npm - @sap/cds - Versions diffs - 9.7.1 → 9.8.1 - Mend

@sap/cds 9.7.1 → 9.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/CHANGELOG.md +48 -0
package/_i18n/i18n_en_US_saptrc.properties +1 -56
package/_i18n/messages_en_US_saptrc.properties +1 -92
package/eslint.config.mjs +4 -1
package/lib/compile/cds-compile.js +1 -0
package/lib/compile/for/direct_crud.js +23 -0
package/lib/compile/for/lean_drafts.js +12 -0
package/lib/compile/for/odata.js +1 -18
package/lib/compile/to/edm.js +1 -0
package/lib/compile/to/json.js +4 -2
package/lib/env/defaults.js +1 -0
package/lib/env/serviceBindings.js +15 -5
package/lib/index.js +1 -1
package/lib/log/cds-error.js +33 -20
package/lib/req/spawn.js +2 -2
package/lib/srv/bindings.js +6 -13
package/lib/srv/cds.Service.js +8 -36
package/lib/srv/protocols/hcql.js +19 -2
package/lib/utils/cds-utils.js +25 -16
package/lib/utils/tar-win.js +106 -0
package/lib/utils/tar.js +23 -158
package/libx/_runtime/common/generic/crud.js +8 -7
package/libx/_runtime/common/generic/sorting.js +7 -3
package/libx/_runtime/common/utils/resolveView.js +47 -40
package/libx/_runtime/common/utils/rewriteAsterisks.js +1 -0
package/libx/_runtime/fiori/lean-draft.js +11 -2
package/libx/_runtime/messaging/kafka.js +6 -5
package/libx/_runtime/messaging/service.js +3 -1
package/libx/_runtime/remote/Service.js +3 -0
package/libx/_runtime/remote/utils/client.js +2 -4
package/libx/_runtime/remote/utils/query.js +4 -4
package/libx/odata/middleware/batch.js +323 -339
package/libx/odata/middleware/create.js +0 -5
package/libx/odata/middleware/delete.js +0 -5
package/libx/odata/middleware/operation.js +10 -8
package/libx/odata/middleware/read.js +0 -10
package/libx/odata/middleware/stream.js +1 -0
package/libx/odata/middleware/update.js +0 -6
package/libx/odata/parse/afterburner.js +47 -22
package/libx/odata/parse/cqn2odata.js +6 -1
package/libx/odata/parse/grammar.peggy +14 -2
package/libx/odata/parse/multipartToJson.js +2 -1
package/libx/odata/parse/parser.js +1 -1
package/package.json +2 -2

package/libx/odata/middleware/batch.js CHANGED Viewed

@@ -1,6 +1,5 @@
 const cds = require('../../../')
-const { AsyncResource } = require('async_hooks')
 const express = require('express')
 const { STATUS_CODES } = require('http')
 const qs = require('querystring')
@@ -16,7 +15,7 @@ const CT = { JSON: 'application/json', MULTIPART: 'multipart/mixed' }
 const CRLF = '\r\n'
 /*
- * common
+ * deconstruct and validate
  */
 const _deserializationError = message => cds.error({ status: 400, message: `Deserialization Error: ${message}` })
@@ -34,22 +33,30 @@ const _validateProperty = (name, value, type) => {
   }
 }
-const _validateBatch = body => {
+const _deconstructAndValidateBatchBody = body => {
   const { requests } = body
   _validateProperty('requests', requests, 'Array')
+  if (!requests.length) cds.error({ status: 400, message: 'There must be at least one request' })
   if (requests.length > cds.env.odata.batch_limit) cds.error({ status: 429, message: 'BATCH_TOO_MANY_REQ' })
   const ids = {}
+  const atomicityGroups = []
   let previousAtomicityGroup
-  requests.forEach((request, i) => {
+  for (let i = 0; i < requests.length; i++) {
+    const request = requests[i]
     if (typeof request !== 'object')
       throw _deserializationError(`Element of 'requests' array at index ${i} must be type of 'object'.`)
     const { id, method, url, body, atomicityGroup } = request
+    if (atomicityGroup && atomicityGroups.length && atomicityGroup === atomicityGroups.at(-1)[0]?.atomicityGroup)
+      atomicityGroups.at(-1).push(request)
+    else atomicityGroups.push([request])
     _validateProperty('id', id, 'string')
     if (ids[id]) throw _deserializationError(`Request ID '${id}' is not unique.`)
@@ -79,12 +86,10 @@ const _validateBatch = body => {
         if (ids[atomicityGroup]) throw _deserializationError(`Atomicity group ID '${atomicityGroup}' is not unique.`)
         else ids[atomicityGroup] = []
       }
-      // add current index to ensure stable order in result
-      request._agIndex = ids[atomicityGroup].length
       ids[atomicityGroup].push(request)
     }
-    if (url.startsWith('$')) {
+    if (url.startsWith('$') && url !== '$metadata') {
       request.dependsOn ??= []
       const dependencyId = url.split('/')[0].replace(/^\$/, '')
       if (!request.dependsOn.includes(dependencyId)) {
@@ -115,155 +120,146 @@ const _validateBatch = body => {
     // TODO: validate if, and headers
     previousAtomicityGroup = atomicityGroup
-  })
+  }
-  return ids
+  return { ids, atomicityGroups }
 }
 /*
- * lookalike
+ * subrequest (a.k.a. lookalike)
  */
 let error_mws
-const _getNextForLookalike = lookalike => {
-  error_mws ??= cds.middlewares.after.filter(mw => mw.length === 4) // error middleware has 4 params
-  return err => {
-    let _err = err
-    let _next_called
-    const _next = e => {
-      _err = e
-      _next_called = true
-    }
-    for (const mw of error_mws) {
-      _next_called = false
-      mw(_err, lookalike.req, lookalike.res, _next)
-      if (!_next_called) break //> next chain was interrupted -> done
-    }
-    if (_next_called) {
-      // here, final error middleware called next (which actually shouldn't happen!)
-      if (_err.statusCode) lookalike.res.status(_err.statusCode)
-      if (typeof _err === 'object') lookalike.res.json({ error: _err })
-      else lookalike.res.send(_err)
-    }
-  }
-}
 // REVISIT: Why not simply use {__proto__:req, ...}?
-const _createExpressReqResLookalike = (request, _req, _res) => {
-  const { id, method, url } = request
-  const ret = { id }
+const _createSubrequest = (request, _req, _res) => {
+  error_mws ??= cds.middlewares.after.filter(mw => mw.length === 4) // error middleware has 4 params
-  const req = (ret.req = new express.request.constructor())
-  req.__proto__ = express.request
+  const subrequest = { id: request.id }
-  // express internals
+  // req
+  const req = (subrequest.req = new express.request.constructor())
+  req.__proto__ = express.request
   req.app = _req.app
-  req.method = method.toUpperCase()
-  req.url = url
-  const u = new URL(url, 'http://cap')
+  req.method = request.method.toUpperCase()
+  req.url = request.url
+  const u = new URL(request.url, 'http://cap')
   req.query = qs.parse(u.search.slice(1))
   req.headers = request.headers || {}
+  req.headers['content-type'] ??= _req.headers['content-type']
   if (request.content_id) req.headers['content-id'] = request.content_id
   req.body = request.body
   if (_req._login) req._login = _req._login
-  const res = (ret.res = new express.response.constructor(req))
-  res.__proto__ = express.response
-  // REVISIT: mark as subrequest
+  // REVISIT: mark as subrequest (only needed for logging)
   req._subrequest = true
-  // express internals
+  // res
+  const res = (req.res = subrequest.res = new express.response.constructor(req))
+  res.__proto__ = express.response
   res.app = _res.app
-  // back link
-  req.res = res
+  // next
+  let _err
+  subrequest.next = err => {
+    _err = err
+    let _next_called
+    const _next = err => {
+      _err = err
+      _next_called = true
+    }
+    for (const mw of error_mws) {
+      _next_called = false
+      mw(_err, req, res, _next)
+      if (!_next_called) break //> next chain was interrupted -> done
+    }
+    if (_next_called) {
+      // here, final error middleware called next (which actually shouldn't happen!)
+      if (_err.statusCode) res.status(_err.statusCode)
+      if (typeof _err === 'object') res.json({ error: _err })
+      else res.send(_err)
+    }
+  }
-  // resolve promise for subrequest via res.end()
-  ret.promise = new Promise((resolve, reject) => {
+  // resolve/reject promise for subrequest via res.end()
+  subrequest.promise = new Promise((resolve, reject) => {
+    res.json = function (obj) {
+      subrequest._json = obj
+      return this.__proto__.json.call(this, obj)
+    }
     res.end = (chunk, encoding) => {
       res._chunk = chunk
       res._encoding = encoding
-      if (res.statusCode >= 400) return reject(ret)
-      resolve(ret)
+      if (res.statusCode >= 400) return reject(_err)
+      resolve(subrequest)
     }
   })
-  return ret
+  return subrequest
 }
 /*
  * multipart/mixed response
  */
-const _formatResponseMultipart = request => {
-  const { res: response } = request
-  const content_id = request.req?.headers['content-id']
+const _tryParse = body => {
+  try {
+    return JSON.parse(body)
+  } catch {
+    return body
+  }
+}
+const _formatResponseMultipart = response => {
+  const { content_id, statusCode, headers } = response
+  let { body } = response
   let txt = `content-type: application/http${CRLF}content-transfer-encoding: binary${CRLF}`
   if (content_id) txt += `content-id: ${content_id}${CRLF}`
   txt += CRLF
-  txt += `HTTP/1.1 ${response.statusCode} ${STATUS_CODES[response.statusCode]}${CRLF}`
+  txt += `HTTP/1.1 ${statusCode} ${STATUS_CODES[statusCode]}${CRLF}`
-  // REVISIT: tests require specific sequence
-  const headers = {
-    ...response.getHeaders(),
-    ...(response.statusCode !== 204 && { 'content-type': 'application/json;odata.metadata=minimal' })
-  }
-  delete headers['content-length'] //> REVISIT: expected by tests
-  for (const key in headers) {
-    txt += key + ': ' + headers[key] + CRLF
-  }
+  for (const key in headers) txt += key + ': ' + headers[key] + CRLF
   txt += CRLF
-  const _tryParse = x => {
-    try {
-      return JSON.parse(x)
-    } catch {
-      return x
-    }
-  }
-  if (response._chunk) {
-    const chunk = _tryParse(response._chunk)
-    if (chunk && typeof chunk === 'object') {
+  if (body) {
+    if (Buffer.isBuffer(body)) body = body.toString()
+    body = _tryParse(body)
+    if (body && typeof body === 'object') {
       let meta = [],
         data = []
-      for (const [k, v] of Object.entries(chunk)) {
+      for (const [k, v] of Object.entries(body)) {
         if (k.startsWith('@')) meta.push(`"${k}":${typeof v === 'string' ? `"${v.replaceAll('"', '\\"')}"` : v}`)
         else data.push(JSON.stringify({ [k]: v }).slice(1, -1))
       }
       const _json_as_txt = '{' + meta.join(',') + (meta.length && data.length ? ',' : '') + data.join(',') + '}'
-      txt += _json_as_txt
-    } else {
-      txt += chunk
-      txt = txt.replace('content-type: application/json;odata.metadata=minimal', 'content-type: text/plain')
+      body = _json_as_txt
     }
+    txt += body
   }
   return [txt]
 }
-const _writeResponseMultipart = (responses, res, rejected, group, boundary) => {
+const _writeResponseMultipart = (responses, res, boundary) => {
   res.write(`--${boundary}${CRLF}`)
+  const rejected = responses.find(r => r.status === 'fail')
   if (rejected) {
-    const resp = responses.find(r => r.status === 'fail')
-    resp.txt.forEach(txt => {
-      res.write(`${txt}${CRLF}`)
-    })
-  } else {
-    if (group) res.write(`content-type: multipart/mixed;boundary=${group}${CRLF}${CRLF}`)
-    for (const resp of responses) {
-      resp.txt.forEach(txt => {
-        if (group) res.write(`--${group}${CRLF}`)
-        res.write(`${txt}${CRLF}`)
-      })
+    res.write(`${_formatResponseMultipart(rejected)[0]}${CRLF}`)
+    return
+  }
+  const groupId = responses[0].atomicityGroup
+  if (groupId) res.write(`content-type: multipart/mixed;boundary=${groupId}${CRLF}${CRLF}`)
+  for (const response of responses) {
+    for (const each of _formatResponseMultipart(response)) {
+      if (groupId) res.write(`--${groupId}${CRLF}`)
+      res.write(`${each}${CRLF}`)
     }
-    if (group) res.write(`--${group}--${CRLF}`)
   }
+  if (groupId) res.write(`--${groupId}--${CRLF}`)
 }
 /*
@@ -276,127 +272,139 @@ const _formatStatics = {
   close: Buffer.from('}')
 }
-const _formatResponseJson = (request, atomicityGroup) => {
-  const { id, res: response } = request
+const _formatResponseJson = response => {
+  const { id, atomicityGroup, statusCode, headers, body } = response
-  const chunk = {
-    id,
-    status: response.statusCode,
-    headers: {
-      ...response.getHeaders(),
-      'content-type': 'application/json' //> REVISIT: why?
-    }
-  }
+  const chunk = { id, status: statusCode, headers }
   if (atomicityGroup) chunk.atomicityGroup = atomicityGroup
   const raw = Buffer.from(JSON.stringify(chunk))
   // body?
-  if (!response._chunk) return [raw]
+  if (!body) return [raw]
   // change last "}" into ","
   raw[raw.byteLength - 1] = _formatStatics.comma
-  return [raw, _formatStatics.body, response._chunk, _formatStatics.close]
+  return [
+    raw,
+    _formatStatics.body,
+    // Stringify non-JSON bodies
+    !chunk.headers?.['content-type']?.includes('application/json')
+      ? JSON.stringify(Buffer.isBuffer(body) ? body.toString() : body)
+      : body,
+    _formatStatics.close
+  ]
 }
 const _writeResponseJson = (responses, res) => {
-  for (const resp of responses) {
-    if (resp.separator) res.write(resp.separator)
-    resp.txt.forEach(txt => res.write(txt))
+  for (const response of responses) {
+    if (res._separator) res.write(res._separator)
+    else res._separator = Buffer.from(',')
+    for (const each of _formatResponseJson(response)) res.write(each)
   }
 }
 /*
- * process
+ * helpers
  */
-const _txs = {}
-cds.once('shutdown', () => Promise.all(Object.values(_txs).map(tx => tx.rollback().catch(() => {}))))
+const _urlWithResolvedDependency = (dependsOnId, results, request, req, srv) => {
+  const dependentResult = results.find(r => r.value.id === dependsOnId)
+  const dependentOnUrl = dependentResult.value.req.originalUrl
+  const dependentOnResult = dependentResult.value._json ?? JSON.parse(dependentResult.value.res._chunk)
+  const recentUrl = request.url
+  const cqn = cds.odata.parse(dependentOnUrl, { service: srv, baseUrl: req.baseUrl, strict: true })
+  const target = cds.infer.target(cqn)
+  const keyString =
+    '(' +
+    [...target.keys]
+      .filter(k => !k.isAssociation)
+      .map(k => {
+        let v = dependentOnResult[k.name]
+        if (typeof v === 'string' && k._type !== 'cds.UUID') v = `'${v}'`
+        return k.name + '=' + v
+      })
+      .join(',') +
+    ')'
+  return recentUrl.replace(`$${dependsOnId}`, dependentOnUrl + keyString)
+}
-// REVISIT: This looks frightening -> need to review
-const _transaction = async srv => {
-  return new Promise(res => {
-    const ret = {}
-    const _tx = (ret._tx = srv.tx(
-      async tx =>
-        (ret.promise = new Promise((resolve, reject) => {
-          // ensure rollback on shutdown so the db can disconnect
-          const _id = cds.utils.uuid()
-          _txs[_id] = tx
-          tx.context.on('done', () => delete _txs[_id])
-          const proms = []
-          // It's important to run `makePromise` in the current execution context (cb of srv.tx),
-          // otherwise, it will use a different transaction.
-          // REVISIT: This looks frightening -> need to review
-          ret.add = AsyncResource.bind(function (makePromise) {
-            const p = makePromise()
-            proms.push(p)
-            return p
-          })
-          ret.done = async function () {
-            const result = await Promise.allSettled(proms)
-            if (result.some(r => r.status === 'rejected')) {
-              reject()
-              // REVISIT: workaround to wait for commit/rollback
-              await _tx
-              return 'rejected'
-            }
-            resolve(result)
-            // REVISIT: workaround to wait for commit/rollback
-            await _tx
-          }
-          res(ret)
-        }))
-    ))
+const _resolveDependencies = async (request, deps, responses, ids, req, srv) => {
+  const { url } = request
+  const results = await Promise.allSettled(deps.map(d => d.promise))
+  const failed = results.some(({ status }) => status === 'rejected') || deps.some(d => d._rejected_on_commit)
+  if (failed) {
+    const err = { code: '424', message: 'Failed Dependency' }
+    responses[request._index] = _getResponse(request, { res: { statusCode: 424 } }, err)
+    throw err
+  }
+  const dependsOnId = url.split('/')[0].replace(/^\$/, '')
+  if (dependsOnId in ids) request.url = _urlWithResolvedDependency(dependsOnId, results, request, req, srv)
+}
+const _getResponse = (request, { res }, error) => {
+  const { id, content_id, atomicityGroup, _index } = request
+  return {
+    id,
+    content_id,
+    atomicityGroup,
+    _index,
+    status: error ? 'fail' : 'ok',
+    statusCode: res.statusCode,
+    body: error ? { error } : res._chunk,
+    headers: res.getHeaders?.() ?? {}
+  }
+}
+// construct odata-compliant error (without modifying original error)
+const _getODataError = err => {
+  return odataError(Object.create(err), {
+    get locale() {
+      return cds.context.locale
+    },
+    get() {}
   })
 }
-const _tx_done = async (tx, responses, isJson) => {
-  let rejected
-  try {
-    rejected = await tx.done()
-  } catch (e) {
-    // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
-    rejected = 'rejected'
-    // construct commit error (without modifying original error)
-    const error = odataError(Object.create(e), {
-      get locale() {
-        return cds.context.locale
-      },
-      get() {}
-    })
-    // replace all responses with commit error
-    for (const res of responses) {
-      res.status = 'fail'
-      // REVISIT: should error go through any error middleware/ customization logic?
-      if (isJson) {
-        let txt = ''
-        for (let i = 0; i < res.txt.length; i++) txt += Buffer.isBuffer(res.txt[i]) ? res.txt[i].toString() : res.txt[i]
-        txt = JSON.parse(txt)
-        txt.status = error.status
-        txt.body = { error }
-        // REVISIT: content-length needed? not there in multipart case...
-        delete txt.headers['content-length']
-        res.txt = [JSON.stringify(txt)]
-      } else {
-        const commitError = [
-          'content-type: application/http',
-          'content-transfer-encoding: binary',
-          '',
-          `HTTP/1.1 ${error.status} ${STATUS_CODES[error.status]}`,
-          'odata-version: 4.0',
-          'content-type: application/json;odata.metadata=minimal',
-          '',
-          JSON.stringify({ error })
-        ].join(CRLF)
-        res.txt = [commitError]
-        break
-      }
+const _replaceResponsesWithCommitErrors = (err, responses, ids) => {
+  const error = _getODataError(err)
+  // adjust all responses to commit error and mark respective promises as failed
+  const body = JSON.stringify({ error })
+  const length = Buffer.byteLength(body, 'utf8')
+  for (const response of responses) {
+    response.status = 'fail'
+    response.statusCode = error.status
+    response.body = body
+    response.headers ??= {}
+    response.headers['content-length'] = length
+    ids[response.id]._rejected_on_commit = true
+    if (response.atomicityGroup) ids[response.atomicityGroup]._rejected_on_commit = true
+  }
+}
+const _serializeErrors = responses => {
+  for (const response of responses) {
+    if (response.status === 'fail' && typeof response.body === 'object') {
+      if (response.body.error && !response.body.error.toJSON) response.body.error = _getODataError(response.body.error)
+      response.body = JSON.stringify(response.body)
     }
   }
-  return rejected
 }
+/*
+ * process
+ */
+const _txs = {}
+cds.once('shutdown', () => Promise.all(Object.values(_txs).map(tx => tx.rollback().catch(() => {}))))
 const _processBatch = async (srv, router, req, res, next, body, ct, boundary) => {
   body ??= req.body
   ct ??= 'JSON'
@@ -406,7 +414,6 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
     if (req.headers.accept.indexOf('multipart/mixed') > -1) isJson = false
     else if (req.headers.accept.indexOf('application/json') > -1) isJson = true
   }
-  const _formatResponse = isJson ? _formatResponseJson : _formatResponseMultipart
   // continue-on-error defaults to true in json batch
   let continue_on_error = req.headers.prefer?.match(/odata\.continue-on-error(=(\w+))?/)
@@ -417,147 +424,126 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
   }
   try {
-    const ids = _validateBatch(body) // REVISIT: we will not be able to validate the whole once we stream
+    let { ids, atomicityGroups } = _deconstructAndValidateBatchBody(body)
+    const only_gets = body.requests.every(r => r.method === 'GET')
+    const max_parallel = only_gets ? cds.env.odata.max_batch_parallelization : 1
+    // experimental!
+    const _only_individual_requests = () =>
+      atomicityGroups.every(ag => ag.length === 1) && body.requests.every(r => !r.dependsOn?.length)
+    if (only_gets && cds.env.odata.group_parallel_gets && _only_individual_requests())
+      atomicityGroups = [atomicityGroups.reduce((acc, cur) => (acc.push(...cur), acc), [])]
+    res.setHeader('Content-Type', isJson ? CT.JSON : CT.MULTIPART + ';boundary=' + boundary)
+    res.status(200)
+    res.write(isJson ? '{"responses":[' : '')
+    const queue = []
+    let _continue = true
+    const _queued_exec = (atomicityGroup, agIndex, responses = []) => {
+      const groupId = atomicityGroup[0].atomicityGroup
+      return new Promise(resolve => queue.push(resolve)).then(() => {
+        if (!_continue) return
+        const promise = srv
+          .tx(tx => {
+            // ensure rollback on shutdown so the db can disconnect
+            const _id = cds.utils.uuid()
+            _txs[_id] = tx
+            tx.context.on('done', () => delete _txs[_id])
+            const subrequests = []
+            for (let i = 0; i < atomicityGroup.length; i++) {
+              const request = atomicityGroup[i]
+              // for multipart, we need to keep the original order of requests in the atomicity group
+              request._index = i
+              const { id, dependsOn } = request
+              // wait for/ resolve dependencies?
+              const deps = dependsOn?.filter(id => id !== groupId).map(id => ids[id])
+              if (deps) ids[id].promise = _resolveDependencies(request, deps, responses, ids, req, srv)
+              else ids[id].promise = Promise.resolve()
+              ids[id].promise = ids[id].promise.then(() => {
+                const subrequest = _createSubrequest(request, req, res)
+                router.handle(subrequest.req, subrequest.res, subrequest.next)
+                return subrequest.promise
+                  .then(res => {
+                    responses[request._index] = _getResponse(request, subrequest)
+                    return res
+                  })
+                  .catch(err => {
+                    responses[request._index] = _getResponse(request, subrequest, err)
+                    throw err
+                  })
+              })
-    // TODO: if (!requests || !requests.length) throw new Error('At least one request, buddy!')
+              subrequests.push(ids[id].promise)
+            }
-    let previousAtomicityGroup
-    let separator
-    let tx
-    let responses
+            // ensure all subrequests run in this tx
+            // (if first subrequest fails without really opening the tx, the rest are executed in a "dangling tx")
+            return Promise.allSettled(subrequests)
+              .then(ress => {
+                // wait for all previous atomicity groups (ignoring errors via allSettled) for odata v2
+                const prevs = []
+                for (let i = 0; i < agIndex; i++) prevs.push(promises[i])
+                return Promise.allSettled(prevs).then(() => ress)
+              })
+              .then(ress => {
+                const failed = ress.filter(({ status }) => status === 'rejected')
+                if (!failed.length) return
+                // throw first error and call srv.on('error') for the others
+                const first = failed.shift()
+                if (srv.handlers._error?.length)
+                  for (const other of failed)
+                    for (const each of srv.handlers._error) each.handler.call(srv, other.reason, cds.context)
+                throw first.reason
+              })
+          })
+          .catch(err => {
+            responses._has_failure = true
-    // IMPORTANT: Avoid sending headers and responses too eagerly, as we might still have to send a 401
-    let sendPreludeOnce = () => {
-      res.setHeader('Content-Type', isJson ? CT.JSON : CT.MULTIPART + ';boundary=' + boundary)
-      res.status(200)
-      res.write(isJson ? '{"responses":[' : '')
-      sendPreludeOnce = () => {} //> only once
-    }
+            // abort batch on first failure with odata.continue-on-error: false
+            if (!continue_on_error) _continue = false
-    const { requests } = body
-    for await (const request of requests) {
-      // for json payloads, normalize headers to lowercase
-      if (ct === 'JSON') {
-        request.headers = request.headers
-          ? Object.keys(request.headers).reduce((acc, cur) => {
-              acc[cur.toLowerCase()] = request.headers[cur]
-              return acc
-            }, {})
-          : {}
-      }
+            if (!responses.some(r => r.status === 'fail')) {
+              // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
+              _replaceResponsesWithCommitErrors(err, responses, ids)
+            }
+          })
+          .finally(() => {
+            // trigger next in queue
+            if (queue.length) queue.shift()()
-      request.headers['content-type'] ??= req.headers['content-type']
-      const { atomicityGroup } = request
-      if (!atomicityGroup || atomicityGroup !== previousAtomicityGroup) {
-        if (tx) {
-          // Each change in `atomicityGroup` results in a new transaction. We execute them in sequence to avoid too many database connections.
-          // In the future, we might make this configurable (e.g. allow X parallel connections per HTTP request).
-          const rejected = await _tx_done(tx, responses, isJson)
-          if (tx.failed?.res.statusCode === 401 && req._login) return req._login()
-          else sendPreludeOnce()
-          isJson
-            ? _writeResponseJson(responses, res)
-            : _writeResponseMultipart(responses, res, rejected, previousAtomicityGroup, boundary)
-          if (rejected && !continue_on_error) {
-            tx = null
-            break
-          }
-        }
+            // late error serialization
+            if (responses._has_failure) _serializeErrors(responses)
-        responses = []
-        tx = await _transaction(srv)
-        if (atomicityGroup) ids[atomicityGroup].promise = tx._tx
-      }
+            if (isJson) _writeResponseJson(responses, res)
+            else _writeResponseMultipart(responses, res, boundary)
+          })
-      tx.add(() => {
-        return (request.promise = (async () => {
-          const dependencies = request.dependsOn?.filter(id => id !== request.atomicityGroup).map(id => ids[id].promise)
-          if (dependencies) {
-            // first, wait for dependencies
-            const results = await Promise.allSettled(dependencies)
-            const dependendOnFailed = results.some(({ status }) => status === 'rejected')
-            if (dependendOnFailed) {
-              tx.id = request.id
-              tx.res = {
-                getHeaders: () => {},
-                statusCode: 424,
-                _chunk: JSON.stringify({
-                  code: '424',
-                  message: 'Failed Dependency'
-                })
-              }
-              throw tx
-            }
+        if (ids[groupId]) ids[groupId].promise = promise
-            const dependsOnId = request.url.split('/')[0].replace(/^\$/, '')
-            if (dependsOnId in ids) {
-              const dependentResult = results.find(r => r.value.id === dependsOnId)
-              const dependentOnUrl = dependentResult.value.req.originalUrl
-              const dependentOnResult = JSON.parse(dependentResult.value.res._chunk)
-              const recentUrl = request.url
-              const cqn = cds.odata.parse(dependentOnUrl, { service: srv, baseUrl: req.baseUrl, strict: true })
-              const target = cds.infer.target(cqn)
-              const keyString =
-                '(' +
-                [...target.keys]
-                  .filter(k => !k.isAssociation)
-                  .map(k => {
-                    let v = dependentOnResult[k.name]
-                    if (typeof v === 'string' && k._type !== 'cds.UUID') v = `'${v}'`
-                    return k.name + '=' + v
-                  })
-                  .join(',') +
-                ')'
-              request.url = recentUrl.replace(`$${dependsOnId}`, dependentOnUrl + keyString)
-            }
-          }
-          // REVIST: That sends each request through the whole middleware chain again and again, including authentication and authorization.
-          // -> We should optimize this!
-          const lookalike = _createExpressReqResLookalike(request, req, res)
-          const lookalike_next = _getNextForLookalike(lookalike)
-          router.handle(lookalike.req, lookalike.res, lookalike_next)
-          return lookalike.promise
-        })())
+        return promise
       })
-        .then(req => {
-          const resp = { status: 'ok' }
-          if (separator) resp.separator = separator
-          else separator = Buffer.from(',')
-          resp.txt = _formatResponse(req, atomicityGroup)
-          // ensure stable order of responses in multipart changeset
-          if (!isJson && request.atomicityGroup) responses[request._agIndex] = resp
-          else responses.push(resp)
-        })
-        .catch(failedReq => {
-          const resp = { status: 'fail' }
-          if (separator) resp.separator = separator
-          else separator = Buffer.from(',')
-          resp.txt = _formatResponse(failedReq, atomicityGroup)
-          tx.failed = failedReq
-          // ensure stable order of responses in multipart changeset
-          if (!isJson && request.atomicityGroup) responses[request._agIndex] = resp
-          else responses.push(resp)
-        })
-      previousAtomicityGroup = atomicityGroup
     }
-    if (tx) {
-      // The last open transaction must be finished
-      const rejected = await _tx_done(tx, responses, isJson)
-      if (tx.failed?.res.statusCode === 401 && req._login) return req._login()
-      else sendPreludeOnce()
-      isJson
-        ? _writeResponseJson(responses, res)
-        : _writeResponseMultipart(responses, res, rejected, previousAtomicityGroup, boundary)
-    } else sendPreludeOnce()
+    // queue execution of atomicity groups
+    const promises = []
+    for (let i = 0; i < atomicityGroups.length; i++) promises.push(_queued_exec(atomicityGroups[i], i))
+    // trigger first max_parallel in queue
+    for (let i = 0; i < max_parallel; i++) if (queue.length) queue.shift()()
+    await Promise.all(promises)
     res.write(isJson ? ']}' : `--${boundary}--${CRLF}`)
     res.end()
-    return
   } catch (e) {
     next(e)
   }
@@ -567,21 +553,9 @@ const _processBatch = async (srv, router, req, res, next, body, ct, boundary) =>
  * exports
  */
-const _multipartBatch = async (srv, router, req, res, next) => {
-  const boundary = getBoundary(req)
-  if (!boundary) return next(new cds.error({ status: 400, message: 'No boundary found in Content-Type header' }))
-  try {
-    const { requests } = await multipartToJson(req.body, boundary)
-    _processBatch(srv, router, req, res, next, { requests }, 'MULTIPART', boundary)
-  } catch (e) {
-    // REVISIT: (how) handle multipart accepts?
-    next(e)
-  }
-}
 module.exports = adapter => {
   const { router, service } = adapter
   const textBodyParser = express.text({
     ...adapter.body_parser_options,
     type: '*/*' // REVISIT: why do we need to override type here?
@@ -597,9 +571,19 @@ module.exports = adapter => {
     }
     if (req.headers['content-type'].includes('multipart/mixed')) {
-      return textBodyParser(req, res, function odata_batch_next(err) {
+      return textBodyParser(req, res, async function odata_batch_next(err) {
         if (err) return next(err)
-        return _multipartBatch(service, router, req, res, next)
+        const boundary = getBoundary(req)
+        if (!boundary) return next(new cds.error({ status: 400, message: 'No boundary found in Content-Type header' }))
+        try {
+          const { requests } = await multipartToJson(req.body, boundary)
+          _processBatch(service, router, req, res, next, { requests }, 'MULTIPART', boundary)
+        } catch (e) {
+          // REVISIT: (how) handle multipart accepts?
+          next(e)
+        }
       })
     }