@sap/cds 9.0.4 → 9.1.0

package/libx/_runtime/remote/utils/client.js

@@ -306,6 +306,7 @@ const _cqnToReqOptions = (query, service, req) => {
   const reqOptions = {
     method: queryObject.method,
     url: queryObject.path
+      // REVISIT: remove when we can assume that number of remote services running Okra is negligible
       // ugly workaround for Okra not allowing spaces in ( x eq 1 )
       .replace(/\( /g, '(')
       .replace(/ \)/g, ')')

package/libx/odata/ODataAdapter.js

@@ -30,62 +30,66 @@ module.exports = class ODataAdapter extends HttpAdapter {
   }
 
   get router() {
+    function set_odata_version(_, res, next) {
+      res.set('OData-Version', '4.0')
+      next()
+    }
+
+    function validate_representation_headers(req, res, next) {
+      if (req.method === 'PUT' && isStream(req._query)) {
+        req.body = { value: req }
+        return next()
+      }
+      if (req.method === 'POST' && req.headers['content-type']?.match(/multipart\/mixed/)) {
+        return next()
+      }
+
+      const contentLength = req.headers['content-length']
+      const [type = '', suffix] = (req.headers['content-type'] || '').split(';')
+      // header ending with semicolon is not allowed
+      const isJson = type.match(/^application\/json$/) && suffix !== ''
+
+      // POST with empty body is allowed if no content-type header is set
+      if (req.method === 'POST' && (!contentLength || isJson)) return jsonBodyParser(req, res, next)
+
+      if (req.method in { POST: 1, PUT: 1, PATCH: 1 }) {
+        if (!isJson) {
+          res.status(415).json({ error: { message: 'Unsupported Media Type', statusCode: 415, code: '415' } })
+          return
+        }
+        if (contentLength === '0') {
+          res.status(400).json({ error: { message: 'Expected non-empty body', statusCode: 400, code: '400' } })
+          return
+        }
+      }
+
+      return jsonBodyParser(req, res, next)
+    }
+
+    function validate_operation_http_method(req, _, next) {
+      // operations must have been handled above (POST or GET)
+      const { operation } = req._query.SELECT?.from.ref?.slice(-1)[0] || {}
+      next(operation ? { code: 405 } : undefined)
+    }
+
     const jsonBodyParser = bodyParser4(this)
     return (
       super.router
-        .use(function odata_version(req, res, next) {
-          res.set('OData-Version', '4.0')
-          next()
-        })
-        // REVISIT: add middleware for negative cases?
+        .use(set_odata_version)
         // service root
-        .use(/^\/$/, require('./middleware/service-document')(this))
-        .use('/\\$metadata', require('./middleware/metadata')(this))
+        .all('/', require('./middleware/service-document')(this))
+        .all('/\\$metadata', require('./middleware/metadata')(this))
         // parse
         .use(require('./middleware/parse')(this))
-        .use(function odata_streams(req, res, next) {
-          if (req.method === 'PUT' && isStream(req._query)) {
-            req.body = { value: req }
-            return next()
-          }
-          if (req.method === 'POST' && req.headers['content-type']?.match(/multipart\/mixed/)) {
-            return next()
-          }
-          // POST with empty body is allowed by actions
-          if (req.method in { PUT: 1, PATCH: 1 }) {
-            if (req.headers['content-length'] === '0') {
-              res.status(400).json({ error: { message: 'Expected non-empty body', statusCode: 400, code: '400' } })
-              return
-            }
-          }
-          if (req.method in { POST: 1, PUT: 1, PATCH: 1 }) {
-            const contentType = req.headers['content-type'] ?? ''
-            let contentLength = req.headers['content-length']
-            contentLength = contentLength ? parseInt(contentLength) : 0
-
-            const parts = contentType.split(';')
-            // header ending with semicolon is not allowed
-            if ((contentLength && !parts[0].match(/^application\/json$/)) || parts[1] === '') {
-              res.status(415).json({ error: { message: 'Unsupported Media Type', statusCode: 415, code: '415' } })
-              return
-            }
-          }
-
-          return jsonBodyParser(req, res, next)
-        })
+        .use(validate_representation_headers)
         // batch
         // .all is used deliberately instead of .use so that the matched path is not stripped from req properties
         .all('/\\$batch', require('./middleware/batch')(this))
         // handle
-        // REVISIT: with old adapter, we return 405 for HEAD requests -> check OData spec
         .head('*', (_, res) => res.sendStatus(405))
         .post('*', operation4(this), create4(this))
         .get('*', operation4(this), stream4(this), read4(this))
-        .use('*', (req, res, next) => {
-          // operations must have been handled above (POST or GET)
-          const { operation } = req._query.SELECT?.from.ref?.slice(-1)[0] || {}
-          next(operation ? { code: 405 } : undefined)
-        })
+        .use(validate_operation_http_method)
         .put('*', update4(this), create4(this, 'upsert'))
         .patch('*', update4(this), create4(this, 'upsert'))
         .delete('*', delete4(this))

package/libx/odata/middleware/batch.js

@@ -62,7 +62,6 @@ const _validateBatch = body => {
       throw _deserializationError(`Method '${method}' is not allowed. Only DELETE, GET, PATCH, POST or PUT are.`)
 
     _validateProperty('url', url, 'string')
-    // TODO: need similar validation in multipart/mixed batch
     if (url.startsWith('/$batch')) throw _deserializationError('Nested batch requests are not allowed.')
 
     // TODO: support for non JSON bodies?

package/libx/odata/middleware/error.js

@@ -30,6 +30,13 @@ exports.normalizeError = (err, req, cleanse = ODATA_PROPERTIES) => {
   return err
 }
 
+// TODO: This should go somewhere else ...
+exports.getLocalizedMessages = (messages, req) => {
+  const locale = cds.i18n.locale.from(req)
+  for (let m of messages) _normalize(m, locale, SAP_MSG_PROPERTIES)
+  return messages
+}
+
 exports.getSapMessages = (messages, req) => {
   const locale = cds.i18n.locale.from(req)
   for (let m of messages) _normalize(m, locale, SAP_MSG_PROPERTIES)

package/libx/odata/middleware/operation.js

@@ -2,7 +2,7 @@ const cds = require('../../../')
 
 const { pipeline } = require('node:stream/promises')
 
-const { cds2edm, handleSapMessages } = require('../utils')
+const { handleSapMessages } = require('../utils')
 const getODataMetadata = require('../utils/metadata')
 const postProcess = require('../utils/postProcess')
 const getODataResult = require('../utils/result')
@@ -143,12 +143,6 @@ module.exports = adapter => {
           return res.sendStatus(204)
         }
 
-        if (operation.returns._type?.match?.(/^cds\./)) {
-          const context = `${'../'.repeat(query?.SELECT?.from?.ref?.length)}$metadata#${cds2edm[operation.returns._type]}`
-          result = { '@odata.context': context, value: result }
-          return res.send(result)
-        }
-
         if (res.statusCode === 201 && !res.hasHeader('location')) {
           const location = location4(operation.returns, service, result)
           if (location) res.set('location', location)
@@ -160,21 +154,21 @@ module.exports = adapter => {
         }
 
         // REVISIT: enterprise search result? -> simply return what was provided
-        if (operation.returns.type !== 'sap.esh.SearchResult') {
-          const isCollection = !!operation.returns.items
-          const _target = operation.returns.items ?? operation.returns
-          const options = { result, isCollection }
-          if (!_target.name) {
-            // case: return inline type def
-            options.edmName = _opResultName({ service, operation, returnType: _target })
-          }
-          const SELECT = {
-            from: query ? { ref: [...query.SELECT.from.ref, { operation: operation.name }] } : {},
-            one: !isCollection
-          }
-          const metadata = getODataMetadata({ SELECT, _target }, options)
-          result = getODataResult(result, metadata, { isCollection })
+        if (operation.returns.type === 'sap.esh.SearchResult') return res.send(result)
+
+        const isCollection = !!operation.returns.items
+        const _target = operation.returns.items ?? operation.returns
+        const options = { result, isCollection }
+        if (!_target.name) {
+          // case: return inline type def
+          options.edmName = _opResultName({ service, operation, returnType: _target })
+        }
+        const SELECT = {
+          from: query ? { ref: [...query.SELECT.from.ref, { operation: operation.name }] } : {},
+          one: !isCollection
         }
+        const metadata = getODataMetadata({ SELECT, _target }, options)
+        result = getODataResult(result, metadata, { isCollection })
 
         res.send(result)
       })

package/libx/odata/parse/afterburner.js

@@ -249,13 +249,17 @@ function _handleCollectionBoundActions(current, ref, i, namespace, one) {
   )
 
   if (onCollection && one) {
-    const msg = `${action.kind.at(0).toUpperCase() + action.kind.slice(1)} "${action.name}" must be called on a collection of ${current.name}`
+    const msg = `${action.kind.at(0).toUpperCase() + action.kind.slice(1)} "${
+      action.name
+    }" must be called on a collection of ${current.name}`
     throw Object.assign(new Error(msg), { statusCode: 400 })
   }
 
   if (incompleteKeys) {
     if (!onCollection) {
-      const msg = `${action.kind.at(0).toUpperCase() + action.kind.slice(1)} "${action.name}" must be called on a single instance of ${current.name}`
+      const msg = `${action.kind.at(0).toUpperCase() + action.kind.slice(1)} "${
+        action.name
+      }" must be called on a single instance of ${current.name}`
       throw Object.assign(new Error(msg), { statusCode: 400 })
     }
 
@@ -510,7 +514,9 @@ function _processSegments(from, model, namespace, cqn, protocol) {
 
   if (incompleteKeys) {
     // > last segment not fully qualified
-    const msg = `Entity "${current.name}" has ${keysOf(current).length} keys. Only ${keyCount} ${keyCount === 1 ? 'was' : 'were'} provided.`
+    const msg = `Entity "${current.name}" has ${keysOf(current).length} keys. Only ${keyCount} ${
+      keyCount === 1 ? 'was' : 'were'
+    } provided.`
     throw Object.assign(new Error(msg), { statusCode: 400 })
   }
 
@@ -820,7 +826,13 @@ module.exports = (cqn, model, namespace, protocol) => {
 
   // hierarchy requests, quick check to avoid unnecessary traversing
   // REVISIT: Should be done via annotation on backlink, would make lookup easier
-  if (target?.elements?.LimitedDescendantCount) {
+  const _getRecurse = SELECT => {
+    if (SELECT.recurse) return SELECT.recurse
+    if (SELECT.from && SELECT.from.SELECT) return _getRecurse(SELECT.from.SELECT)
+  }
+
+  const _recurse = _getRecurse(cqn.SELECT)
+  if (_recurse) {
     let uplinkName
     for (const key in target) {
       if (key.match(/@Aggregation\.RecursiveHierarchy\s*#.*\.ParentNavigationProperty/)) {
@@ -829,10 +841,12 @@ module.exports = (cqn, model, namespace, protocol) => {
         break
       }
     }
-    if (uplinkName) {
-      let r = cqn.SELECT.recurse
-      if (r) r.ref[0] = uplinkName
-    }
+    if (!uplinkName || !target.elements[uplinkName])
+      throw new cds.error(
+        500,
+        'Cannot resolve `ParentNavigationProperty` in `@Aggregation.RecursiveHierarchy` annotation'
+      )
+    _recurse.ref[0] = uplinkName
   }
 
   // REVISIT: better