@sap/cds 9.3.1 → 9.4.2

package/libx/_runtime/common/generic/flows.js

@@ -9,9 +9,14 @@ const TO = '@to'
 const FLOW_FROM = '@flow.from'
 const FLOW_TO = '@flow.to'
 
+const FLOW_PREVIOUS = '$flow.previous'
+
 function buildAllowedCondition(action, statusElementName, statusEnum) {
   const fromList = getFrom(action)
-  const conditions = fromList.map(from => `${statusElementName} = '${statusEnum[from].val ?? from}'`)
+  const conditions = fromList.map(from => {
+    const value = from['#'] ? (statusEnum[from['#']]?.val ?? statusEnum[from['#']]['$path'].at(-1)) : from
+    return `${statusElementName} = ${typeof value === 'string' ? `'${value}'` : value}`
+  })
   return `(${conditions.join(' OR ')})`
 }
 
@@ -26,14 +31,58 @@ async function checkStatus(req, action, statusElementName, statusEnum) {
   const allowed = await isCurrentStatusInFrom(req, action, statusElementName, statusEnum)
   if (!allowed) {
     const from = getFrom(action)
-    req.reject({
+    const fromValues = JSON.stringify(from.flatMap(el => Object.values(el)))
+    cds.error({
       code: 409,
       message: from.length > 1 ? 'INVALID_FLOW_TRANSITION_MULTI' : 'INVALID_FLOW_TRANSITION_SINGLE',
-      args: [action.name, statusElementName, from.join(',')]
+      args: [action.name, statusElementName, fromValues]
+    })
+  }
+}
+
+const buildUpKeys = parentKeys => {
+  const upKeys = {}
+  for (const key in parentKeys) {
+    upKeys[`up__${key}`] = parentKeys[key]
+  }
+  return upKeys
+}
+
+const updateFlowHistory = async (req, toValue, upKeys, changes, isPrevious) => {
+  if (cds.env.features.flows_history_stack && isPrevious) {
+    await DELETE.from(req.target.compositions['transitions_'].target).where({
+      timestamp: changes[changes.length - 1].timestamp
+    })
+  } else {
+    await INSERT.into(req.target.compositions['transitions_'].target).entries({
+      ...upKeys,
+      status: toValue
     })
   }
 }
 
+const buildToKey = (action, statusEnum) => {
+  const to = action[TO] ?? action[FLOW_TO]
+  const toKey = to['#'] ? (statusEnum[to['#']].val ?? statusEnum[to['#']]['$path'].at(-1)) : to
+  return toKey
+}
+
+const handleStatusTransitionWithHistory = async (req, statusElementName, toKey, service) => {
+  let upKeys, changes
+  upKeys = buildUpKeys(req.params[0])
+  changes = await SELECT.from(req.target.compositions['transitions_'].target)
+    .where({ ...upKeys })
+    .orderBy('timestamp asc')
+  const isPrevious = toKey['='] === FLOW_PREVIOUS
+  if (isPrevious) {
+    if (changes.length <= 1)
+      return cds.error({ code: 409, message: 'No change has been made yet, cannot transition to previous status.' })
+    toKey = changes[changes.length - 2].status
+  }
+  await service.run(UPDATE(req.subject).with({ [statusElementName]: toKey }))
+  await updateFlowHistory(req, toKey, upKeys, changes, isPrevious)
+}
+
 /**
  * handler registration
  */
@@ -54,9 +103,10 @@ module.exports = cds.service.impl(function () {
 
     let statusElement = Object.values(entity.elements).find(el => el[FLOW_STATUS])
     if (!statusElement) {
-      cds.error(
-        `Entity ${entity.name} does not have a status element, but its actions have registered @flow annotations.`
-      )
+      cds.error({
+        code: 409,
+        message: `Entity ${entity.name} does not have a status element, but its actions have registered @flow annotations.`
+      })
     }
 
     let statusEnum, statusElementName
@@ -67,9 +117,10 @@ module.exports = cds.service.impl(function () {
       statusEnum = statusElement._target.elements['code'].enum
       statusElementName = statusElement.name + '_code'
     } else {
-      cds.error(
-        `Status element in entity ${entity.name} is not an enum and does not have a valid target with code enum.`
-      )
+      cds.error({
+        code: 409,
+        message: `Status element in entity ${entity.name} is not an enum and does not have a valid target with code enum.`
+      })
     }
 
     entry.push({ events: fromActions, entity, statusElementName, statusEnum })
@@ -92,12 +143,28 @@ module.exports = cds.service.impl(function () {
     }
 
     for (const each of exit) {
+      async function handle_after_create(res, req) {
+        const parentKeys = Object.keys(req.target.keys)
+        const entry = {}
+        for (let i = 0; i < parentKeys.length; i++) {
+          entry[`up__${parentKeys[i]}`] = req.data[parentKeys[i]]
+        }
+        await INSERT.into(req.target.compositions['transitions_'].target).entries({
+          ...entry,
+          status: res[each.statusElementName]
+        })
+      }
+      if ('transitions_' in (each.entity.compositions ?? {})) this.after('CREATE', each.entity, handle_after_create)
+
       async function handle_exit_state(req, next) {
         const res = await next()
         const action = req.target.actions[req.event]
-        const to = action[TO] ?? action[FLOW_TO]
-        const toKey = to['#'] ?? to['='] ?? to
-        await UPDATE(req.subject).with({ [each.statusElementName]: each.statusEnum[toKey].val ?? toKey })
+        let toKey = buildToKey(action, each.statusEnum)
+        if ('transitions_' in (req.target.compositions ?? {})) {
+          await handleStatusTransitionWithHistory(req, each.statusElementName, toKey, this)
+        } else {
+          await this.run(UPDATE(req.subject).with({ [each.statusElementName]: toKey }))
+        }
         return res
       }
       this.on(each.events, each.entity, handle_exit_state)

package/libx/_runtime/fiori/lean-draft.js

@@ -438,6 +438,8 @@ const _compileUpdatedDraftMessages = (newMessages, persistedMessages, requestDat
     message.additionalTargets = message.additionalTargets?.map(t => (t.startsWith('in/') ? t.slice(3) : t))
     delete message['@Common.additionalTargets']
 
+    if (!message.target) return acc //> silently ignore messages without target
+
     // Handle validation messages produced during draftActivate, that went through error normalization already
     // > We must not store pre-localized data in DraftAdministrativeData.DraftMessages
     const messageTarget = message.target.startsWith('in/') ? message.target.slice(3) : message.target
@@ -580,7 +582,12 @@ const handle = async function (req) {
     if (cds.model.definitions['DRAFT.DraftAdministrativeData'].elements.DraftMessages) {
       if (_req.target.isDraft && (_req.event === 'UPDATE' || _req.event === 'NEW')) {
         // Degrade all errors to messages & prevent !!req.errors into req.reject() in dispatch
-        _req.error = (...args) => _req._messages.add(4, ...args)
+        const originalError = _req.error.bind(_req)
+        _req.error = (...args) => {
+          // REVISIT: re-consider target variants
+          if (args[0]?.target || args[2]) return _req._messages.add(4, ...args)
+          return originalError(...args)
+        }
       }
     }
 
@@ -910,10 +917,11 @@ const handle = async function (req) {
       if (cds.model.definitions['DRAFT.DraftAdministrativeData'].elements.DraftMessages && _req.errors)
         _req.on('failed', async () => {
           const nextDraftMessages = _compileUpdatedDraftMessages(
+            // REVISIT: e._message hack for draft validation messages
             // Errors procesed during 'failed' will have undergone error._normalize at this point
             // > We need to revert the code - message swap _normalize includes
             // > This is required to ensure, no localized messages are persisted and redundant localization is avoided
-            _req.errors.map(e => ({ message: e.code ?? e.message, target: e.target, args: e.args, i18n: e.i18n })),
+            _req.errors.map(e => ({ message: e._message ?? e.message, target: e.target, args: e.args, i18n: e.i18n })),
             persistedDraftMessages,
             {},
             draftRef

package/libx/_runtime/messaging/common-utils/connections.js

@@ -1,17 +1,31 @@
 const { expBkfRnd: waitingTime } = require('../../common/utils/waitingTime')
 
+const _rmHandlers = client => {
+  client.removeAllListeners('connected')
+  client.removeAllListeners('error')
+  client.removeAllListeners('disconnected')
+}
+
 const _connectUntilConnected = (client, LOG, x) => {
+  if (client._reconnecting) return
+  client._reconnecting = true
+
   const _waitingTime = waitingTime(x)
   setTimeout(() => {
     connect(client, LOG, true)
       .then(() => {
+        client._reconnecting = false
         LOG._warn && LOG.warn('Reconnected to Enterprise Messaging Client')
       })
-      .catch(() => {
+      .catch(e => {
+        _rmHandlers(client)
+        LOG.error(e)
+
         LOG._warn &&
           LOG.warn(
             `Connection to Enterprise Messaging Client lost: Reconnecting in ${Math.round(_waitingTime / 1000)} s`
           )
+        client._reconnecting = false
         _connectUntilConnected(client, LOG, x + 1)
       })
   }, _waitingTime)
@@ -19,35 +33,36 @@ const _connectUntilConnected = (client, LOG, x) => {
 
 const connect = (client, LOG, keepAlive) => {
   return new Promise((resolve, reject) => {
+    _rmHandlers(client)
+
     client
       .once('connected', function () {
-        client.removeAllListeners('error')
+        const handleReconnection = err => {
+          if (client._reconnecting) return
 
-        client.once('error', err => {
-          if (LOG._error) {
+          if (err && LOG._error) {
             err.message = 'Client error: ' + err.message
             LOG.error(err)
           }
           if (keepAlive) {
-            client.removeAllListeners('error')
-            client.removeAllListeners('connected')
+            _rmHandlers(client)
             _connectUntilConnected(client, LOG, 0)
           }
-        })
+        }
 
+        _rmHandlers(client)
+        client.once('error', handleReconnection)
         if (keepAlive) {
-          client.once('disconnected', () => {
-            client.removeAllListeners('error')
-            client.removeAllListeners('connected')
-            _connectUntilConnected(client, LOG, 0)
-          })
+          client.once('disconnected', handleReconnection)
         }
 
-        resolve(this)
+        resolve(client)
       })
       .once('error', err => {
-        client.removeAllListeners('connected')
-        reject(err)
+        _rmHandlers(client)
+        const e = new Error('Connection error')
+        e.cause = err
+        reject(e)
       })
 
     client.connect()
@@ -56,9 +71,7 @@ const connect = (client, LOG, keepAlive) => {
 
 const disconnect = client => {
   return new Promise((resolve, reject) => {
-    client.removeAllListeners('disconnected')
-    client.removeAllListeners('connected')
-    client.removeAllListeners('error')
+    _rmHandlers(client)
 
     client.once('disconnected', () => {
       client.removeAllListeners('error')

package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js

@@ -102,8 +102,8 @@ class EndpointRegistry {
         const queues = req.body && !_isAll(req.body.queues) && req.body.queues
         const options = { wipeData: req.body && req.body.wipeData }
 
-        if (tenants && !Array.isArray(tenants)) res.send(400).send('Request parameter `tenants` must be an array.')
-        if (queues && !Array.isArray(queues)) res.send(400).send('Request parameter `queues` must be an array.')
+        if (tenants && !Array.isArray(tenants)) res.status(400).send('Request parameter `tenants` must be an array.')
+        if (queues && !Array.isArray(queues)) res.status(400).send('Request parameter `queues` must be an array.')
 
         const tenantInfo = tenants ? await Promise.all(tenants.map(t => getTenantInfo(t))) : await getTenantInfo()
 

package/libx/_runtime/messaging/redis-messaging.js

@@ -9,7 +9,7 @@ const _handleReconnects = (client, LOG) => {
   })
 
   client.on('error', error => {
-    LOG.warn('Failed to connect to Redis: ', error)
+    LOG.warn('Failed to connect to Redis:', error)
   })
 }
 

package/libx/_runtime/ucl/Service.js

@@ -82,8 +82,8 @@ module.exports = class UCLService extends cds.Service {
       .map(token => token.trim())
       .every(token => reqClientCertSubjectTokens.includes(token))
     if (!matchesUclInfoSubject) {
-      LOG.debug('Received Request Subject Info: ', reqClientCertSubject)
-      LOG.debug('Expected UCL Subject Info: ', trustedCertSubject)
+      LOG.debug('Received Request Subject Info:', reqClientCertSubject)
+      LOG.debug('Expected UCL Subject Info:', trustedCertSubject)
       throw new cds.error(401, 'Received .cert subject does not match trusted UCL info subject')
     }
     const matchesUclInfoIssuer = trustedCertIssuer
@@ -91,8 +91,8 @@ module.exports = class UCLService extends cds.Service {
       .map(token => token.trim())
       .every(token => reqClientCertIssuerTokens.includes(token))
     if (!matchesUclInfoIssuer) {
-      LOG.debug('Received Request Issuer Info: ', reqClientCertIssuer)
-      LOG.debug('Expected UCL Issuer Info: ', trustedCertIssuer)
+      LOG.debug('Received Request Issuer Info:', reqClientCertIssuer)
+      LOG.debug('Expected UCL Issuer Info:', trustedCertIssuer)
       throw new cds.error(401, 'Received .cert issuer does not match trusted UCL info issuer')
     }
   }
@@ -104,7 +104,7 @@ module.exports = class UCLService extends cds.Service {
     if (req.headers.location)
       throw new cds.error(400, 'Location header found in tenant mapping notification: Async flow not supported!')
 
-    LOG.debug('Tenant mapping notification: ', req.data)
+    LOG.debug('Tenant mapping notification:', req.data)
 
     const { operation } = req.data?.context ?? {}
     if (operation !== 'assign' && operation !== 'unassign')

package/libx/http/body-parser.js

@@ -3,6 +3,8 @@ const express = require('express')
 // basically express.json() with string representation of body stored in req._raw for recovery
 // REVISIT: why do we need our own body parser? Only because of req._raw?
 module.exports = function bodyParser4(adapter, options = {}) {
+  const express5 = !express.application.del
+
   Object.assign(options, adapter.body_parser_options)
   options.type ??= 'json' // REVISIT: why do we need to override type here?
   const textParser = express.text(options)
@@ -13,8 +15,15 @@ module.exports = function bodyParser4(adapter, options = {}) {
       return next()
     }
     textParser(req, res, function http_body_parser_next(err) {
+      // REVISIT: content-length > 0 but empty body is not an error with express^5
+      if (!err && express5 && !req.body && req.headers['content-length'] > 0) {
+        err = new Error('request aborted')
+        err.code = 'ECONNABORTED'
+        err.status = err.statusCode = 400
+      }
+
       if (err) return next(Object.assign(err, { statusCode: 400 }))
-      if (typeof req.body !== 'string') return next()
+      if (typeof req.body !== 'string' && req.body !== undefined) return next()
 
       req._raw = req.body || '{}'
       try {

package/libx/odata/ODataAdapter.js

@@ -1,6 +1,8 @@
 const cds = require('../../lib')
 const LOG = cds.log('odata')
 
+const express = require('express')
+
 const HttpAdapter = require('../../lib/srv/protocols/http')
 const HttpRequest = require('../http/HttpRequest')
 const bodyParser4 = require('../http/body-parser')
@@ -32,6 +34,7 @@ module.exports = class ODataAdapter extends HttpAdapter {
       next()
     }
 
+    const jsonBodyParser = bodyParser4(this)
     function validate_representation_headers(req, res, next) {
       if (req.method === 'PUT' && isStream(req._query)) {
         req.body = { value: req }
@@ -69,7 +72,7 @@ module.exports = class ODataAdapter extends HttpAdapter {
       next(operation ? { code: 405 } : undefined)
     }
 
-    const jsonBodyParser = bodyParser4(this)
+    const wildcard = express.application.del ? '*' : '{*splat}'
     return (
       super.router
         .use(set_odata_version)
@@ -83,13 +86,13 @@ module.exports = class ODataAdapter extends HttpAdapter {
         // .all is used deliberately instead of .use so that the matched path is not stripped from req properties
         .all('/\\$batch', require('./middleware/batch')(this))
         // handle
-        .head('*', (_, res) => res.sendStatus(405))
-        .post('*', operation4(this), create4(this))
-        .get('*', operation4(this), stream4(this), read4(this))
+        .head(wildcard, (_, res) => res.sendStatus(405))
+        .post(wildcard, operation4(this), create4(this))
+        .get(wildcard, operation4(this), stream4(this), read4(this))
         .use(validate_operation_http_method)
-        .put('*', update4(this), create4(this, 'upsert'))
-        .patch('*', update4(this), create4(this, 'upsert'))
-        .delete('*', delete4(this))
+        .put(wildcard, update4(this), create4(this, 'upsert'))
+        .patch(wildcard, update4(this), create4(this, 'upsert'))
+        .delete(wildcard, delete4(this))
         // error
         .use(error4(this))
     )

package/libx/odata/middleware/error.js

@@ -60,6 +60,8 @@ const _normalize = (err, req, keep,
   const msg = i18n.messages.at (key, '', err.args) // lookup messages for log output from factory default texts
   if (msg && msg !== key) {
     if (typeof err.code !== 'string') err.code = key
+    // REVISIT: e._message hack for draft validation messages
+    Object.defineProperty(err, '_message', { value: err.message })
     err.message = msg
   }
   if (typeof err.code !== 'string') err.code = String(err.code ?? status ?? '')
@@ -77,6 +79,7 @@ const _normalize = (err, req, keep,
     if (!that.message) that.message = this.message
     return that
   }})
+
   return status
 }
 

package/libx/odata/parse/afterburner.js

@@ -650,11 +650,12 @@ function _processColumns(cqn, target, protocol) {
     }
     const prefixRef = processedColumnRef.slice(0, processedColumnRef.length - 1)
     const aggregatedElementRef = [...prefixRef, aggregatedPropertyName]
-    const isCurrencyCodeOrUnitOfMeasure = !!(aggregatedElement[SMTCS_CC] || aggregatedElement[SMTCS_UOM])
     processedColumn.as = processedColumn.as || aggregatedPropertyName
 
-    // Specifically handle aggregating semantic amounts
+    const isCurrencyCodeOrUnitOfMeasure =
+      aggregatedElement && !!(aggregatedElement[SMTCS_CC] || aggregatedElement[SMTCS_UOM])
     if (isCurrencyCodeOrUnitOfMeasure) {
+      // Specifically handle aggregating semantic amounts
       columns[i] = {
         xpr: [
           'case',
@@ -772,13 +773,13 @@ function _validateXpr(xpr, target, isOne, model, aliases = []) {
   const ignoredColumns = Object.values(target?.elements ?? {})
     .filter(element => element['@cds.api.ignore'] && !element.isAssociation)
     .map(element => element.name)
-  const _aliases = []
+  const newFoundAliases = []
 
   for (const x of xpr) {
-    if (x.as) _aliases.push(x.as)
+    if (x.as) newFoundAliases.push(x.as)
 
     if (x.xpr) {
-      _validateXpr(x.xpr, target, isOne, model)
+      _validateXpr(x.xpr, target, isOne, model, aliases)
       continue
     }
 
@@ -793,13 +794,11 @@ function _validateXpr(xpr, target, isOne, model, aliases = []) {
         _validateXpr(x.ref[0].where, element._target ?? element.items, isOne, model)
       }
 
-      if (!target?.elements) {
-        _doesNotExistError(false, refName, target.name, target.kind)
+      if (ignoredColumns.includes(refName) || (!target?.elements?.[refName] && !aliases.includes(refName))) {
+        _doesNotExistError(x.expand, refName, target.name, target.kind)
       }
 
-      if (ignoredColumns.includes(refName) || (!target.elements[refName] && !aliases.includes(refName))) {
-        _doesNotExistError(x.expand, refName, target.name)
-      } else if (x.ref.length > 1) {
+      if (x.ref.length > 1) {
         const element = target.elements[refName]
         if (element.isAssociation) {
           // navigation
@@ -833,7 +832,7 @@ function _validateXpr(xpr, target, isOne, model, aliases = []) {
     }
 
     if (x.func) {
-      _validateXpr(x.args, target, isOne, model)
+      _validateXpr(x.args, target, isOne, model, aliases)
       continue
     }
 
@@ -843,7 +842,7 @@ function _validateXpr(xpr, target, isOne, model, aliases = []) {
     }
   }
 
-  return _aliases
+  return newFoundAliases
 }
 
 function _validateQuery(SELECT, target, isOne, model) {
@@ -851,12 +850,10 @@ function _validateQuery(SELECT, target, isOne, model) {
 
   if (SELECT.from.SELECT) {
     const { target } = targetFromPath(SELECT.from.SELECT.from, model)
-    const subselectAliases = _validateQuery(SELECT.from.SELECT, target, SELECT.from.SELECT.one, model)
-    aliases.push(...subselectAliases)
+    aliases.push(..._validateQuery(SELECT.from.SELECT, target, SELECT.from.SELECT.one, model))
   }
 
-  const columnAliases = _validateXpr(SELECT.columns, target, isOne, model)
-  aliases.push(...columnAliases)
+  aliases.push(..._validateXpr(SELECT.columns, target, isOne, model, aliases))
 
   _validateXpr(SELECT.orderBy, target, isOne, model, aliases)
   _validateXpr(SELECT.where, target, isOne, model, aliases)

package/libx/odata/parse/multipartToJson.js

@@ -117,7 +117,9 @@ const _parseStream = async function* (body, boundary) {
         .replace(/^--(.*)$/gm, (_, g) => `HEAD /${g} HTTP/1.1${g.slice(-2) === '--' ? CRLF : ''}`)
         // correct content-length for non-HEAD requests is inserted below
         .replace(/content-length: \d+\r\n/gim, '') // if content-length is given it should be taken
-        .replace(/ \$/g, ' /$')
+        .replaceAll(/^(?:(GET|PUT|POST|PATCH|DELETE)).*(?:\r?\n(?!\r?\n).*)*/gim, block => {
+          return block.replaceAll(/ \$/g, ' /$')
+        })
 
       // HACKS!!!
       // ensure URLs start with slashes

package/libx/rest/middleware/parse.js

@@ -120,7 +120,7 @@ exports.parse = function (req, res, next) {
     if (operation && (operation.kind === 'action' || operation.kind === 'function') && !operation.params) {
       req._data = {}
     } else {
-      const payload = args || req.body
+      const payload = args || req.body || {}
       if (!operation) Object.assign(payload, keys)
       preProcessData(payload, service, definition)
       req._data = payload

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "9.3.1",
+  "version": "9.4.2",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [

package/server.js

@@ -48,7 +48,7 @@ module.exports = async function cds_server (options) {
   if (o.index)     app.get ('/',o.index)                //> if none in ./app
 
   // load and prepare models
-  const csn = await cds.load(o.from||'*',o)
+  const csn = await cds.load(o.from||'*',o); o.from = false
   cds.edmxs = cds.compile.to.edmx.files (csn)
   cds.model = cds.compile.for.nodejs (csn)