@sap/cds 9.7.1 → 9.8.0

package/libx/odata/middleware/batch.js

@@ -1,6 +1,5 @@
 const cds = require('../../../')
 
-const { AsyncResource } = require('async_hooks')
 const express = require('express')
 const { STATUS_CODES } = require('http')
 const qs = require('querystring')
@@ -16,7 +15,7 @@ const CT = { JSON: 'application/json', MULTIPART: 'multipart/mixed' }
 const CRLF = '\r\n'
 
 /*
- * common
+ * deconstruct and validate
  */
 
 const _deserializationError = message => cds.error({ status: 400, message: `Deserialization Error: ${message}` })
@@ -34,22 +33,30 @@ const _validateProperty = (name, value, type) => {
   }
 }
 
-const _validateBatch = body => {
+const _deconstructAndValidateBatchBody = body => {
   const { requests } = body
 
   _validateProperty('requests', requests, 'Array')
-
+  if (!requests.length) cds.error({ status: 400, message: 'There must be at least one request' })
   if (requests.length > cds.env.odata.batch_limit) cds.error({ status: 429, message: 'BATCH_TOO_MANY_REQ' })
 
   const ids = {}
+  const atomicityGroups = []
 
   let previousAtomicityGroup
-  requests.forEach((request, i) => {
+
+  for (let i = 0; i < requests.length; i++) {
+    const request = requests[i]
+
     if (typeof request !== 'object')
       throw _deserializationError(`Element of 'requests' array at index ${i} must be type of 'object'.`)
 
     const { id, method, url, body, atomicityGroup } = request
 
+    if (atomicityGroup && atomicityGroups.length && atomicityGroup === atomicityGroups.at(-1)[0]?.atomicityGroup)
+      atomicityGroups.at(-1).push(request)
+    else atomicityGroups.push([request])
+
     _validateProperty('id', id, 'string')
 
     if (ids[id]) throw _deserializationError(`Request ID '${id}' is not unique.`)
@@ -79,12 +86,10 @@ const _validateBatch = body => {
         if (ids[atomicityGroup]) throw _deserializationError(`Atomicity group ID '${atomicityGroup}' is not unique.`)
         else ids[atomicityGroup] = []
       }
-      // add current index to ensure stable order in result
-      request._agIndex = ids[atomicityGroup].length
       ids[atomicityGroup].push(request)
     }
 
-    if (url.startsWith('$')) {
+    if (url.startsWith('$') && url !== '$metadata') {
       request.dependsOn ??= []
       const dependencyId = url.split('/')[0].replace(/^\$/, '')
       if (!request.dependsOn.includes(dependencyId)) {
@@ -115,155 +120,146 @@ const _validateBatch = body => {
     // TODO: validate if, and headers
 
     previousAtomicityGroup = atomicityGroup
-  })
+  }
 
-  return ids
+  return { ids, atomicityGroups }
 }
 
 /*
- * lookalike
+ * subrequest (a.k.a. lookalike)
  */
 
 let error_mws
-const _getNextForLookalike = lookalike => {
-  error_mws ??= cds.middlewares.after.filter(mw => mw.length === 4) // error middleware has 4 params
-  return err => {
-    let _err = err
-    let _next_called
-    const _next = e => {
-      _err = e
-      _next_called = true
-    }
-    for (const mw of error_mws) {
-      _next_called = false
-      mw(_err, lookalike.req, lookalike.res, _next)
-      if (!_next_called) break //> next chain was interrupted -> done
-    }
-    if (_next_called) {
-      // here, final error middleware called next (which actually shouldn't happen!)
-      if (_err.statusCode) lookalike.res.status(_err.statusCode)
-      if (typeof _err === 'object') lookalike.res.json({ error: _err })
-      else lookalike.res.send(_err)
-    }
-  }
-}
 
 // REVISIT: Why not simply use {__proto__:req, ...}?
-const _createExpressReqResLookalike = (request, _req, _res) => {
-  const { id, method, url } = request
-  const ret = { id }
+const _createSubrequest = (request, _req, _res) => {
+  error_mws ??= cds.middlewares.after.filter(mw => mw.length === 4) // error middleware has 4 params
 
-  const req = (ret.req = new express.request.constructor())
-  req.__proto__ = express.request
+  const subrequest = { id: request.id }
 
-  // express internals
+  // req
+  const req = (subrequest.req = new express.request.constructor())
+  req.__proto__ = express.request
   req.app = _req.app
-
-  req.method = method.toUpperCase()
-  req.url = url
-  const u = new URL(url, 'http://cap')
+  req.method = request.method.toUpperCase()
+  req.url = request.url
+  const u = new URL(request.url, 'http://cap')
   req.query = qs.parse(u.search.slice(1))
   req.headers = request.headers || {}
+  req.headers['content-type'] ??= _req.headers['content-type']
   if (request.content_id) req.headers['content-id'] = request.content_id
   req.body = request.body
   if (_req._login) req._login = _req._login
-
-  const res = (ret.res = new express.response.constructor(req))
-  res.__proto__ = express.response
-
-  // REVISIT: mark as subrequest
+  // REVISIT: mark as subrequest (only needed for logging)
   req._subrequest = true
 
-  // express internals
+  // res
+  const res = (req.res = subrequest.res = new express.response.constructor(req))
+  res.__proto__ = express.response
   res.app = _res.app
 
-  // back link
-  req.res = res
+  // next
+  let _err
+  subrequest.next = err => {
+    _err = err
+    let _next_called
+    const _next = err => {
+      _err = err
+      _next_called = true
+    }
+    for (const mw of error_mws) {
+      _next_called = false
+      mw(_err, req, res, _next)
+      if (!_next_called) break //> next chain was interrupted -> done
+    }
+    if (_next_called) {
+      // here, final error middleware called next (which actually shouldn't happen!)
+      if (_err.statusCode) res.status(_err.statusCode)
+      if (typeof _err === 'object') res.json({ error: _err })
+      else res.send(_err)
+    }
+  }
 
-  // resolve promise for subrequest via res.end()
-  ret.promise = new Promise((resolve, reject) => {
+  // resolve/reject promise for subrequest via res.end()
+  subrequest.promise = new Promise((resolve, reject) => {
+    res.json = function (obj) {
+      subrequest._json = obj
+      return this.__proto__.json.call(this, obj)
+    }
     res.end = (chunk, encoding) => {
       res._chunk = chunk
       res._encoding = encoding
-      if (res.statusCode >= 400) return reject(ret)
-      resolve(ret)
+      if (res.statusCode >= 400) return reject(_err)
+      resolve(subrequest)
     }
   })
 
-  return ret
+  return subrequest
 }
 
 /*
  * multipart/mixed response
  */
 
-const _formatResponseMultipart = request => {
-  const { res: response } = request
-  const content_id = request.req?.headers['content-id']
+const _tryParse = body => {
+  try {
+    return JSON.parse(body)
+  } catch {
+    return body
+  }
+}
+
+const _formatResponseMultipart = response => {
+  const { content_id, statusCode, headers } = response
+  let { body } = response
 
   let txt = `content-type: application/http${CRLF}content-transfer-encoding: binary${CRLF}`
   if (content_id) txt += `content-id: ${content_id}${CRLF}`
   txt += CRLF
-  txt += `HTTP/1.1 ${response.statusCode} ${STATUS_CODES[response.statusCode]}${CRLF}`
+  txt += `HTTP/1.1 ${statusCode} ${STATUS_CODES[statusCode]}${CRLF}`
 
-  // REVISIT: tests require specific sequence
-  const headers = {
-    ...response.getHeaders(),
-    ...(response.statusCode !== 204 && { 'content-type': 'application/json;odata.metadata=minimal' })
-  }
-  delete headers['content-length'] //> REVISIT: expected by tests
-
-  for (const key in headers) {
-    txt += key + ': ' + headers[key] + CRLF
-  }
+  for (const key in headers) txt += key + ': ' + headers[key] + CRLF
   txt += CRLF
 
-  const _tryParse = x => {
-    try {
-      return JSON.parse(x)
-    } catch {
-      return x
-    }
-  }
-
-  if (response._chunk) {
-    const chunk = _tryParse(response._chunk)
-    if (chunk && typeof chunk === 'object') {
+  if (body) {
+    if (Buffer.isBuffer(body)) body = body.toString()
+    body = _tryParse(body)
+    if (body && typeof body === 'object') {
       let meta = [],
         data = []
-      for (const [k, v] of Object.entries(chunk)) {
+      for (const [k, v] of Object.entries(body)) {
         if (k.startsWith('@')) meta.push(`"${k}":${typeof v === 'string' ? `"${v.replaceAll('"', '\\"')}"` : v}`)
         else data.push(JSON.stringify({ [k]: v }).slice(1, -1))
       }
       const _json_as_txt = '{' + meta.join(',') + (meta.length && data.length ? ',' : '') + data.join(',') + '}'
-      txt += _json_as_txt
-    } else {
-      txt += chunk
-      txt = txt.replace('content-type: application/json;odata.metadata=minimal', 'content-type: text/plain')
+      body = _json_as_txt
     }
+    txt += body
   }
 
   return [txt]
 }
 
-const _writeResponseMultipart = (responses, res, rejected, group, boundary) => {
+const _writeResponseMultipart = (responses, res, boundary) => {
   res.write(`--${boundary}${CRLF}`)
 
+  const rejected = responses.find(r => r.status === 'fail')
   if (rejected) {
-    const resp = responses.find(r => r.status === 'fail')
-    resp.txt.forEach(txt => {
-      res.write(`${txt}${CRLF}`)
-    })
-  } else {
-    if (group) res.write(`content-type: multipart/mixed;boundary=${group}${CRLF}${CRLF}`)
-    for (const resp of responses) {
-      resp.txt.forEach(txt => {
-        if (group) res.write(`--${group}${CRLF}`)
-        res.write(`${txt}${CRLF}`)
-      })
+    res.write(`${_formatResponseMultipart(rejected)[0]}${CRLF}`)
+    return
+  }
+
+  const groupId = responses[0].atomicityGroup
+  if (groupId) res.write(`content-type: multipart/mixed;boundary=${groupId}${CRLF}${CRLF}`)
+
+  for (const response of responses) {
+    for (const each of _formatResponseMultipart(response)) {
+      if (groupId) res.write(`--${groupId}${CRLF}`)
+      res.write(`${each}${CRLF}`)
     }
-    if (group) res.write(`--${group}--${CRLF}`)
   }
+
+  if (groupId) res.write(`--${groupId}--${CRLF}`)
 }
 
 /*
@@ -276,127 +272,139 @@ const _formatStatics = {
   close: Buffer.from('}')
 }
 
-const _formatResponseJson = (request, atomicityGroup) => {
-  const { id, res: response } = request
+const _formatResponseJson = response => {
+  const { id, atomicityGroup, statusCode, headers, body } = response
 
-  const chunk = {
-    id,
-    status: response.statusCode,
-    headers: {
-      ...response.getHeaders(),
-      'content-type': 'application/json' //> REVISIT: why?
-    }
-  }
+  const chunk = { id, status: statusCode, headers }
   if (atomicityGroup) chunk.atomicityGroup = atomicityGroup
+
   const raw = Buffer.from(JSON.stringify(chunk))
 
   // body?
-  if (!response._chunk) return [raw]
+  if (!body) return [raw]
 
   // change last "}" into ","
   raw[raw.byteLength - 1] = _formatStatics.comma
-  return [raw, _formatStatics.body, response._chunk, _formatStatics.close]
+
+  return [
+    raw,
+    _formatStatics.body,
+    // Stringify non-JSON bodies
+    !chunk.headers?.['content-type']?.includes('application/json')
+      ? JSON.stringify(Buffer.isBuffer(body) ? body.toString() : body)
+      : body,
+    _formatStatics.close
+  ]
 }
 
 const _writeResponseJson = (responses, res) => {
-  for (const resp of responses) {
-    if (resp.separator) res.write(resp.separator)
-    resp.txt.forEach(txt => res.write(txt))
+  for (const response of responses) {
+    if (res._separator) res.write(res._separator)
+    else res._separator = Buffer.from(',')
+
+    for (const each of _formatResponseJson(response)) res.write(each)
   }
 }
 
 /*
- * process
+ * helpers
  */
 
-const _txs = {}
-cds.once('shutdown', () => Promise.all(Object.values(_txs).map(tx => tx.rollback().catch(() => {}))))
+const _urlWithResolvedDependency = (dependsOnId, results, request, req, srv) => {
+  const dependentResult = results.find(r => r.value.id === dependsOnId)
+  const dependentOnUrl = dependentResult.value.req.originalUrl
+  const dependentOnResult = dependentResult.value._json ?? JSON.parse(dependentResult.value.res._chunk)
+  const recentUrl = request.url
+  const cqn = cds.odata.parse(dependentOnUrl, { service: srv, baseUrl: req.baseUrl, strict: true })
+  const target = cds.infer.target(cqn)
+  const keyString =
+    '(' +
+    [...target.keys]
+      .filter(k => !k.isAssociation)
+      .map(k => {
+        let v = dependentOnResult[k.name]
+        if (typeof v === 'string' && k._type !== 'cds.UUID') v = `'${v}'`
+        return k.name + '=' + v
+      })
+      .join(',') +
+    ')'
+  return recentUrl.replace(`$${dependsOnId}`, dependentOnUrl + keyString)
+}
 
-// REVISIT: This looks frightening -> need to review
-const _transaction = async srv => {
-  return new Promise(res => {
-    const ret = {}
-    const _tx = (ret._tx = srv.tx(
-      async tx =>
-        (ret.promise = new Promise((resolve, reject) => {
-          // ensure rollback on shutdown so the db can disconnect
-          const _id = cds.utils.uuid()
-          _txs[_id] = tx
-          tx.context.on('done', () => delete _txs[_id])
-
-          const proms = []
-          // It's important to run `makePromise` in the current execution context (cb of srv.tx),
-          // otherwise, it will use a different transaction.
-          // REVISIT: This looks frightening -> need to review
-          ret.add = AsyncResource.bind(function (makePromise) {
-            const p = makePromise()
-            proms.push(p)
-            return p
-          })
-          ret.done = async function () {
-            const result = await Promise.allSettled(proms)
-            if (result.some(r => r.status === 'rejected')) {
-              reject()
-              // REVISIT: workaround to wait for commit/rollback
-              await _tx
-              return 'rejected'
-            }
-            resolve(result)
-            // REVISIT: workaround to wait for commit/rollback
-            await _tx
-          }
-          res(ret)
-        }))
-    ))
+const _resolveDependencies = async (request, deps, responses, ids, req, srv) => {
+  const { url } = request
+
+  const results = await Promise.allSettled(deps.map(d => d.promise))
+
+  const failed = results.some(({ status }) => status === 'rejected') || deps.some(d => d._rejected_on_commit)
+  if (failed) {
+    const err = { code: '424', message: 'Failed Dependency' }
+    responses[request._index] = _getResponse(request, { res: { statusCode: 424 } }, err)
+    throw err
+  }
+
+  const dependsOnId = url.split('/')[0].replace(/^\$/, '')
+  if (dependsOnId in ids) request.url = _urlWithResolvedDependency(dependsOnId, results, request, req, srv)
+}
+
+const _getResponse = (request, { res }, error) => {
+  const { id, content_id, atomicityGroup, _index } = request
+  return {
+    id,
+    content_id,
+    atomicityGroup,
+    _index,
+    status: error ? 'fail' : 'ok',
+    statusCode: res.statusCode,
+    body: error ? { error } : res._chunk,
+    headers: res.getHeaders?.() ?? {}
+  }
+}
+
+// construct odata-compliant error (without modifying original error)
+const _getODataError = err => {
+  return odataError(Object.create(err), {
+    get locale() {
+      return cds.context.locale
+    },
+    get() {}
   })
 }
 
-const _tx_done = async (tx, responses, isJson) => {
-  let rejected
-  try {
-    rejected = await tx.done()
-  } catch (e) {
-    // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
-    rejected = 'rejected'
-    // construct commit error (without modifying original error)
-    const error = odataError(Object.create(e), {
-      get locale() {
-        return cds.context.locale
-      },
-      get() {}
-    })
-    // replace all responses with commit error
-    for (const res of responses) {
-      res.status = 'fail'
-      // REVISIT: should error go through any error middleware/ customization logic?
-      if (isJson) {
-        let txt = ''
-        for (let i = 0; i < res.txt.length; i++) txt += Buffer.isBuffer(res.txt[i]) ? res.txt[i].toString() : res.txt[i]
-        txt = JSON.parse(txt)
-        txt.status = error.status
-        txt.body = { error }
-        // REVISIT: content-length needed? not there in multipart case...
-        delete txt.headers['content-length']
-        res.txt = [JSON.stringify(txt)]
-      } else {
-        const commitError = [
-          'content-type: application/http',
-          'content-transfer-encoding: binary',
-          '',
-          `HTTP/1.1 ${error.status} ${STATUS_CODES[error.status]}`,
-          'odata-version: 4.0',
-          'content-type: application/json;odata.metadata=minimal',
-          '',
-          JSON.stringify({ error })
-        ].join(CRLF)
-        res.txt = [commitError]
-        break
-      }
+const _replaceResponsesWithCommitErrors = (err, responses, ids) => {
+  const error = _getODataError(err)
+
+  // adjust all responses to commit error and mark respective promises as failed
+  const body = JSON.stringify({ error })
+  const length = Buffer.byteLength(body, 'utf8')
+  for (const response of responses) {
+    response.status = 'fail'
+    response.statusCode = error.status
+    response.body = body
+    response.headers ??= {}
+    response.headers['content-length'] = length
+
+    ids[response.id]._rejected_on_commit = true
+    if (response.atomicityGroup) ids[response.atomicityGroup]._rejected_on_commit = true
+  }
+}
+
+const _serializeErrors = responses => {
+  for (const response of responses) {
+    if (response.status === 'fail' && typeof response.body === 'object') {
+      if (response.body.error && !response.body.error.toJSON) response.body.error = _getODataError(response.body.error)
+      response.body = JSON.stringify(response.body)
     }
   }
-  return rejected
 }
 
+/*
+ * process
+ */
+
+const _txs = {}
+cds.once('shutdown', () => Promise.all(Object.values(_txs).map(tx => tx.rollback().catch(() => {}))))
+
 const _processBatch = async (srv, router, req, res, next, body, ct, boundary) => {
   body ??= req.body
   ct ??= 'JSON'
@@ -406,7 +414,6 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
     if (req.headers.accept.indexOf('multipart/mixed') > -1) isJson = false
     else if (req.headers.accept.indexOf('application/json') > -1) isJson = true
   }
-  const _formatResponse = isJson ? _formatResponseJson : _formatResponseMultipart
 
   // continue-on-error defaults to true in json batch
   let continue_on_error = req.headers.prefer?.match(/odata\.continue-on-error(=(\w+))?/)
@@ -417,147 +424,119 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
   }
 
   try {
-    const ids = _validateBatch(body) // REVISIT: we will not be able to validate the whole once we stream
+    let { ids, atomicityGroups } = _deconstructAndValidateBatchBody(body)
+
+    const only_gets = body.requests.every(r => r.method === 'GET')
+    const max_parallel = only_gets ? cds.env.odata.max_batch_parallelization : 1
+
+    // experimental!
+    const _only_individual_requests = () =>
+      atomicityGroups.every(ag => ag.length === 1) && body.requests.every(r => !r.dependsOn?.length)
+    if (only_gets && cds.env.odata.group_parallel_gets && _only_individual_requests())
+      atomicityGroups = [atomicityGroups.reduce((acc, cur) => (acc.push(...cur), acc), [])]
+
+    res.setHeader('Content-Type', isJson ? CT.JSON : CT.MULTIPART + ';boundary=' + boundary)
+    res.status(200)
+    res.write(isJson ? '{"responses":[' : '')
+
+    const queue = []
+    let _continue = true
+    const _queued_exec = (atomicityGroup, responses = []) => {
+      const groupId = atomicityGroup[0].atomicityGroup
+
+      return new Promise(resolve => queue.push(resolve)).then(() => {
+        if (!_continue) return
+
+        const promise = srv
+          .tx(tx => {
+            // ensure rollback on shutdown so the db can disconnect
+            const _id = cds.utils.uuid()
+            _txs[_id] = tx
+            tx.context.on('done', () => delete _txs[_id])
+
+            const subrequests = []
+            for (let i = 0; i < atomicityGroup.length; i++) {
+              const request = atomicityGroup[i]
+
+              // for multipart, we need to keep the original order of requests in the atomicity group
+              request._index = i
+
+              const { id, dependsOn } = request
+
+              // wait for/ resolve dependencies?
+              const deps = dependsOn?.filter(id => id !== groupId).map(id => ids[id])
+              if (deps) ids[id].promise = _resolveDependencies(request, deps, responses, ids, req, srv)
+              else ids[id].promise = Promise.resolve()
+
+              ids[id].promise = ids[id].promise.then(() => {
+                const subrequest = _createSubrequest(request, req, res)
+                router.handle(subrequest.req, subrequest.res, subrequest.next)
+                return subrequest.promise
+                  .then(res => {
+                    responses[request._index] = _getResponse(request, subrequest)
+                    return res
+                  })
+                  .catch(err => {
+                    responses[request._index] = _getResponse(request, subrequest, err)
+                    throw err
+                  })
+              })
 
-    // TODO: if (!requests || !requests.length) throw new Error('At least one request, buddy!')
+              subrequests.push(ids[id].promise)
+            }
 
-    let previousAtomicityGroup
-    let separator
-    let tx
-    let responses
+            // ensure all subrequests run in this tx
+            // (if first subrequest fails without really opening the tx, the rest are executed in a "dangling tx")
+            return Promise.allSettled(subrequests).then(ress => {
+              const failed = ress.filter(({ status }) => status === 'rejected')
+              if (!failed.length) return
+              // throw first error and call srv.on('error') for the others
+              const first = failed.shift()
+              if (srv.handlers._error?.length)
+                for (const other of failed)
+                  for (const each of srv.handlers._error) each.handler.call(srv, other.reason, cds.context)
+              throw first.reason
+            })
+          })
+          .catch(err => {
+            responses._has_failure = true
 
-    // IMPORTANT: Avoid sending headers and responses too eagerly, as we might still have to send a 401
-    let sendPreludeOnce = () => {
-      res.setHeader('Content-Type', isJson ? CT.JSON : CT.MULTIPART + ';boundary=' + boundary)
-      res.status(200)
-      res.write(isJson ? '{"responses":[' : '')
-      sendPreludeOnce = () => {} //> only once
-    }
+            // abort batch on first failure with odata.continue-on-error: false
+            if (!continue_on_error) _continue = false
 
-    const { requests } = body
-    for await (const request of requests) {
-      // for json payloads, normalize headers to lowercase
-      if (ct === 'JSON') {
-        request.headers = request.headers
-          ? Object.keys(request.headers).reduce((acc, cur) => {
-              acc[cur.toLowerCase()] = request.headers[cur]
-              return acc
-            }, {})
-          : {}
-      }
+            if (!responses.some(r => r.status === 'fail')) {
+              // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
+              _replaceResponsesWithCommitErrors(err, responses, ids)
+            }
+          })
+          .finally(() => {
+            // trigger next in queue
+            if (queue.length) queue.shift()()
 
-      request.headers['content-type'] ??= req.headers['content-type']
-
-      const { atomicityGroup } = request
-
-      if (!atomicityGroup || atomicityGroup !== previousAtomicityGroup) {
-        if (tx) {
-          // Each change in `atomicityGroup` results in a new transaction. We execute them in sequence to avoid too many database connections.
-          // In the future, we might make this configurable (e.g. allow X parallel connections per HTTP request).
-          const rejected = await _tx_done(tx, responses, isJson)
-          if (tx.failed?.res.statusCode === 401 && req._login) return req._login()
-          else sendPreludeOnce()
-          isJson
-            ? _writeResponseJson(responses, res)
-            : _writeResponseMultipart(responses, res, rejected, previousAtomicityGroup, boundary)
-          if (rejected && !continue_on_error) {
-            tx = null
-            break
-          }
-        }
+            // late error serialization
+            if (responses._has_failure) _serializeErrors(responses)
 
-        responses = []
-        tx = await _transaction(srv)
-        if (atomicityGroup) ids[atomicityGroup].promise = tx._tx
-      }
+            if (isJson) _writeResponseJson(responses, res)
+            else _writeResponseMultipart(responses, res, boundary)
+          })
 
-      tx.add(() => {
-        return (request.promise = (async () => {
-          const dependencies = request.dependsOn?.filter(id => id !== request.atomicityGroup).map(id => ids[id].promise)
-          if (dependencies) {
-            // first, wait for dependencies
-            const results = await Promise.allSettled(dependencies)
-            const dependendOnFailed = results.some(({ status }) => status === 'rejected')
-            if (dependendOnFailed) {
-              tx.id = request.id
-              tx.res = {
-                getHeaders: () => {},
-                statusCode: 424,
-                _chunk: JSON.stringify({
-                  code: '424',
-                  message: 'Failed Dependency'
-                })
-              }
-              throw tx
-            }
+        if (ids[groupId]) ids[groupId].promise = promise
 
-            const dependsOnId = request.url.split('/')[0].replace(/^\$/, '')
-            if (dependsOnId in ids) {
-              const dependentResult = results.find(r => r.value.id === dependsOnId)
-              const dependentOnUrl = dependentResult.value.req.originalUrl
-              const dependentOnResult = JSON.parse(dependentResult.value.res._chunk)
-              const recentUrl = request.url
-              const cqn = cds.odata.parse(dependentOnUrl, { service: srv, baseUrl: req.baseUrl, strict: true })
-              const target = cds.infer.target(cqn)
-              const keyString =
-                '(' +
-                [...target.keys]
-                  .filter(k => !k.isAssociation)
-                  .map(k => {
-                    let v = dependentOnResult[k.name]
-                    if (typeof v === 'string' && k._type !== 'cds.UUID') v = `'${v}'`
-                    return k.name + '=' + v
-                  })
-                  .join(',') +
-                ')'
-              request.url = recentUrl.replace(`$${dependsOnId}`, dependentOnUrl + keyString)
-            }
-          }
-
-          // REVIST: That sends each request through the whole middleware chain again and again, including authentication and authorization.
-          // -> We should optimize this!
-          const lookalike = _createExpressReqResLookalike(request, req, res)
-          const lookalike_next = _getNextForLookalike(lookalike)
-          router.handle(lookalike.req, lookalike.res, lookalike_next)
-          return lookalike.promise
-        })())
+        return promise
       })
-        .then(req => {
-          const resp = { status: 'ok' }
-          if (separator) resp.separator = separator
-          else separator = Buffer.from(',')
-          resp.txt = _formatResponse(req, atomicityGroup)
-          // ensure stable order of responses in multipart changeset
-          if (!isJson && request.atomicityGroup) responses[request._agIndex] = resp
-          else responses.push(resp)
-        })
-        .catch(failedReq => {
-          const resp = { status: 'fail' }
-          if (separator) resp.separator = separator
-          else separator = Buffer.from(',')
-          resp.txt = _formatResponse(failedReq, atomicityGroup)
-          tx.failed = failedReq
-          // ensure stable order of responses in multipart changeset
-          if (!isJson && request.atomicityGroup) responses[request._agIndex] = resp
-          else responses.push(resp)
-        })
-
-      previousAtomicityGroup = atomicityGroup
     }
 
-    if (tx) {
-      // The last open transaction must be finished
-      const rejected = await _tx_done(tx, responses, isJson)
-      if (tx.failed?.res.statusCode === 401 && req._login) return req._login()
-      else sendPreludeOnce()
-      isJson
-        ? _writeResponseJson(responses, res)
-        : _writeResponseMultipart(responses, res, rejected, previousAtomicityGroup, boundary)
-    } else sendPreludeOnce()
+    // queue execution of atomicity groups
+    const promises = []
+    for (const atomicityGroup of atomicityGroups) promises.push(_queued_exec(atomicityGroup))
+
+    // trigger first max_parallel in queue
+    for (let i = 0; i < max_parallel; i++) if (queue.length) queue.shift()()
+
+    await Promise.all(promises)
+
     res.write(isJson ? ']}' : `--${boundary}--${CRLF}`)
     res.end()
-
-    return
   } catch (e) {
     next(e)
   }
@@ -567,21 +546,9 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
  * exports
  */
 
-const _multipartBatch = async (srv, router, req, res, next) => {
-  const boundary = getBoundary(req)
-  if (!boundary) return next(new cds.error({ status: 400, message: 'No boundary found in Content-Type header' }))
-
-  try {
-    const { requests } = await multipartToJson(req.body, boundary)
-    _processBatch(srv, router, req, res, next, { requests }, 'MULTIPART', boundary)
-  } catch (e) {
-    // REVISIT: (how) handle multipart accepts?
-    next(e)
-  }
-}
-
 module.exports = adapter => {
   const { router, service } = adapter
+
   const textBodyParser = express.text({
     ...adapter.body_parser_options,
     type: '*/*' // REVISIT: why do we need to override type here?
@@ -597,9 +564,19 @@ module.exports = adapter => {
     }
 
     if (req.headers['content-type'].includes('multipart/mixed')) {
-      return textBodyParser(req, res, function odata_batch_next(err) {
+      return textBodyParser(req, res, async function odata_batch_next(err) {
         if (err) return next(err)
-        return _multipartBatch(service, router, req, res, next)
+
+        const boundary = getBoundary(req)
+        if (!boundary) return next(new cds.error({ status: 400, message: 'No boundary found in Content-Type header' }))
+
+        try {
+          const { requests } = await multipartToJson(req.body, boundary)
+          _processBatch(service, router, req, res, next, { requests }, 'MULTIPART', boundary)
+        } catch (e) {
+          // REVISIT: (how) handle multipart accepts?
+          next(e)
+        }
       })
     }