@sap/cds 9.2.0 → 9.3.0

package/libx/_runtime/remote/utils/client.js

@@ -1,12 +1,23 @@
 const cds = require('../../cds')
 const LOG = cds.log('remote')
+
 const { getCloudSdk } = require('./cloudSdkProvider')
-const { Readable } = require('stream')
 
 const SANITIZE_VALUES = process.env.NODE_ENV === 'production' && cds.env.log.sanitize_values !== false
-const { convertV2ResponseData, deepSanitize, convertV2PayloadData } = require('./data')
-
-const KINDS_SUPPORTING_BATCH = { odata: true, 'odata-v2': true, 'odata-v4': true }
+const { convertV2ResponseData, deepSanitize } = require('./data')
+
+const _logRequest = (requestConfig, destination) => {
+  const req2log = { headers: _sanitizeHeaders({ ...requestConfig.headers }) }
+  if (requestConfig.data && Object.keys(requestConfig.data).length) {
+    // In case of auto batch (only done for `GET` requests) no data is part of batch and for debugging URL is crucial
+    if (SANITIZE_VALUES && !requestConfig._autoBatchedGet) req2log.data = deepSanitize(requestConfig.data)
+    else req2log.data = requestConfig.data
+  }
+  LOG.debug(
+    `${requestConfig.method} ${destination.url || `<${destination.destinationName}>`}${requestConfig.url}`,
+    req2log
+  )
+}
 
 const _sanitizeHeaders = headers => {
   // REVISIT: is this in-place modification intended?
@@ -18,12 +29,9 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
   const { executeHttpRequestWithOrigin } = getCloudSdk()
 
   if (typeof destination === 'string') {
-    destination = {
-      destinationName: destination,
-      ...destinationOptions,
-      ...{ jwt: destinationOptions?.jwt === undefined ? jwt : destinationOptions.jwt }
-    }
-    if (destination.jwt !== undefined && !destination.jwt) delete destination.jwt // don't pass any value
+    destination = { destinationName: destination, ...destinationOptions }
+    if (destination.jwt === undefined) destination.jwt = jwt
+    if (!destination.jwt && destination.jwt !== undefined) delete destination.jwt
   } else if (destination.forwardAuthToken) {
     destination = {
       ...destination,
@@ -32,64 +40,24 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
     }
     delete destination.forwardAuthToken
     if (jwt) destination.headers.authorization = `Bearer ${jwt}`
-    else LOG._warn && LOG.warn('Missing JWT token for forwardAuthToken')
+    else if (LOG._warn) LOG.warn('Missing JWT token for forwardAuthToken!')
   }
 
   // Cloud SDK throws error if useCache is activated and jwt is undefined
   if (destination.jwt === undefined) destination.useCache = false
 
-  if (LOG._debug) {
-    const req2log = { headers: _sanitizeHeaders({ ...requestConfig.headers }) }
-    if (requestConfig.method !== 'GET' && requestConfig.method !== 'DELETE')
-      // In case of auto batch (only done for `GET` requests) no data is part of batch and for debugging URL is crucial
-      req2log.data =
-        requestConfig.data && SANITIZE_VALUES && !requestConfig._autoBatchedGet
-          ? deepSanitize(requestConfig.data)
-          : requestConfig.data
-    LOG.debug(
-      `${requestConfig.method} ${destination.url || `<${destination.destinationName}>`}${requestConfig.url}`,
-      req2log
-    )
-  }
+  if (LOG._debug) _logRequest(requestConfig, destination)
 
   // cloud sdk requires a new mechanism to differentiate the priority of headers
   // "custom" keeps the highest priority as before
-  const maxBodyLength = cds.env?.remote?.max_body_length
   requestConfig = {
     ...requestConfig,
-    headers: { custom: { ...requestConfig.headers } },
-    ...(maxBodyLength && { maxBodyLength })
-  }
-
-  // set `fetchCsrfToken` to `false` because we mount a custom CSRF middleware
-  const requestOptions = { fetchCsrfToken: false }
-
-  return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
-}
-
-/**
- * Rest Client
- */
-
-/**
- * Normalizes server path.
- *
- * Adds / in the beginning of the path if not exists.
- * Removes / in the end of the path if exists.
- *
- * @param {*} path - to be normalized
- */
-const formatPath = path => {
-  let formattedPath = path
-  if (!path.startsWith('/')) {
-    formattedPath = `/${formattedPath}`
-  }
-
-  if (path.endsWith('/')) {
-    formattedPath = formattedPath.substring(0, formattedPath.length - 1)
+    headers: { custom: { ...requestConfig.headers } }
   }
+  const maxBodyLength = cds.env?.remote?.max_body_length
+  if (maxBodyLength) requestConfig.maxBodyLength = maxBodyLength
 
-  return formattedPath
+  return executeHttpRequestWithOrigin(destination, requestConfig, { fetchCsrfToken: false })
 }
 
 function _defineProperty(obj, property, value) {
@@ -214,17 +182,12 @@ const _getSanitizedError = (e, reqOptions, options = { suppressRemoteResponseBod
   return e
 }
 
-const run = async (requestConfig, options) => {
-  let response
-
+module.exports.run = async (requestConfig, options) => {
   const { destination, destinationOptions, jwt, suppressRemoteResponseBody } = options
+
+  let response
   try {
-    response = await _executeHttpRequest({
-      requestConfig,
-      destination,
-      destinationOptions,
-      jwt
-    })
+    response = await _executeHttpRequest({ requestConfig, destination, destinationOptions, jwt })
   } catch (e) {
     // > axios received status >= 400 -> gateway error
     const msg = e?.response?.data?.error?.message?.value ?? e?.response?.data?.error?.message ?? e.message
@@ -232,6 +195,7 @@ const run = async (requestConfig, options) => {
     const sanitizedError = _getSanitizedError(e, requestConfig, { suppressRemoteResponseBody })
     const err = Object.assign(new Error(e.message), { statusCode: 502, reason: sanitizedError })
     cds.repl || LOG.warn(err)
+
     throw err
   }
 
@@ -298,154 +262,3 @@ const run = async (requestConfig, options) => {
 
   return response.data
 }
-
-const _cqnToReqOptions = (query, service, req) => {
-  const { kind, model } = service
-  const method = req.method
-  const queryObject = cds.odata.urlify(query, { kind, model, method })
-  const reqOptions = {
-    method: queryObject.method,
-    url: queryObject.path
-      // REVISIT: remove when we can assume that number of remote services running Okra is negligible
-      // ugly workaround for Okra not allowing spaces in ( x eq 1 )
-      .replace(/\( /g, '(')
-      .replace(/ \)/g, ')')
-  }
-
-  if (queryObject.method !== 'GET' && queryObject.method !== 'HEAD') {
-    reqOptions.data = kind === 'odata-v2' ? convertV2PayloadData(queryObject.body, req.target) : queryObject.body
-  }
-
-  return reqOptions
-}
-
-const _stringToReqOptions = (query, data, target) => {
-  const cleanQuery = query.trim()
-  const blankIndex = cleanQuery.substring(0, 8).indexOf(' ')
-  const reqOptions = {
-    method: cleanQuery.substring(0, blankIndex).toUpperCase() || 'GET',
-    url: encodeURI(formatPath(cleanQuery.substring(blankIndex, cleanQuery.length).trim()))
-  }
-
-  if (data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') {
-    reqOptions.data = this.kind === 'odata-v2' ? Object.assign({}, convertV2PayloadData(data, target)) : data
-  }
-
-  return reqOptions
-}
-
-const _pathToReqOptions = (method, path, data, target, srvName) => {
-  let url = path
-  if (!url.startsWith('/')) {
-    // extract entity name and instance identifier (either in "()" or after "/") from fully qualified path
-    const parts = path.match(/([\w.]*)([\W.]*)(.*)/)
-    if (!parts) url = '/' + path.match(/\w*$/)[0]
-    else if (url.startsWith(srvName)) url = '/' + parts[1].replace(srvName + '.', '') + parts[2] + parts[3]
-    else url = '/' + parts[1].match(/\w*$/)[0] + parts[2] + parts[3]
-
-    // normalize in case parts[2] already starts with /
-    url = url.replace(/^\/\//, '/')
-  }
-
-  const reqOptions = { method, url }
-  if (data && reqOptions.method !== 'GET' && reqOptions.method !== 'HEAD') {
-    reqOptions.data = this.kind === 'odata-v2' ? Object.assign({}, convertV2PayloadData(data, target)) : data
-  }
-
-  return reqOptions
-}
-
-const _hasHeader = (headers, header) =>
-  Object.keys(headers || [])
-    .map(k => k.toLowerCase())
-    .includes(header)
-
-const getReqOptions = (req, query, service) => {
-  const reqOptions =
-    typeof query === 'object'
-      ? _cqnToReqOptions(query, service, req)
-      : typeof query === 'string'
-        ? _stringToReqOptions(query, req.data, req.target)
-        : _pathToReqOptions(req.method, req.path, req.data, req.target, service.definition?.name || service.namespace) //> no model, no service.definition
-
-  if (service.kind === 'odata-v2' && req.event === 'READ' && reqOptions.url?.match(/(\/any\()|(\/all\()/)) {
-    req.reject(501, 'Lambda expressions are not supported in OData v2')
-  }
-
-  reqOptions.headers = { accept: 'application/json,text/plain' }
-
-  if (!_hasHeader(req.headers, 'accept-language')) {
-    // Forward the locale properties from the original request (including region variants or weight factors),
-    // if not given, it's taken from the user's locale (normalized and simplified)
-    const locale = req._locale
-    if (locale) reqOptions.headers['accept-language'] = locale
-  }
-
-  // forward all dwc-* headers
-  if (service.options.forward_dwc_headers) {
-    const originalHeaders = req.context?.http.req.headers || {}
-    for (const k in originalHeaders) if (k.match(/^dwc-/)) reqOptions.headers[k] = originalHeaders[k]
-  }
-
-  if (
-    reqOptions.data &&
-    reqOptions.method !== 'GET' &&
-    reqOptions.method !== 'HEAD' &&
-    !(reqOptions.data instanceof Readable)
-  ) {
-    if (typeof reqOptions.data === 'object' && !Buffer.isBuffer(reqOptions.data)) {
-      reqOptions.headers['content-type'] = 'application/json'
-      reqOptions.headers['content-length'] = Buffer.byteLength(JSON.stringify(reqOptions.data))
-    } else if (typeof reqOptions.data === 'string') {
-      reqOptions.headers['content-length'] = Buffer.byteLength(reqOptions.data)
-    } else if (Buffer.isBuffer(reqOptions.data)) {
-      reqOptions.headers['content-length'] = Buffer.byteLength(reqOptions.data)
-      if (!_hasHeader(req.headers, 'content-type')) reqOptions.headers['content-type'] = 'application/octet-stream'
-    }
-  }
-
-  reqOptions.url = formatPath(reqOptions.url)
-
-  // batch envelope if needed
-  const maxGetUrlLength = service.options.max_get_url_length ?? cds.env.remote?.max_get_url_length ?? 1028
-  if (KINDS_SUPPORTING_BATCH[service.kind] && reqOptions.method === 'GET' && reqOptions.url.length > maxGetUrlLength) {
-    LOG._debug &&
-      LOG.debug(
-        `URL of remote request exceeds the configured max length of ${maxGetUrlLength}. Converting it to a $batch request.`
-      )
-    reqOptions._autoBatchedGet = true
-    reqOptions.data = [
-      '--batch1',
-      'Content-Type: application/http',
-      'Content-Transfer-Encoding: binary',
-      '',
-      `${reqOptions.method} ${reqOptions.url.replace(/^\//, '')} HTTP/1.1`,
-      ...Object.keys(reqOptions.headers).map(k => `${k}: ${reqOptions.headers[k]}`),
-      '',
-      '',
-      '--batch1--',
-      ''
-    ].join('\r\n')
-    reqOptions.method = 'POST'
-    reqOptions.headers.accept = 'multipart/mixed'
-    reqOptions.headers['content-type'] = 'multipart/mixed; boundary=batch1'
-    reqOptions.url = '/$batch'
-  }
-
-  // mount resilience and csrf middlewares for SAP Cloud SDK
-  reqOptions.middleware = [service.middlewares.timeout]
-  const fetchCsrfToken = !!(reqOptions._autoBatchedGet ? service.csrfInBatch : service.csrf)
-  if (fetchCsrfToken) reqOptions.middleware.push(service.middlewares.csrf)
-
-  if (service.path) reqOptions.url = `${encodeURI(service.path)}${reqOptions.url}`
-
-  // set axios responseType to 'arraybuffer' if returning binary in rest
-  if (req._binary) reqOptions.responseType = 'arraybuffer'
-
-  return reqOptions
-}
-
-module.exports = {
-  run,
-  getReqOptions
-}

package/libx/_runtime/remote/utils/query.js

@@ -0,0 +1,197 @@
+const cds = require('../../cds')
+const LOG = cds.log('remote')
+
+const { convertV2PayloadData } = require('./data')
+const { Readable } = require('stream')
+
+/**
+ * Normalizes server path.
+ *
+ * Adds / in the beginning of the path if not exists.
+ * Removes / in the end of the path if exists.
+ *
+ * @param {*} path - to be normalized
+ */
+const _formatPath = (path = '') => {
+  let formattedPath = path
+
+  if (!path.startsWith('/')) formattedPath = `/${formattedPath}`
+  if (path.endsWith('/')) formattedPath = formattedPath.substring(0, formattedPath.length - 1)
+
+  return formattedPath
+}
+
+const _cqnWithPublicEntries = query => {
+  return Object.fromEntries(Object.entries(query).filter(([key]) => !key.startsWith('_')))
+}
+
+const _cqnToHcqlRequestConfig = cqn => {
+  if (cqn.SELECT && cqn.SELECT.from) return { method: 'GET', data: { SELECT: _cqnWithPublicEntries(cqn.SELECT) } }
+  if (cqn.INSERT && cqn.INSERT.into) return { method: 'POST', data: { INSERT: _cqnWithPublicEntries(cqn.INSERT) } }
+  if (cqn.UPDATE && cqn.UPDATE.entity) return { method: 'PATCH', data: { UPDATE: _cqnWithPublicEntries(cqn.UPDATE) } }
+  if (cqn.UPSERT && cqn.UPSERT.into) return { method: 'PUT', data: { UPSERT: _cqnWithPublicEntries(cqn.UPSERT) } }
+  if (cqn.DELETE && cqn.DELETE.from) return { method: 'DELETE', data: { DELETE: _cqnWithPublicEntries(cqn.DELETE) } }
+
+  cds.error(400, 'Invalid CQN object can not be processed.', JSON.stringify(cqn), _cqnToHcqlRequestConfig)
+}
+
+const _cqnToRequestConfig = (query, service, req) => {
+  const { kind, model } = service
+
+  const queryObject = cds.odata.urlify(query, { kind, model, method: req.method })
+
+  const requestConfig = {
+    method: queryObject.method,
+    url: queryObject.path
+      // REVISIT: remove when we can assume that number of remote services running Okra is negligible
+      // ugly workaround for Okra not allowing spaces in ( x eq 1 )
+      .replace(/\( /g, '(')
+      .replace(/ \)/g, ')')
+  }
+
+  if (queryObject.method !== 'GET' && queryObject.method !== 'HEAD') {
+    requestConfig.data = kind === 'odata-v2' ? convertV2PayloadData(queryObject.body, req.target) : queryObject.body
+  }
+
+  return requestConfig
+}
+
+const _stringToRequestConfig = (query, data, target) => {
+  const cleanQuery = query.trim()
+  const blankIndex = cleanQuery.substring(0, 8).indexOf(' ')
+
+  const requestConfig = {
+    method: cleanQuery.substring(0, blankIndex).toUpperCase() || 'GET',
+    url: encodeURI(_formatPath(cleanQuery.substring(blankIndex, cleanQuery.length).trim()))
+  }
+
+  if (data && requestConfig.method !== 'GET' && requestConfig.method !== 'HEAD') {
+    requestConfig.data = this.kind === 'odata-v2' ? Object.assign({}, convertV2PayloadData(data, target)) : data
+  }
+
+  return requestConfig
+}
+
+const _pathToRequestConfig = (method, path, data, target, srvName) => {
+  let url = path
+
+  if (!url.startsWith('/')) {
+    // extract entity name and instance identifier (either in "()" or after "/") from fully qualified path
+    const parts = path.match(/([\w.]*)([\W.]*)(.*)/)
+    if (!parts) url = '/' + path.match(/\w*$/)[0]
+    else if (url.startsWith(srvName)) url = '/' + parts[1].replace(srvName + '.', '') + parts[2] + parts[3]
+    else url = '/' + parts[1].match(/\w*$/)[0] + parts[2] + parts[3]
+
+    // normalize in case parts[2] already starts with /
+    url = url.replace(/^\/\//, '/')
+  }
+
+  const requestConfig = { method, url }
+  if (data && requestConfig.method !== 'GET' && requestConfig.method !== 'HEAD') {
+    requestConfig.data = this.kind === 'odata-v2' ? Object.assign({}, convertV2PayloadData(data, target)) : data
+  }
+
+  return requestConfig
+}
+
+const _hasHeader = (headers, header) =>
+  Object.keys(headers || [])
+    .map(k => k.toLowerCase())
+    .includes(header)
+
+const KINDS_SUPPORTING_BATCH = { odata: true, 'odata-v2': true, 'odata-v4': true }
+
+const _extractRequestConfig = (req, query, service) => {
+  if (service.kind === 'hcql' && typeof query === 'object') return _cqnToHcqlRequestConfig(query)
+  if (service.kind === 'hcql') throw new Error('The request has no query and cannot be served by HCQL remote services!')
+  if (typeof query === 'object') return _cqnToRequestConfig(query, service, req)
+  if (typeof query === 'string') return _stringToRequestConfig(query, req.data, req.target)
+  //> no model, no service.definition
+  return _pathToRequestConfig(req.method, req.path, req.data, req.target, service.definition?.name || service.namespace)
+}
+
+const _batchEnvelope = (requestConfig, maxGetUrlLength) => {
+  if (LOG._debug) {
+    LOG.debug(
+      `URL of remote request exceeds the configured max length of ${maxGetUrlLength}. Converting it to a $batch request.`
+    )
+  }
+
+  const batchedRequest = [
+    '--batch1',
+    'Content-Type: application/http',
+    'Content-Transfer-Encoding: binary',
+    '',
+    `${requestConfig.method} ${requestConfig.url.replace(/^\//, '')} HTTP/1.1`,
+    ...Object.keys(requestConfig.headers).map(k => `${k}: ${requestConfig.headers[k]}`),
+    '',
+    '',
+    '--batch1--',
+    ''
+  ].join('\r\n')
+
+  requestConfig.method = 'POST'
+  requestConfig.url = '/$batch'
+  requestConfig.headers['accept'] = 'multipart/mixed'
+  requestConfig.headers['content-type'] = 'multipart/mixed; boundary=batch1'
+  requestConfig._autoBatchedGet = true
+  requestConfig.data = batchedRequest
+}
+
+module.exports.extractRequestConfig = (req, query, service) => {
+  const requestConfig = _extractRequestConfig(req, query, service)
+
+  if (service.kind === 'odata-v2' && req.event === 'READ' && requestConfig.url?.match(/(\/any\()|(\/all\()/)) {
+    req.reject(501, 'Lambda expressions are not supported in OData v2')
+  }
+
+  requestConfig.url = _formatPath(requestConfig.url)
+  requestConfig.headers = { accept: 'application/json,text/plain' }
+
+  // Forward the locale properties from the original request (including region variants or weight factors)
+  if (!_hasHeader(req.headers, 'accept-language') && req._locale) {
+    // If not given, it's taken from the user's locale (normalized and simplified)
+    requestConfig.headers['accept-language'] = req._locale
+  }
+
+  // Forward all dwc-* headers
+  if (service.options.forward_dwc_headers) {
+    const originalHeaders = req.context?.http.req.headers || {}
+    for (const k in originalHeaders) if (k.match(/^dwc-/)) requestConfig.headers[k] = originalHeaders[k]
+  }
+
+  // Ensure stream request body & appropriate content headers
+  if (
+    requestConfig.data &&
+    requestConfig.method !== 'GET' &&
+    requestConfig.method !== 'HEAD' &&
+    !(requestConfig.data instanceof Readable)
+  ) {
+    if (typeof requestConfig.data === 'object' && !Buffer.isBuffer(requestConfig.data)) {
+      requestConfig.headers['content-type'] = 'application/json'
+      requestConfig.headers['content-length'] = Buffer.byteLength(JSON.stringify(requestConfig.data))
+    } else if (typeof requestConfig.data === 'string') {
+      requestConfig.headers['content-length'] = Buffer.byteLength(requestConfig.data)
+    } else if (Buffer.isBuffer(requestConfig.data)) {
+      requestConfig.headers['content-length'] = Buffer.byteLength(requestConfig.data)
+      if (!_hasHeader(req.headers, 'content-type')) requestConfig.headers['content-type'] = 'application/octet-stream'
+    }
+  }
+
+  // Add batch envelope if needed
+  const maxGetUrlLength = service.options.max_get_url_length ?? cds.env.remote?.max_get_url_length ?? 1028
+  if (
+    requestConfig.method === 'GET' &&
+    KINDS_SUPPORTING_BATCH[service.kind] &&
+    requestConfig.url.length > maxGetUrlLength
+  ) {
+    _batchEnvelope(requestConfig, maxGetUrlLength)
+  }
+
+  if (service.path) requestConfig.url = `${encodeURI(service.path)}${requestConfig.url}`
+
+  // Set axios responseType to 'arraybuffer' if returning binary in rest
+  if (req._binary) requestConfig.responseType = 'arraybuffer'
+
+  return requestConfig
+}