@sap/cds 9.2.1 → 9.3.0

package/lib/log/cds-log.js

@@ -162,9 +162,7 @@ const { ERROR, WARN, INFO, DEBUG, TRACE } = exports.levels = {
   SILENT:0, ERROR:1, WARN:2, INFO:3, DEBUG:4, TRACE:5, SILLY:5, VERBOSE:5
 }
 
-
-// If cds.env is not yet loaded, update the loggers when it is
-if (conf === defaults) cds.once ('env', ()=>{
+function applyLogConfig() {
   let { loggers, format } = exports, fmt = format
   let { plain } = log.formatters
   conf = cds.env.log
@@ -191,10 +189,13 @@ if (conf === defaults) cds.once ('env', ()=>{
   if (fmt !== format) {
     for (let each in loggers) loggers[each] .setFormat (fmt)
   }
-
+  
   _init()
-}); else _init()
+}
 
+// If cds.env is not yet loaded, update the loggers when it is
+if (conf === defaults) cds.once ('env', applyLogConfig); 
+else applyLogConfig() // otherwise apply the current config
 
 function _init() {
   if (conf.Logger) {

package/lib/log/format/aspects/cf.js

@@ -28,8 +28,8 @@ function cf_aspect(module, level, args, toLog) {
   // add static fields from environment
   Object.assign(toLog, this._CF_FIELDS)
 
-  // add subdomain, if available (use cds.context._ instead of cds.context.http because of messaging)
-  const tenant_subdomain = cds.context?._?.req?.authInfo?.getSubdomain?.()
+  // add subdomain, if available
+  const tenant_subdomain = cds.context?.user?.authInfo?.getSubdomain?.()
   if (tenant_subdomain) toLog.tenant_subdomain = tenant_subdomain
 }
 

package/lib/plugins.js

@@ -11,7 +11,7 @@ const prio_plugins = {
  */
 exports.fetch = function (DEV = process.env.NODE_ENV !== 'production') {
   DEBUG?.time ('[cds.plugins] - fetched plugins in')
-  const plugins = {}
+  const plugins = JSON.parse(process.env.CDS_PLUGINS||'{}')
   fetch_plugins_in (cds.home, false)
   fetch_plugins_in (cds.root, DEV)
   function fetch_plugins_in (root, dev) {

package/lib/ql/cds-ql.js

@@ -35,9 +35,6 @@ exports.DELETE = require('./DELETE')
 exports.CREATE = require('./CREATE')
 exports.DROP   = require('./DROP')
 
-exports.resolve = require('./resolve');
-
-
 exports.predicate = require('./cds.ql-predicates')
 exports.columns = require('./cds.ql-projections')
 /** @import cqn from './cqn' */

package/lib/req/request.js

@@ -1,5 +1,5 @@
 const cds = require('../index')
-const { Responses, Errors } = require('./response')
+const { Responses, Errors, prepareError } = require('./response')
 
 /**
  * Class Request represents requests received via synchronous protocols.
@@ -104,13 +104,13 @@ class Request extends require('./event') {
   warn   (...args) { return this._messages.add (3, ...args) }
   error  (...args) { return this._errors.add (null, ...args) }
   reject (...args) {
-    if (args.length === 0 && this.errors) {
+    if (args.length === 0 && this.errors?.length) {
       if (this.errors.length === 1) throw this.errors[0]
       const err = new cds.error ('MULTIPLE_ERRORS', { details: this.errors })
       delete err.stack
       throw err
     }
-    let e = this._errors.add(4, ...args)
+    let e = prepareError(4, ...args)
     if (!('stack' in e)) Error.captureStackTrace (e = Object.assign(new Error,e), this.reject)
     if (!('message' in e)) e.message = String (e.code || e.status)
     throw e

package/lib/req/response.js

@@ -1,12 +1,8 @@
 const cds = require ('../index')
 const placeholders = [...'x'.repeat(9)].map((x,i) => `{${i+1}}`)
 
-/**
- * Messages Collector, used for `req.errors` and `req.messages`
- */
-class Responses extends Array {
-  add (severity, code, message, target, args) {
-    let e // be filled in below...
+function prepareError(severity, code, message, target, args) {
+  let e // be filled in below...
     if (code?.raw) {
       if (typeof message === 'object') {
         target = Object.keys(message)[0]
@@ -31,6 +27,15 @@ class Responses extends Array {
       }
     }
     if (severity) e.numericSeverity ??= severity
+    return e
+}
+
+/**
+ * Messages Collector, used for `req.errors` and `req.messages`
+ */
+class Responses extends Array {
+  add (severity, code, message, target, args) {
+    const e = prepareError(severity, code, message, target, args)
     this.push(e)
     return e
   }
@@ -44,4 +49,4 @@ class Errors extends Responses {
   }
 }
 
-module.exports = { Responses, Errors }
+module.exports = { Responses, Errors, prepareError }

package/lib/srv/bindings.js

@@ -20,20 +20,28 @@ class Bindings {
   bind (service) {
     let required = cds.requires [service]
     let binding = this.provides [required?.service || service]
-    if (binding) {
+    if (binding?.endpoints) {
+      const server = this.servers [binding.server]
+      const kind = [ required.kind, 'hcql', 'rest', 'odata' ].find (k => k in binding.endpoints)
+      const path = binding.endpoints [kind]
       // in case of cds.requires.Foo = { ... }
       if (typeof required === 'object') required.credentials = {
         ...required.credentials,
-        ...binding.credentials
+        ...binding.credentials,
+        url: server.url + path
       }
       // in case of cds.requires.Foo = true
-      else required = cds.requires[service] = {
+      else required = cds.requires[service] = cds.env.requires[service] = {
         ...cds.requires.kinds [binding.kind],
-        ...binding
+        credentials: {
+          ...binding.credentials,
+          url: server.url + path
+        }
       }
+      required.kind = kind
       // REVISIT: temporary fix to inherit kind as well for mocked odata services
       // otherwise mocking with two services does not work for kind:odata-v2
-      if (required.kind === 'odata-v2' || required.kind === 'odata-v4') required.kind = 'odata'
+      if (kind === 'odata-v2' || kind === 'odata-v4') required.kind = 'odata'
     }
     return required
   }
@@ -79,20 +87,12 @@ class Bindings {
       url
     }
     // register our services
-    for (let each of services) {
+    for (let srv of services) {
       // if (each.name in cds.env.requires)  continue
-      const options = each.options || {}
-      provides[each.name] = {
-        kind: options.to || each.endpoints[0]?.kind || 'odata',
-        credentials: {
-          ...options.credentials,
-          url: url + each.path
-        },
-        server: pid
+      provides[srv.name] = {
+        endpoints: Object.fromEntries (srv.endpoints.map (ep => [ ep.kind, ep.path ])),
+        server: pid,
       }
-      // if (each.endpoints.length > 1)  provides[each.name].other = each.endpoints.slice(1).map(
-      //   ep => ({ kind: ep.kind, url: url + ep.path })
-      // )
     }
     process.on ('exit', ()=> this.purge())
     cds.on ('shutdown', ()=> this.purge())

package/lib/srv/cds-connect.js

@@ -1,5 +1,4 @@
 const cds = require('..'), LOG = cds.log('cds.connect')
-const _pending = cds.services._pending ??= {} // used below to chain parallel connect.to(<same>)
 const TRACE = cds.debug('trace')
 
 /**
@@ -27,10 +26,7 @@ connect.to = (datasource, options) => {
   else if (datasource) {
     if (datasource._is_service_class) [ Service, datasource ] = [ datasource, datasource.name ] // .to(ServiceClass)
     else if (datasource.name)  datasource = datasource.name // .to({ name: 'Service' }) from cds-typer
-    if (!options) { //> specifying ad-hoc options disallows caching
-      if (datasource in cds.services) return Promise.resolve (cds.services[datasource])
-      if (datasource in _pending) return _pending[datasource]
-    }
+    if (!options && datasource in cds.services) return Promise.resolve (cds.services[datasource])
   }
   const promise = (async()=>{
     TRACE?.time(`cds.connect.to ${datasource}`.padEnd(22).slice(0,22))
@@ -45,24 +41,25 @@ connect.to = (datasource, options) => {
     // construct new service instance
     let srv = await new Service (datasource,m,o); await (Service._is_service_class ? srv.init?.() : Service.init?.(srv))
     if (!srv.isDatabaseService && _is_queued(o)) srv = cds.queued(srv)
-    if (datasource && !options) {
+    if (!options && datasource) {
       if (datasource === 'db') cds.db = srv
       cds.services[datasource] = srv
-      delete _pending[datasource]
     }
     if (!o.silent) cds.emit ('connect',srv)
     TRACE?.timeEnd(`cds.connect.to ${datasource}`.padEnd(22).slice(0,22))
     return srv
   })()
   // queue parallel requests to a single promise, to avoid creating multiple services
-  if (datasource && !options) _pending[datasource] = promise
+  if (!options && datasource) cds.services[datasource] = promise
   return promise
 }
 
 function options4 (name, _o) {
-  const [, kind=_o?.kind, url ] = /^(\w+):(.*)/.exec(name) || []
+  if (name?.startsWith('http:')) [_o,name] = [{ url:name }]
+  const [, kind=_o?.kind, url=_o?.url ] = /^(\w+):(.*)/.exec(name) || []
   const conf = cds.service.bindings.at(name) || cds.requires[name] || cds.requires[kind] || cds.requires.kinds[name] || cds.requires.kinds[kind]
   const o = { kind, ...conf, ..._o }
+  if (!o.kind) o.kind = (url||conf?.credentials?.url)?.match (/\/(hcql|rest|odata)\//)?.[1]
   if (!o.kind && !o.impl && !o.silent) throw cds.error(
     conf ? `Configuration for 'cds.requires.${name}' lacks mandatory property 'kind' or 'impl'` :
       name ? `Didn't find a configuration for 'cds.requires.${name}' in ${cds.root}` :

package/lib/srv/cds-serve.js

@@ -1,147 +1,84 @@
 const cds = require ('..')
 const Service = cds.service.factory
-const _pending = cds.services._pending ??= {}
-const _ready = Symbol()
-const TRACE = cds.debug('trace')
-
-
-/** @param som - a service name or a model (name or csn) */
-module.exports = function cds_serve (som, _options) { // NOSONAR
-
-  TRACE?.time(`cds.serve ${som}`.padEnd(22).slice(0,22))
-
-  if (som && typeof som === 'object' && !is_csn(som) && !is_files(som)) {
-    [som,_options] = [undefined,
-      som._is_service_class    ? { service:som, from:'*' } :
-      som
-    ]
-  }
-  else if (Array.isArray(som) && som.length === 1) som = som[0]
-  const o = {..._options} // we must not modify inbound data
-
-  // Ensure options are filled in canonically based on defaults
-  const options = Promise.resolve(o).then (o => { // noformat
-    if (o.service)     { o.from     ||( o.from    = som); return o }
-    if (o.from)        { o.service  ||( o.service = som); return o }
-    if (som === 'all') { o.service ='all'; o.from = '*' ; return o }
-    if (is_csn(som))   { o.service ='all'; o.from = som ; return o }
-    if (is_files(som)) { o.service ='all'; o.from = som ; return o }
-    if (is_class(som)) { o.service = som;  o.from = '?' ; return o }
-    else               { o.service = som;  o.from = '*' ; return o }
-  })
-
-  // Load/resolve the model asynchronously...
-  const loaded = options.then (async ({from}=o) => {
-    if (!from || from === 'all' || from === '*') from = cds.model || '*'
-    if (from.definitions) return from
-    if (from === '?') try { return cds.model || await cds.load('*',o) } catch { return }
-    return cds.load(from, {...o, silent:true })
-  })
-
-  // Pass 1: Construct service provider instances...
-  const all=[], provided = loaded.then (async csn => { // NOSONAR
-
-    // Shortcut for directly passed service classes
-    if (o.service?._is_service_class) {
-      const Service = o.service, d = { name: o.service.name }
-      const srv = await _new (Service, d,csn,o)
-      return all.push (srv)
-    }
-
-    // Get relevant service definitions from model...
-    let {services} = csn = cds.compile.for.nodejs (csn)
-    const required = cds.requires
-    if (o.service && o.service !== 'all') {
-      // skip services not chosen by o.service, if specified
-      const specified = o.service.split(/\s*,\s*/).map (s => required[s] && required[s].service || s )
-      // matching exact or unqualified name
-      services = services.filter (s => specified.some (n => s.name === n || s.name.endsWith('.'+n)))
-      if (!services.length) throw cds.error (`No such service: '${o.service}'`)
-    }
-    services = services.filter (d => !(
-      // skip all services marked to be ignored
-      d['@cds.ignore'] || d['@cds.serve.ignore'] ||
-      // skip external services, unless asked to mock them and unbound
-      (d['@cds.external'] || required[d.name]?.external) && (!o.mocked || required[d.name]?.credentials)
-    ))
-    if (services.length > 1 && o.at) {
-      throw cds.error `You cannot specify 'path' for multiple services`
-    }
-
-    // Construct service instances and register them to cds.services
-    all.push (... await Promise.all (services.map (d => _new (Service,d,csn,o))))
-  })
-
-  // Pass 2: Finalize service bootstrapping by calling their impl functions.
-  // Note: doing that in a second pass guarantees all own services are in
-  // cds.services, so they'll be found when they cds.connect to each others.
-  let ready = provided.then (()=> Promise.all (all.map (async srv => {
-    cds.services[srv.name] = await Service.init (srv)
+const {serve} = cds.service.protocols
+const {init} = Service
+
+
+/** Fluent API */
+module.exports = (services, options, o = {...options}) => ({
+  from (model) { o.from = model; return this },
+  with (impl)  { o.with = impl;  return this },
+  to (prot)    { o.to   = prot;  return this },
+  at (path)    { o.at   = path;  return this },
+  in (app)     { o.app  = app;   return this },
+  then: (r,e) => _cds_serve (services,o) .then (r,e)
+})
+
+
+/**
+ * @returns { Promise<Record<string,Service>> } single or multiple services, like that:
+ * @example let { CatalogService } = await cds.serve(...) // single or many
+ *          let CatalogService = await cds.serve(...)    // single only
+ * @import Service from './cds.Service'
+ */
+async function _cds_serve (services='all', o) {
+  const TRACE = cds.log('trace'), t0 = TRACE._debug && performance.now()
+
+  if (services.service)        { Object.assign(o,services); services = o.service }
+  else if (o.service)          { o.from ??= services; services = o.service }
+  else if (is_files(services)) { o.from ??= services; services = 'all' }
+  else if (is_csn(services))   { o.from ??= services; services = 'all' }
+
+  const srvs = await _construct (services,o)
+  if (o.app) for (let srv of srvs) if (!_ignore(srv.definition)) {
+    serve (srv, o.app)
     cds.service.providers.push (srv)
-    srv[_ready]?.(srv)
-    return srv
-  })))
-
-
-  // Return fluent API to fill in remaining options...
-  return {
-
-    from (model)  { o.from = model;    return this },
-    with (impl)   { o.with = impl;     return this },
-    at (path)     { o.at   = path;     return this },
-    to (protocol) { o.to   = protocol; return this },
-
-    /** Fluent method to serve constructed providers to express app */
-    in (app) {
-      const { serve } = cds.service.protocols
-      ready = ready.then (()=> all.forEach (each => {
-        const d = each.definition || {}
-        if (d['@protocol'] === 'none' || d['@cds.api.ignore']) return each._is_dark = true
-        else serve (each, /*to:*/ app)
-        if (!o.silent) cds.emit ('serving',each)
-      }))
-      return this
-    },
-
-    /**
-     * Finally resolve to a single service or a map of many,
-     * which can be used like that: @example
-     * let { CatalogService } = await cds.serve(...) // single or many
-     * let CatalogService = await cds.serve(...)    // single only
-     */
-    then: (_resolve, _error) => ready.then ((s)=>{
-      TRACE?.timeEnd(`cds.serve ${som}`.padEnd(22).slice(0,22))
-      if (all.length === 0) return _resolve()
-      if (all.length === 1) return _resolve(Object.defineProperty(s=all[0],s.name,{value:s}))
-      else return _resolve (all.reduce ((r,s)=>{ r[s.name]=s; return r },{}))
-    }, _error),
-
-    catch: (e) => ready.catch(e)
+    o.silent || cds.emit ('serving', srv) // NOTE: only for protocol-served ones (compat behaviour)
   }
+
+  if (t0) TRACE.debug ('cds.served in'.padEnd(21),':', (performance.now()-t0).toFixed(), 'ms')
+  if (srvs.length === 1) return Object.defineProperty (o=srvs[0], o.name, {value:o})
+  return srvs.reduce ((many,s)=>{ many[s.name] = s; return many },{})
 }
 
 
-async function _new (Service, d,m,o) {
-  const srv = await new Service (d.name,m,o)
-  const required = cds.requires[d.name]
-  if (required) {
-    // Object.assign (srv.options, required)
-    if (required.name) srv.name = required.name
-    if (required.external && o.mocked) srv.mocked = true
-  }
-  _pending[srv.name] = new Promise (r => srv[_ready]=r).finally(()=>{
-    delete _pending[srv.name]
-    delete srv[_ready]
-    if (srv.mocked) {
-      let service = cds.env.requires[srv.name]?.service
-      if (service && !cds.services[service]) Object.defineProperty (cds.services, service, {value:srv})
-    }
-    if (!o.silent) cds.emit (`serving:${srv.name}`, srv)
-  })
-  return srv
+/**
+ * Constructs service instances from a model's service definitions.
+ * @param { string & typeof cds.Service } services
+ */
+async function _construct (services, o) {
+  if (services._is_service_class) // shortcut for directly passed service classes
+    return [ await init (new services (services.name, cds.model, o)) ]
+
+  // Resolve/load the model to use subsequently
+  const csn = !o.from || o.from === '*' ? cds.model || await cds.load('*')
+    : is_csn(o.from) ? o.from : await cds.load (o.from, { silent: true })
+  const m = cds.compile.for.nodejs (csn)
+
+  // Fetch service definitions from model
+  let defs = services == 'all' ? m.services : m.services.filter (_choose(_specified(services)))
+  defs = defs.filter (d => !d['@cds.ignore'] && !d['@cds.serve.ignore']) // skip ignored ones
+  defs = defs.filter (o.mocked ? _mock_external : _skip_external) // skip externals, or mock
+
+  // Construct services, adding upfront promises to cds.services
+  return Promise.all (defs.map (d => {
+    const n = cds.requires[d.name]?.name || d.name; o.service = d.name
+    return cds.services[n] = cds.services[d.name] = new Service(n,m,o) .then(init) .then (srv => {
+      if (d.is_external) srv.mocked = true
+      if (d.name !== n) Object.defineProperty (cds.services, d.name, {value:srv})
+      if (!o.silent) cds.emit (`serving:${n}`, srv)
+      return cds.services[n] = cds.services[d.name] = srv // replacing upfront promises with real services
+    })
+  }))
 }
 
 
-const is_csn = x => x && x.definitions
-const is_files = x => Array.isArray(x) || typeof x === 'string' && !/^[\w$]*$/.test(x)
-const is_class = x => typeof x === 'function' && x.prototype && /^class\b/.test(x)
+const _specified = services => services.split (/\s*,\s*/).map(s => cds.requires[s]?.service || s)
+const _choose = specified => ({name:n}) => specified.some (s => s === n || n.endsWith('.'+s))
+const _ignore = d => d?.['@protocol'] === 'none' || d?.['@cds.api.ignore']
+const _mock_external = d => _skip_external(d) || !cds.requires[d.name]?.credentials
+const _skip_external = d => !d['@external'] && !d['@cds.external'] && !cds.requires[d.name]?.external
+  || (d.is_external = true, false) // tagging all external ones, and skipping them
+
+const is_files = x => Array.isArray(x) || typeof x === 'string' && (/[^\w.$]/.test(x) || /\.(cds|csn|json)$/.test(x))
+const is_csn = x => x?.definitions

package/lib/srv/cds.Service.js

@@ -154,6 +154,55 @@ class Service extends ReflectionAPI {
   /** @deprecated */ get operations() { return this.actions }
   /** @deprecated */ get transaction() { return this.tx }
   /** @deprecated */ get isExtensible() { return this.model === cds.model && !this.name?.startsWith('cds.xt.') }
+
+  get resolve() {
+    if (this._resolve) return this._resolve
+
+    const { resolveView, getTransition } = require('../../libx/_runtime/common/utils/resolveView')
+    const PERSISTENCE_TABLE = '@cds.persistence.table'
+
+    const _isPersistenceTable = target =>
+      Object.prototype.hasOwnProperty.call(target, PERSISTENCE_TABLE) && target[PERSISTENCE_TABLE]
+    const _defaultAbort = tx => e => e._service?.name === tx.definition?.name
+
+    this._resolve = (query, abortCondition) => {
+      const ctx = cds.context
+      const model = ctx?.model || this.model
+      return resolveView(query, model, this, abortCondition || _defaultAbort(this))
+    }
+
+    // REVISIT: Remove argument `skipForbiddenViewCheck` once we get rid of composition tree
+    this._resolve.transitions = (query, abortCondition, skipForbiddenViewCheck) => {
+      const target = query && typeof query === 'object' ? cds.infer.target(query) || query?._target : undefined
+      const _tx = typeof tx === 'function' ? cds.context?.tx : this
+      return getTransition(target, _tx, skipForbiddenViewCheck, undefined, {
+        abort: abortCondition ?? (this.isDatabaseService ? this.resolve._abortDB : _defaultAbort(this))
+      })
+    }
+
+    this._resolve.resolve4db = query => {
+      return this.resolve(query, this, this.resolve.abortDB)
+    }
+    
+    // REVISIT: Remove once we get rid of composition tree
+    this._resolve.table = target => {
+      if (target.query?._target && !_isPersistenceTable(target)) {
+        return this.resolve.table(target.query._target)
+      }
+      return target
+    }
+    
+    // REVISIT: Remove once we get rid of old db
+    this._resolve.abortDB = target => {
+      return !!(_isPersistenceTable(target) || !target.query?._target)
+    }
+    
+    this._resolve.transitions4db = (query, skipForbiddenViewCheck) => {
+      return this.resolve.transitions(query, this.resolve.abortDB, skipForbiddenViewCheck)
+    }
+    
+    return this._resolve
+  }
 }
 
 const { dispatch, handle } = require('./srv-dispatch')

package/lib/srv/factory.js

@@ -2,7 +2,7 @@ const cds = require('..'), { path, isfile } = cds.utils
 /**
  * NOTE: Need this typed helper variable to be able to use IntelliSense for calls with new keyword.
  * @import Service from './cds.Service'
- * @type new() => Service
+ * @type new() => Service & Promise<Service>
  */
 const factory = ServiceFactory
 module.exports = exports = factory
@@ -37,7 +37,7 @@ function ServiceFactory (name, model, options) {
   }}
 
   function _kind (kind = o.kind ??= def['@kind'] || 'app-service') {
-    const {impl} = cds.env.requires.kinds[kind] || cds.error `No configuration found for 'cds.requires.kinds.${kind}'`
+    const {impl} = cds.requires[kind] || cds.requires.kinds[kind] || cds.error `No configuration found for 'cds.requires.${kind}'`
     return impl || cds.error `No 'impl' configured for 'cds.requires.kinds.${kind}'`
   }
 }
@@ -67,8 +67,8 @@ const _legacy = impl => { // legacy hello-world style class
 
 
 /**
- * Called by cds.connect() and cds.serve() for cds.service.impl-style implementations.
- * @protected
+ * @protected Called by cds.connect() and cds.serve() for cds.service.impl-style implementations.
+ * @param {Service} srv
  */
 exports.init = async function (srv) {
   const {impl} = srv.options; if (typeof impl === 'function' && !impl._is_service_class)

package/lib/srv/middlewares/auth/ias-auth.js

@@ -43,7 +43,7 @@ module.exports = function ias_auth(config) {
 
   const should_validate =
     process.env.VCAP_APPLICATION &&
-    JSON.parse(process.env.VCAP_APPLICATION).application_uris?.some(uri => uri.match(/\.cert\./))
+    JSON.parse(process.env.VCAP_APPLICATION).application_uris?.some(uri => uri.match(/\.cert\.|\.mesh\.cf\./))
   const validation_configured = serviceConfig.validation?.x5t?.enabled != null || serviceConfig.validation?.proofToken?.enabled != null
 
   let validating_auth_service
@@ -68,13 +68,18 @@ module.exports = function ias_auth(config) {
 
     try {
       const _auth_service =
-        validating_auth_service && req.host.match(/\.cert\./) ? validating_auth_service : auth_service
+        validating_auth_service && req.hostname.match(/\.cert\.|\.mesh\.cf\./) ? validating_auth_service : auth_service
       const securityContext = await createSecurityContext(xsuaa_service ? [_auth_service, xsuaa_service] : _auth_service, { req })
-      const tokenInfo = securityContext.token
       const ctx = cds.context
-      ctx.user = tokenInfo instanceof XsuaaToken ? xsuaa_user_factory(tokenInfo) : user_factory(tokenInfo)
-      ctx.tenant = tokenInfo.getZoneId()
-      req.authInfo = securityContext //> compat req.authInfo
+      ctx.user = securityContext.token instanceof XsuaaToken ? xsuaa_user_factory(securityContext) : user_factory(securityContext)
+      ctx.tenant = securityContext.token.getZoneId()
+      // REVISIT: remove compat in cds^10
+      Object.defineProperty(req, 'authInfo', {
+        get() {
+          cds.utils.deprecated({ kind: 'API', old: 'cds.context.http.req.authInfo', use: 'cds.context.user.authInfo' })
+          return securityContext
+        }
+      })
     } catch (e) {
       if (e instanceof ValidationError) {
         LOG.warn('Unauthenticated request: ', e)
@@ -89,7 +94,8 @@ module.exports = function ias_auth(config) {
 }
 
 function get_user_factory(credentials, skipped_attrs) {
-  return function user_factory(tokenInfo) {
+  return function user_factory(securityContext) {
+    const tokenInfo = securityContext.token
     const payload = tokenInfo.getPayload()
 
     /*
@@ -107,7 +113,14 @@ function get_user_factory(credentials, skipped_attrs) {
       if (Array.isArray(payload.ias_apis)) payload.ias_apis.forEach(r => (roles[r] = 1))
       if (clientid === credentials.clientid) roles['internal-user'] = 1
       else delete roles['internal-user']
-      return new cds.User({ id: 'system', roles, tokenInfo })
+      return new cds.User({
+        id: 'system', roles, authInfo: securityContext,
+        // REVISIT: remove compat in cds^10
+        get tokenInfo() {
+          cds.utils.deprecated({ kind: 'API', old: 'cds.context.user.tokenInfo', use: 'cds.context.user.authInfo.token' })
+          return securityContext.token
+        }
+      })
     }
 
     // add all unknown attributes to req.user.attr in order to keep public API small
@@ -125,7 +138,14 @@ function get_user_factory(credentials, skipped_attrs) {
     if (attr.given_name) attr.givenName = attr.given_name
     if (attr.family_name) attr.familyName = attr.family_name
 
-    return new cds.User({ id: payload.sub, attr, tokenInfo })
+    return new cds.User({
+      id: payload.sub, attr, authInfo: securityContext,
+      // REVISIT: remove compat in cds^10
+      get tokenInfo() {
+        cds.utils.deprecated({ kind: 'API', old: 'cds.context.user.tokenInfo', use: 'cds.context.user.authInfo.token' })
+        return securityContext.token
+      }
+    })
   }
 }
 

package/lib/srv/middlewares/auth/index.js

@@ -29,14 +29,15 @@ module.exports = function auth_factory (o) {
   // from cds.requires.auth in the log or error output below.
 
   // try resolving the impl, throw if not found
-  const config = { kind, impl: cds.utils.local(impl) }
+  const config = { kind, impl }
   // use cds.resolve() to allow './srv/auth.js' and 'srv/auth.js' -> REVISIT: cds.resolve() is not needed here, and not meant for that !
   try { impl = require.resolve (cds.resolve (impl)?.[0], {paths:[cds.root]}) } catch {
     throw cds.error `Didn't find auth implementation for ${config}`
   }
 
   // load the auth middleware from the resolved path
-  cds.log().info ('using auth strategy', config, '\n')
+  config.impl = cds.utils.local(impl)
+  cds.log().info ('using auth strategy', config)
   let auth = require (impl)
 
   // default export of ESM / .ts auth