@sap/cds 9.6.4 → 9.7.1

package/libx/odata/middleware/batch.js

@@ -9,7 +9,7 @@ const { URL } = require('url')
 const multipartToJson = require('../parse/multipartToJson')
 const { getBoundary } = require('../utils')
 
-const { normalizeError } = require('./error')
+const { odataError } = require('./error')
 
 const HTTP_METHODS = { GET: 1, POST: 1, PUT: 1, PATCH: 1, DELETE: 1 }
 const CT = { JSON: 'application/json', MULTIPART: 'multipart/mixed' }
@@ -120,6 +120,34 @@ const _validateBatch = body => {
   return ids
 }
 
+/*
+ * lookalike
+ */
+
+let error_mws
+const _getNextForLookalike = lookalike => {
+  error_mws ??= cds.middlewares.after.filter(mw => mw.length === 4) // error middleware has 4 params
+  return err => {
+    let _err = err
+    let _next_called
+    const _next = e => {
+      _err = e
+      _next_called = true
+    }
+    for (const mw of error_mws) {
+      _next_called = false
+      mw(_err, lookalike.req, lookalike.res, _next)
+      if (!_next_called) break //> next chain was interrupted -> done
+    }
+    if (_next_called) {
+      // here, final error middleware called next (which actually shouldn't happen!)
+      if (_err.statusCode) lookalike.res.status(_err.statusCode)
+      if (typeof _err === 'object') lookalike.res.json({ error: _err })
+      else lookalike.res.send(_err)
+    }
+  }
+}
+
 // REVISIT: Why not simply use {__proto__:req, ...}?
 const _createExpressReqResLookalike = (request, _req, _res) => {
   const { id, method, url } = request
@@ -165,6 +193,59 @@ const _createExpressReqResLookalike = (request, _req, _res) => {
   return ret
 }
 
+/*
+ * multipart/mixed response
+ */
+
+const _formatResponseMultipart = request => {
+  const { res: response } = request
+  const content_id = request.req?.headers['content-id']
+
+  let txt = `content-type: application/http${CRLF}content-transfer-encoding: binary${CRLF}`
+  if (content_id) txt += `content-id: ${content_id}${CRLF}`
+  txt += CRLF
+  txt += `HTTP/1.1 ${response.statusCode} ${STATUS_CODES[response.statusCode]}${CRLF}`
+
+  // REVISIT: tests require specific sequence
+  const headers = {
+    ...response.getHeaders(),
+    ...(response.statusCode !== 204 && { 'content-type': 'application/json;odata.metadata=minimal' })
+  }
+  delete headers['content-length'] //> REVISIT: expected by tests
+
+  for (const key in headers) {
+    txt += key + ': ' + headers[key] + CRLF
+  }
+  txt += CRLF
+
+  const _tryParse = x => {
+    try {
+      return JSON.parse(x)
+    } catch {
+      return x
+    }
+  }
+
+  if (response._chunk) {
+    const chunk = _tryParse(response._chunk)
+    if (chunk && typeof chunk === 'object') {
+      let meta = [],
+        data = []
+      for (const [k, v] of Object.entries(chunk)) {
+        if (k.startsWith('@')) meta.push(`"${k}":${typeof v === 'string' ? `"${v.replaceAll('"', '\\"')}"` : v}`)
+        else data.push(JSON.stringify({ [k]: v }).slice(1, -1))
+      }
+      const _json_as_txt = '{' + meta.join(',') + (meta.length && data.length ? ',' : '') + data.join(',') + '}'
+      txt += _json_as_txt
+    } else {
+      txt += chunk
+      txt = txt.replace('content-type: application/json;odata.metadata=minimal', 'content-type: text/plain')
+    }
+  }
+
+  return [txt]
+}
+
 const _writeResponseMultipart = (responses, res, rejected, group, boundary) => {
   res.write(`--${boundary}${CRLF}`)
 
@@ -185,6 +266,38 @@ const _writeResponseMultipart = (responses, res, rejected, group, boundary) => {
   }
 }
 
+/*
+ * application/json response
+ */
+
+const _formatStatics = {
+  comma: ','.charCodeAt(0),
+  body: Buffer.from('"body":'),
+  close: Buffer.from('}')
+}
+
+const _formatResponseJson = (request, atomicityGroup) => {
+  const { id, res: response } = request
+
+  const chunk = {
+    id,
+    status: response.statusCode,
+    headers: {
+      ...response.getHeaders(),
+      'content-type': 'application/json' //> REVISIT: why?
+    }
+  }
+  if (atomicityGroup) chunk.atomicityGroup = atomicityGroup
+  const raw = Buffer.from(JSON.stringify(chunk))
+
+  // body?
+  if (!response._chunk) return [raw]
+
+  // change last "}" into ","
+  raw[raw.byteLength - 1] = _formatStatics.comma
+  return [raw, _formatStatics.body, response._chunk, _formatStatics.close]
+}
+
 const _writeResponseJson = (responses, res) => {
   for (const resp of responses) {
     if (resp.separator) res.write(resp.separator)
@@ -192,37 +305,25 @@ const _writeResponseJson = (responses, res) => {
   }
 }
 
-let error_mws
-const _getNextForLookalike = lookalike => {
-  error_mws ??= cds.middlewares.after.filter(mw => mw.length === 4) // error middleware has 4 params
-  return err => {
-    let _err = err
-    let _next_called
-    const _next = e => {
-      _err = e
-      _next_called = true
-    }
-    for (const mw of error_mws) {
-      _next_called = false
-      mw(_err, lookalike.req, lookalike.res, _next)
-      if (!_next_called) break //> next chain was interrupted -> done
-    }
-    if (_next_called) {
-      // here, final error middleware called next (which actually shouldn't happen!)
-      if (_err.statusCode) lookalike.res.status(_err.statusCode)
-      if (typeof _err === 'object') lookalike.res.json({ error: _err })
-      else lookalike.res.send(_err)
-    }
-  }
-}
+/*
+ * process
+ */
+
+const _txs = {}
+cds.once('shutdown', () => Promise.all(Object.values(_txs).map(tx => tx.rollback().catch(() => {}))))
 
 // REVISIT: This looks frightening -> need to review
 const _transaction = async srv => {
   return new Promise(res => {
     const ret = {}
     const _tx = (ret._tx = srv.tx(
-      async () =>
+      async tx =>
         (ret.promise = new Promise((resolve, reject) => {
+          // ensure rollback on shutdown so the db can disconnect
+          const _id = cds.utils.uuid()
+          _txs[_id] = tx
+          tx.context.on('done', () => delete _txs[_id])
+
           const proms = []
           // It's important to run `makePromise` in the current execution context (cb of srv.tx),
           // otherwise, it will use a different transaction.
@@ -258,7 +359,7 @@ const _tx_done = async (tx, responses, isJson) => {
     // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
     rejected = 'rejected'
     // construct commit error (without modifying original error)
-    const error = normalizeError(Object.create(e), {
+    const error = odataError(Object.create(e), {
       get locale() {
         return cds.context.locale
       },
@@ -463,7 +564,7 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
 }
 
 /*
- * multipart/mixed
+ * exports
  */
 
 const _multipartBatch = async (srv, router, req, res, next) => {
@@ -479,91 +580,6 @@ const _multipartBatch = async (srv, router, req, res, next) => {
   }
 }
 
-const _formatResponseMultipart = request => {
-  const { res: response } = request
-  const content_id = request.req?.headers['content-id']
-
-  let txt = `content-type: application/http${CRLF}content-transfer-encoding: binary${CRLF}`
-  if (content_id) txt += `content-id: ${content_id}${CRLF}`
-  txt += CRLF
-  txt += `HTTP/1.1 ${response.statusCode} ${STATUS_CODES[response.statusCode]}${CRLF}`
-
-  // REVISIT: tests require specific sequence
-  const headers = {
-    ...response.getHeaders(),
-    ...(response.statusCode !== 204 && { 'content-type': 'application/json;odata.metadata=minimal' })
-  }
-  delete headers['content-length'] //> REVISIT: expected by tests
-
-  for (const key in headers) {
-    txt += key + ': ' + headers[key] + CRLF
-  }
-  txt += CRLF
-
-  const _tryParse = x => {
-    try {
-      return JSON.parse(x)
-    } catch {
-      return x
-    }
-  }
-
-  if (response._chunk) {
-    const chunk = _tryParse(response._chunk)
-    if (chunk && typeof chunk === 'object') {
-      let meta = [],
-        data = []
-      for (const [k, v] of Object.entries(chunk)) {
-        if (k.startsWith('@')) meta.push(`"${k}":${typeof v === 'string' ? `"${v.replaceAll('"', '\\"')}"` : v}`)
-        else data.push(JSON.stringify({ [k]: v }).slice(1, -1))
-      }
-      const _json_as_txt = '{' + meta.join(',') + (meta.length && data.length ? ',' : '') + data.join(',') + '}'
-      txt += _json_as_txt
-    } else {
-      txt += chunk
-      txt = txt.replace('content-type: application/json;odata.metadata=minimal', 'content-type: text/plain')
-    }
-  }
-
-  return [txt]
-}
-
-/*
- * application/json
- */
-
-const _formatStatics = {
-  comma: ','.charCodeAt(0),
-  body: Buffer.from('"body":'),
-  close: Buffer.from('}')
-}
-
-const _formatResponseJson = (request, atomicityGroup) => {
-  const { id, res: response } = request
-
-  const chunk = {
-    id,
-    status: response.statusCode,
-    headers: {
-      ...response.getHeaders(),
-      'content-type': 'application/json' //> REVISIT: why?
-    }
-  }
-  if (atomicityGroup) chunk.atomicityGroup = atomicityGroup
-  const raw = Buffer.from(JSON.stringify(chunk))
-
-  // body?
-  if (!response._chunk) return [raw]
-
-  // change last "}" into ","
-  raw[raw.byteLength - 1] = _formatStatics.comma
-  return [raw, _formatStatics.body, response._chunk, _formatStatics.close]
-}
-
-/*
- * exports
- */
-
 module.exports = adapter => {
   const { router, service } = adapter
   const textBodyParser = express.text({

package/libx/odata/middleware/delete.js

@@ -38,7 +38,8 @@ module.exports = adapter => {
     const headers = { ...cds.context.http.req.headers, ...req.headers }
 
     // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
-    const cdsReq = adapter.request4({ query, data, headers, params, req, res })
+    // for UPDATE: data is already provided via query
+    const cdsReq = adapter.request4({ query, data: query.DELETE ? data : undefined, headers, params, req, res })
 
     // NOTES:
     // - only via srv.run in combination with srv.dispatch inside,

package/libx/odata/middleware/error.js

@@ -4,12 +4,16 @@ const { shutdown_on_uncaught_errors } = cds.env.server
 exports = module.exports = () =>
   function odata_error(err, req, res, next) {
     if (exports.pass_through(err)) return next(err)
-    else req._is_odata = true
-    if (err.details) err = _fioritized(err)
-    exports.normalizeError(err, req)
+    exports.odataError(err, req)
     return next(err)
   }
 
+exports.odataError = (err, req) => {
+  req._is_odata = true
+  if (err.details) err = _fioritized(err)
+  return exports.normalizeError(err, req)
+}
+
 exports.pass_through = err => {
   if (err == 401 || err.code == 401) return true
   if (shutdown_on_uncaught_errors && !(err.status || err.statusCode) && cds.error.isSystemError(err)) return true

package/libx/odata/parse/afterburner.js

@@ -14,11 +14,13 @@ const RELAXED_UUID_REGEX = /^[0-9a-z]{8}-?[0-9a-z]{4}-?[0-9a-z]{4}-?[0-9a-z]{4}-
 let _isRelevantKey
 
 function _getDefinition(definition, name, namespace) {
-  return (
-    definition?.definitions?.[name] ||
-    definition?.elements?.[name] ||
-    (definition.actions && (definition.actions[name] || definition.actions[name.replace(namespace + '.', '')]))
-  )
+  const def =
+    definition.definitions?.[name] ??
+    definition.elements?.[name] ??
+    definition.actions?.[name] ??
+    definition.actions?.[name.replace(namespace + '.', '')]
+
+  if (def && !def['@cds.api.ignore']) return def
 }
 
 function _resolveAliasesInRef(ref, target) {
@@ -150,7 +152,7 @@ function _convertVal(value, element) {
     case 'cds.Integer':
     case 'cds.Int16':
     case 'cds.Int32':
-      if (!/^-?\+?\d+$/.test(value)) {
+      if (!/^[+-]?\d+$/.test(value)) {
         const msg = `Element "${element.name}" does not contain a valid Integer`
         cds.error({ status: 400, message: msg })
       }
@@ -238,7 +240,7 @@ const _getDataFromParams = (params, operation) => {
       return acc
     }, {})
   } catch (e) {
-    throw Object.assign(e, { statusCode: 400, internal: e.message, message: 'Malformed parameters' })
+    cds.error(400, `Malformed Parameters`, { stack: e.stack, internal: e.message })
   }
 }
 
@@ -452,10 +454,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
       } else if (current.isAssociation) {
         if (current._target._service !== _get_service_of(target)) {
           // not exposed target
-          cds.error({
-            status: 400,
-            message: `Property "${current.name}" does not exist in "${target.name.replace(namespace + '.', '')}"`
-          })
+          _doesNotExistError(false, current.name, target.name.replace(namespace + '.', ''), current.kind)
         }
 
         // > navigation

package/libx/odata/parse/grammar.peggy

@@ -339,13 +339,15 @@
             throw err
           }
           if (info.nodes?.length !== 1 || !info.nodes[0].filter) _throw()
+          // remove superfluous brackets
+          while (info.nodes[0].filter.length === 1 && info.nodes[0].filter[0]?.xpr)
+            info.nodes[0].filter = info.nodes[0].filter[0].xpr
           const rIdx = info.nodes[0].filter.findIndex(e => e.ref?.[0] === info.id)
-          if (!rIdx === -1) _throw()
+          if (rIdx === -1) _throw()
           const op = info.nodes[0].filter[rIdx + 1]
           const val = info.nodes[0].filter[rIdx + 2]?.val
           // ignore additional filters (like `IsActiveEntity`?)
           if (op !== '=' || !val) _throw()
-
           const endVal = info.distance && direction * info.distance
           const distance = Number.isInteger(endVal) ? endVal : null
           const where = [{ func: 'DistanceTo', args: [{ val }, { val: distance }] }]