@sap/cds 9.1.0 → 9.2.1

package/lib/srv/cds.Service.js

@@ -24,32 +24,20 @@ class ConsumptionAPI {
     else return this.dispatch (new Event ({ event, data, headers }))
   }
 
-  send (req, path, data, headers) {
-    if (is_object(req)) return this.dispatch (req instanceof Request ? req : new Request(req))
-    if (is_object(path)) return this.dispatch (new Request (path.is_linked //...
-      ? { method:req, entity:path, data, headers }
-      : { method:req, data:path, headers:data }))
-    else return this.dispatch (new Request({ method:req, path, data, headers }))
+  send (...args) {
+    const req = _req4 (...args)
+    return this.dispatch (req)
   }
-  schedule (method, path, data, headers) {
-    // not great to normalize args... better way? need to 'merge' with after/every
-    const req = method instanceof cds.Request ? method : new cds.Request(_nrm4skd(method, path, data, headers))
+
+  schedule (...args) {
+    const req = _req4 (...args), {ms4} = cds.utils
     return {
-      after (ms) {
-        req.queue ??= {}
-        req.queue.after = ms
-        return this
-      },
-      every (ms) {
-        req.queue ??= {}
-        req.queue.every = ms
-        return this
-      },
-      then: (r, e) => {
-        return cds.queued(this).send(req).then(r, e)
-      }
+      after (t,u) { (req.queue ??= {}).after = ms4(t,u); return this },
+      every (t,u) { (req.queue ??= {}).every = ms4(t,u); return this },
+      then: (r,e) => cds.queued(this).send(req).then(r,e)
     }
   }
+
   get    (...args) { return is_rest(args[0]) ? this.send('GET',   ...args) : this.read   (...args) }
   put    (...args) { return is_rest(args[0]) ? this.send('PUT',   ...args) : this.update (...args) }
   post   (...args) { return is_rest(args[0]) ? this.send('POST',  ...args) : this.create (...args) }
@@ -179,13 +167,15 @@ const is_query = x => x?.bind || Array.isArray(x) && !x.raw
 const is_rest = x => typeof x === 'string' && x[0] === '/'
 const _service_in = m => cds.linked(m).services?.[0]?.name
 || cds.error.expected `${{model:m}} to be a CSN with a single service definition`
-const _nrm4skd = (method, path, data, headers) => {
-  if (typeof method === 'object') return method
-  if (typeof path !== 'object') return { method, path, data, headers }
-  if (path.is_linked) return { method, entity: path, data, headers }
-  return { method, data: path, headers: data }
-}
 
+const _req4 = (event, path, data, headers) => {
+  if (is_query(event)) return new Request({ query: event, data: path, headers })
+  if (is_object(event)) return event instanceof Request ? event : new Request(event)
+  if (is_object(path)) return new Request (path.is_linked //...
+    ? { method:event, entity:path, data, headers }
+    : { method:event, data:path, headers:data })
+  else return new Request({ method:event, path, data, headers })
+}
 
 exports = module.exports = Service
 exports.Service = Service

package/lib/srv/middlewares/auth/ias-auth.js

@@ -3,7 +3,10 @@ const LOG = cds.log('auth')
 
 const {
   createSecurityContext,
+  Token,
   IdentityService,
+  XsuaaService,
+  XsuaaToken,
   errors: { ValidationError }
 } = require('./xssec')
 
@@ -18,6 +21,12 @@ module.exports = function ias_auth(config) {
         'Either bind an IAS instance, or switch to an authentication kind that does not require a binding.'
     )
 
+  // enable signature cache by default
+  serviceConfig.validation ??= {}
+  if (!('signatureCache' in serviceConfig.validation)) serviceConfig.validation.signatureCache = { enabled: true }
+  // activate decode cache if not already done or explicitely disabled by setting Token.decodeCache to false or undefined
+  if (Token.decodeCache === null) Token.enableDecodeCache()
+
   const auth_service = new IdentityService(credentials, serviceConfig)
   const user_factory = get_user_factory(credentials, skipped_attrs)
 
@@ -35,25 +44,35 @@ module.exports = function ias_auth(config) {
   const should_validate =
     process.env.VCAP_APPLICATION &&
     JSON.parse(process.env.VCAP_APPLICATION).application_uris?.some(uri => uri.match(/\.cert\./))
-  const validation_enabled = serviceConfig.validation?.x5t?.enabled || serviceConfig.validation?.proofToken?.enabled
+  const validation_configured = serviceConfig.validation?.x5t?.enabled != null || serviceConfig.validation?.proofToken?.enabled != null
 
   let validating_auth_service
-  if (should_validate && !validation_enabled) {
+  if (should_validate && !validation_configured) {
     const _serviceConfig = { ...serviceConfig }
     _serviceConfig.validation = { x5t: { enabled: true }, proofToken: { enabled: true } }
     validating_auth_service = new IdentityService(credentials, _serviceConfig)
   }
 
+  // xsuaa fallback allows to also accept XSUAA tokens during migration to IAS
+  // automatically enabled if xsuaa credentials are available
+  let xsuaa_service, xsuaa_user_factory
+  if (cds.env.requires.xsuaa?.credentials) {
+    const { credentials: xsuaa_credentials, config: xsuaa_serviceConfig = {} } = cds.env.requires.xsuaa
+    xsuaa_service = new XsuaaService(xsuaa_credentials, xsuaa_serviceConfig)
+    const get_xsuaa_user_factory = require('./jwt-auth')._get_user_factory
+    xsuaa_user_factory = get_xsuaa_user_factory(xsuaa_credentials, xsuaa_credentials.xsappname, 'xsuaa')
+  }
+
   return async function ias_auth(req, _, next) {
     if (!req.headers.authorization) return next()
 
     try {
       const _auth_service =
         validating_auth_service && req.host.match(/\.cert\./) ? validating_auth_service : auth_service
-      const securityContext = await createSecurityContext(_auth_service, { req })
+      const securityContext = await createSecurityContext(xsuaa_service ? [_auth_service, xsuaa_service] : _auth_service, { req })
       const tokenInfo = securityContext.token
       const ctx = cds.context
-      ctx.user = user_factory(tokenInfo)
+      ctx.user = tokenInfo instanceof XsuaaToken ? xsuaa_user_factory(tokenInfo) : user_factory(tokenInfo)
       ctx.tenant = tokenInfo.getZoneId()
       req.authInfo = securityContext //> compat req.authInfo
     } catch (e) {
@@ -73,6 +92,14 @@ function get_user_factory(credentials, skipped_attrs) {
   return function user_factory(tokenInfo) {
     const payload = tokenInfo.getPayload()
 
+    /*
+     * NOTE:
+     *  for easier migration, xssec will offer IAS without policies via so-called XsuaaFallback.
+     *  in that case, we would need to add the roles here based on the tokenInfo (similar to xsuaa-auth).
+     *  however, it is not yet clear where the roles will be stored in IAS' tokenInfo object.
+     *  further, stakeholders would need to configure the "extension" programmatically (e.g., in a custom server.js).
+     */
+
     const clientid = tokenInfo.getClientId()
     if (clientid === payload.sub) {
       //> grant_type === client_credentials or x509

package/lib/srv/middlewares/auth/jwt-auth.js

@@ -3,7 +3,9 @@ const LOG = cds.log('auth')
 
 const {
   createSecurityContext,
+  Token,
   XsuaaService,
+  XsaService,
   errors: { ValidationError }
 } = require('./xssec')
 
@@ -16,7 +18,13 @@ module.exports = function jwt_auth(config) {
         'Either bind an XSUAA instance, or switch to an authentication kind that does not require a binding.'
     )
 
-  const auth_service = new XsuaaService(credentials, serviceConfig)
+  // enable signature cache by default
+  serviceConfig.validation ??= {}
+  if (!('signatureCache' in serviceConfig.validation)) serviceConfig.validation.signatureCache = { enabled: true }
+  // activate decode cache if not already done or explicitely disabled by setting Token.decodeCache to false or undefined
+  if (Token.decodeCache === null) Token.enableDecodeCache()
+
+  const auth_service = !credentials.uaadomain ? new XsaService(credentials, serviceConfig) : new XsuaaService(credentials, serviceConfig)
   const user_factory = get_user_factory(credentials, credentials.xsappname, kind)
 
   return async function jwt_auth(req, _, next) {
@@ -76,3 +84,5 @@ function get_user_factory(credentials, xsappname, kind) {
     return new cds.User({ id, roles, attr, tokenInfo })
   }
 }
+
+module.exports._get_user_factory = get_user_factory

package/lib/srv/srv-models.js

@@ -31,7 +31,7 @@ class ExtendedModels {
       } catch (error) {
         // Better error message for client
         if (error.status === 404) throw error
-        cds.error('`extensibility: true` is configured but table "cds.xt.Extensions" does not exist. Please redeploy.', error)
+        cds.error(`\`extensibility: true\` is configured but table "cds.xt.Extensions" does not exist - please upgrade tenant '${tenant}'`, error)
       }
       if (!_has_extensions) {
         let k = cache.key4 (tenant = undefined, features)

package/lib/srv/srv-tx.js

@@ -1,4 +1,3 @@
-/** @typedef {import('./cds.Service')} Service } */
 
 const cds = require('../index'), { srv_tx_compat_for_afc = true } = cds.env.features
 const EventContext = require('../req/context')
@@ -9,8 +8,9 @@ class NestedContext extends EventContext { static for(_) { return _ instanceof E
 /**
  * This is the implementation of the `srv.tx(req)` method. It constructs
  * a new Transaction as a derivate of the `srv` (i.e. {__proto__:srv})
+ * @typedef {import('./cds.Service')} Service
+ * @this {Service} @param { EventContext } ctx
  * @returns { Promise<Transaction & Service> }
- * @param { EventContext } ctx
  */
 module.exports = exports = function srv_tx (ctx,fn) { const srv = this
 

package/lib/utils/cds-utils.js

@@ -20,7 +20,7 @@ exports = module.exports = new class {
   get uuid() { return super.uuid = require('crypto').randomUUID }
   get yaml() { const yaml = require('js-yaml'); return super.yaml = Object.assign(yaml,{parse:yaml.load}) }
   get tar()  { return super.tar = process.platform === 'win32' && _tarLib() ? require('./tar-lib') : require('./tar') }
-  get _unit()  { return super._unit = require('./unit') }
+  get semver() { return super.semver = require('./version') }
 }
 
 /** @type {import('node:path')} */
@@ -88,7 +88,14 @@ const chimera = Object.getOwnPropertyDescriptors (class Chimera {
 exports.decodeURIComponent = s => { try { return decodeURIComponent(s) } catch { return s } }
 exports.decodeURI = s => { try { return decodeURI(s) } catch { return s } }
 
-exports.local = (file) => file && relative(cwd,file)
+/**
+ * Computes a relative path from the a working directory to the given relative file,
+ * considering a divergent 'outer' root path that is not `cds.root`.
+ * Needed for `cds watch/run <dir>` calls.
+ * @param {string} file - the relative file path to compute
+ * @returns {string} - the relative path
+ */
+exports.local = (file) => file && relative(cwd, resolve(cds.root,file))
 
 const { prepareStackTrace, stackTraceLimit } = Error
 
@@ -334,3 +341,29 @@ exports.redacted = function _redacted(cred) {
   }
   return cred
 }
+
+
+/**
+ * Converts a time span with a unit into milliseconds. @example
+ * ms4(5,'s') //> 5000
+ * ms4('5s') //> 5000
+ * @param {number|string} ts - time span as number, or string with unit suffix, with or without spaces
+ * @param {string} [unit] - time span unit
+ * @returns {number} - time span in milliseconds
+ */
+const ms4 = exports.ms4 = (ts, unit, u=unit) => {
+  if (typeof ts === 'string') [,ts,u] = /(\d+) ?(\w*)/.exec(ts) || cds.error `Invalid time span format: ${ts}`
+  return ts * ms4[u||unit||'ms'] || cds.error `Invalid time span unit: ${unit} in ${ts}`
+}
+
+/**
+ * Constants for time spans factors to milliseconds. @example
+ * const { days, hours, minutes, second } = cds.utils.ms4
+ * 4 * days + 3 * hours + 2 * minutes + 1 * second //> 356521000
+ */
+const ms = ms4.ms = 1
+ms4.seconds = ms4.second = ms4.s = ms4.sec = 1000 *ms
+ms4.minutes = ms4.minute = ms4.m = ms4.min = 1000 *ms * 60
+ms4.hours   = ms4.hour   = ms4.h = ms4.hrs = 1000 *ms * 60 * 60
+ms4.days    = ms4.day    = ms4.d           = 1000 *ms * 60 * 60 * 24
+ms4.weeks   = ms4.week   = ms4.w           = 1000 *ms * 60 * 60 * 24 * 7

package/lib/utils/csv-reader.js

@@ -1,6 +1,6 @@
 const { createReadStream, createWriteStream, promises: fsp } = require('fs')
 const { Readable } = require('stream')
-const cds = require('../../lib')
+const cds = require('..')
 
 const SEPARATOR = /[,;\t]/
 

package/lib/utils/version.js

@@ -0,0 +1,18 @@
+const semver = exports = module.exports = (x,y,z) => {
+  if (typeof x === 'string') [ x,y,z ] = String(x).split('.')
+  return 1e6 * (x||0) + 1e3 * (y||0) + +(z||0)
+}
+
+exports.checkNodeVersion = (cds = require ('../../package.json')) => {
+  let required = cds.engines?.node?.slice(2) //> e.g. >=22
+  let current = process.version.slice(1)    //> e.g. v24.4.1
+  if (semver(current) >= semver(required)) return; else process.stderr.write (`
+    Node.js version ${required} or higher is required for @sap/cds v${cds.version}.
+    Current version ${current} does not satisfy this. \n\n`)
+  return process.exit(1)
+}
+
+exports.check = (x, min, max) => {
+  let v = semver(x)
+  return (!min || semver(min) <= v) && (!max || v <= semver(max))
+}

package/libx/_runtime/cds.js

@@ -16,7 +16,7 @@ cds.extend(service).with(require('./common/aspects/service'))
  */
 cds.Service.prototype._requires_resolving = function (req) {
   if (req._resolved) return false
-  if (!this.model) return false
+  if (!this.definition) return false
   if (!req.query || typeof req.query !== 'object') return false
   if (Array.isArray(req.query)) return false
   if (Object.keys(req.query).length === 0) return false

package/libx/_runtime/common/aspects/any.js

@@ -1,20 +1,10 @@
-const { foreignKey4 } = require('../../common/utils/foreignKeyPropagations')
+const { foreignKey4 } = require('../utils/foreignKeyPropagations')
 
 const _getCommonFieldControl = e => {
   const cfr = e['@Common.FieldControl']
   return cfr && cfr['#']
 }
 
-const _isMandatory = e => {
-  return (
-    e['@assert.mandatory'] !== false &&
-    (e['@mandatory'] ||
-      e['@Common.FieldControl.Mandatory'] ||
-      e['@FieldControl.Mandatory'] ||
-      _getCommonFieldControl(e) === 'Mandatory')
-  )
-}
-
 const _isReadOnly = e => {
   return (
     e['@readonly'] ||
@@ -34,22 +24,10 @@ module.exports = class {
     return this.own('__isStructured', () => !!this.elements && this.kind !== 'entity')
   }
 
-  get _isMandatory() {
-    return this.own('__isMandatory', () => !this.isAssociation && _isMandatory(this))
-  }
-
   get _isReadOnly() {
     return this.own('__isReadOnly', () => !this.key && _isReadOnly(this))
   }
 
-  get _mandatories() {
-    return this.own(
-      '__mandatories',
-      // eslint-disable-next-line no-unused-vars
-      () => this.elements && Object.entries(this.elements).filter(([_, v]) => v._isMandatory)
-    )
-  }
-
   get _foreignKey4() {
     return this.own('__foreignKey4', () => foreignKey4(this))
   }

package/libx/_runtime/common/generic/input.js

@@ -13,11 +13,11 @@ const LOG = cds.log('app')
 const { Readable } = require('node:stream')
 
 const { enrichDataWithKeysFromWhere } = require('../utils/keys')
-const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
+const { DRAFT_COLUMNS_MAP } = require('../constants/draft')
 const propagateForeignKeys = require('../utils/propagateForeignKeys')
-const { checkInputConstraints, assertTargets } = require('../../cds-services/util/assert')
 const getTemplate = require('../utils/template')
 const getRowUUIDGeneratorFn = require('../utils/rowUUIDGenerator')
+const templatePathSerializer = require('../utils/templateProcessorPathSerializer')
 
 const _shouldSuppressErrorPropagation = (event, value) => {
   return (
@@ -96,6 +96,113 @@ const _preProcessAssertTarget = (assocInfo, assertMap) => {
   })
 }
 
+const _enumValues = element => {
+  return Object.keys(element).map(enumKey => {
+    const enum_ = element[enumKey]
+    const enumValue = enum_ && enum_.val
+
+    if (enumValue !== undefined) {
+      if (enumValue['=']) return enumValue['=']
+      if (enum_ && enum_.literal && enum_.literal === 'number') return Number(enumValue)
+      return enumValue
+    }
+
+    return enumKey
+  })
+}
+
+// REVISIT: this needs a cleanup!
+const _assertError = (code, element, value, key, path) => {
+  let args
+
+  if (typeof code === 'object') {
+    args = code.args
+    code = code.code
+  }
+
+  const { name, type, precision, scale } = element
+  const error = new Error()
+  const errorEntry = {
+    code,
+    message: code,
+    target: path ?? element.name ?? key,
+    args: args ?? [name ?? key]
+  }
+
+  const assertError = Object.assign(error, errorEntry)
+  Object.assign(assertError, {
+    entity: element.parent && element.parent.name,
+    element: name, // > REVISIT: when is error.element needed?
+    type: element.items ? element.items._type : type,
+    status: 400,
+    value
+  })
+
+  if (element.enum) assertError.enum = _enumValues(element)
+  if (precision) assertError.precision = precision
+  if (scale) assertError.scale = scale
+
+  if (element.target) {
+    // REVISIT: when does this case apply?
+    assertError.target = element.target
+  }
+
+  return assertError
+}
+
+/**
+ * Check whether the target entity referenced by the association (the reference's target) exists and assert an error if
+ * the the reference's target doesn't exist.
+ *
+ * In other words, use this annotation to check whether a non-null foreign key input in a table has a corresponding
+ * primary key (also known as a parent key) in the associated/referenced target table (also known as a parent table).
+ *
+ * @param {object} assertMap - Map containing the targets to assert.
+ * @param {array} errors - Array to collect errors.
+ * @see {@link https://cap.cloud.sap/docs/guides/providing-services#assert-target @assert.target} for further information.
+ */
+const _assertTargets = async (assertMap, errors) => {
+  const { targets: targetsMap, allTargets } = assertMap
+  if (targetsMap.size === 0) return
+
+  const targets = Array.from(targetsMap.values())
+  const transactions = targets.map(({ keys, entity }) => {
+    const where = Object.assign({}, ...keys)
+    return cds.db.exists(entity, where).forShareLock()
+  })
+  const targetsExistsResults = await Promise.allSettled(transactions)
+
+  targetsExistsResults.forEach((txPromise, index) => {
+    const isPromiseRejected = txPromise.status === 'rejected'
+    const shouldAssertError = (txPromise.status === 'fulfilled' && txPromise.value == null) || isPromiseRejected
+    if (!shouldAssertError) return
+
+    const target = targets[index]
+    const { element } = target.assocInfo
+
+    if (isPromiseRejected) {
+      LOG._debug &&
+        LOG.debug(
+          `The transaction to check the @assert.target constraint for foreign key "${element.name}" failed`,
+          txPromise.reason
+        )
+
+      throw new Error(txPromise.reason.message)
+    }
+
+    allTargets
+      .filter(t => t.key === target.key)
+      .forEach(target => {
+        const { row, pathSegmentsInfo } = target.assocInfo
+        const key = target.foreignKey.name
+        let path
+        if (pathSegmentsInfo?.length) path = templatePathSerializer(key, pathSegmentsInfo)
+        const error = _assertError('ASSERT_TARGET', target.foreignKey, row[key], key, path)
+        errors.push(error)
+      })
+  })
+}
+
 const _processCategory = (req, category, value, elementInfo, assertMap) => {
   const { row, key, element, isRoot } = elementInfo
   category = _getSimpleCategory(category)
@@ -166,7 +273,7 @@ const _getProcessorFn = (req, errors, assertMap) => {
   const event = req.event
 
   return elementInfo => {
-    const { row, key, element, plain, pathSegmentsInfo } = elementInfo
+    const { row, key, plain } = elementInfo
     // ugly pointer passing for sonar
     const value = { mandatory: false, val: row && row[key] }
 
@@ -175,9 +282,6 @@ const _getProcessorFn = (req, errors, assertMap) => {
     }
 
     if (_shouldSuppressErrorPropagation(event, value)) return
-
-    // REVISIT: Convert checkInputConstraints to template mechanism
-    checkInputConstraints({ element, value: value.val, errors, pathSegmentsInfo, event })
   }
 }
 
@@ -276,49 +380,12 @@ async function validate_input(req) {
     pathSegmentsInfo: []
   })
   if (assertMap.targets.size > 0) {
-    await assertTargets(assertMap, errors)
+    await _assertTargets(assertMap, errors)
   }
 
   if (errors.length) for (const error of errors) req.error(error)
 }
 
-const _getProcessorFnForActionsFunctions =
-  (errors, opName) =>
-  ({ row, key, element }) => {
-    const value = row && row[key]
-
-    // REVISIT: Convert checkInputConstraints to template mechanism
-    checkInputConstraints({ element, value, errors, key: opName })
-  }
-
-const _processActionFunctionRow = (row, param, key, errors, event, service) => {
-  const values = Array.isArray(row[key]) ? row[key] : [row[key]]
-
-  // unstructured
-  for (const value of values) {
-    checkInputConstraints({ element: param, value, errors, key })
-  }
-
-  // structured
-  const template = getTemplate('app-input-operation', service, param, {
-    pick: _pick,
-    ignore: element => element._isAssociationStrict
-  })
-
-  template.process(values, _getProcessorFnForActionsFunctions(errors, key))
-}
-
-const _processActionFunction = (row, eventParams, errors, event, service) => {
-  for (const key in eventParams) {
-    let param = eventParams[key]
-
-    // .type of action/function behaves different to .type of other csn elements
-    const _type = param.type
-    if (!_type && param.items) param = param.items
-    _processActionFunctionRow(row, param, key, errors, event, service)
-  }
-}
-
 function validate_action(req) {
   const operation = this.actions?.[req.event] || req.target?.actions?.[req.event]
   if (!operation) return
@@ -334,12 +401,6 @@ function validate_action(req) {
   let errs = cds.validate(data, operation, assertOptions)
   if (errs) return errs.forEach(err => req.error(err))
 
-  // REVISIT: we still need the following because cds.validate doesn't check for @mandatory params (both flat and nested)
-  const errors = []
-  const arrayData = Array.isArray(data) ? data : [data]
-  for (const row of arrayData) _processActionFunction(row, operation.params, errors, req.event, this)
-  if (errors.length) for (const error of errors) req.error(error)
-
   // convert binaries
   operation.params &&
     !cds.env.features.base64_binaries &&

package/libx/_runtime/common/generic/sorting.js

@@ -1,5 +1,5 @@
 const cds = require('../../cds')
-const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
+const { DRAFT_COLUMNS_MAP } = require('../constants/draft')
 
 const _getStaticOrders = req => {
   const { target: entity, query } = req

package/libx/_runtime/common/utils/draft.js

@@ -1,5 +1,5 @@
 const cds = require('../../../../lib')
-const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
+const { DRAFT_COLUMNS_MAP } = require('../constants/draft')
 
 const _4sqlite = cds.env.i18n && Array.isArray(cds.env.i18n.for_sqlite) ? cds.env.i18n.for_sqlite : []
 // compiler reserves 'localized' and raises a corresponding exception if used in models

package/libx/_runtime/common/utils/entityFromCqn.js

@@ -1,4 +1,4 @@
-const { ensureNoDraftsSuffix } = require('../../common/utils/draft')
+const { ensureNoDraftsSuffix } = require('./draft')
 
 const traverseFroms = (cqn, cb, aliasForSet) => {
   while (cqn.SELECT) cqn = cqn.SELECT.from

package/libx/_runtime/common/utils/propagateForeignKeys.js

@@ -1,6 +1,6 @@
 const cds = require('../../cds')
 
-const { prefixForStruct } = require('../../common/utils/csn')
+const { prefixForStruct } = require('./csn')
 
 const _autoGenerate = e => e && e.isUUID && e.key
 

package/libx/_runtime/common/utils/resolveView.js

@@ -1,7 +1,7 @@
 const cds = require('../../../../lib')
 let LOG = cds.log('app')
 
-const { rewriteAsterisks } = require('../../common/utils/rewriteAsterisks')
+const { rewriteAsterisks } = require('./rewriteAsterisks')
 
 const _setInverseTransition = (mapping, ref, mapped) => {
   const existing = mapping.get(ref)
@@ -531,7 +531,7 @@ const _mappedValue = (col, alias) => {
 const getDBTable = target => cds.ql.resolve.table(target)
 
 const _appendForeignKeys = (newColumns, target, columns, { as, ref = [] }) => {
-  const el = target.elements[as] || target.query._target.elements[ref.at(-1)]
+  const el = target.elements[as] || target.query._target?.elements[ref.at(-1)]
 
   if (el && el.isAssociation && el.keys) {
     for (const key of el.keys) {

package/libx/_runtime/common/utils/rewriteAsterisks.js

@@ -59,7 +59,7 @@ const _resolveTarget = (ref, target) => {
   if (ref.length > 1) {
     const element = target.elements[ref[0]]
     if (element) {
-      if (element.isAssociation) throw cds.error(`Navigation "${ref.join('/')}" in expand is not supported`)
+      if (element.isAssociation) throw cds.error(400, `Navigation "${ref.join('/')}" in expand is not supported`)
       // structured
       return _resolveTarget(ref.slice(1), element)
     } else {
@@ -72,7 +72,7 @@ const _resolveTarget = (ref, target) => {
   const element = target.elements[_ref]
   if (element) return element._target
 
-  throw cds.error(`Navigation property "${_ref}" is not defined in ${target.name}`, { code: 400 })
+  throw cds.error(400, `Navigation property "${_ref}" is not defined in ${target.name}`)
 }
 
 const rewriteExpandAsterisk = (columns, target) => {

package/libx/_runtime/common/utils/structured.js

@@ -1,6 +1,6 @@
 const resolveStructured = require('./resolveStructured')
-const { ensureNoDraftsSuffix } = require('../../common/utils/draft')
-const { traverseFroms } = require('../../common/utils/entityFromCqn')
+const { ensureNoDraftsSuffix } = require('./draft')
+const { traverseFroms } = require('./entityFromCqn')
 
 const OPERATIONS_MAP = ['=', '>', '<', '!=', '<>', '>=', '<=', 'like', 'between', 'in', 'not in'].reduce((acc, cur) => {
   acc[cur] = 1

package/libx/_runtime/common/utils/templateProcessor.js

@@ -6,7 +6,6 @@ const _processElement = (processFn, row, key, target, picked = {}, isRoot, pathS
 
   if (!plain) return
 
-  /** @type import('../../types/api').templateElementInfo */
   const elementInfo = { row, key, element, target, plain, isRoot, pathSegmentsInfo }
 
   if (!element && target._flat2struct?.[key] && elementInfo.pathSegmentsInfo) {
@@ -53,7 +52,6 @@ const _processComplex = (processFn, row, template, key, pathOptions) => {
     let pathSegmentInfo
     if (pathOptions.includeKeyValues) {
       pathOptions.rowUUIDGenerator?.(keyNames, row, template)
-      /** @type import('../../types/api').pathSegmentInfo */
       pathSegmentInfo = { key, keyNames, row, elements: template.target.elements, draftKeys: pathOptions.draftKeys }
     }
 
@@ -63,9 +61,6 @@ const _processComplex = (processFn, row, template, key, pathOptions) => {
   }
 }
 
-/**
- * @param {import("../../types/api").TemplateProcessor} args
- */
 const templateProcessor = ({ processFn, data, template, isRoot = true, pathOptions = {} }) => {
   if (!template || !template.elements.size || !data || typeof data !== 'object') return
   const dataArr = Array.isArray(data) ? data : [data]

package/libx/_runtime/common/utils/vcap.js

@@ -1,4 +1,4 @@
-const cds = require('../../../../libx/_runtime/cds')
+const cds = require('../../cds')
 
 const getAppMetadata = () => {
   const appMetadata = cds.env.app