@sap/cds 8.8.3 → 8.9.1

package/libx/_runtime/messaging/redis-messaging.js

@@ -77,7 +77,7 @@ class RedisMessaging extends cds.MessagingService {
         const msg = normalizeIncomingMessage(message)
         msg.event = topic
         try {
-          await this.tx({ user: cds.User.privileged }, tx => tx.emit(msg))
+          await this.processInboundMsg({}, msg)
         } catch (e) {
           e.message = 'ERROR occurred in asynchronous event processing: ' + e.message
           this.LOG.error(e)

package/libx/_runtime/messaging/service.js

@@ -78,15 +78,22 @@ class MessagingService extends cds.Service {
 
   async handle(msg) {
     if (msg.inbound) {
-      if (cds.model) {
-        const ctx = cds.context
-        ctx.model = await ExtendedModels.model4(ctx.tenant, ctx.features)
-      }
       return super.handle(this.message4(msg))
     }
     return super.handle(msg)
   }
 
+  async processInboundMsg(ctx, msg) {
+    msg.inbound = true
+    if (!cds.context) cds.context = {}
+    if (ctx.tenant) cds.context.tenant = ctx.tenant
+    if (!ctx.user) ctx.user = cds.User.privileged
+    // this.tx expects cds.context.model
+    if (cds.model && (cds.env.requires.extensibility || cds.env.requires.toggles))
+      cds.context.model = await ExtendedModels.model4(ctx.tenant, ctx.features || {})
+    return await this.tx(ctx, tx => tx.emit(msg))
+  }
+
   on(event, cb) {
     const _event = _warnAndStripTopicPrefix(event)
     // save all subscribed topics (not needed for local-messaging)

package/libx/_runtime/remote/Service.js

@@ -3,12 +3,13 @@ const cds = require('../cds')
 const { run, getReqOptions } = require('./utils/client')
 const { getCloudSdk, getCloudSdkConnectivity, getCloudSdkResilience } = require('./utils/cloudSdkProvider')
 const { hasAliasedColumns } = require('./utils/data')
-const { resolveView, getTransition, findQueryTarget } = require('../common/utils/resolveView')
+const { findQueryTarget } = require('../common/utils/resolveView')
 const postProcess = require('../common/utils/postProcess')
 const { formatVal } = require('../../odata/utils')
 
-const _setHeaders = (defaultHeaders, req) => {
+const _getHeaders = (defaultHeaders, req) => {
   return Object.assign(
+    {},
     defaultHeaders,
     Object.keys(req.headers).reduce((acc, cur) => {
       acc[cur.toLowerCase()] = req.headers[cur]
@@ -254,10 +255,16 @@ class RemoteService extends cds.Service {
         throw new Error(`"url" or "destination" property must be configured in "credentials" of "${this.name}".`)
 
       const reqOptions = getReqOptions(req, query, this)
-      reqOptions.headers = _setHeaders(reqOptions.headers, req)
+      reqOptions.headers = _getHeaders(reqOptions.headers, req)
+
+      // ensure request correlation (even with systems that use x-correlationid)
+      const correlationId = reqOptions.headers['x-correlation-id'] || cds.context?.id //> prefer custom header over context id
+      reqOptions.headers['x-correlation-id'] = correlationId
+      reqOptions.headers['x-correlationid'] = correlationId
 
       const { kind, destination, destinationOptions } = this
-      const resolvedTarget = resolvedTargetOfQuery(query) || getTransition(req.target, this).target
+      const resolvedTarget =
+        resolvedTargetOfQuery(query) || cds.ql.resolve.transitions(query, this)?.target || req.target
       const returnType = req._returnType
       const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions }
 
@@ -289,7 +296,8 @@ class RemoteService extends cds.Service {
       // we need to post process if alias was explicitly set in query
       if (_isSelectWithAliasedColumns(req.query)) result = postProcess(req.query, result, this, true)
     } else {
-      const query = resolveView(req.query, this.model, this)
+      const query = cds.ql.resolve(req.query, this)
+      if (!query) throw new Error(`Target ${req.target.name} cannot be resolved for service ${this.name}`)
       const target = findQueryTarget(query) || req.target
       // we need to provide target explicitly because it's cached within ensure_target
       const _req = new cds.Request({ query, target, _resolved: true, headers: req.headers, method: req.method })

package/libx/_runtime/remote/utils/client.js

@@ -73,6 +73,7 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
 
   // set `fetchCsrfToken` to `false` because we mount a custom CSRF middleware
   const requestOptions = { fetchCsrfToken: false }
+
   return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
 }
 

package/libx/_runtime/ucl/Service.js

@@ -1,18 +1,18 @@
 const cds = require('../cds')
 const LOG = cds.log('ucl')
-const fs = require('fs').promises
 
+const fs = require('fs').promises
 const https = require('https')
 
 class UCLService extends cds.Service {
   async init() {
     await super.init()
 
-    for (const _required of ['namespace', 'systemType', 'systemDescription']) {
-      if (!this.options[_required])
-        throw new Error(
-          `The UCL service requires mandatory parameter \`${_required}\`, please provide it as described in the documentation.`
-        )
+    this._applicationTemplate = _getApplicationTemplate(this.options)
+    if (!this._applicationTemplate.applicationNamespace) {
+      throw new Error(
+        'The UCL service requires a valid `applicationTemplate`, please provide it as described in the documentation.'
+      )
     }
 
     if (!cds.requires.multitenancy && cds.env.profile !== 'mtx-sidecar')
@@ -50,99 +50,6 @@ class UCLService extends cds.Service {
     })
   }
 
-  async readTemplate() {
-    const xsappname = this.options.credentials.xsappname
-    const query = `
-      query ($key: String!, $value: String!) {
-        applicationTemplates(filter: { key: $key, query: $value }) {
-          data {
-            id
-            name
-            description
-            placeholders {
-              name
-              description
-            }
-            applicationInput
-            labels
-            webhooks {
-              type
-            }
-          }
-        }
-      }
-    `
-    const variables = { key: 'xsappname', value: `"${xsappname}"` }
-    const res = await this._request(query, variables)
-    if (res) return res.applicationTemplates.data[0]
-  }
-
-  async createTemplate() {
-    const xsappname = this.options.credentials.xsappname
-    const query = `mutation {
-          result: createApplicationTemplate (
-              in: {
-              name: "${this.options.systemType}"
-              description: "${this.options.systemDescription}"
-              applicationInput: {
-                  name: "${this.options.systemType}" 
-                  description: "${this.options.systemDescription}"
-                  providerName: "${this.options.provider}" 
-                  localTenantID: "{{tenant-id}}"
-                  labels: {
-                  displayName: "{{subdomain}}"
-                  }
-              }
-              placeholders: [
-                  { name: "subdomain", description: "The subdomain of the consumer tenant" }
-                  { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedTenantId" }
-              ]
-              labels: {
-                  managed_app_provisioning: true
-                  xsappname: "${xsappname}"
-              }
-              applicationNamespace: "${this.options.namespace}"
-              accessLevel: GLOBAL
-              }
-          ) {
-              id
-              name
-              labels
-              applicationInput 
-              applicationNamespace
-          }
-      }`
-    try {
-      return this._handleResponse(await this._request(query))
-    } catch (e) {
-      this._handleResponse(e)
-    }
-  }
-
-  _handleResponse(result) {
-    if (result.response && result.response.errors) {
-      let errorMessage = result.response.errors[0].message
-      throw new Error(errorMessage)
-    } else {
-      return result.result
-    }
-  }
-
-  async deleteTemplate() {
-    const template = await this.readTemplate()
-    if (!template) return
-    const query = `mutation {
-            result: deleteApplicationTemplate(
-              id: "${template.id}"
-            ){
-                id
-                name
-                description
-            }
-        }`
-    return this._handleResponse(await this._request(query))
-  }
-
   // Replace with fetch
   async _request(query, variables) {
     const opts = {
@@ -150,9 +57,7 @@ class UCLService extends cds.Service {
       path: this.options.path,
       agent: this.agent,
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json'
-      }
+      headers: { 'Content-Type': 'application/json' }
     }
     return new Promise((resolve, reject) => {
       const req = https.request(opts, res => {
@@ -186,27 +91,87 @@ class UCLService extends cds.Service {
     })
   }
 
+  _handleResponse(result) {
+    if (result.response && result.response.errors) {
+      let errorMessage = result.response.errors[0].message
+      throw new Error(errorMessage)
+    } else {
+      return result.result
+    }
+  }
+
+  async readTemplate() {
+    const xsappname = this.options.credentials.xsappname
+    const variables = { key: 'xsappname', value: `"${xsappname}"` }
+    const res = await this._request(READ_QUERY, variables)
+    if (res) return res.applicationTemplates.data[0]
+  }
+
+  async createTemplate() {
+    try {
+      return this._handleResponse(await this._request(CREATE_MUTATION, { input: this._applicationTemplate }))
+    } catch (e) {
+      this._handleResponse(e)
+    }
+  }
+
   async updateTemplate(template) {
-    const query = `mutation {
-    result: updateApplicationTemplate(
-      id: "${template.id}"
-      in: {
-        name: "${this.options.systemType}"
-        description: "${this.options.systemDescription}"
-        applicationInput: {
-          name: "${this.options.systemType}"
-          description: "${this.options.systemDescription}"
-          providerName: "${this.options.provider}" 
-          localTenantID: "{{tenant-id}}"
-          labels: { displayName: "{{subdomain}}" }
+    try {
+      const input = { ...this._applicationTemplate }
+      delete input.labels
+      const response = this._handleResponse(await this._request(UPDATE_MUTATION, { id: template.id, input }))
+      LOG.info('Application template updated successfully.')
+      return response
+    } catch (e) {
+      this._handleResponse(e)
+    }
+  }
+
+  async deleteTemplate() {
+    const template = await this.readTemplate()
+    if (!template) return
+    return this._handleResponse(await this._request(DELETE_MUTATION, { id: template.id }))
+  }
+}
+
+const READ_QUERY = `
+  query ($key: String!, $value: String!) {
+    applicationTemplates(filter: { key: $key, query: $value }) {
+      data {
+        id
+        name
+        description
+        placeholders {
+          name
+          description
+        }
+        applicationInput
+        labels
+        webhooks {
+          type
         }
-        applicationNamespace: "${this.options.namespace}"
-        placeholders: [
-            { name: "subdomain", description: "The subdomain of the consumer tenant" }
-            { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedTenantId" }
-        ]
-        accessLevel: GLOBAL
       }
+    }
+  }`
+
+const CREATE_MUTATION = `
+  mutation {
+    result: createApplicationTemplate (
+      in: $input
+    ) {
+      id
+      name
+      labels
+      applicationInput
+      applicationNamespace
+    }
+  }`
+
+const UPDATE_MUTATION = `
+  mutation ($id: ID!, $input: ApplicationTemplateUpdateInput!) {
+    result: updateApplicationTemplate(
+      id: $id
+      in: $input
     ) {
       id
       name
@@ -215,14 +180,58 @@ class UCLService extends cds.Service {
       applicationInput
     }
   }`
-    try {
-      const response = this._handleResponse(await this._request(query))
-      LOG.info('Application template updated successfully.')
-      return response
-    } catch (e) {
-      this._handleResponse(e)
+
+const DELETE_MUTATION = `
+  mutation ($id: ID!) {
+    result: deleteApplicationTemplate(
+      id: $id
+    ) {
+      id
+      name
+      description
     }
+  }`
+
+const _deepAssign = (a, b) => {
+  for (const key in b) {
+    if (typeof b[key] === 'object' && !Array.isArray(b[key])) a[key] = _deepAssign(a[key] || {}, b[key])
+    else a[key] = b[key]
   }
+  return a
+}
+
+const _getApplicationTemplate = options => {
+  let applicationTemplate = {
+    applicationInput: {
+      providerName: 'SAP',
+      localTenantID: '{{tenant-id}}',
+      labels: {
+        displayName: '{{subdomain}}'
+      }
+    },
+    labels: {
+      managed_app_provisioning: true,
+      xsappname: '${xsappname}'
+    },
+    placeholders: [
+      { name: 'subdomain', description: 'The subdomain of the consumer tenant' },
+      {
+        name: 'tenant-id',
+        description: "The tenant id as it's known in the product's domain",
+        jsonPath: '$.subscribedTenantId'
+      }
+    ],
+    accessLevel: 'GLOBAL'
+  }
+  applicationTemplate = _deepAssign(applicationTemplate, options.applicationTemplate)
+
+  const pkg = require(cds.root + '/package')
+  if (!applicationTemplate.name) applicationTemplate.name = pkg.name
+  if (!applicationTemplate.applicationInput.name) applicationTemplate.applicationInput.name = pkg.name
+  if (applicationTemplate.labels.xsappname === '${xsappname}')
+    applicationTemplate.labels.xsappname = options.credentials.xsappname
+
+  return applicationTemplate
 }
 
 module.exports = UCLService

package/libx/common/utils/path.js

@@ -1,13 +1,22 @@
+const cds = require('../../../')
+
 const { where2obj } = require('../../_runtime/common/utils/cqn')
-const { getKeysForNavigationFromRefPath } = require('../../_runtime/common/utils/keys')
+const propagateForeignKeys = require('../../_runtime/common/utils/propagateForeignKeys')
+
+let _consistent_params
 
 // REVISIT: do we already have something like this _without using okra api_?
 // REVISIT: should we still support process.env.CDS_FEATURES_PARAMS? probably nobody uses it...
 exports.getKeysAndParamsFromPath = (from, { model }) => {
   if (!from.ref || !from.ref.length) return {}
 
-  const keys = {}
+  // REVISIT: make opt-out feature in cds^9
+  _consistent_params ??= cds.env.features.consistent_params
+
   const params = []
+  const data = {}
+  let currData = data
+  const navigations = []
 
   let cur = model.definitions
   let lastElement
@@ -19,28 +28,31 @@ exports.getKeysAndParamsFromPath = (from, { model }) => {
     const target = cur[id]._target ?? lastElement
     cur = target.elements
 
-    if (i === from.ref.length - 1) {
-      // last element
-      if (ref.where) {
-        const seg_keys = where2obj(ref.where)
-        Object.assign(keys, seg_keys)
-        params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
-      } else if (ref.args) {
-        params[i] = Object.fromEntries(Object.entries(ref.args).map(([k, v]) => [k, 'val' in v ? v.val : v]))
-      }
-      if (lastElement.isAssociation && from.ref.length > 1) {
-        // add keys for navigation from path
-        const rootRef = from.ref[0]
-        const rootTarget = model.definitions[rootRef.id || rootRef]
-        const seg_keys = getKeysForNavigationFromRefPath(from.ref, rootTarget)
-        // only take if a known property
-        for (const k in seg_keys) if (k in cur) keys[k] = seg_keys[k]
-      }
-    } else if (ref.where) {
+    if (lastElement.isAssociation) {
+      currData[lastElement.name] = {}
+      currData = currData[lastElement.name]
+      navigations.push(lastElement)
+    }
+
+    if (ref.where) {
       const seg_keys = where2obj(ref.where)
-      params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
+      if (_consistent_params) params[i] = seg_keys
+      else params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
+      Object.assign(currData, seg_keys)
     }
+
+    if (i === from.ref.length - 1 && !ref.where && ref.args) {
+      const seg_keys = Object.fromEntries(Object.entries(ref.args).map(([k, v]) => [k, 'val' in v ? v.val : v]))
+      if (_consistent_params) params[i] = seg_keys
+      else params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
+    }
+  }
+
+  let current = data
+  for (let nav of navigations) {
+    propagateForeignKeys(nav.name, current, nav._foreignKeys, true, { enumerable: true, generateKeys: false })
+    current = current[nav.name]
   }
 
-  return { keys, params }
+  return { keys: current || {}, params }
 }

package/libx/odata/middleware/create.js

@@ -7,6 +7,7 @@ const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
 const getODataResult = require('../utils/result')
 const normalizeTimeData = require('../utils/normalizeTimeData')
+const odataBind = require('../utils/odataBind')
 
 const { getKeysAndParamsFromPath } = require('../../common/utils/path')
 
@@ -37,6 +38,7 @@ module.exports = (adapter, isUpsert) => {
       const msg = 'Only single entity representations are allowed'
       throw Object.assign(new Error(msg), { statusCode: 400 })
     }
+    odataBind(data, target)
     normalizeTimeData(data, model, target)
     const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)

package/libx/odata/middleware/operation.js

@@ -113,7 +113,10 @@ module.exports = adapter => {
           handleSapMessages(cdsReq, req, res)
 
           const stream = getReadable(result)
-          if (!stream) return res.sendStatus(204)
+          if (!stream) {
+            if (res.statusCode > 200) return res.end()
+            return res.sendStatus(204)
+          }
 
           const { mimetype, filename, disposition } = collectStreamMetadata(result, operation, query)
           validateMimetypeIsAcceptedOrThrow(req.headers, mimetype)
@@ -151,7 +154,10 @@ module.exports = adapter => {
         handleSapMessages(cdsReq, req, res)
 
         if (operation.returns?.items && result == null) result = []
-        if (!operation.returns || result == null) return res.sendStatus(204)
+        if (!operation.returns || result == null) {
+          if (res.statusCode > 200) return res.end()
+          return res.sendStatus(204)
+        }
 
         if (operation.returns._type?.match?.(/^cds\./)) {
           const context = `${'../'.repeat(query?.SELECT?.from?.ref?.length)}$metadata#${cds2edm[operation.returns._type]}`

package/libx/odata/middleware/parse.js

@@ -9,7 +9,7 @@ module.exports = adapter => {
 
     if (req._query) return next() //> already parsed (e.g., upsert)
 
-    req._query = cds.odata.parse(req.url, { service, baseUrl: req.baseUrl, strict: true })
+    req._query = cds.odata.parse(req.url, { service, baseUrl: req.baseUrl, strict: true, protocol: 'odata' })
 
     next()
   }

package/libx/odata/middleware/stream.js

@@ -9,7 +9,6 @@ const {
   validateMimetypeIsAcceptedOrThrow,
   getReadable
 } = require('../../common/utils/streaming')
-const { getTransition } = require('../../_runtime/common/utils/resolveView')
 
 const _resolveContentProperty = (target, annotName, resolvedProp) => {
   if (target.elements[resolvedProp]) {
@@ -19,7 +18,7 @@ const _resolveContentProperty = (target, annotName, resolvedProp) => {
     LOG.warn(
       `"${annotName}" in entity "${target.name}" points to property "${resolvedProp}" which was renamed or is not part of the projection. You must update the annotation value.`
     )
-  const mapping = getTransition(target, cds.db).mapping
+  const mapping = cds.ql.resolve.transitions({ target }, cds.db).mapping
   const key = [...mapping.entries()].find(({ 1: val }) => val.ref[0] === resolvedProp)
   return key?.length && key[0]
 }

package/libx/odata/middleware/update.js

@@ -7,6 +7,7 @@ const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
 const getODataResult = require('../utils/result')
 const normalizeTimeData = require('../utils/normalizeTimeData')
+const odataBind = require('../utils/odataBind')
 
 const { getKeysAndParamsFromPath } = require('../../common/utils/path')
 
@@ -70,6 +71,7 @@ module.exports = adapter => {
 
     // payload & params
     const data = _propertyAccess ? { [_propertyAccess]: req.body.value } : req.body
+    odataBind(data, target)
     normalizeTimeData(data, model, target)
     const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)

package/libx/odata/parse/afterburner.js

@@ -241,7 +241,7 @@ function _handleCollectionBoundActions(current, ref, i, namespace, one) {
     action = shortName && current.actions[shortName]
   }
 
-  let incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
+  let incompleteKeys = !(!!ref[i].where || i === ref.length - 1 || one)
   if (!action) return incompleteKeys
 
   const onCollection = !!(
@@ -301,7 +301,9 @@ function _processSegments(from, model, namespace, cqn, protocol) {
 
     if (incompleteKeys) {
       // > key
-      keys = keys || keysOf(current, protocol !== 'rest') // if odata, skip backlinks as key as they are used from structure
+      // in case of odata, values for keys that are backlinks are expected to be omitted
+      keys = keys || keysOf(current, !!protocol?.match(/odata/i))
+      if (!keys.length) cds.error(`Invalid resource path "${path}"`, { code: '404', statusCode: 404 })
       let key = keys[keyCount++]
       one = true
       const element = current.elements[key]
@@ -388,6 +390,11 @@ function _processSegments(from, model, namespace, cqn, protocol) {
           if (!Object.keys(params).length) params = where2obj(ref[i].where)
           _processWhere(ref[i].where, current)
           _checkAllKeysProvided(params, current)
+
+          if (keyCount === 0 && !Object.keys(params).length && whereRef.length === 1) {
+            const msg = `Entity "${current.name}" can not be accessed by key.`
+            throw Object.assign(new Error(msg), { statusCode: 400 })
+          }
         }
       } else if ({ action: 1, function: 1 }[current.kind]) {
         // > action or function
@@ -578,8 +585,6 @@ function _processColumns(cqn, target, protocol) {
 
   let columns = cqn.SELECT.columns
 
-  // REVISIT Keys should be added only in case of odata, not e.g. rest.
-  // Currently odata is detected via odata_new_parser flag -> find a better indicator.
   if (columns && !cqn.SELECT.groupBy) {
     let entity
     if (target.kind === 'entity') entity = target
@@ -588,7 +593,9 @@ function _processColumns(cqn, target, protocol) {
 
     _removeUnneededColumnsIfHasAsterisk(columns)
     rewriteExpandAsterisk(columns, entity)
-    if (protocol !== 'rest') _addKeys(columns, entity)
+
+    // in case of odata, add all missing key fields (i.e., not in $select)
+    if (protocol?.match(/odata/i)) _addKeys(columns, entity)
   }
 
   if (!Array.isArray(columns)) return
@@ -755,6 +762,8 @@ function _validateQuery(SELECT, target, isOne, model) {
 }
 
 module.exports = (cqn, model, namespace, protocol) => {
+  if (!model) return cqn
+
   const from = resolveFromSelect(cqn)
   const { ref } = from
 
@@ -816,11 +825,10 @@ module.exports = (cqn, model, namespace, protocol) => {
         break
       }
     }
-    const setRecurseRef = SELECT => {
-      if (SELECT.from.SELECT) setRecurseRef(SELECT.from.SELECT)
-      if (SELECT.recurse) SELECT.recurse.ref[0] = uplinkName
+    if (uplinkName) {
+      let r = cqn.SELECT.recurse
+      if (r) r.ref[0] = uplinkName
     }
-    if (uplinkName) setRecurseRef(cqn.SELECT)
   }
 
   // REVISIT: better