@sap/cds 9.4.5 → 9.5.1

package/lib/compile/parse.js

@@ -77,7 +77,7 @@ exports.ttl = (parse, strings, ...values) => {
   // }
 
   let cql = values.reduce ((cql,v,i) => {
-    if (Array.isArray(v) && strings[i].match(/ in $/i)) values[i] = { list: v.map(cxn4) }
+    if (Array.isArray(v) && strings[i].match(/\sin\s*$/i)) values[i] = { list: v.map(cxn4) }
     return cql + strings[i] + (v instanceof cds.entity ? v.name : ':'+i)
   },'') + strings.at(-1)
   const cqn = parse (cql) //; cqn.$params = values

package/lib/compile/to/csn.js

@@ -26,8 +26,12 @@ function cds_compile_to_csn (model, options, _flavor) {
   else return _finalize (cdsc.compileSources(model,o))                 //> compile CDL sources
 
   function _finalize (csn) {
-    // REVISIT: experimental implementation to automatically add aspect FlowHistory
-    if (cds.env.features.history_for_flows) cds.compile.for.flows(csn)
+    // REVISIT: should move into compiler
+    if (cds.env.features.compile_for_assert) cds.compile.for.assert(csn)
+
+    // REVISIT: should move into compiler
+    csn = cds.compile.for.flows(csn)
+
     if (o.min) csn = cds.minify(csn)
     // REVISIT: experimental implementation to detect external APIs
     for (let each in csn.definitions) {

package/lib/compile/to/edm.js

@@ -41,7 +41,7 @@ function cds_compile_to_edmx (csn,_o) {
     let result
     const next = () => {
       if (!result) {
-        if (cds.env.features.compile_for_flows) enhanceCSNwithFlowAnnotations4FE(csn)
+        if (cds.env.features.annotate_for_flows) enhanceCSNwithFlowAnnotations4FE(csn)
         result = o.service === 'all' ? _many('.xml', cdsc.to.edmx.all(csn, o)) : cdsc.to.edmx(csn, o)
       }
       return result

package/lib/compile/to/yaml.js

@@ -29,9 +29,16 @@ module.exports = function _2yaml (object, {limit=111}={}) {
     if (typeof o === 'string') {
       if (o.indexOf('\n')>=0) return '|'+'\n'+indent+ o.replace(/\n/g,'\n'+indent)
       let s = o.trim()
-      return !s || /^[\^@#:,=!<>*+-/|]/.test(s) || /:\s/.test(o) ? '"'+ o.replace(/\\/g,'\\\\') +'"'  :  s
+      return !s || _needs_quoting(s) ? '"'+ o.replace(/\\/g,'\\\\') +'"'  :  s
     }
     if (typeof o === 'function') return
     else return o
   }
 }
+
+
+const _needs_quoting = s => {
+  if (/^[\^@#:,=!<>*+\-/|]/.test(s)) return true
+  if (/[{},[\]]/.test(s)) return true
+  if (/:\s/.test(s)) return true
+}

package/lib/dbs/cds-deploy.js

@@ -113,8 +113,8 @@ deploy.schema = async function (db, csn = db.model, o) {
   if (!drops.length && !creas.length) return !o.dry
 
   if (schema_log) {
-    schema_log.log(); for (let each of drops) schema_log.log(each)
-    schema_log.log(); for (let each of creas) schema_log.log(each, '\n')
+    schema_log.log(); for (let each of drops) { schema_log.log(each) }
+    schema_log.log(); for (let each of creas) { schema_log.log(each); schema_log.log(); }
   }
   if (o.dry)  return
 

package/lib/env/cds-env.js

@@ -293,16 +293,26 @@ class Config {
     }
   }
 
-  _add_cloud_service_bindings({ VCAP_SERVICES, SERVICE_BINDING_ROOT }) {
+  _add_cloud_service_bindings({ VCAP_SERVICES, VCAP_SERVICES_FILE_PATH, SERVICE_BINDING_ROOT }) {
     let bindings, bindingsSource
 
     if (!this.requires)  return
-    if (VCAP_SERVICES && !(this.features && this.features.vcaps == false)) {
+    if (this.features?.vcaps === false)  return
+
+    if (VCAP_SERVICES_FILE_PATH) {
+      try {
+        bindings = JSON.parse (fs.readFileSync(VCAP_SERVICES_FILE_PATH,'utf-8'))
+        bindingsSource = VCAP_SERVICES_FILE_PATH
+      } catch(e) {
+        throw new Error ('[cds.env] - failed to read/parse VCAP_SERVICES_FILE_PATH', {cause: e})
+      }
+    }
+    else if (VCAP_SERVICES) {
       try {
         bindings = JSON.parse(VCAP_SERVICES)
         bindingsSource = 'process.env.VCAP_SERVICES'
       } catch(e) {
-        throw new Error ('[cds.env] - failed to parse VCAP_SERVICES:\n  '+ e.message)
+        throw new Error ('[cds.env] - failed to parse VCAP_SERVICES', {cause: e})
       }
     }
 
@@ -316,7 +326,7 @@ class Config {
         const any = this._add_vcap_services_to(bindings)
         if (any)  this._sources.push(bindingsSource)
       } catch(e) {
-        throw new Error(`[cds.env] - failed to add service bindings from ${bindingsSource}:\n ${e.message}`);
+        throw new Error(`[cds.env] - failed to add service bindings from ${bindingsSource}`, {cause: e});
       }
     }
   }

package/lib/env/defaults.js

@@ -27,6 +27,7 @@ module.exports = {
     'odata-v2' : { path: '/odata/v2' },
     'rest' : { path: '/rest' },
     'hcql' : { path: '/hcql' },
+    'data.product' : null, // data products are not http-served protocols
   },
 
   features: {
@@ -46,6 +47,9 @@ module.exports = {
     precise_timestamps: false,
     ieee754compatible: undefined,
     consistent_params: true, //> remove with cds^10
+    annotate_for_flows: true,
+    history_for_flows: true,
+    compile_for_assert: undefined,
     // compat for db
     get string_decimals() { return this.ieee754compatible }
   },
@@ -57,7 +61,8 @@ module.exports = {
     wrap_multiple_errors: true,
     draft_lock_timeout: true,
     draft_deletion_timeout: true,
-    draft_messages: true
+    draft_messages: true,
+    draft_new_action: false
   },
 
   ql: {

package/lib/i18n/localize.js

@@ -85,7 +85,7 @@ exports.edmx = edmx => {
 
 exports.json = json => {
   if (typeof json === 'object') json = JSON.stringify(json)
-  const _json_replacer = s => s?.replace(/"/g, '\\"')
+  const _json_replacer = s => s && JSON.stringify(s).slice(1,-1)
   return localize(json) .using (_json_replacer)
 }
 

package/lib/index.js

@@ -116,13 +116,13 @@ const cds = exports = module.exports = global.cds = new class cds extends EventE
   tx         (..._) { return (this.db || this.txs).tx(..._) }
   run        (..._) { return (this.db || typeof _[0] === 'function' && this.txs || this.error._no_primary_db).run(..._) }
   foreach    (..._) { return (this.db || this.error._no_primary_db).foreach(..._) }
-  read       (..._) { return (this.db || this.error._no_primary_db).read(..._) }
-  create     (..._) { return (this.db || this.error._no_primary_db).create(..._) }
-  insert     (..._) { return (this.db || this.error._no_primary_db).insert(..._) }
-  update     (..._) { return (this.db || this.error._no_primary_db).update(..._) }
-  upsert     (..._) { return (this.db || this.error._no_primary_db).upsert(..._) }
-  delete     (..._) { return (this.db || this.error._no_primary_db).delete(..._) }
-  disconnect (..._) { return (this.db || this.error._no_primary_db).disconnect(..._) }
+  read       (..._) { return this.ql.SELECT(..._) }
+  create     (..._) { return this.ql.INSERT.into(..._) }
+  insert     (..._) { return this.ql.INSERT(..._) }
+  upsert     (..._) { return this.ql.UPSERT(..._) }
+  update     (..._) { return this.ql.UPDATE.entity(..._) }
+  delete     (..._) { return this.ql.DELETE.from(..._) }
+  disconnect (..._) { return this.db?.disconnect(..._) }
 
   // Deprecated stuff to be removed in upcomming releases...
   /** @deprecated */ get lazified() { return this.lazify }

package/lib/req/event.js

@@ -8,3 +8,7 @@ class EventMessage extends EventContext {}
 
 module.exports = exports = EventMessage
 exports.Context = EventContext
+
+exports.CRUD_EVENTS = { CREATE: 1, READ: 1, UPDATE: 1, DELETE: 1 }
+exports.DRAFT_EVENTS = { NEW: 1, SAVE: 1, PATCH: 1, DISCARD: 1, EDIT: 1 }
+exports.WELL_KNOWN_EVENTS = { ...exports.CRUD_EVENTS, ...exports.DRAFT_EVENTS }

package/lib/req/validate.js

@@ -1,5 +1,7 @@
 const cds = require('..')
 
+const { WELL_KNOWN_EVENTS } = require('./event')
+
 /** Validates given input data against a request target definition.
  * @param {entity} target the linked definition to check against, usually an entity definition
  * @returns {Error[]|undefined} an array of errors or undefined if no errors occurred
@@ -243,6 +245,7 @@ class entity extends struct {
 /** Actions are struct-like, with their parameters as elements to validate. */
 class action extends struct {
   validate (data, path, ctx) {
+    if (this.name in WELL_KNOWN_EVENTS) return
     super.validate (data, path, ctx, this.params || {})
   }
 

package/lib/srv/cds.Service.js

@@ -175,7 +175,8 @@ class Service extends ReflectionAPI {
     this._resolve.transitions = (query, abortCondition, skipForbiddenViewCheck) => {
       const target = query && typeof query === 'object' ? cds.infer.target(query) || query?._target : undefined
       const _tx = typeof tx === 'function' ? cds.context?.tx : this
-      return getTransition(target, _tx, skipForbiddenViewCheck, undefined, {
+      const event = query?.INSERT ? 'INSERT' : query?.UPDATE ? 'UPDATE' : query?.DELETE ? 'DELETE' : undefined
+      return getTransition(target, _tx, skipForbiddenViewCheck, event, {
         abort: abortCondition ?? (this.isDatabaseService ? this.resolve._abortDB : _defaultAbort(this))
       })
     }

package/lib/srv/middlewares/auth/ias-auth.js

@@ -12,14 +12,12 @@ const {
 
 module.exports = function ias_auth(config) {
   // cds.env.requires.auth.known_claims is not an official config!
-  const { kind, credentials, config: serviceConfig = {}, known_claims = KNOWN_CLAIMS } = config
+  const { kind, credentials, config: serviceConfig = {}, known_claims = KNOWN_CLAIMS, xsuaa = 'xsuaa' } = config
   const skipped_attrs = known_claims.reduce((a, x) => ((a[x] = 1), a), {})
 
   if (!credentials)
-    throw new Error(
-      `Authentication kind "${kind}" configured, but no IAS instance bound to application. ` +
-        'Either bind an IAS instance, or switch to an authentication kind that does not require a binding.'
-    )
+    cds.error(`Authentication kind "${kind}" configured, but no IAS instance bound to application. ` +
+        'Either bind an IAS instance, or switch to an authentication kind that does not require a binding.')
 
   // enable signature cache by default
   serviceConfig.validation ??= {}
@@ -56,8 +54,8 @@ module.exports = function ias_auth(config) {
   // xsuaa fallback allows to also accept XSUAA tokens during migration to IAS
   // automatically enabled if xsuaa credentials are available
   let xsuaa_service, xsuaa_user_factory
-  if (cds.env.requires.xsuaa?.credentials) {
-    const { credentials: xsuaa_credentials, config: xsuaa_serviceConfig = {} } = cds.env.requires.xsuaa
+  if (cds.env.requires[xsuaa]?.credentials) {
+    const { credentials: xsuaa_credentials, config: xsuaa_serviceConfig = {} } = cds.env.requires[xsuaa]
     xsuaa_service = new XsuaaService(xsuaa_credentials, xsuaa_serviceConfig)
     const get_xsuaa_user_factory = require('./jwt-auth')._get_user_factory
     xsuaa_user_factory = get_xsuaa_user_factory(xsuaa_credentials, xsuaa_credentials.xsappname, 'xsuaa')

package/lib/srv/middlewares/auth/index.js

@@ -17,7 +17,7 @@ for (let b in _builtin)  _builtin[b+'-auth'] = _builtin[b]
 module.exports = function auth_factory (o) {
 
   // prepare options
-  const options = { ...o, ...cds.requires.auth }
+  const options = { ...cds.requires.auth, ...o }
   let { kind, impl } = options
 
   // if no impl is given, it's a built-in strategy

package/lib/srv/protocols/index.js

@@ -29,6 +29,7 @@ class Protocols {
       if (typeof p === 'string') p = { path:p }
       if (merge) p = { ...protocols[kind], ...p }
       if (!p.impl) p.impl = './'+kind
+      if (!p.path) return p
       if (!p.path.startsWith('/')) p.path = '/'+p.path
       if (p.path.endsWith('/')) p.path = p.path.slice(0,-1)
       return p
@@ -108,7 +109,7 @@ class Protocols {
     else {
       annos=[]; for (let kind in this) {
         let path = def['@'+kind] || def['@protocol.'+kind]
-        if (path) annos.push ({ kind, path })
+        if (path) annos.push ({ kind, path: typeof path === 'string' ? path : undefined })
       }
     }
     // no annotations at all -> use default protocol
@@ -116,11 +117,11 @@ class Protocols {
 
     // canonicalize to { kind, path } objects
     const endpoints = annos.map (each => {
-      let { kind = each['='] || each, path } = each
-      if (!(kind in this))
-        return cds.log('adapters').warn ('ignoring unknown protocol:', kind)
-      if (typeof path !== 'string') path = o?.at || o?.path || def['@path'] || _slugified(srv.name)
-      if (path[0] !== '/') path = this[kind].path + '/' + path // prefix with protocol path
+      let { kind = each['='] || each, path } = each, protocol = this[kind]
+      if (protocol == undefined)  return cds.log('adapters') .warn ('ignoring unknown protocol:', kind)
+      if (protocol.path == undefined) return // a pseudo-protocol, not served to http, e.g. data.product
+      if (!path) path = o?.at || o?.path || def['@path'] || _slugified(srv.name)
+      if (path[0] !== '/') path = protocol.path + '/' + path // prefix with protocol path
       return { kind, path }
     }) .filter (e => e) //> skipping unknown protocols
 

package/lib/srv/srv-handlers.js

@@ -108,6 +108,13 @@ class EventHandlers {
 
     // Finally register with a filter function to match requests to be handled
     const handlers = event === 'error' ? this._error : handler._initial ? this._initial : this[phase] // REVISIT: remove _initial handlers
+
+    // REVISIT: remove compat flag with cds^10
+    if (!cds.env.features.async_handler_compat && (phase === 'before' && !handler._initial || phase === 'after') && handler.constructor.name !== 'AsyncFunction') {
+      const originalHandler = handler
+      handler = async function (...args) { return originalHandler.call(this, ...args) }
+    }
+
     handlers.push (new EventHandler (phase, event, path, handler))
 
     if (phase === 'on') cds.emit('subscribe',srv,event) //> inform messaging service

package/libx/_runtime/common/Service.js

@@ -59,6 +59,10 @@ class ApplicationService extends cds.Service {
     return require('./generic/flows')
   }
 
+  static get handle_assert() {
+    return require('./generic/assert')
+  }
+
   // Overload .handle in order to resolve projections up to a definition that is known by the remote service instance.
   // Result is post processed according to the inverse projection in order to reflect the correct result of the original query.
   async handle(req) {
@@ -66,7 +70,7 @@ class ApplicationService extends cds.Service {
     if (!this._requires_resolving?.(req)) return super.handle(req)
     // rewrite the query to a target entity served by this service...
     const query = this.resolve(req.query)
-    if (!query) throw new Error(`Target ${req.target.name} cannot be resolved for service ${this.name}`)
+    if (!query) cds.error`Target ${req.target.name} cannot be resolved for service ${this.name}`
     const target = query._target || req.target
     // we need to provide target explicitly because it's cached within ensure_target
     const _req = new cds.Request({ query, target, _resolved: true })

package/libx/_runtime/common/constants/events.js

@@ -1,3 +1,4 @@
+// REVISIT: merge with cds/lib/req/event.js
 exports.MOD_EVENTS = { UPDATE: 1, DELETE: 1, EDIT: 1 }
 exports.WRITE_EVENTS = { CREATE: 1, NEW: 1, PATCH: 1, CANCEL: 1, ...exports.MOD_EVENTS }
 exports.CRUD_EVENTS = { READ: 1, ...exports.WRITE_EVENTS }

package/libx/_runtime/common/generic/assert.js

@@ -0,0 +1,220 @@
+const cds = require('@sap/cds')
+const getTemplate = require('../utils/template')
+const templatePathSerializer = require('../utils/templateProcessorPathSerializer')
+
+const $has_asserts = Symbol.for('has_asserts')
+
+const { compileUpdatedDraftMessages } = require('../../fiori/lean-draft')
+
+const _serialize = obj =>
+  JSON.stringify(
+    Object.keys(obj)
+      .sort()
+      .reduce((a, k) => ((a[k] = obj[k]), a), {})
+  )
+
+const _bufferReviver = (key, value) => {
+  if (value && typeof value === 'object' && value.type === 'Buffer' && Array.isArray(value.data)) {
+    return Buffer.from(value.data)
+  }
+  return value
+}
+
+module.exports = cds.service.impl(async function () {
+  this.after(['INSERT', 'UPSERT', 'UPDATE'], async (res, req) => {
+    if (!($has_asserts in req.target)) {
+      let has_asserts = false
+      for (const each in req.target.elements) {
+        const element = req.target.elements[each]
+        if (element['@assert']) {
+          has_asserts = true
+          break
+        }
+      }
+      req.target[$has_asserts] = has_asserts
+    }
+
+    if (!cds.context?.tx || !req.target[$has_asserts]) return
+
+    const IS_DRAFT_ENTITY = req.target.isDraft
+
+    if (req.event === 'CREATE' && IS_DRAFT_ENTITY) return
+
+    let touched
+    if (cds.env.features.assert_touched_only !== false && IS_DRAFT_ENTITY && req.event === 'UPDATE')
+      touched = Object.keys(res).filter(k => !(k in req.target.keys))
+
+    const template = getTemplate('assert', this, req.target, {
+      pick: element => element['@assert'],
+      ignore: element => element.isAssociation && !element.isComposition
+    })
+
+    if (!cds.context.tx.changes) {
+      cds.context.tx.changes = {}
+
+      req.before('commit', async function () {
+        const { changes } = cds.context.tx
+
+        const errors = []
+
+        for (const [entityName, serializedChanges] of Object.entries(changes)) {
+          if (!serializedChanges.size) continue
+
+          const deserializedChanges = Array.from(serializedChanges).map(([k, v]) => [JSON.parse(k, _bufferReviver), v])
+
+          const entity = cds.model.definitions[entityName]
+          const IS_DRAFT_ENTITY = entity.isDraft
+
+          // Cache assert query on entity
+          if (!Object.hasOwn(entity, 'assert')) {
+            const asserts = []
+
+            for (const element of Object.values(entity.elements)) {
+              if (element._foreignKey4) continue
+              if (element.isAssociation && !element.isComposition) continue
+
+              const assert = element['@assert']
+              if (!assert) continue
+
+              // replace $self with $main
+              const xpr = JSON.parse(JSON.stringify(assert.xpr).replace(/\$self/g, '$main'))
+
+              asserts.push({ xpr, as: '@assert:' + element.name })
+            }
+
+            entity.assert = cds.ql.SELECT([...Object.keys(entity.keys), ...asserts]).from(entity)
+          }
+
+          const query = cds.ql.clone(entity.assert)
+
+          // Select only rows with changes
+          const keyNames = Object.keys(entity.keys).filter(
+            k => !entity.keys[k].virtual && !entity.keys[k].isAssociation
+          )
+          const keyMap = Object.fromEntries(keyNames.map(k => [k, true]))
+
+          query.where([
+            { list: keyNames.map(k => ({ ref: [k] })) },
+            'in',
+            { list: deserializedChanges.map(([keyKV]) => ({ list: keyNames.map(k => ({ val: keyKV[k] })) })) }
+          ])
+
+          const results = await query
+
+          for (const row of results) {
+            const keyColumns = Object.fromEntries(Object.entries(row).filter(([k]) => k in keyMap))
+            const { touched, req, pathSegmentsInfo } = serializedChanges.get(_serialize(keyColumns))
+            const failedColumns = Object.entries(row)
+              .filter(([k, v]) => v !== null && !(k in keyMap))
+              .map(([k, v]) => [k.replace(/^@assert:/, ''), v])
+
+            if (failedColumns.length === 0) continue
+
+            const failedAsserts = failedColumns.map(([element, message]) => {
+              const error = {
+                code: 'ASSERT',
+                target: element,
+                numericSeverity: 4,
+                '@Common.numericSeverity': 4
+              }
+
+              // if error function was used in @assert expression -> use its output
+              try {
+                // Depending on DB, function result may be JavaScript Object or JSON String
+                const parsed = typeof message === 'string' ? JSON.parse(message) : message
+                Object.assign(error, parsed)
+                if (Array.isArray(error.targets)) {
+                  const target = error.targets.at(0)
+                  const additionalTargets = error.targets.slice(1)
+                  if (target) error.target = target
+                  if (additionalTargets.length) error.additionalTargets = additionalTargets
+                }
+                delete error.targets
+              } catch {
+                error.message = message
+              }
+
+              return error
+            })
+
+            if (IS_DRAFT_ENTITY) {
+              const draft = await SELECT.one
+                .from({ ref: [req.subject.ref[0]] })
+                .columns('DraftAdministrativeData_DraftUUID', 'DraftAdministrativeData.DraftMessages')
+              const persistedMessages = draft.DraftAdministrativeData_DraftMessages || []
+
+              // keep all messages that have targets that were touched in this change
+              const newMessages = touched
+                ? failedAsserts.filter(a => {
+                    const targets = [a.target].concat(a.additionalTargets || [])
+                    return touched.some(t => targets.includes(t))
+                  })
+                : failedAsserts
+
+              const nextDraftMessages = compileUpdatedDraftMessages(
+                newMessages,
+                persistedMessages,
+                req.data,
+                req.subject.ref
+              )
+
+              await UPDATE('DRAFT.DraftAdministrativeData')
+                .set({ DraftMessages: nextDraftMessages })
+                .where({ DraftUUID: draft.DraftAdministrativeData_DraftUUID })
+            } else {
+              const isDraftAction = req._.event?.startsWith('draft')
+              const prefix = templatePathSerializer('', pathSegmentsInfo)
+              failedAsserts.forEach(err => {
+                err.target = (isDraftAction ? 'in/' : '') + prefix + err.target
+              })
+
+              errors.push(...failedAsserts)
+            }
+          }
+        }
+
+        if (errors.length) {
+          if (errors.length === 1) throw errors[0]
+          const err = new cds.error('MULTIPLE_ERRORS', { details: errors })
+          delete err.stack
+          throw err
+        }
+      })
+    }
+
+    const templateProcessOptions = {
+      pathSegmentsInfo: [],
+      includeKeyValues: true
+    }
+    if (req._.event?.startsWith('draft')) {
+      const IsActiveEntity = req.data.IsActiveEntity || false
+      templateProcessOptions.draftKeys = { IsActiveEntity }
+    }
+    // Collect entity keys and their values of changed rows
+    template.process(
+      req.data,
+      elementInfo => {
+        const { row, target, pathSegmentsInfo } = elementInfo
+        const targetName = target.name
+
+        cds.context.tx.changes[targetName] ??= new Map()
+
+        const keys = {}
+        for (const key in target.keys) {
+          if (key === 'IsActiveEntity') continue
+          if (!(key in row)) continue
+          keys[key] = row[key]
+        }
+
+        if (!Object.keys(keys).length) return
+
+        const serialized = _serialize(keys)
+        const changes = cds.context.tx.changes[targetName]
+        if (changes.has(serialized)) return
+
+        changes.set(serialized, { touched, req, pathSegmentsInfo: [...pathSegmentsInfo] })
+      },
+      templateProcessOptions
+    )
+  })
+})