@sap/cds 8.6.1 → 8.7.0

package/lib/srv/middlewares/errors.js

@@ -1,17 +1,17 @@
 const { isStandardError } = require('../../../libx/_runtime/common/error/standardError')
 
 const production = process.env.NODE_ENV === 'production'
-const cds = require ('../..')
+const cds = require('../..')
 const LOG = cds.log('error')
 const { inspect } = cds.utils
 
-
 module.exports = () => {
+  // eslint-disable-next-line no-unused-vars
   return async function http_error(error, req, res, next) {
     if (isStandardError(error) && cds.env.server.shutdown_on_uncaught_errors) {
       cds.log().error('❗️Uncaught', error)
       await cds.shutdown(error)
-      return;
+      return
     }
 
     // In case of 401 require login if available by auth strategy
@@ -26,11 +26,13 @@ module.exports = () => {
       error.stack = error.stack.replace(/\n {4}at .*(?:node_modules\/express|node:internal).*/g, '')
 
     if (400 <= status && status < 500) {
-      LOG.warn (status, '>', inspect(error))
+      LOG.warn(status, '>', inspect(error))
     } else {
-      LOG.error (status, '>', inspect(error))
+      LOG.error(status, '>', inspect(error))
     }
 
+    if (res.headersSent) return
+
     // Expose as little information as possible in production, and as much as possible in development
     if (production) {
       Object.defineProperties(error, {
@@ -44,14 +46,10 @@ module.exports = () => {
       })
     }
 
-    if (res.headersSent) {
-      return next(error)
-    }
-
     // Send the error response
     return res.status(status).json({ error })
 
     // Note: express returns errors as XML, we prefer JSON
-    // _next (error)
+    // next(error)
   }
 }

package/lib/utils/cds-utils.js

@@ -1,6 +1,10 @@
 const cwd = process.env._original_cwd || process.cwd()
 const cds = require('../index')
 
+/* eslint no-empty: ["error", { "allowEmptyCatch": true }] */
+// eslint-disable-next-line no-unused-vars
+const _tarLib = () => { try { return require('tar') } catch(_) {} }
+
 module.exports = exports = new class {
   get colors() { return super.colors = require('./colors') }
   get inflect() { return super.inflect = require('./inflect') }
@@ -16,7 +20,7 @@ module.exports = exports = new class {
   get uuid() { return super.uuid = require('crypto').randomUUID }
   get yaml() { return super.yaml = require('@sap/cds-foss').yaml }
   get pool() { return super.pool = require('@sap/cds-foss').pool }
-  get tar() { return super.tar = require('./tar') }
+  get tar()  { return super.tar = process.platform === 'win32' && _tarLib() ? require('./tar-lib') : require('./tar') }  
 }
 
 /** @type {import('node:path')} */

package/lib/utils/tar-lib.js

@@ -0,0 +1,58 @@
+const cds = require('../index'), { path, mkdirp } = cds.utils
+const tar = require('tar')
+const { Readable } = require('stream')
+const cons = require('stream/consumers')
+
+const _resolve = (...x) => path.resolve (cds.root,...x)
+
+exports.create = async (root, ...args) => {  
+  if (typeof root === 'string') root = _resolve(root)
+  if (Array.isArray(root)) [ root, ...args ] = [ cds.root, root, ...args ]
+
+  const options = {}
+  if (args.includes('-z')) options.gzip = true
+  const index = args.findIndex(el => el === '-f')
+  if (index>=0) options.file = _resolve(args[index+1])
+  options.cwd = root
+    
+  let dirs = []
+  for (let i=0; i<args.length; i++) {
+    if (args[i] === '-z' || args[i] === '-f') break
+    if (Array.isArray(args[i])) args[i].forEach(a => dirs.push(_resolve(a)))
+    else if (typeof args[i] === 'string') dirs.push(_resolve(args[i]))
+  }
+  if (!dirs.length) dirs.push(root)
+  dirs = dirs.map(d => path.relative(root, d))
+  
+  const stream = await tar.c(options, dirs)
+
+  return stream && await cons.buffer(stream) 
+}
+
+exports.extract = (archive, ...args) => ({
+  async to (dest) {
+    if (typeof dest === 'string') dest = _resolve(dest)
+    const stream = Readable.from(archive)
+    
+    const options = { C: dest }
+    if (args.includes('-z')) options.gzip = true
+
+    return new Promise((resolve, reject) => {
+        const tr = tar.x(options)
+        stream.pipe(tr)
+        tr.on('close', () => resolve())
+        tr.on('error', e => reject(e))
+    })
+  }
+})
+
+const tar_ = exports
+exports.c = tar_.create
+exports.cz = (d,...args) => tar_.c (d, ...args, '-z')
+exports.cf = (t,d,...args) => tar_.c (d, ...args, '-f',t)
+exports.czf = (t,d,...args) => tar_.c (d, ...args, '-z', '-f',t)
+exports.czfd = (t,...args) => mkdirp(path.dirname(t)).then (()=> tar_.czf (t,...args))
+exports.x = tar_.xf = tar_.extract
+exports.xz = tar_.xzf = a => tar_.x (a, '-z')
+exports.xv = tar_.xvf = a => tar_.x (a)
+exports.xvz = tar_.xvzf = a => tar_.x (a, '-z')

package/libx/_runtime/common/Service.js

@@ -62,10 +62,6 @@ class ApplicationService extends cds.Service {
     require('./generic/sorting').call(this)
   }
 
-  static handle_code_ext() {
-    if (cds.env.requires.extensibility?.code) require('./code-ext/handlers').call(this)
-  }
-
   static handle_fiori() {
     require('../fiori/lean-draft').impl.call(this)
   }

package/libx/_runtime/common/generic/auth/utils.js

@@ -37,7 +37,7 @@ const getRejectReason = (req, annotation, definition, restrictedCount, unrestric
 }
 
 const _isNull = element => element.val === null || element.list?.length === 0
-const _isNotNull = element => element.val !== null && (!element.list || element.list.length)
+const _isNotNull = element => element.val !== null && element.list?.length > 0
 
 const _processNullAttr = where => {
   if (!where) return

package/libx/_runtime/common/generic/input.js

@@ -212,7 +212,7 @@ const _pick = element => {
   //          should be a db feature, as we cannot handle completely on service level (cf. deep update)
   //          -> add to attic env behavior once new dbs handle this
   // also happens in validate but because of draft activate we have to do it twice (where cleansing is suppressed)
-  if (element['@Core.Immutable']) {
+  if (element['@Core.Immutable'] && !element.key) {
     categories.push('immutable')
   }
 
@@ -260,6 +260,8 @@ async function commonGenericInput(req) {
     const bound = req.target.actions?.[req.event] || req.target.actions?.[req._.event]
     if (bound) assertOptions.path = [bound['@cds.odata.bindingparameter.name'] || 'in']
 
+    if (req.protocol) assertOptions.rejectIgnore = true
+
     const errs = cds.validate(req.data, req.target, assertOptions)
     if (errs) {
       if (errs.length === 1) throw errs[0]

package/libx/_runtime/common/utils/csn.js

@@ -115,19 +115,23 @@ const prefixForStruct = element => {
 function getDraftTreeRoot(entity, model) {
   if (entity.own('__draftTreeRoot')) return entity.__draftTreeRoot
 
+  const previous = new Set() // track visited entities to identify hierarchies
   let parent
   let current = entity
   while (current && !current['@Common.DraftRoot.ActivationAction']) {
+    previous.add(current.name)
     const parents = []
     for (const k in model.definitions) {
+      if (previous.has(k)) continue
       const e = model.definitions[k]
       if (e.kind !== 'entity' || !e.compositions) continue
       for (const c in e.compositions)
         if (
           e.compositions[c].target === current.name ||
           e.compositions[c].target === current.name.replace(/\.drafts/, '')
-        )
+        ) {
           parents.push(e)
+        }
     }
     if (parents.length > 1 && parents.some(p => p !== parents[0])) {
       // > unable to determine single parent

package/libx/_runtime/common/utils/resolveView.js

@@ -34,7 +34,7 @@ const _inverseTransition = transition => {
       const ref0 = value.ref[0]
       if (value.ref.length > 1) {
         // ignore flattened columns like author.name
-        if (transition.target.elements[ref0].isAssociation) continue
+        if (transition.target.elements[ref0]?.isAssociation) continue
 
         const nested = inverseTransition.mapping.get(ref0) || {}
         if (!nested.transition) nested.transition = { mapping: new Map() }

package/libx/_runtime/fiori/lean-draft.js

@@ -1509,7 +1509,7 @@ function expandStarStar(target, draftActivate, recursion = new Map()) {
 }
 
 async function onNewCleanse(req) {
-  cds.validate(req.data, req.target, {})
+  cds.validate(req.data, req.target, { insert: true })
 }
 onNewCleanse._initial = true
 async function onNew(req) {

package/libx/_runtime/messaging/enterprise-messaging-shared.js

@@ -14,13 +14,17 @@ class EnterpriseMessagingShared extends AMQPWebhookMessaging {
 
   getClient() {
     if (this.client) return this.client
+    this.client = new AMQPClient(this.getClientOptions())
+    return this.client
+  }
+
+  getClientOptions() {
     const optionsAMQP = optionsMessagingAMQP(this.options)
-    this.client = new AMQPClient({
+    return {
       optionsAMQP,
       prefix: { topic: 'topic:', queue: 'queue:' },
       service: this
-    })
-    return this.client
+    }
   }
 
   getManagement() {

package/libx/odata/middleware/batch.js

@@ -167,30 +167,23 @@ const _createExpressReqResLookalike = (request, _req, _res) => {
 }
 
 const _writeResponseMultipart = (responses, res, rejected, group, boundary) => {
-  if (group) {
-    res.write(`--${boundary}${CRLF}`)
-    res.write(`content-type: multipart/mixed;boundary=${group}${CRLF}${CRLF}`)
-  }
-  const header = group || boundary
+  res.write(`--${boundary}${CRLF}`)
+
   if (rejected) {
     const resp = responses.find(r => r.status === 'fail')
-    if (resp.separator && res._writeSeparator) res.write(resp.separator)
     resp.txt.forEach(txt => {
-      res.write(`--${header}${CRLF}`)
-      res.write(`${txt}`)
+      res.write(`${txt}${CRLF}`)
     })
   } else {
+    if (group) res.write(`content-type: multipart/mixed;boundary=${group}${CRLF}${CRLF}`)
     for (const resp of responses) {
-      if (resp.separator) res.write(resp.separator)
       resp.txt.forEach(txt => {
-        res.write(`--${header}${CRLF}`)
-        res.write(`${txt}`)
+        if (group) res.write(`--${group}${CRLF}`)
+        res.write(`${txt}${CRLF}`)
       })
     }
+    if (group) res.write(`--${group}--${CRLF}`)
   }
-  if (group) res.write(`${CRLF}--${group}--${CRLF}`)
-  // indicates that we need to write a potential separator before the next error response
-  res._writeSeparator = true
 }
 
 const _writeResponseJson = (responses, res) => {
@@ -281,12 +274,18 @@ const _tx_done = async (tx, responses, isJson) => {
         delete txt.headers['content-length']
         res.txt = [JSON.stringify(txt)]
       } else {
-        let txt = res.txt[0]
-        txt = txt.replace(/HTTP\/1\.1 \d\d\d \w+/, `HTTP/1.1 ${statusCode} ${STATUS_CODES[statusCode]}`)
-        txt = txt.split(/\r\n/)
-        txt.splice(-1, 1, JSON.stringify({ error }))
-        txt = txt.join('\r\n')
-        res.txt = [txt]
+        const commitError = [
+          'content-type: application/http',
+          'content-transfer-encoding: binary',
+          '',
+          `HTTP/1.1 ${statusCode} ${STATUS_CODES[statusCode]}`,
+          'odata-version: 4.0',
+          'content-type: application/json;odata.metadata=minimal;IEEE754Compatible=true',
+          '',
+          JSON.stringify({ error })
+        ].join(CRLF)
+        res.txt = [commitError]
+        break
       }
     }
   }
@@ -421,14 +420,14 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
         .then(req => {
           const resp = { status: 'ok' }
           if (separator) resp.separator = separator
-          else separator = isJson ? Buffer.from(',') : Buffer.from(CRLF)
+          else separator = Buffer.from(',')
           resp.txt = _formatResponse(req, atomicityGroup)
           responses.push(resp)
         })
         .catch(failedReq => {
           const resp = { status: 'fail' }
           if (separator) resp.separator = separator
-          else separator = isJson ? Buffer.from(',') : Buffer.from(CRLF)
+          else separator = Buffer.from(',')
           resp.txt = _formatResponse(failedReq, atomicityGroup)
           tx.failed = failedReq
           responses.push(resp)
@@ -446,7 +445,7 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
         ? _writeResponseJson(responses, res)
         : _writeResponseMultipart(responses, res, rejected, previousAtomicityGroup, boundary)
     } else sendPreludeOnce()
-    res.write(isJson ? ']}' : `${CRLF}--${boundary}--${CRLF}`)
+    res.write(isJson ? ']}' : `--${boundary}--${CRLF}`)
     res.end()
 
     return

package/libx/odata/middleware/create.js

@@ -6,6 +6,7 @@ const getODataMetadata = require('../utils/metadata')
 const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
 const getODataResult = require('../utils/result')
+const normalizeTimeData = require('../utils/normalizeTimeData')
 
 const { getKeysAndParamsFromPath } = require('../../common/utils')
 
@@ -32,6 +33,7 @@ module.exports = (adapter, isUpsert) => {
 
     // payload & params
     const data = req.body
+    normalizeTimeData(data, model, target)
     const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)
     Object.assign(data, keys)
@@ -66,6 +68,8 @@ module.exports = (adapter, isUpsert) => {
         })
       })
       .then(result => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         // case: read after write returns no results, e.g., due to auth (academic but possible)

package/libx/odata/middleware/delete.js

@@ -57,6 +57,8 @@ module.exports = adapter => {
         })
       })
       .then(() => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         res.sendStatus(204)

package/libx/odata/middleware/operation.js

@@ -101,6 +101,8 @@ module.exports = adapter => {
     return service
       .run(() => service.dispatch(cdsReq))
       .then(result => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         if (operation.returns?.items && result == null) result = []

package/libx/odata/middleware/read.js

@@ -128,6 +128,8 @@ const _handleArrayOfQueriesFactory = adapter => {
         })
       })
       .then(result => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         if (req.url.match(/\/\$count/)) return res.set('Content-Type', 'text/plain').send(_count(result).toString())
@@ -238,6 +240,8 @@ module.exports = adapter => {
         })
       })
       .then(result => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         // 204

package/libx/odata/middleware/stream.js

@@ -218,6 +218,8 @@ module.exports = adapter => {
     return service
       .run(() => {
         return service.dispatch(cdsReq).then(async result => {
+          if (res.headersSent) return
+
           _validateStream(req, result)
 
           if (validateIfNoneMatch(cdsReq.target, req.headers?.['if-none-match'], result)) return res.sendStatus(304)
@@ -241,6 +243,8 @@ module.exports = adapter => {
         })
       })
       .then(() => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         res.end()

package/libx/odata/middleware/update.js

@@ -6,6 +6,7 @@ const getODataMetadata = require('../utils/metadata')
 const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
 const getODataResult = require('../utils/result')
+const normalizeTimeData = require('../utils/normalizeTimeData')
 
 const { getKeysAndParamsFromPath } = require('../../common/utils')
 
@@ -69,6 +70,7 @@ module.exports = adapter => {
 
     // payload & params
     const data = _propertyAccess ? { [_propertyAccess]: req.body.value } : req.body
+    normalizeTimeData(data, model, target)
     const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)
     if (!_propertyAccess) Object.assign(data, keys)
@@ -112,6 +114,8 @@ module.exports = adapter => {
         })
       })
       .then(result => {
+        if (res.headersSent) return
+
         handleSapMessages(cdsReq, req, res)
 
         // case: read after write returns no results, e.g., due to auth (academic but possible)

package/libx/odata/parse/afterburner.js

@@ -447,7 +447,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
           _resolveAliasesInXpr(ref[i].where, current)
           _processWhere(ref[i].where, current)
         }
-      } else if (current.kind === 'element' && current.elements && i < ref.length - 1) {
+      } else if (current.kind === 'element' && current.type !== 'cds.Map' && current.elements && i < ref.length - 1) {
         // > structured
         continue
       } else {
@@ -474,11 +474,16 @@ function _processSegments(from, model, namespace, cqn, protocol) {
           Object.defineProperty(cqn, '_propertyAccess', { value: current.name, enumerable: false })
 
           // if we end up with structured, keep path as is, if we end up with property in structured, cut off property
-          if (!current.elements) from.ref.splice(-1)
+          if (!current.elements || current.type === 'cds.Map') from.ref.splice(-1)
           break
         } else if (Object.keys(target.elements).includes(current.name)) {
           if (!cqn.SELECT.columns) cqn.SELECT.columns = []
-          cqn.SELECT.columns.push({ ref: ref.slice(i) })
+          const propRef = ref.slice(i)
+          if (propRef[0].where?.length === 0) {
+            const msg = 'Parentheses are not allowed when addressing properties.'
+            throw Object.assign(new Error(msg), { statusCode: 400 })
+          }
+          cqn.SELECT.columns.push({ ref: propRef })
 
           // we need the keys to generate the correct @odata.context
           for (const key in target.keys || {}) {
@@ -650,7 +655,7 @@ const _doesNotExistError = (isExpand, refName, targetName, targetKind) => {
 function _validateXpr(xpr, target, isOne, model, aliases = []) {
   if (!xpr) return []
 
-  const ignoredColumns = Object.values(target.elements ?? {})
+  const ignoredColumns = Object.values(target?.elements ?? {})
     .filter(element => element['@cds.api.ignore'] && !element.isAssociation)
     .map(element => element.name)
   const _aliases = []

package/libx/odata/parse/grammar.peggy

@@ -74,7 +74,7 @@
       (col.ref && exp.ref && col.ref.join('') === exp.ref.join(''))
     const _remapFunc = columns => c => {
       if (Array.isArray(c)) return c.map(_remapFunc(columns))
-      const fnObj = c.ref && columns.find(col => col.as && col.func && col.as === c.ref[0])
+      const fnObj = c.ref && columns.find(col => 'func' in col && col.as && col.as === c.ref[0])
       if (fnObj) return fnObj
       return c
     }
@@ -175,12 +175,11 @@
                 return columns
               }, [])
             : aggregatedColumns
-        if (cqn.where) {
-          cqn.where = cqn.where.map(_remapFunc(cqn.columns))
-          if (cqn.groupBy) {
-            cqn.having = cqn.where.map(_replaceNullRef(cqn.groupBy))
-            delete cqn.where
-          }
+        if (cqn.where && cqn.groupBy) {
+          cqn.having = cqn.where
+            .map(_remapFunc(cqn.columns))
+            .map(_replaceNullRef(cqn.groupBy))
+          delete cqn.where
         }
         // expand navigation refs in aggregated columns
         cqn.columns = cqn.columns.reduce((columns, col) => {
@@ -823,7 +822,7 @@
      // / mathCalc - needs CAP support
       )
       func:aggregateWith? aggregateFrom? as:asAlias?
-        { return { func, args: [ path ], as } }
+        { return { func, args: [ path ], as: as ?? path.ref[0] } }
       / identifier OPEN aggregateExpr CLOSE // needs CAP support
    // / customAggregate // needs CAP support
   aggregateWith

package/libx/odata/parse/multipartToJson.js

@@ -138,7 +138,6 @@ const _parseStream = async function* (body, boundary) {
 
       if (typeof ret !== 'number') {
         if (ret.message === 'Parse Error') {
-          // console.trace(ret, ret.bytesParsed ? `\n\nin:\n${changed.substr(0, ret.bytesParsed + 1)}\n\n` : '')
           ret.statusCode = 400
           ret.message = `Error while parsing batch body at position ${ret.bytesParsed}: ${ret.reason}`
         }