@sap/cds 8.4.2 → 8.5.0

package/libx/_runtime/common/generic/auth/capabilities.js

@@ -39,7 +39,7 @@ function handler(req) {
 
   if (!req.target || !annotation) return
 
-  const action = annotation.split('.').pop().toUpperCase()
+  const action = annotation.split('.').pop().toLowerCase()
   const from = cqnFrom(req)
   const nav = _getNav(from)
 

package/libx/_runtime/common/generic/input.js

@@ -10,6 +10,8 @@
 const cds = require('../../cds')
 const LOG = cds.log('app')
 
+const { Readable } = require('node:stream')
+
 const { enrichDataWithKeysFromWhere } = require('../utils/keys')
 const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
 const propagateForeignKeys = require('../utils/propagateForeignKeys')
@@ -27,6 +29,13 @@ const _shouldSuppressErrorPropagation = (event, value) => {
   )
 }
 
+const _sliceBase64 = function* (str) {
+  const chunkSize = 1 << 16
+  for (let i = 0; i < str.length; i += chunkSize) {
+    yield Buffer.from(str.slice(i, i + chunkSize), 'base64')
+  }
+}
+
 const _getSimpleCategory = category => {
   if (typeof category === 'object') {
     category = category.category
@@ -142,6 +151,16 @@ const _processCategory = (req, category, value, elementInfo, assertMap) => {
   if ((event === 'UPDATE' || event === 'CREATE') && category === '@assert.target') {
     _preProcessAssertTarget(elementInfo, assertMap)
   }
+
+  if (category === 'binary' && typeof row[key] === 'string') {
+    row[key] = Buffer.from(row[key], 'base64')
+    return
+  }
+
+  if (category === 'largebinary' && typeof row[key] === 'string') {
+    row[key] = Readable.from(_sliceBase64(row[key]), { objectMode: false })
+    return
+  }
 }
 
 const _getProcessorFn = (req, errors, assertMap) => {
@@ -192,6 +211,7 @@ const _pick = element => {
   // REVISIT: cleanse @Core.Immutable
   //          should be a db feature, as we cannot handle completely on service level (cf. deep update)
   //          -> add to attic env behavior once new dbs handle this
+  // also happens in validate but because of draft activate we have to do it twice (where cleansing is suppressed)
   if (element['@Core.Immutable']) {
     categories.push('immutable')
   }
@@ -200,10 +220,6 @@ const _pick = element => {
     categories.push('uuid')
   }
 
-  if (element['@Core.IsMediaType']) {
-    categories.push('stream')
-  }
-
   if (
     element._isAssociationStrict &&
     !element.on && // managed assoc
@@ -213,6 +229,14 @@ const _pick = element => {
     categories.push('@assert.target')
   }
 
+  if (element.type === 'cds.Binary' && !cds.env.features.base64_binaries) {
+    categories.push('binary')
+  }
+
+  if (element.type === 'cds.LargeBinary' && !cds.env.features.base64_binaries) {
+    categories.push('largebinary')
+  }
+
   if (categories.length) return { categories }
 }
 
@@ -226,7 +250,7 @@ async function commonGenericInput(req) {
 
   // validate data
   if (cds.env.features.cds_validate) {
-    const assertOptions = { mandatories: req.event === 'CREATE' || req.req?.method === 'PUT' }
+    const assertOptions = { mandatories: req.event === 'CREATE' || req.method === 'PUT' }
 
     const _is_activate = req._?.event === 'draftActivate' && cds.env.features.preserve_computed !== false
     const _is_create_after_new = req.target.isDraft && req.event === 'CREATE'
@@ -346,7 +370,10 @@ function _actionFunctionHandler(req) {
 
   // validate data
   if (cds.env.features.cds_validate) {
-    const assertOptions = { mandatories: true }
+    const assertOptions = {
+      mandatories: true,
+      cleanse: !(operation.kind === 'action' || operation.kind === 'function')
+    }
     let errs = cds.validate(data, operation, assertOptions)
     if (errs) {
       if (errs.length === 1) throw errs[0]
@@ -361,6 +388,14 @@ function _actionFunctionHandler(req) {
   const arrayData = Array.isArray(data) ? data : [data]
   for (const row of arrayData) _processActionFunction(row, operation.params, errors, req.event, this)
   if (errors.length) for (const error of errors) req.error(error)
+
+  // convert binaries
+  operation.params &&
+    !cds.env.features.base64_binaries &&
+    Object.keys(operation.params).forEach(key => {
+      if (operation.params[key].type === 'cds.Binary' && typeof data[key] === 'string')
+        data[key] = Buffer.from(data[key], 'base64')
+    })
 }
 
 commonGenericInput._initial = true

package/libx/_runtime/common/i18n/index.js

@@ -1,3 +1,6 @@
+//
+// REVISIT: Not used any longer -> move to @sap/cds-attic ...
+//
 const fs = require('fs')
 const path = require('path')
 
@@ -53,7 +56,7 @@ function init(locale, file) {
   i18ns[locale] = props
 }
 
-init('default', path.join(__dirname, 'messages.properties'))
+init('default', path.resolve(__dirname, '../../../../_i18n/messages.properties'))
 init('')
 
 module.exports = (key, locale = '', args = {}) => {
@@ -69,18 +72,8 @@ module.exports = (key, locale = '', args = {}) => {
 
   // for locale OR app default OR cds default
   let text = i18ns[locale][key] || i18ns[''][key] || i18ns.default[key]
-  if (!text) return
-  // best effort replacement
-  try {
-    const matches = text.match(/\{[\w][\w]*\}/g) || []
-    for (const match of matches) {
-      const arg = args[match.slice(1, -1)]
-      const argtext = i18ns[locale][arg] || i18ns[''][arg] || i18ns.default[arg]
-      text = text.replace(match, argtext || (arg != null ? arg : 'NULL'))
-    }
-  } catch {
-    // nothing to do
-  }
-
-  return text
+  return text?.replace(/{(\w+)}/g, (_, k) => {
+    let x = args[k]
+    return i18ns[locale][x] || i18ns[''][x] || i18ns.default[x] || (x ?? 'NULL') // REVISIT: i'm afraid this twofold localization is a rather bad idea
+  })
 }

package/libx/_runtime/common/utils/compareJson.js

@@ -2,6 +2,7 @@ const cds = require('../../cds')
 const { DRAFT_COLUMNS_MAP } = require('../constants/draft')
 
 const _deepEqual = (val1, val2) => {
+  if (Buffer.isBuffer(val1) && Buffer.isBuffer(val2)) return val1.equals(val2)
   if (val1 && typeof val1 === 'object' && val2 && typeof val2 === 'object') {
     for (const key in val1) {
       if (!_deepEqual(val1[key], val2[key])) return false
@@ -179,7 +180,15 @@ const _iteratePropsInNewEntry = (newEntry, keys, result, oldEntry, entity, opts,
     }
 
     // if value did not change --> ignored
-    if (newEntry[prop] === (oldEntry && oldEntry[prop])) continue
+    if (
+      (Buffer.isBuffer(newEntry[prop]) &&
+        oldEntry &&
+        Buffer.isBuffer(oldEntry[prop]) &&
+        newEntry[prop].equals(oldEntry[prop])) ||
+      newEntry[prop] === oldEntry?.[prop]
+    ) {
+      continue
+    }
 
     // existing immutable --> ignored
     if (oldEntry && cache.immutables.includes(prop)) continue

package/libx/_runtime/common/utils/resolveView.js

@@ -715,7 +715,7 @@ const resolveView = (query, model, service) => {
 
   // If the query is a projection, one must follow it
   // to let the underlying service know its true entity.
-  if (query.cmd) _event = query.cmd
+  if (query.kind) _event = query.kind
   else if (query.SELECT) _event = 'SELECT'
   else if (query.INSERT) _event = 'INSERT'
   else if (query.UPSERT) _event = 'UPSERT'

package/libx/_runtime/fiori/lean-draft.js

@@ -624,20 +624,20 @@ cds.ApplicationService.prototype.handle = async function (req) {
       }
     }
 
-    if (cds.env.features.odata_new_adapter) {
+    if (cds.env.features.odata_new_adapter && req.res) {
       const read_result = await _readAfterDraftAction.bind(this)({
         req,
         payload: res,
         action: 'draftActivate'
       })
-      req.res?.set(
+      req.res.set(
         'location',
         '../' + calculateLocationHeader(req.target, this, read_result || { ...res, IsActiveEntity: true })
       )
       return read_result
-    } else {
-      return Object.assign(result, { IsActiveEntity: true })
     }
+
+    return Object.assign(result, { IsActiveEntity: true })
   }
 
   if (req.target.actions?.[req.event] && draftParams.IsActiveEntity === false) {
@@ -826,8 +826,12 @@ const Read = {
       }
     }
     Read.merge(query._target, actives, drafts, (row, other) => {
-      if (other) Object.assign(row, other, { HasActiveEntity: false, HasDraftEntity: true })
-      else
+      if (other) {
+        if ('DraftAdministrativeData' in other) row.DraftAdministrativeData = other.DraftAdministrativeData
+        if ('DraftAdministrativeData_DraftUUID' in other)
+          row.DraftAdministrativeData_DraftUUID = other.DraftAdministrativeData_DraftUUID
+        Object.assign(row, { HasActiveEntity: false, HasDraftEntity: true })
+      } else
         Object.assign(row, {
           HasActiveEntity: false,
           HasDraftEntity: false,
@@ -1235,44 +1239,61 @@ function _cleansed(query, model) {
   const q = _cleanseQuery(query, draftParams, model)
   if (query.SELECT) {
     const getDrafts = () => {
-      const draftsQuery = _cleanseQuery(query, {}, model) // could just clone `q` but the latter is ruined by database layer
-      draftsQuery._target = undefined
-      if (!draftsQuery.SELECT.from.ref) return // invalid draft request
-      const [root, ...tail] = draftsQuery.SELECT.from.ref
+      // could just clone `query` but the latter is ruined by database layer
+      const draftsQuery = _cleanseQuery(query, {}, model)
+
+      // set the target to null to ensure cds.infer(...) correctly infer the
+      // target after query modifications
+      draftsQuery._target = null
+      let draftSelect = draftsQuery.SELECT
+      let querySelect = query.SELECT
+
+      // in the $apply scenario, only the most inner nested SELECT data structure must be cleansed
+      while (draftSelect.from.SELECT) {
+        draftSelect = draftSelect.from.SELECT
+        querySelect = querySelect.from.SELECT
+      }
+
+      if (!draftSelect.from.ref) return // invalid draft request
+
+      const [root, ...tail] = draftSelect.from.ref
       const draft = model.definitions[root.id || root].drafts
       if (!draft) return
-      draftsQuery.SELECT.from = {
+      draftSelect.from = {
         ref: [root.id ? { ...root, id: draft.name } : draft.name, ...tail]
       }
       cds.infer(draftsQuery, model.definitions)
+
       // draftsQuery._target = draftsQuery._target?.drafts || draftsQuery._target
-      if (query.SELECT.columns && query._target.drafts) {
+      if (querySelect.columns && query._target.drafts) {
         if (draftsQuery._target.isDraft)
-          draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
-        else draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, DRAFT_ELEMENTS, draft)
+          draftSelect.columns = _cleanseCols(querySelect.columns, REDUCED_DRAFT_ELEMENTS, draft)
+        else draftSelect.columns = _cleanseCols(querySelect.columns, DRAFT_ELEMENTS, draft)
       }
 
-      if (query.SELECT.where && query._target.drafts) {
+      if (querySelect.where && query._target.drafts) {
         if (draftsQuery._target.isDraft)
-          draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
-        else draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS)
+          draftSelect.where = _cleanseWhere(querySelect.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
+        else draftSelect.where = _cleanseWhere(querySelect.where, {}, DRAFT_ELEMENTS)
       }
 
-      if (query.SELECT.orderBy && query._target.drafts) {
+      if (querySelect.orderBy && query._target.drafts) {
         if (draftsQuery._target.isDraft)
-          draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
-        else draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, DRAFT_ELEMENTS)
+          draftSelect.orderBy = _cleanseWhere(querySelect.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
+        else draftSelect.orderBy = _cleanseWhere(querySelect.orderBy, {}, DRAFT_ELEMENTS)
       }
 
       if (draftsQuery._target.name.endsWith('.DraftAdministrativeData')) {
-        draftsQuery.SELECT.columns = _tweakAdminCols(draftsQuery.SELECT.columns)
+        draftSelect.columns = _tweakAdminCols(draftSelect.columns)
       } else if (draftsQuery._target?.name.endsWith('.drafts')) {
-        draftsQuery.SELECT.columns = _tweakAdminExpand(draftsQuery.SELECT.columns)
+        draftSelect.columns = _tweakAdminExpand(draftSelect.columns)
       }
+
       draftsQuery[DRAFT_PARAMS] = draftParams
       Object.defineProperty(q, '_drafts', { value: draftsQuery })
       return draftsQuery
     }
+
     Object.defineProperty(q, '_drafts', {
       configurable: true,
       get() {
@@ -1481,6 +1502,10 @@ function expandStarStar(target, draftActivate, recursion = new Map()) {
   return columns
 }
 
+async function onNewCleanse(req) {
+  cds.validate(req.data, req.target, {})
+}
+onNewCleanse._initial = true
 async function onNew(req) {
   LOG.debug('new draft')
 
@@ -1658,17 +1683,17 @@ async function onEdit(req) {
     activeLockCQN[DRAFT_PARAMS] = draftParams
 
     try {
-      await this.run(activeLockCQN)
+      await activeLockCQN
     } catch (error) {
       LOG._debug && LOG.debug('Failed to acquire database lock:', error)
-      const draft = await this.run(existingDraft)
+      const draft = await existingDraft
       if (draft) req.reject({ code: 409, statusCode: 409, message: 'DRAFT_ALREADY_EXISTS' })
       req.reject({ code: 409, statusCode: 409, message: 'ENTITY_LOCKED' })
     }
 
     const cqns = [
       cds.env.fiori.read_actives_from_db ? this._datasource.run(selectActiveCQN) : this.run(selectActiveCQN),
-      this.run(existingDraft)
+      existingDraft
     ]
 
     ;[res, draft] = await _promiseAll(cqns)
@@ -1739,7 +1764,7 @@ async function onEdit(req) {
     req.res.status(201)
   }
 
-  if (cds.env.features.odata_new_adapter) {
+  if (cds.env.features.odata_new_adapter && req.res) {
     const read_result = await _readAfterDraftAction.bind(this)({
       req,
       payload: res,
@@ -1877,6 +1902,30 @@ const _readAfterDraftAction = async function ({ req, payload, action }) {
 
 module.exports = {
   impl() {
+    if (!this.new)
+      this.new = function (entity, data) {
+        return this.send({ event: 'NEW', query: INSERT.into(entity).entries(data ?? {}) })
+      }
+    if (!this.cancel)
+      this.cancel = function (entity, data) {
+        return this.send({ event: 'CANCEL', query: DELETE(entity, data) })
+      }
+    if (!this.edit)
+      this.edit = function (entity, data) {
+        if ((typeof entity === 'string' && entity.endsWith('.drafts')) || entity.isDraft)
+          throw new Error('Action `edit` must be called on the active entity')
+        return this.send({ event: 'EDIT', query: SELECT.from(entity, data).where({ IsActiveEntity: true }) })
+        //                                                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ makes sure draftParams are set
+      }
+    if (!this.save)
+      this.save = function (entity, data) {
+        // a bit fishy to demand registering it on drafts since `SAVE` is usually just a shortcut for `['CREATE', 'UPDATE']`
+        // and is typically registered for active entities. Hence, we allow to register it on both and redirect to drafts
+        const _entity =
+          typeof entity === 'string' ? (entity.endsWith('.drafts') ? entity : entity + '.drafts') : entity?.drafts
+        return this.send({ event: 'draftActivate', query: SELECT.from(_entity, data) })
+      }
+
     if (!this._datasource) this._datasource = cds.db
 
     function _wrapped(handler, isActiveEntity) {
@@ -1885,10 +1934,12 @@ module.exports = {
           return next.call(this)
         return handler.call(this, req, next)
       }
+      if (handler._initial) fn._initial = true
       return fn
     }
 
     // Also runs those handlers if they're annotated with @odata.draft.enabled through extensibility
+    this.before('NEW', '*', _wrapped(onNewCleanse, false))
     this.on('NEW', '*', _wrapped(onNew, false))
     this.on('EDIT', '*', _wrapped(onEdit, true))
     this.on('CANCEL', '*', _wrapped(onCancel, false))

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -15,9 +15,13 @@ class EndpointRegistry {
       if (cds.requires.auth.impl) {
         cds.app.use(basePath, cds.middlewares.before) // contains auth, trace, context
       } else {
-        const jwt_auth = require('../../../../lib/auth/jwt-auth.js')
+        const jwt_auth = require('../../../../lib/srv/middlewares/auth/jwt-auth.js')
         cds.app.use(basePath, cds.middlewares.context())
         cds.app.use(basePath, jwt_auth(cds.requires.auth))
+        cds.app.use(basePath, (err, req, res, next) => {
+          if (err === 401) res.send(401)
+          else next(err)
+        })
       }
       // unsuccessful auth doesn't automatically reject!
       cds.app.use(basePath, (req, res, next) => {

package/libx/_runtime/messaging/kafka.js

@@ -18,7 +18,7 @@ class KafkaService extends cds.MessagingService {
 
     if (!this.options.local && !this.options.credentials) {
       throw new Error(
-        'No Kafka credentials found.\n\nHint: You need to bind your application to a Kafa service instance.'
+        'No Kafka credentials found.\n\nHint: You need to bind your application to a Kafka service instance.'
       )
     }
 

package/libx/odata/index.js

@@ -144,6 +144,9 @@ module.exports = {
       cqn = enhanceCqn(cqn, options)
     }
 
+    // REVISIT: SELECT.from._params is a temporary hack
+    if (cqn.SELECT?.from?._params) delete cqn.SELECT.from._params
+
     return cqn
   },
 

package/libx/odata/middleware/create.js

@@ -58,9 +58,10 @@ module.exports = (adapter, isUpsert) => {
     return service
       .run(() => {
         return service.dispatch(cdsReq).then(result => {
-          // REVISIT: shouldn't read after write be the default behavior (that could be suppressed)?
-          // generic handlers indicate that read after write is required
-          if (cdsReq._.readAfterWrite) return _readAfterWrite(cdsReq)
+          // cdsReq._.readAfterWrite is only true if generic handler served the request
+          // If minimal requested and not etag, skip read after write
+          if (cdsReq._.readAfterWrite && (target._etag || getPreferReturnHeader(req) !== 'minimal'))
+            return _readAfterWrite(cdsReq)
           return result
         })
       })
@@ -75,10 +76,11 @@ module.exports = (adapter, isUpsert) => {
           res.set('location', calculateLocationHeader(cdsReq.target, service, result || cdsReq.data))
         }
 
-        const isMinimal = getPreferReturnHeader(req) === 'minimal'
-        postProcess(cdsReq.target, model, result, isMinimal)
+        const preference = getPreferReturnHeader(req)
+        postProcess(cdsReq.target, model, result, preference === 'minimal')
         if (result?.$etag) res.set('ETag', result.$etag) //> must be done after post processing
-        if (isMinimal) return res.sendStatus(204)
+        if (preference === 'minimal') return res.append('Preference-Applied', 'return=minimal').sendStatus(204)
+        else if (preference === 'representation') res.append('Preference-Applied', 'return=representation')
 
         const metadata = getODataMetadata(query, { result })
         result = getODataResult(result, metadata)

package/libx/odata/middleware/update.js

@@ -1,13 +1,7 @@
 const cds = require('../../../')
 const { UPDATE } = cds.ql
 
-const {
-  calculateLocationHeader,
-  handleSapMessages,
-  getPreferReturnHeader,
-  extractIfNoneMatch,
-  isStream
-} = require('../utils')
+const { handleSapMessages, getPreferReturnHeader, extractIfNoneMatch, isStream } = require('../utils')
 const getODataMetadata = require('../utils/metadata')
 const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
@@ -65,7 +59,9 @@ module.exports = adapter => {
       throw Object.assign(new Error(`Method ${req.method} is not allowed for entity collections`), { statusCode: 405 })
     }
 
-    if (_propertyAccess && req.method === 'PATCH') {
+    const _isStream = isStream(req._query)
+
+    if (_propertyAccess && req.method === 'PATCH' && !_isStream) {
       throw Object.assign(new Error(`Method ${req.method} is not allowed for properties`), { statusCode: 405 })
     }
 
@@ -78,7 +74,6 @@ module.exports = adapter => {
     if (!_propertyAccess) Object.assign(data, keys)
 
     const _isDraft = target.drafts && data.IsActiveEntity !== true
-
     // query
     let query = UPDATE.entity(from).with(data)
 
@@ -86,7 +81,14 @@ module.exports = adapter => {
     const headers = { ...cds.context.http.req.headers, ...req.headers }
 
     // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
-    const cdsReq = adapter.request4({ method: req.method, query, params, headers, req, res })
+    const cdsReq = adapter.request4({
+      method: _propertyAccess ? 'PATCH' : req.method,
+      query,
+      params,
+      headers,
+      req,
+      res
+    })
 
     // rewrite event for draft-enabled entities
     if (_isDraft) cdsReq.event = 'PATCH'
@@ -99,10 +101,13 @@ module.exports = adapter => {
     return service
       .run(() => {
         return service.dispatch(cdsReq).then(result => {
-          // REVISIT: shouldn't read after write be the default behavior (that could be suppressed)?
-          // generic handlers indicate that read after write is required
-          // REVISIT: what does target._etag have to do with it?
-          if (cdsReq._.readAfterWrite && !(_propertyAccess && !target._etag)) return _readAfterWrite(cdsReq)
+          // cdsReq._.readAfterWrite is only true if generic handler served the request
+          // If minimal requested or property access and not etag, skip read after write
+          if (
+            cdsReq._.readAfterWrite &&
+            (target._etag || (!_propertyAccess && getPreferReturnHeader(req) !== 'minimal'))
+          )
+            return _readAfterWrite(cdsReq)
           return result
         })
       })
@@ -112,16 +117,14 @@ module.exports = adapter => {
         // case: read after write returns no results, e.g., due to auth (academic but possible)
         if (result == null) return res.sendStatus(204)
 
-        const isMinimal = getPreferReturnHeader(req) === 'minimal'
-        postProcess(cdsReq.target, model, result, isMinimal)
+        const preference = getPreferReturnHeader(req)
+        postProcess(cdsReq.target, model, result, preference === 'minimal')
 
-        if (isMinimal && !target._isSingleton) {
-          // determine calculation based on result with req.data as fallback
-          res.set('location', calculateLocationHeader(cdsReq.target, service, result || cdsReq.data))
-        }
         if (result?.$etag) res.set('ETag', result.$etag) //> must be done after post processing
 
-        if (isMinimal || (_propertyAccess && result[_propertyAccess] == null) || isStream(req._query)) {
+        if (preference === 'minimal') res.append('Preference-Applied', 'return=minimal')
+        else if (preference === 'representation') res.append('Preference-Applied', 'return=representation')
+        if (preference === 'minimal' || (_propertyAccess && result[_propertyAccess] == null) || isStream(req._query)) {
           return res.sendStatus(204)
         }
 

package/libx/odata/parse/afterburner.js

@@ -328,6 +328,10 @@ function _processSegments(from, model, namespace, cqn, protocol) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
           _resolveAliasesInXpr(ref[i].where, current)
           _processWhere(ref[i].where, current)
+        } else {
+          // parentheses are missing
+          const msg = `Invalid call to "${current.name}". Parentheses are missing`
+          throw cds.error(msg, { code: '400', statusCode: 400 })
         }
 
         _addDefaultParams(ref[i], current)
@@ -381,7 +385,18 @@ function _processSegments(from, model, namespace, cqn, protocol) {
         }
 
         ref[i] = { operation: current.name }
+
         if (params) ref[i].args = _getDataFromParams(params, current)
+        // REVISIT: SELECT.from._params is a temporary hack
+        else if (from._params && current.kind === 'function') {
+          // only take known params to allow additional instructions like sap-language, etc.
+          ref[i].args = current['@open']
+            ? Object.assign({}, from._params)
+            : Object.keys(from._params).reduce((acc, cur) => {
+                if (current.params && cur in current.params) acc[cur] = from._params[cur]
+                return acc
+              }, {})
+        }
         if (current.returns && current.returns._type) one = true
 
         if (current.returns) {
@@ -572,8 +587,6 @@ const _checkAllKeysProvided = (params, entity) => {
     // view with params
     if (params === undefined) {
       throw cds.error(`Invalid call to "${entity.name}". You need to navigate to Set`, { code: '400', statusCode: 400 })
-    } else if (Object.keys(params).length === 0) {
-      throw new Error('KEY_EXPECTED')
     }
 
     keysOfEntity = Object.keys(entity.params)

package/libx/odata/parse/grammar.peggy

@@ -504,11 +504,11 @@
   where_clause = p:( n:NOT? {return n?[n]:[]} )(
       OPEN xpr:where_clause CLOSE {p.push({xpr})}
       / comp:comparison {p.push(...comp)}
-      / lambda:lambda {
-        if (p[p.length - 1] === 'not' && lambda[0] === 'not') {
-          p.push('(', ...lambda, ')')
+      / xpr:lambda {
+        if (p[p.length - 1] === 'not' && xpr[0] === 'not') {
+          p.push({ xpr })
         } else {
-          p.push(...lambda)
+          p.push(...xpr)
         }
       }
       / func:boolish {p.push(func)}
@@ -631,8 +631,25 @@
 
   aliasedParamVal = val / jsonObject / jsonArray / "[" list:innerListParam "]" { return { list } }
 
-  custom
-    = [a-zA-Z0-9-_.~!]+ ("=" [^&]*)?
+  custom = k:$([a-zA-Z0-9-_.~!\[\]]+) "="? v:$([^&]*)? {
+    // normalize value
+    if (v === 'null') v = null
+    else if (v === 'true') v = true
+    else if (v === 'false') v = false
+    // set value in structure
+    // REVISIT: SELECT.from._params is a temporary hack
+    const params = SELECT.from._params ??= {}
+    let t = params
+    let x = k.match(/^(\w+)\[(.*)\]$/)
+    while (x) {
+      if (!(x[1] in t)) t[x[1]] = x[2] === '' ? [] : {}
+      t = t[x[1]]
+      k = x[2]
+      x = k.match(/^(\w+)\[(.*)\]$/)
+    }
+    if (Array.isArray(t)) t.push(v)
+    else t[k] = v
+  }
 
   aliasedParam "an aliased parameter (@param)" = "@" i:identifier { return "@" + i }
   aliasedParamEqualsVal = alias:aliasedParam "=" !aliasedParam value:aliasedParamVal {
@@ -912,7 +929,7 @@
     = $( [a-zA-Z0-9-"."_~!$'()*+,;=:@"/""?"]+ )
 
   binary "a binary" // > url-safe base64
-    = "binary'" s:$([a-zA-Z0-9-_]+ ("=="/"=")?) "'" { return standardBase64(s) }
+    = "binary'" s:$([a-zA-Z0-9-_]+ ("=="/"=")?) "'" { return cds.env.features.base64_binaries ? standardBase64(s) : Buffer.from(s, 'base64') }
 
 //
 // ---------- Punctuation ----------