@sap/cds 9.2.1 → 9.3.0

package/libx/_runtime/fiori/lean-draft.js

@@ -383,10 +383,15 @@ const _replaceStreams = result => {
 }
 
 const _compileUpdatedDraftMessages = (newMessages, persistedMessages, requestData, draftsRef) => {
-  const prefixRef = []
+  const txModel = cds.context.tx.model
+  let targetEntity = txModel.definitions[draftsRef[0].id || draftsRef[0]]
+
+  // The 'target' of validation errors needs to specify the full path from the draft root
+  // > Since success of establishment of containment can't be guaranteed, we clean up messages
+  if (!targetEntity.actions.draftActivate) return []
 
   // Determine the path prefix required for a fully qualified validation message 'target'
-  let targetEntity = cds.context.tx.model.definitions[draftsRef[0].id || draftsRef[0]]
+  const prefixRef = []
   for (let refIdx = 0; refIdx < draftsRef.length; refIdx++) {
     const dRef = draftsRef[refIdx],
       dRefId = dRef.id ?? dRef
@@ -398,8 +403,7 @@ const _compileUpdatedDraftMessages = (newMessages, persistedMessages, requestDat
     const pRef = { where: [] }
 
     if (dRefId === targetEntity.name) {
-      if (!targetEntity.isDraft) pRef.id = targetEntity.name.replace(`${targetEntity._service.name}.`, '')
-      else pRef.id = targetEntity.actives.name.replace(`${targetEntity.actives._service.name}.`, '')
+      pRef.id = targetEntity.isDraft ? targetEntity.actives.name : targetEntity.name
     } else pRef.id = dRefId
 
     if (targetEntity.isDraft) targetEntity = targetEntity.actives
@@ -413,6 +417,7 @@ const _compileUpdatedDraftMessages = (newMessages, persistedMessages, requestDat
         if (v === undefined)
           if (key.name === 'IsActiveEntity') v = false
           else return null
+        if (v instanceof Buffer) v = v.toString('base64') //> convert binary keys to base64
         if (pRef.where.length > 0) pRef.where.push('and')
         pRef.where.push(key.name, '=', v)
       }
@@ -427,16 +432,16 @@ const _compileUpdatedDraftMessages = (newMessages, persistedMessages, requestDat
   const nextMessages = []
 
   // Collect messages that were created during the most recent validation run
-  const newMessagesByCodeAndTarget = newMessages.reduce((acc, message) => {
-    message.numericSeverity ??= 4
+  const newMessagesByMessageKeyAndTarget = newMessages.reduce((acc, message) => {
+    message.numericSeverity ??= message['@Common.numericSeverity'] ?? 4
+    if (message['@Common.additionalTargets']) message.additionalTargets ??= message['@Common.additionalTargets']
+    message.additionalTargets = message.additionalTargets?.map(t => (t.startsWith('in/') ? t.slice(3) : t))
+    delete message['@Common.additionalTargets']
 
     // Handle validation messages produced during draftActivate, that went through error normalization already
     // > We must not store pre-localized data in DraftAdministrativeData.DraftMessages
     const messageTarget = message.target.startsWith('in/') ? message.target.slice(3) : message.target
-    if (message.code) {
-      message.message = message.code
-      delete message.code
-    }
+    if (message.code) delete message.code // > Expect _only_ message to be set and contain the code
 
     // Process the message target produced by validation
     // > The message target contains the relative path of the erroneous entity
@@ -451,23 +456,36 @@ const _compileUpdatedDraftMessages = (newMessages, persistedMessages, requestDat
       if (tRef.where.length > 0) tRef.where.push('and', 'IsActiveEntity', '=', false)
     }
 
-    message.prefix = cds.odata.urlify({ SELECT: { from: { ref: messagePrefixRef } } }).path
+    message.prefix = cds.odata.urlify(
+      { SELECT: { from: { ref: messagePrefixRef } } },
+      { kind: 'odata-v4', model: txModel }
+    ).path
 
     nextMessages.push(message)
 
     return acc.set(`${message.message}:${message.prefix}:${message.target}`, message)
   }, new Map())
 
-  const draftMessageTargetPrefix = cds.odata.urlify({ SELECT: { from: { ref: prefixRef } } }).path
+  const draftMessageTargetPrefix = cds.odata.urlify(
+    { SELECT: { from: { ref: prefixRef } } },
+    { kind: 'odata-v4', model: txModel }
+  ).path
 
   // Merge new messages with persisted ones & eliminate outdated ones
   const simplePathElements = prefixRef.map(pRef => pRef.id)
   for (const message of persistedMessages) {
     // Drop persisted draft messages that are replaced by new ones
-    if (newMessagesByCodeAndTarget.has(`${message.message}:${message.prefix}:${message.target}`)) continue
+    if (newMessagesByMessageKeyAndTarget.has(`${message.message}:${message.prefix}:${message.target}`)) continue
+    const hasNewMessageForAdditionalTarget = message.additionalTargets?.some(target =>
+      newMessagesByMessageKeyAndTarget.has(`${message.message}:${message.prefix}:${target}`)
+    )
+    if (hasNewMessageForAdditionalTarget) continue
 
     // Drop persisted draft messages where the value of the target field changed without a new error
-    if (message.prefix === draftMessageTargetPrefix && requestData[message.target] !== undefined) continue
+    if (message.prefix === draftMessageTargetPrefix) {
+      if (requestData[message.target] !== undefined) continue
+      if (message.additionalTargets?.some(target => requestData[target] !== undefined)) continue
+    }
 
     // Drop persisted draft messages, whose target's use navigations, where the value of the target field changed without a new error
     const messageSimplePathElements = message.prefix.replaceAll(/\([^(]*\)/g, '').split('/')
@@ -562,9 +580,7 @@ const handle = async function (req) {
     if (cds.model.definitions['DRAFT.DraftAdministrativeData'].elements.DraftMessages) {
       if (_req.target.isDraft && (_req.event === 'UPDATE' || _req.event === 'NEW')) {
         // Degrade all errors to messages & prevent !!req.errors into req.reject() in dispatch
-        _req.error = (...args) => {
-          for (const err of args) _req._messages.add(4, err)
-        }
+        _req.error = (...args) => _req._messages.add(4, ...args)
       }
     }
 
@@ -681,7 +697,10 @@ const handle = async function (req) {
         pRef.where.push('and', 'IsActiveEntity', '=', false)
         return pRef
       })
-      const messageTargetPrefix = cds.odata.urlify({ SELECT: { from: { ref: prefixRef } } }).path
+      const messageTargetPrefix = cds.odata.urlify(
+        { SELECT: { from: { ref: prefixRef } } },
+        { kind: 'odata-v4', model: req.context.tx.model }
+      ).path
 
       const draftData = await SELECT.one
         .from({ ref: _redirectRefToDrafts(query.DELETE.from.ref, this.model) }) // REVISIT: Avoid redundant redirect
@@ -694,7 +713,8 @@ const handle = async function (req) {
       const persistedDraftMessages = draftData?.DraftAdministrativeData?.DraftMessages || []
 
       if (draftAdminDataUUID && persistedDraftMessages?.length) {
-        const nextDraftMessages = persistedDraftMessages.filter(msg => !msg.prefix.startsWith(messageTargetPrefix))
+        let nextDraftMessages = persistedDraftMessages.filter(msg => !msg.prefix.startsWith(messageTargetPrefix))
+        if (!req.target.actions?.draftActivate) nextDraftMessages = []
 
         await UPDATE('DRAFT.DraftAdministrativeData')
           .set({ DraftMessages: nextDraftMessages })
@@ -890,7 +910,10 @@ const handle = async function (req) {
       if (cds.model.definitions['DRAFT.DraftAdministrativeData'].elements.DraftMessages && _req.errors)
         _req.on('failed', async () => {
           const nextDraftMessages = _compileUpdatedDraftMessages(
-            _req.errors.map(e => ({ ...e })),
+            // Errors procesed during 'failed' will have undergone error._normalize at this point
+            // > We need to revert the code - message swap _normalize includes
+            // > This is required to ensure, no localized messages are persisted and redundant localization is avoided
+            _req.errors.map(e => ({ message: e.code ?? e.message, target: e.target, args: e.args, i18n: e.i18n })),
             persistedDraftMessages,
             {},
             draftRef
@@ -999,7 +1022,16 @@ const handle = async function (req) {
         })
       }
 
-      await run(UPDATE({ ref: draftsRef }).data(req.data))
+      const innerQuery = UPDATE({ ref: draftsRef }).data(req.data)
+      const innerReq = _newReq(req, innerQuery, draftParams, {})
+      await h.call(this, innerReq).catch(error => {
+        // > This prevents thrown req.errors from being added to 'sap-messages'
+        // > Downgraded req.error will add to req.messages, regardless of whether the error is thrown
+        // > Unless we prevent it here, the response will contain the error in both body and header
+        // > Downgrading is only required for PATCH, to prevent a rollback in case validation fails
+        if (req.messages?.length) req.messages = req.messages.filter(m => m !== error)
+        throw req.error(error)
+      })
 
       const nextDraftAdminData = {
         InProcessByUser: req.user.id,
@@ -1156,11 +1188,7 @@ const Read = {
     let drafts
     if (ignoreDrafts) drafts = []
     else {
-      try {
-        drafts = await Read.complementaryDrafts(query, actives)
-      } catch {
-        drafts = []
-      }
+      drafts = await Read.complementaryDrafts(query, actives)
     }
     Read.merge(query._target, actives, drafts, (row, other) => {
       if (other) {
@@ -1218,7 +1246,12 @@ const Read = {
       return result
     }
 
-    if (cds.model.definitions['DRAFT.DraftAdministrativeData'].elements.DraftMessages) {
+    const selectedColumnNames = query._drafts.SELECT.columns?.map(c => c.ref?.[0] || c) || ['*']
+    const isAllKeysSelected =
+      selectedColumnNames.includes('*') ||
+      Object.keys(query._drafts._target.keys).every(k => selectedColumnNames.includes(k))
+
+    if (cds.model.definitions['DRAFT.DraftAdministrativeData'].elements.DraftMessages && isAllKeysSelected) {
       // Replace selection of 'DraftMessages' with the proper path expression
 
       query._drafts.SELECT.columns = [
@@ -1256,6 +1289,8 @@ const Read = {
           const messageSimplePath = msg.prefix.replaceAll(/\([^(]*\)/g, '')
           if (!messageSimplePath.startsWith(simplePath)) return acc
           msg.target = `/${msg.prefix}/${msg.target}`
+          if (msg.additionalTargets?.length)
+            msg.additionalTargets = msg.additionalTargets.map(additionalTarget => `/${msg.prefix}/${additionalTarget}`)
           delete msg.prefix
           delete msg.simplePathElements
           acc.push(msg)
@@ -1502,21 +1537,22 @@ const Read = {
   complementaryDrafts: (query, _actives) => {
     const actives = Array.isArray(_actives) ? _actives : [_actives]
     if (!actives.length) return []
-    const drafts = cds.ql.clone(query._drafts)
+    const drafts = SELECT.from(query._target.drafts)
+    drafts[$draftParams] = query[$draftParams]
+    if (query._srv) drafts._srv = query._srv
     drafts.SELECT.where = Read.whereIn(query._target, actives)
     const newColumns = _entityKeys(query._target).map(k => ({ ref: [k] }))
-    if (
-      !drafts.SELECT.columns ||
-      drafts.SELECT.columns.some(c => c === '*' || c.ref?.[0] === 'DraftAdministrativeData_DraftUUID')
-    )
-      newColumns.push({ ref: ['DraftAdministrativeData_DraftUUID'] })
-    const draftAdmin = drafts.SELECT.columns?.find(c => c.ref?.[0] === 'DraftAdministrativeData')
-    if (draftAdmin) newColumns.push(draftAdmin)
+    const queryDrafts = query._drafts
+    if (queryDrafts) {
+      if (
+        !queryDrafts.SELECT.columns ||
+        queryDrafts.SELECT.columns.some(c => c === '*' || c.ref?.[0] === 'DraftAdministrativeData_DraftUUID')
+      )
+        newColumns.push({ ref: ['DraftAdministrativeData_DraftUUID'] })
+      const draftAdmin = queryDrafts.SELECT.columns?.find(c => c.ref?.[0] === 'DraftAdministrativeData')
+      if (draftAdmin) newColumns.push(draftAdmin)
+    }
     drafts.SELECT.columns = newColumns
-    drafts.SELECT.count = undefined
-    drafts.SELECT.search = undefined
-    drafts.SELECT.one = undefined
-    drafts.SELECT.recurse = undefined
     return drafts
   },
 
@@ -2073,7 +2109,7 @@ async function onEdit(req) {
       res[key] = keyData[key]
       return res
     }, {})
-    const transition = cds.ql.resolve.transitions(req.query, cds.db)
+    const transition = cds.db.resolve.transitions(req.query)
 
     // gets the underlying target entity, as record locking can't be
     // applied to localized views

package/libx/_runtime/messaging/enterprise-messaging.js

@@ -30,7 +30,7 @@ const _checkAppURL = appURL => {
 // REVISIT: It's bad to have to rely on the subdomain.
 // For all interactions where we perform the token exchange ourselves,
 // we will be able to use the zoneId instead of the subdomain.
-const _subdomainFromContext = context => context?.http.req?.authInfo?.getSubdomain?.()
+const _subdomainFromContext = context => context?.user?.authInfo?.getSubdomain?.()
 
 class EnterpriseMessaging extends AMQPWebhookMessaging {
   init() {

package/libx/_runtime/remote/Service.js

@@ -1,20 +1,18 @@
 const cds = require('../cds')
-
-const { run, getReqOptions } = require('./utils/client')
 const { getCloudSdk, getCloudSdkConnectivity, getCloudSdkResilience } = require('./utils/cloudSdkProvider')
+const { run } = require('./utils/client')
+const { extractRequestConfig } = require('./utils/query')
 const { hasAliasedColumns } = require('./utils/data')
 const postProcess = require('../common/utils/postProcess')
 const { formatVal } = require('../../odata/utils')
 
 const _getHeaders = (defaultHeaders, req) => {
-  return Object.assign(
-    {},
-    defaultHeaders,
-    Object.keys(req.headers).reduce((acc, cur) => {
-      acc[cur.toLowerCase()] = req.headers[cur]
-      return acc
-    }, {})
-  )
+  const normalizedHeaders = Object.keys(req.headers).reduce((acc, cur) => {
+    acc[cur.toLowerCase()] = req.headers[cur]
+    return acc
+  }, {})
+
+  return { ...defaultHeaders, ...normalizedHeaders }
 }
 
 const _setCorrectValue = (el, data, params, kind) => {
@@ -159,25 +157,23 @@ const _isSelectWithAliasedColumns = q => q?.SELECT && !q._transitions && q.SELEC
 
 const resolvedTargetOfQuery = q => q?._transitions?.at(-1)?.target
 
-const _resolveSelectionStrategy = options => {
-  if (typeof options?.selectionStrategy !== 'string') return
-
-  options.selectionStrategy = getCloudSdkConnectivity().DestinationSelectionStrategies[options.selectionStrategy]
-  if (typeof options?.selectionStrategy !== 'function') {
-    throw new Error(`Unsupported destination selection strategy "${options.selectionStrategy}".`)
-  }
+const _resolveSelectionStrategy = selectionStrategy => {
+  const { DestinationSelectionStrategies } = getCloudSdkConnectivity()
+  const strategy = DestinationSelectionStrategies[selectionStrategy]
+  if (typeof strategy !== 'function')
+    throw new Error(`Unsupported destination selection strategy "${selectionStrategy}".`)
+  return strategy
 }
 
 const _getKind = options => {
-  const kind = (options.credentials && options.credentials.kind) || options.kind
+  let kind = options.credentials?.kind ?? options.kind
   if (typeof kind === 'object') {
-    const k = Object.keys(kind).find(
-      key => key === 'odata' || key === 'odata-v4' || key === 'odata-v2' || key === 'rest'
+    kind = Object.keys(kind).find(
+      key => key === 'odata' || key === 'odata-v4' || key === 'odata-v2' || key === 'rest' || key === 'hcql'
     )
-    // odata-v4 is equivalent of odata
-    return k === 'odata-v4' ? 'odata' : k
   }
-  return kind
+  // odata-v4 is equivalent of odata
+  return kind === 'odata-v4' ? 'odata' : kind
 }
 
 const _getDestination = (name, credentials) => {
@@ -188,49 +184,48 @@ const _getDestination = (name, credentials) => {
 
 class RemoteService extends cds.Service {
   init() {
+    if (([...this.entities].length || [...this.operations].length) && !this.options.credentials)
+      throw new Error(`No credentials configured for "${this.name}".`)
+
     this.kind = _getKind(this.options) // TODO: Simplify
 
-    /*
-     * set up connectivity stuff if credentials are provided
-     * throw error if no credentials are provided and the service has at least one entity or one action/function
-     */
     if (this.options.credentials) {
       this.datasource = this.options.datasource
-      this.destinationOptions = this.options.destinationOptions
-      _resolveSelectionStrategy(this.destinationOptions)
-      this.destination =
-        this.options.credentials.destination ??
-        _getDestination(this.definition?.name ?? this.datasource, this.options.credentials)
+
+      this.destinationOptions = this.options.destinationOptions || {}
+      if (typeof this.destinationOptions.selectionStrategy === 'string') {
+        this.destinationOptions.selectionStrategy = _resolveSelectionStrategy(this.destinationOptions.selectionStrategy)
+      }
+
+      if (this.options.credentials.destination) this.destination = this.options.credentials.destination
+      else this.destination = _getDestination(this.definition?.name ?? this.datasource, this.options.credentials)
+
       this.path = this.options.credentials.path
 
-      // `requestTimeout` API is kept as it was public
+      // API `requestTimeout` is kept because it once was public
       this.requestTimeout = this.options.credentials.requestTimeout ?? 60000
 
       this.csrf = this.options.csrf
       this.csrfInBatch = this.options.csrfInBatch
 
-      // we're using this as an object to allow remote services without the need for Cloud SDK
-      // required for BAS creating remote services only for events
-      // at first request the middlewares are created
+      // We're using this as an object to allow remote services without the need for Cloud SDK
+      // This is required for BAS creating remote services only for events
+      // Middlewares are created at time of the first request, on the fly
       this.middlewares = {
         timeout: getCloudSdkResilience().timeout(this.requestTimeout),
         csrf: this.csrf && getCloudSdk().csrf(this.csrf)
       }
-    } else if ([...this.entities].length || [...this.operations].length) {
-      throw new Error(`No credentials configured for "${this.name}".`)
     }
 
+    // Add 'initial' handler to clear keys from data
     const clearKeysFromData = function (req) {
       if (req.target && req.target.keys) for (const k of Object.keys(req.target.keys)) delete req.data[k]
     }
     this.before('UPDATE', '*', Object.assign(clearKeysFromData, { _initial: true }))
 
-    for (const each of this.entities) {
-      for (const a in each.actions) {
-        _addHandlerActionFunction(this, each.actions[a], each)
-      }
-    }
-
+    // Add handlers for bound & unbound operations
+    for (const each of this.entities)
+      for (const a in each.actions) _addHandlerActionFunction(this, each.actions[a], each)
     for (const each of this.operations) _addHandlerActionFunction(this, each)
 
     // IMPORTANT: regular function is used on purpose, don't switch to arrow function.
@@ -238,39 +233,50 @@ class RemoteService extends cds.Service {
       const { query } = req
       if (!query && !(typeof req.path === 'string')) return next()
 
-      // early validation on first request for use case without remote API
-      // ideally, that's done on bootstrap of the remote service
+      // Early validation on first request for use case without remote API
+      // Ideally, that's done on bootstrap of the remote service
       if (typeof this.destination === 'object' && !this.destination.url)
         throw new Error(`"url" or "destination" property must be configured in "credentials" of "${this.name}".`)
 
-      const reqOptions = getReqOptions(req, query, this)
-      reqOptions.headers = _getHeaders(reqOptions.headers, req)
+      const requestConfig = extractRequestConfig(req, query, this)
+      requestConfig.headers = _getHeaders(requestConfig.headers, req)
 
       // REVISIT: we should not have to set the content-type at all for that
-      if (reqOptions.headers.accept?.match(/stream|image|tar/)) reqOptions.responseType = 'stream'
-
-      // ensure request correlation (even with systems that use x-correlationid)
-      const correlationId = reqOptions.headers['x-correlation-id'] || cds.context?.id //> prefer custom header over context id
-      reqOptions.headers['x-correlation-id'] = correlationId
-      reqOptions.headers['x-correlationid'] = correlationId
-
-      const { kind, destination, destinationOptions } = this
-      const resolvedTarget =
-        resolvedTargetOfQuery(query) || cds.ql.resolve.transitions(query, this)?.target || req.target
-      const returnType = req._returnType
-      const additionalOptions = { destination, kind, resolvedTarget, returnType, destinationOptions }
+      if (requestConfig.headers.accept?.match(/stream|image|tar/)) requestConfig.responseType = 'stream'
+
+      // Ensure request correlation (even with systems that use x-correlationid)
+      const correlationId = requestConfig.headers['x-correlation-id'] || cds.context?.id
+      requestConfig.headers['x-correlation-id'] = correlationId
+      requestConfig.headers['x-correlationid'] = correlationId
+
+      // Compile Cloud SDK options
+      const additionalOptions = {
+        kind: this.kind,
+        destination: this.destination,
+        destinationOptions: this.destinationOptions,
+        resolvedTarget:
+          resolvedTargetOfQuery(query) ||
+          (typeof query === 'object' ? cds.infer.target(query) || query?._target : undefined) ||
+          req.target,
+        returnType: req._returnType
+      }
 
       // REVISIT: i don't believe req.context.headers is an official API
       let jwt = req?.context?.headers?.authorization?.split(/^bearer /i)[1]
       if (!jwt) jwt = req?.context?.http?.req?.headers?.authorization?.split(/^bearer /i)[1]
       if (jwt) additionalOptions.jwt = jwt
 
-      // hidden compat flag in order to suppress logging response body of failed request
+      // Mount resilience and csrf middlewares for SAP Cloud SDK
+      requestConfig.middleware = [this.middlewares.timeout]
+      const fetchCsrfToken = !!(requestConfig._autoBatchedGet ? this.csrfInBatch : this.csrf)
+      if (fetchCsrfToken) requestConfig.middleware.push(this.middlewares.csrf)
+
+      // Hidden compat flag to suppress logging the response body of failed request
       if (req._suppressRemoteResponseBody) {
         additionalOptions.suppressRemoteResponseBody = req._suppressRemoteResponseBody
       }
 
-      let result = await run(reqOptions, additionalOptions)
+      let result = await run(requestConfig, additionalOptions)
       result = typeof query === 'object' && query.SELECT?.one && Array.isArray(result) ? result[0] : result
       return result
     })