '-s', undefined, '-2', '-a', '-w', undefined, undefined, '-p' ],
     help: `
 # SYNOPSIS
 
@@ -75,6 +75,13 @@ module.exports = exports = Object.assign ( serve, {
         You can use *cds watch* as shortcut, which is equivalent to:
         *cds serve --with-mocks --in-memory? --watch --project ...*
 
+    *--workers* <number> | true
+
+        Spawns <number> of worker processes in a cluster to handle incoming requests.
+        If set to 'true', the number of workers is determined by the number of CPUs.
+        If omitted, the server runs in non-cluster mode as a single process.
+
+
     *--mocked*
 
         Use this option to launch a _single service_  in a mock server, for

package/lib/auth/ias-auth.js

@@ -49,7 +49,10 @@ module.exports = function ias_auth(config) {
 
     const token = req.headers.authorization?.split(/^bearer /i)[1]
     xssec.createSecurityContext(token, credentials, 'IAS', function (err, securityContext, tokenInfo) {
-      if (err) LOG.error('User could not be authenticated due to error:', err)
+      if (err) {
+        const level = (err.statusCode >= 400 && err.statusCode < 500) ? 'warn' : 'error'
+        LOG[level]('User could not be authenticated due to error:', err)
+      }
 
       if (!securityContext) return next(new cds.error('Unauthorized', { code: 401 }))
 

package/lib/auth/jwt-auth.js

@@ -51,7 +51,10 @@ module.exports = function jwt_auth(config) {
 
     const token = req.headers.authorization.split(/^bearer /i)[1]
     xssec.createSecurityContext(token, credentials, function (err, securityContext, tokenInfo) {
-      if (err) LOG.error('User could not be authenticated due to error:', err)
+      if (err) {
+        const level = (err.statusCode >= 400 && err.statusCode < 500) ? 'warn' : 'error'
+        LOG[level]('User could not be authenticated due to error:', err)
+      }
 
       if (!securityContext) return next(new cds.error('Unauthorized', { code: 401, statusCode: 401 }))
 

package/lib/compile/cdsc.js

@@ -91,7 +91,7 @@ const _options = {for: Object.assign (_options4, {
 
     const { assert_integrity } = cds.env.features
     if (assert_integrity)
-      o.assertIntegrityType = assert_integrity.toUpperCase()
+      o.assertIntegrityType = assert_integrity.toString().toUpperCase()
 
     return o
   },

package/lib/compile/extend.js

@@ -1,5 +1,5 @@
 const cds = new class { get compile(){ return super.compile = require ('./cds-compile') }}
-const { extend } = require ('../lazy')
+const extend = require ('../utils/extend')
 
 /** @type <T> (target:T) => ({
   with <X,Y,Z> (x:X, y:Y, z:Z): ( T & X & Y & Z )
@@ -8,32 +8,32 @@ const { extend } = require ('../lazy')
 }) */
 module.exports = o => o.definitions ? { with(...csns) {
 
-  // merge all extension csns
-  const csn=o, merged = { definitions: {}, extensions: [] }
-  for (const { definitions, extensions } of csns) {
-    if (definitions) Object.assign(merged.definitions, definitions)
-    if (extensions) merged.extensions.push(...extensions)
-  }
+    // merge all extension csns
+    const csn=o, merged = { definitions: {}, extensions: [] }
+    for (const { definitions, extensions } of csns) {
+      if (definitions) Object.assign(merged.definitions, definitions)
+      if (extensions) merged.extensions.push(...extensions)
+    }
 
-  // extend given base csn with merged extensions
-  const extended = cds.compile({
-    'base.csn': cds.compile.to.json(csn),
-    'ext.csn': cds.compile.to.json(merged)
-  })
+    // extend given base csn with merged extensions
+    const extended = cds.compile({
+      'base.csn': cds.compile.to.json(csn),
+      'ext.csn': cds.compile.to.json(merged)
+    })
 
-  // handle localized extension elements
-  for (let ext of merged.extensions) {
-    for (let name in ext.elements) {
-      const e = ext.elements[name]
-      if (e.localized) {
-        // add localized element also to respective .texts entity
-        const texts = extended.definitions[ext.extend+'.texts']
-        texts.elements[name] ??= { ...e, localized:null }
+    // handle localized extension elements
+    for (let ext of merged.extensions) {
+      for (let name in ext.elements) {
+        const e = ext.elements[name]
+        if (e.localized) {
+          // add localized element also to respective .texts entity
+          const texts = extended.definitions[ext.extend+'.texts']
+          texts.elements[name] ??= { ...e, localized:null }
+        }
       }
     }
-  }
 
-  extended.$sources = csn.$sources // required to load resources like i18n later on
-  return extended
+    extended.$sources = csn.$sources // required to load resources like i18n later on
+    return extended
 
 }} : extend(o)

package/lib/compile/to/srvinfo.js

@@ -45,7 +45,9 @@ module.exports = (model, options={}) => {
   function _makeNode(service) {
     // make a fake runtime object for the service, adding a `definition` property
     if (!service.definition)  Object.defineProperty(service, 'definition', { value: service, enumerable: false })
-    const endpoints = cds.service.protocols.endpoints4(service).map(e => Object.assign({}, e, { path: _url4(e.path) }))
+    const endpoints = cds.service.protocols.endpoints4(service).map?.(e => Object.assign({}, e, { path: _url4(e.path) }))
+    if (!endpoints || !endpoints.length) return
+    
     return {
       name: service.name,
       urlPath: endpoints[0].path, // legacy

package/lib/{linked → core}/classes.js

@@ -1,4 +1,3 @@
-const { extend } = require('../lazy')
 const _proxy = Symbol('_proxy')
 
 class any { is (kind) { return this.kind === kind || kind === 'any' }
@@ -211,9 +210,12 @@ module.exports = {
    *  	class entity { bar(){} }
    * )
    */
-  mixin(...classes) { for (let each of classes) {
-    const clazz = this[each.name]
-    if (!clazz) throw new Error(`unknown class '${each.name}'`)
-    extend(clazz).with(each)
-  }},
+  mixin(...classes) {
+    const extend = require('../utils/extend')
+    for (let each of classes) {
+      const clazz = this[each.name]
+      if (!clazz) throw new Error(`unknown class '${each.name}'`)
+      extend(clazz).with(each)
+    }
+  },
 }

package/lib/{linked/models.js → core/linked-csn.js}

@@ -62,6 +62,7 @@ class LinkedCSN {
       let i=0, n=ref.length, t=defs[ref[0]]
       for (;;) {
         if (++i === n) return t
+        if (t.items) t = t.items
         if (t.target) t = defs[t.target]
         if (t.elements) t = t.elements[ref[i]]
         if (!t) return
@@ -114,6 +115,9 @@ class LinkedCSN {
     for (let s of srvs) Object.defineProperty (srvs, s.name, {value:s})
     return this.set ('services', srvs)
   }
+
+  /** A common cache for all kinds of things -> keeps the models clean */
+  get _cached() { return this.set ('_cached', {}) }
 }
 
 

package/lib/env/defaults.js

@@ -50,6 +50,7 @@ const defaults = module.exports = {
   protocols: {
     'odata-v4' : { path: '/odata/v4' },
     'odata-v2' : { path: '/odata/v2' },
+    'okra' : { path: '/okra' },
     'rest' : { path: '/rest' },
     'hcql' : { path: '/hcql' },
   },
@@ -186,6 +187,8 @@ const defaults = module.exports = {
     refs: undefined,
     proxies: undefined,
     containment: undefined,
+    context_with_columns: false,
+    max_batch_header_size: '64KiB', // instead of node's 16KiB
   },
 
   sql: {
@@ -248,4 +251,4 @@ const defaults = module.exports = {
 
 }
 
-require('./plugins')(defaults)
+require('./plugins')(defaults)

package/lib/i18n/localize.js

@@ -28,7 +28,7 @@ function localize (aString, locale, model = cds.context?.model || cds.model, ext
   if (typeof aString === 'object') [ aString, model ] = [ model, aString ]
 
   // in case of multiple locales, return a generator
-  if (Array.isArray(locale)) return (function*(){
+  if (Array.isArray(locale) || locale == 'all' || locale == '*') return (function*(){
     let localized, bundles = bundles4 (model, locale)
     if (bundles?.[Symbol.iterator]) for (let [lang,each] of bundles) {
       localized = _localize_with (each)
@@ -64,7 +64,7 @@ function bundles4 (model, locales = cds.env.i18n.languages) {
   const {i18n} = cds.env
 
   if (locales.split) locales = locales.split(',')
-  if (locales[0] === '*' || locales[0] === 'all') {
+  if (locales == 'all' || locales == '*') { // NOTE: using == to match 'all' as well as ['all']
     locales = allLocales4 (folders); if (!locales) return {}
     if (!locales.includes(i18n.fallback_bundle))  locales.push (i18n.fallback_bundle)
   }

package/lib/index.js

@@ -1,22 +1,19 @@
-if (process.env.CDS_STRICT_NODE_VERSION !== 'false') require ('./utils/check-version')
-!(global.__cds_loaded_from ??= new Set).add(__filename) // track from where we loaded cds
-
-/** @typedef { import('./srv/srv-api') } Service */
+if (process.env.CDS_STRICT_NODE_VERSION !== 'false') require ('./utils/check-version.js')
+! (global.__cds_loaded_from ??= new Set).add(__filename) // track from where we loaded cds
 
 const { EventEmitter } = require('node:events')
-const { extend, lazify } = require('./lazy')
-
 const cds = module.exports = global.cds = new class cds extends EventEmitter {
 
-  async emit (eve, ...args) {
-    if (eve === 'served') for (let l of this.listeners(eve)) await l.call(this,...args)
-    else return super.emit (eve, ...args)
-  }
-
+  /** @typedef {import('./srv/srv-api.js')} Service */
+  /** @type {import('./core/linked-csn.js')} */ model = undefined
+  /** @type Service */ db = undefined
   /** CLI args */ cli = { command:'', options:{}, argv:[] }
   /** Working dir */ root = process.cwd()
-  /** @type Linked */ model = undefined
-  /** @type Service */ db = undefined
+
+  async emit (eve, ...args) {
+    if (eve === 'served') for (let each of this.listeners(eve)) await each.call(this,...args)
+      else return super.emit (eve, ...args)
+  }
 
   // Configuration & Information
   get requires() { return super.requires = this.env.requires._resolved() }
@@ -41,10 +38,8 @@ const cds = module.exports = global.cds = new class cds extends EventEmitter {
   // Model Reflection, Builtin types and classes
   get entities()    { return this.db?.entities || this.model?.entities }
   get reflect()     { return super.reflect = this.linked }
-  get linked()      { return super.linked = require('./linked/models') }
-  get infer()       { return super.infer = require('./ql/infer') }
-  get builtin()     { return super.builtin = require('./linked/types') }
-  get validate()    { return super.validate = require('./linked/validate') }
+  get linked()      { return super.linked = require('./core/linked-csn.js') }
+  get builtin()     { return super.builtin = require('./core/types.js') }
   get Association() { return super.Association = this.builtin.classes.Association }
   get Composition() { return super.Composition = this.builtin.classes.Composition }
   get entity()      { return super.entity = this.builtin.classes.entity }
@@ -52,17 +47,17 @@ const cds = module.exports = global.cds = new class cds extends EventEmitter {
   get type()        { return super.type = this.builtin.classes.type }
   get array()       { return super.array = this.builtin.classes.array }
   get struct()      { return super.struct = this.builtin.classes.struct }
-  get service()     { return super.service = extend (this.builtin.classes.service) .with ({
+  get service()     { return super.service = Object.assign (this.builtin.classes.service, {
     /** @param {( this:Service, srv:Service )} fn */ impl: fn => fn,
     /** @type Service[] */ providers: []
   })}
 
   // Providing and Consuming Services
-  /** @type { Record<string,Service> } */ services = Object.defineProperties (
-    new class { *[Symbol.iterator](){ for (let e in this) yield this[e] } },
-    { _pending: {value:{}} }
-  )
-  get server() { return super.server = require('../server') }
+  /** @type { Record<string,Service> } */ services = new class {
+    *[Symbol.iterator](){ for (let e in this) yield this[e] }
+    get _pending(){ return this.#pending ??= {} } #pending
+  }
+  get server() { return super.server = require('../server.js') }
   get serve() { return super.serve = require('./srv/cds-serve') }
   get connect() { return super.connect = require('./srv/cds-connect') }
   get outboxed() { return super.outboxed = require('../libx/outbox').outboxed }
@@ -70,6 +65,7 @@ const cds = module.exports = global.cds = new class cds extends EventEmitter {
   get middlewares() { return super.middlewares = require('./srv/middlewares') }
   get odata() { return super.odata = require('../libx/odata') }
   get auth() { return super.auth = require('./auth') }
+  shutdown() { this.app?.server && process.exit() } // is overridden in bin/serve.js
 
   // Core Services API
   get Service() { return super.Service = require('./srv/srv-api') }
@@ -77,6 +73,7 @@ const cds = module.exports = global.cds = new class cds extends EventEmitter {
   get Request() { return super.Request = require('./req/request') }
   get Event() { return super.Event = require('./req/event') }
   get User() { return super.User = require('./req/user') }
+  get validate() { return super.validate = require('./req/validate.js') }
 
   // Services, Protocols and Periphery
   get ApplicationService() { return super.ApplicationService = require('../libx/_runtime/common/Service.js') }
@@ -94,15 +91,13 @@ const cds = module.exports = global.cds = new class cds extends EventEmitter {
   get utils() { return super.utils = require('./utils/cds-utils') }
   get error() { return super.error = require('./log/cds-error') }
   get exec() { return super.exec = require('../bin/serve').exec }
-  get test() { return super.test = require('./utils/cds-test') }
+  get test() { return super.test = require('./test/cds-test.js') }
   get log() { return super.log = require('./log/cds-log') }
   get debug() { return super.debug = this.log.debug }
-  get lazify() { return lazify }
-  get lazified() { return lazify }
   clone(x) { return structuredClone(x) }
-  exit(code){ return cds.shutdown ? cds.shutdown() : process.exit(code) }
 
   // Querying and Databases
+  get infer(){ return super.infer = require('./ql/infer') }
   get txs()  { return super.txs = new this.Service('cds.tx') }
   get ql()   { return super.ql = require('./ql/cds-ql') }
   tx         (..._) { return (this.db || this.txs).tx(..._) }
@@ -116,38 +111,27 @@ const cds = module.exports = global.cds = new class cds extends EventEmitter {
   delete     (..._) { return (this.db || this.error._no_primary_db).delete(..._) }
   disconnect (..._) { return (this.db || this.error._no_primary_db).disconnect(..._) }
 
-  // legacy and to be moved stuff -> hidden for tools in cds.__proto__
-  /** @deprecated */ transaction (..._) { return (this.db||this.error._no_primary_db).transaction(..._) }
+  // Deprecated stuff to be removed in upcomming releases...
+  /** @deprecated */ get lazified() { return this.lazify }
+  /** @deprecated */ get lazify() { return super.lazify = require('./utils/lazify.js') }
   /** @deprecated */ get in() { return super.in = cwd => !cwd ? this : {__proto__:this, cwd, env: this.env.for('cds',cwd) } }
+  /** @deprecated */ exit(code){ return this.app?.server ? this.shutdown() : process.exit(code) }
+  /** @deprecated */ transaction (..._) { return (this.db||this.error._no_primary_db).transaction(..._) }
 }
 
-// add global cds.ql commands
-extend (global) .with (class {
-  static get SELECT() { return cds.ql.SELECT }
-  static get INSERT() { return cds.ql.INSERT }
-  static get UPSERT() { return cds.ql.UPSERT }
-  static get UPDATE() { return cds.ql.UPDATE }
-  static get DELETE() { return cds.ql.DELETE }
-  static get CREATE() { return cds.ql.CREATE }
-  static get DROP() { return cds.ql.DROP }
-  static get CDL() { return cds.parse.CDL }
-  static get CQL() { return cds.parse.CQL }
-  static get CXL() { return cds.parse.CXL }
-})
-
-// ensure cds.test is loaded for running tests w/ node --test
-'describe' in global || ['describe','before','beforeAll','afterAll'].forEach (p => {
-  Object.defineProperty (global,p, { configurable:1,
-    set(v){ Object.defineProperty (global,p,{ value:v, writable:true }) },
-    get(){ cds.test; return global[p] }
-  })
-})
-
-// Allow for import cds from '@sap/cds' without esModuleInterop
-// FIXME: remove this flag in the next release. Only serves as fallback switch if people report issues with value:cds
-// Setting it to module.exports lead to issues with vitest while setting it to cds apparently works fine.
-if (process.env.CDS_ESM_INTEROP_DEFAULT) {
-  Object.defineProperties(module.exports, { default: {value:module.exports}, __esModule: {value:true} })
-} else {
-  Object.defineProperties(module.exports, { default: {value:cds}, __esModule: {value:true} })
-}
+// Add global convenience shortcuts for cds.ql and cds.parse commands
+cds.extend (global) .with ( class globals {
+  get SELECT() { return cds.ql.SELECT }
+  get INSERT() { return cds.ql.INSERT }
+  get UPSERT() { return cds.ql.UPSERT }
+  get UPDATE() { return cds.ql.UPDATE }
+  get DELETE() { return cds.ql.DELETE }
+  get CREATE() { return cds.ql.CREATE }
+  get DROP() { return cds.ql.DROP }
+  get CDL() { return cds.parse.CDL }
+  get CQL() { return cds.parse.CQL }
+  get CXL() { return cds.parse.CXL }
+} .prototype )
+
+// Allow for `import cds from '@sap/cds'` without `esModuleInterop` in tsconfig.json
+Object.defineProperties (module.exports, { default: {value:cds}, __esModule: {value:true} })

package/lib/log/cds-error.js

@@ -5,30 +5,30 @@ const { format, inspect } = require('../utils/cds-utils')
  * Constructs and optionally throws an Error object.
  * Usage variants:
  *
- *       cds.error `Message with formatted: ${{foo:'bar'}}`
- *       cds.error ({ message, code, ... })
- *       cds.error (message, { code, ... })
- *       cds.error (status, message, { code, ... })
+ *       cds.error (404, 'Not Found', { code, ... })
+ *       cds.error ('Not Found', { code, ... })
+ *       cds.error ({ code, message, ... })
+ *       cds.error `template string usage variant`
  *
- * Calling `cds.error()` with `new` returns the newly created Error,
- * while calling it without `new` throws immediately. The latter is
- * useful for usages like that:
+ * When called with `new` the newly created Error is returned.
+ * When called without `new` the error is thrown immediately.
+ * The latter is useful for usages like that:
  *
- *     let x = y || cds.error `Argument 'y' must not be null`
+ *       let x = y || cds.error `'y' must be truthy, got: ${y}`
+ *
+ * @param {number} [status] - HTTP status code
+ * @param {string} [message] - Error message
+ * @param {object} [details] - Additional error details
+ * @param {Function} [caller] - The function calling this
  */
-const error = exports = module.exports = function cds_error ( message, details, caller ) {
-  let e
-  if (message.raw) [ message, details, caller ] = [ error.message(...arguments) ]
-  if (typeof message === 'number') [ message, details ] = [ details, {status:message} ]
-  if (typeof message === 'string') {
-    e = new Error(message)
-  } else {
-    e = message.stack ? message : Object.assign(new Error,message)
-    ;[ caller, details ] = [ details ]
-  }
-  Error.captureStackTrace (e,caller||error)
-  if (details) Object.assign (e,details)
-  if (new.target) return e; else throw e
+const error = exports = module.exports = function cds_error ( status, message, details, caller ) {
+  if (typeof status !== 'number') [ status, message, details, caller, status ] = status.raw ? [ undefined, error.message(...arguments) ] : [ undefined, status, message, details ]
+  if (typeof message === 'object') [ message, details, caller ] = [ undefined, message, details ]
+  const err = details?.stack ? details : Object.assign (new Error (message, details), details)
+  if (caller) Error.captureStackTrace (err, caller); else Error.captureStackTrace (err, error)
+  if (status) err.status = status
+  if (new.target) return err
+  else throw err
 }
 
 

package/lib/ql/cds-ql.js

@@ -14,7 +14,7 @@ require = path => { // eslint-disable-line no-global-assign
 }
 
 module.exports = exports = {
-  Query,  
+  Query,
   SELECT: require('./SELECT'),
   INSERT: require('./INSERT'),
   UPSERT: require('./UPSERT'),
@@ -30,10 +30,10 @@ exports.clone = function (q,_) {
 }
 
 exports.query = function (q) {
-  if (q instanceof Query) return q
-  let kind = Object.keys(q)[0]
-  let clazz = exports[kind]
-  return !clazz ? q : new clazz (q[kind])
+  if (!q || q instanceof Query) return q
+  let kind = Object.keys(q)[0]; if (!kind) return
+  let clazz = exports[kind]; if (!clazz) return q
+  return new clazz (q[kind])
 },
 
 exports._reset = ()=>{ // for strange tests only

package/lib/req/cds-context.js

@@ -1,5 +1,6 @@
 const { AsyncLocalStorage } = require ('async_hooks')
 const { EventEmitter } = require('events')
+const { isStandardError } = require('../../libx/_runtime/common/error/standardError')
 const EventContext = require('./context'), ec4 = v => {
   if (v instanceof EventContext || typeof v !== 'object') return v
   if (v.context) return v.context
@@ -38,6 +39,10 @@ module.exports = new class extends AsyncLocalStorage {
     const em = new EventEmitter
     if (o?.every) {
       em.timer = setInterval(fx, o.every)
+      em.on('failed', e => { if (isStandardError(e) && cds.env.server.shutdown_on_uncaught_errors) {
+        cds.log().error('❗️Uncaught', e)
+        return cds.shutdown(e)} 
+      })
       cds.on('shutdown', () => clearInterval(em.timer))
     } else {
       em.timer = (o?.after ? setTimeout(fx, o.after) : setImmediate(fx)).unref()

package/lib/req/context.js

@@ -99,10 +99,10 @@ class EventContext {
     if (l) super.locale = super._locale = l
   }
   get locale() {
-    return super.locale = this._propagated.locale || req_locale(this._.req)
+    return super.locale = this._propagated.locale || req_locale.from(this._.req)
   }
   get _locale() {
-    return super._locale = this._propagated._locale || req_locale.from_req(this._.req)
+    return super._locale = this._propagated._locale || req_locale.raw(this._.req)
     || this.hasOwnProperty('locale') && this.locale // eslint-disable-line no-prototype-builtins
   }
 

package/lib/req/locale.js

@@ -1,12 +1,19 @@
+const {i18n} = require('../index').env
 
-const {i18n} = require('..').env
-const INCLUDE_LIST = i18n.preserved_locales.reduce((p,n)=>{
-  p[n]=n; p[n.toUpperCase()]=n; return p
-},{
-  en_US_x_saptrc: 'en_US_saptrc',
-  en_US_x_sappsd: 'en_US_sappsd',
-  en_US_x_saprigi: 'en_US_saprigi'
-})
+function normalized_locale_from (req) {
+  const header = original_locale_from (req); if (!header) return i18n.default_language
+  const locale = header .match (/^[^,; ]*/)[0] .replace (/-/g,'_')
+  return SPECIAL[locale] //> keeps language and region for those in i18n.preserved_locales
+  || locale.match(/[A-Za-z]+/)?.[0].toLowerCase() //> keeps language only
+  || i18n.default_language
+}
+
+function original_locale_from (req) {
+  return !req ? undefined :
+    req.query['sap-locale'] || SAP_LANGUAGES[req.query['sap-language']] ||
+    req.headers['x-sap-request-language'] ||
+    req.headers['accept-language']
+}
 
 const SAP_LANGUAGES = {
   '1Q': 'en_US_x_saptrc',
@@ -14,18 +21,15 @@ const SAP_LANGUAGES = {
   '3Q': 'en_US_x_saprigi'
 }
 
-// normalizes to BCP47
-const from_req = req => req && (
-  req.query && (req.query['sap-locale'] || SAP_LANGUAGES[req.query['sap-language']]) ||
-  req.headers && (req.headers['x-sap-request-language'] || req.headers['accept-language'])
-)
-
-function req_locale (req) {
-  const locale = from_req(req); if (!locale) return i18n.default_language
-  const loc = locale.replace(/-/g,'_').match(/^[^,; ]*/)[0]
-  return INCLUDE_LIST[loc]
-  || /^([a-z]+)/i.test(loc) && RegExp.$1.toLowerCase()
-  || i18n.default_language
+const SPECIAL = {
+  ...Object.fromEntries (i18n.preserved_locales.map(l=>[l.toUpperCase(),l])), // REVISIT: why uppercase?
+  ...Object.fromEntries (i18n.preserved_locales.map(l=>[l,l])),
+  en_US_x_saptrc: 'en_US_saptrc',
+  en_US_x_sappsd: 'en_US_sappsd',
+  en_US_x_saprigi: 'en_US_saprigi',
 }
 
-module.exports = Object.assign(req_locale, { from_req })
+module.exports = Object.assign (normalized_locale_from, {
+  from: normalized_locale_from,
+  raw: original_locale_from
+})

package/lib/srv/cds-serve.js

@@ -1,6 +1,5 @@
 const cds = require ('..')
 const { Service } = cds.service.factory
-const { serve } = cds.service.protocols
 const _pending = cds.services._pending ??= {}
 const _ready = Symbol()
 const TRACE = cds.debug('trace')
@@ -102,6 +101,7 @@ module.exports = function cds_serve (som, _options) { // NOSONAR
 
     /** Fluent method to serve constructed providers to express app */
     in (app) {
+      const { serve } = cds.service.protocols
       if (!cds.env.features.odata_new_adapter && cds.edmxs) ready = ready.then (()=> cds.edmxs)
       ready = ready.then (()=> all.forEach (each => {
         const d = each.definition