npm - kalai-attach - Versions diffs - 1.0.0 - Mend

kalai-attach 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/LICENSE +201 -0
package/README.md +451 -0
package/_i18n/i18n.properties +6 -0
package/_i18n/i18n_ar.properties +6 -0
package/_i18n/i18n_bg.properties +6 -0
package/_i18n/i18n_cs.properties +6 -0
package/_i18n/i18n_da.properties +6 -0
package/_i18n/i18n_de.properties +6 -0
package/_i18n/i18n_el.properties +6 -0
package/_i18n/i18n_en.properties +6 -0
package/_i18n/i18n_en_US_saptrc.properties +6 -0
package/_i18n/i18n_es.properties +6 -0
package/_i18n/i18n_es_MX.properties +6 -0
package/_i18n/i18n_fi.properties +6 -0
package/_i18n/i18n_fr.properties +6 -0
package/_i18n/i18n_he.properties +6 -0
package/_i18n/i18n_hr.properties +6 -0
package/_i18n/i18n_hu.properties +6 -0
package/_i18n/i18n_it.properties +6 -0
package/_i18n/i18n_ja.properties +6 -0
package/_i18n/i18n_kk.properties +6 -0
package/_i18n/i18n_ko.properties +6 -0
package/_i18n/i18n_ms.properties +6 -0
package/_i18n/i18n_nl.properties +6 -0
package/_i18n/i18n_no.properties +6 -0
package/_i18n/i18n_pl.properties +6 -0
package/_i18n/i18n_pt.properties +6 -0
package/_i18n/i18n_ro.properties +6 -0
package/_i18n/i18n_ru.properties +6 -0
package/_i18n/i18n_sh.properties +6 -0
package/_i18n/i18n_sk.properties +6 -0
package/_i18n/i18n_sl.properties +6 -0
package/_i18n/i18n_sv.properties +6 -0
package/_i18n/i18n_th.properties +6 -0
package/_i18n/i18n_tr.properties +6 -0
package/_i18n/i18n_uk.properties +6 -0
package/_i18n/i18n_vi.properties +6 -0
package/_i18n/i18n_zh_CN.properties +6 -0
package/_i18n/i18n_zh_TW.properties +6 -0
package/_i18n/messages.properties +6 -0
package/_i18n/messages_en_US_saptrc.properties +4 -0
package/cds-plugin.js +4 -0
package/db/data/sap.attachments-ScanStates.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_ar.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_bg.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_cs.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_da.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_de.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_el.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_en.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_en_US_saptrc.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_es.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_es_MX.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_fi.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_fr.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_he.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_hr.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_hu.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_it.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_ja.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_kk.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_ko.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_ms.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_nl.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_no.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_pl.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_pt.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_ro.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_ru.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_sh.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_sk.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_sl.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_sv.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_th.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_tr.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_uk.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_vi.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_zh_CN.csv +6 -0
package/db/data/sap.attachments-ScanStates_texts_zh_TW.csv +6 -0
package/db/index.cds +85 -0
package/index.cds +1 -0
package/lib/csn-runtime-extension.js +31 -0
package/lib/generic-handlers.js +199 -0
package/lib/helper.js +407 -0
package/lib/mtx/server.js +583 -0
package/lib/plugin.js +112 -0
package/package.json +67 -0
package/srv/aws-s3.js +249 -0
package/srv/azure-blob-storage.js +202 -0
package/srv/basic.js +331 -0
package/srv/gcp.js +226 -0
package/srv/malwareScanner-mocked.cds +3 -0
package/srv/malwareScanner-mocked.js +127 -0
package/srv/malwareScanner.cds +23 -0
package/srv/malwareScanner.js +151 -0
package/srv/object-store.js +44 -0
package/srv/standard.js +3 -0

package/lib/mtx/server.js ADDED Viewed

@@ -0,0 +1,583 @@
+const cds = require('@sap/cds')
+const LOG = cds.log('attachments')
+const axios = require('axios')
+const https = require("https")
+const { S3Client, paginateListObjectsV2, DeleteObjectsCommand } = require('@aws-sdk/client-s3')
+const { BlobServiceClient } = require('@azure/storage-blob')
+const { Storage } = require('@google-cloud/storage')
+const { validateServiceManagerCredentials, fetchObjectStoreBinding } = require('../helper')
+const PATH = {
+    SERVICE_INSTANCE: "v1/service_instances",
+    SERVICE_BINDING: "v1/service_bindings",
+    SERVICE_PLAN: "v1/service_plans",
+    SERVICE_OFFERING: "v1/service_offerings"
+}
+const HTTP_METHOD = {
+    POST: "post",
+    GET: "get",
+    DELETE: "delete"
+}
+const STATE = {
+    SUCCEEDED: "succeeded",
+    FAILED: "failed",
+}
+let POLL_WAIT_TIME = 5000
+const ASYNC_TIMEOUT = 5 * 60 * 1000
+/**
+ * Waits for the specified number of milliseconds
+ * @param {number} milliseconds - Time to wait in milliseconds
+ * @returns {Promise} - Resolves after the specified time
+ */
+async function wait(milliseconds) {
+    if (milliseconds <= 0) {
+        return
+    }
+    await new Promise(function (resolve) {
+        setTimeout(resolve, milliseconds)
+    })
+}
+/**
+ * Registers attachment handlers for the given service and entity
+ * @param {string} sm_url - Service Manager URL
+ * @param {import('axios').Method} method - HTTP method
+ * @param {string} path - API path
+ * @param {string} token - OAuth token
+ * @param {*} params - Query parameters
+ * @returns {string} - Response data
+ */
+const _serviceManagerRequest = async (sm_url, method, path, token, params = {}) => {
+    try {
+        const response = await axios({
+            method,
+            url: `${sm_url}/${path}`,
+            headers: {
+                'Accept': 'application/json',
+                'Authorization': `Bearer ${token}`
+            },
+            params
+        })
+        return response?.data?.items?.[0] // Error handling : return undefined instead of crashing when .items is undefined
+    } catch (error) {
+        LOG.error(`Service Manager API request failed - ${method.toUpperCase()} ${path}`, error,
+            'Check Service Manager connectivity and credentials',
+            { method, path, sm_url, params })
+        throw error
+    }
+}
+const _fetchToken = async (url, clientid, clientsecret, certificate, key) => {
+    try {
+        const tokenUrl = `${url}/oauth/token`
+        const headers = {
+            Accept: "application/json",
+            "Content-Type": "application/x-www-form-urlencoded",
+        }
+        const body = "grant_type=client_credentials"
+        // Case 1: OAuth Client Credentials Flow
+        if (clientid && clientsecret) {
+            LOG.debug('Using OAuth client credentials to fetch token.', { url, clientid })
+            const response = await axios.post(tokenUrl, null, {
+                headers,
+                params: {
+                    grant_type: "client_credentials",
+                    client_id: clientid,
+                    client_secret: clientsecret,
+                },
+            })
+            if (!response.data?.access_token) {
+                LOG.error('OAuth token response missing access_token', null,
+                    'Check clientid/clientsecret validity and Service Manager configuration',
+                    { clientid, responseData: response.data })
+                throw new Error('Access token not found in OAuth token response')
+            }
+            return response.data.access_token
+        }
+        LOG.debug('OAuth client credentials missing - checking for MTLS credentials', { url, clientid })
+        // Case 2: MTLS Flow
+        if (certificate && key) {
+            LOG.debug('MTLS certificate and key found - proceeding with MTLS token fetch.', { url, clientid })
+            const agent = new https.Agent({ cert: certificate, key: key })
+            const response = await axios.post(tokenUrl, body, {
+                headers,
+                httpsAgent: agent,
+            })
+            if (!response.data?.access_token) {
+                LOG.error('MTLS token response missing access_token', null,
+                    'Check MTLS certificate/key validity and Service Manager configuration',
+                    { clientid, responseData: response.data })
+                throw new Error('Access token not found in MTLS token response')
+            }
+            return response.data.access_token
+        }
+        // If neither flow is possible
+        throw new Error("Missing authentication credentials: Provide either OAuth clientid/clientsecret or MTLS certificate/key.")
+    } catch (error) {
+        LOG.error('Failed to fetch OAuth token using provided credentials', error,
+            'Verify Service Manager credentials and connectivity')
+        throw error
+    }
+}
+const _getOfferingID = async (sm_url, token) => {
+    const offerings = await _serviceManagerRequest(sm_url, HTTP_METHOD.GET, PATH.SERVICE_OFFERING, token, { fieldQuery: "name eq 'objectstore'" })
+    const offeringID = offerings.id
+    if (!offeringID) LOG.debug('Object store service offering not found in Service Manager', { sm_url })
+    return offeringID
+}
+/**
+ * Registers attachment handlers for the given service and entity
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} token - OAuth token
+ * @param {string} offeringID - Service Offering ID
+ * @returns
+ */
+const _getPlanID = async (sm_url, token, offeringID) => {
+    // Recheck the fieldQuery for catalog_name
+    const supportedPlans = ["standard", "s3-standard"]
+    for (const planName of supportedPlans) {
+        LOG.debug('Fetching object store plan from Service Manager', { planName })
+        try {
+            const plan = await _serviceManagerRequest(
+                sm_url,
+                HTTP_METHOD.GET,
+                PATH.SERVICE_PLAN,
+                token,
+                {
+                    fieldQuery: `service_offering_id eq '${offeringID}' and catalog_name eq '${planName}'`,
+                }
+            )
+            if (plan?.id) {
+                LOG.debug('Using object store plan', { planName, planID: plan.id, offeringID })
+                return plan.id
+            }
+        } catch (error) {
+            LOG.error(`Failed to fetch plan "${planName}" from Service Manager`, error,
+                'Check Service Manager connectivity and credentials',
+                { sm_url, offeringID, planName })
+            throw error
+        }
+    }
+    LOG.debug('No supported object store service plan found in Service Manager', { sm_url, attempted: supportedPlans.join(", ") })
+    throw new Error(
+        `No supported object store service plan found in Service Manager.`
+    )
+}
+/**
+ * Creates an object store instance for the given tenant
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} tenant - Tenant ID
+ * @param {string} planID - Service Plan ID
+ * @param {string} token  - OAuth token
+ * @returns
+ */
+const _createObjectStoreInstance = async (sm_url, tenant, planID, token) => {
+    try {
+        const response = await axios.post(`${sm_url}/v1/service_instances`, {
+            name: `object-store-${tenant}-${cds.utils.uuid()}`,
+            service_plan_id: planID,
+            parameters: {},
+            labels: { tenant_id: [tenant], service: ["OBJECT_STORE"] }
+        }, {
+            headers: {
+                'Accept': 'application/json',
+                'Authorization': `Bearer ${token}`,
+                'Content-Type': 'application/json'
+            }
+        })
+        const instancePath = response.headers.location.substring(1)
+        const instanceId = await _pollUntilDone(sm_url, instancePath, token)
+        return instanceId.data.resource_id
+    } catch (error) {
+        LOG.error(`Failed to create object store instance for tenant - ${tenant}`, error,
+            'Check Service Manager connectivity and credentials',
+            { sm_url, tenant, planID })
+    }
+}
+/**
+ * Polls the service manager until the instance is in a terminal state
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} instancePath - Path to the service instance
+ * @param {string} token - OAuth token
+ * @returns
+ */
+const _pollUntilDone = async (sm_url, instancePath, token) => {
+    try {
+        let iteration = 1
+        const startTime = Date.now()
+        let isReady = false
+        while (!isReady) {
+            await wait(POLL_WAIT_TIME * iteration)
+            iteration++
+            const instanceStatus = await axios.get(`${sm_url}/${instancePath}`, {
+                headers: { 'Accept': 'application/json', 'Authorization': `Bearer ${token}` }
+            })
+            if (instanceStatus.data.state === STATE.SUCCEEDED) {
+                isReady = true
+                return instanceStatus
+            }
+            if (Date.now() - startTime > ASYNC_TIMEOUT) {
+                LOG.debug('Timed out waiting for service instance to be ready', { instancePath, sm_url })
+            }
+            if (instanceStatus.data.state === STATE.FAILED) {
+                LOG.debug('Service instance creation failed', { instancePath, sm_url, details: instanceStatus.data })
+            }
+        }
+    } catch (error) {
+        LOG.error('Error polling for object store instance readiness', error,
+            'Check Service Manager connectivity and instance status',
+            { sm_url, instancePath })
+    }
+}
+/**
+ * Registers attachment handlers for the given service and entity
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} tenant - Tenant ID
+ * @param {string} instanceID - Service Instance ID
+ * @param {string} token - OAuth token
+ * @returns
+ */
+const _bindObjectStoreInstance = async (sm_url, tenant, instanceID, token) => {
+    if (instanceID) {
+        try {
+            const response = await axios.post(`${sm_url}/${PATH.SERVICE_BINDING}`, {
+                name: `object-store-${tenant}-${cds.utils.uuid()}`,
+                service_instance_id: instanceID,
+                parameters: {},
+                labels: { tenant_id: [tenant], service: ["OBJECT_STORE"] }
+            }, {
+                headers: {
+                    'Accept': 'application/json',
+                    'Authorization': `Bearer ${token}`,
+                    'Content-Type': 'application/json'
+                }
+            })
+            return response.data.id
+        } catch (error) {
+            LOG.error(`Error binding object store instance for tenant - ${tenant}`, error,
+                'Check Service Manager connectivity and credentials',
+                { sm_url, tenant, instanceID })
+        }
+    }
+}
+/**
+ * Registers attachment handlers for the given service and entity
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} tenant - Tenant ID
+ * @param {string} token - OAuth token
+ * @returns {string} - Binding ID
+ */
+const _getBindingIdForDeletion = async (sm_url, tenant, token) => {
+    try {
+        const getBindingCredentials = await _serviceManagerRequest(sm_url, HTTP_METHOD.GET, PATH.SERVICE_BINDING, token, {
+            labelQuery: `service eq 'OBJECT_STORE' and tenant_id eq '${tenant}'`
+        })
+        if (!getBindingCredentials?.id) {
+            LOG.warn('No binding credentials found for tenant during deletion', { tenant })
+            return null // Handle missing data gracefully
+        }
+        return getBindingCredentials.id
+    } catch (error) {
+        LOG.error(`Error fetching binding credentials for tenant - ${tenant}`, error,
+            'Check Service Manager connectivity and credentials',
+            { sm_url, tenant })
+    }
+}
+/**
+ * Registers attachment handlers for the given service and entity
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} bindingID - Binding ID
+ * @param {string} token - OAuth token
+ */
+const _deleteBinding = async (sm_url, bindingID, token) => {
+    if (bindingID) {
+        try {
+            await axios.delete(`${sm_url}/${PATH.SERVICE_BINDING}/${bindingID}`, {
+                headers: { 'Accept': 'application/json', 'Authorization': `Bearer ${token}` }
+            })
+        } catch (error) {
+            LOG.error(`Error deleting binding - ${bindingID}`, error,
+                'Check Service Manager connectivity and credentials',
+                { sm_url, bindingID })
+        }
+    } else {
+        LOG.warn('No binding ID provided for deletion, skipping delete operation')
+    }
+}
+/**
+ * Registers attachment handlers for the given service and entity
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} tenant - Tenant ID
+ * @param {string} token - OAuth token
+ * @returns {string} - Instance ID
+ */
+const _getInstanceIdForDeletion = async (sm_url, tenant, token) => {
+    try {
+        const instanceId = await _serviceManagerRequest(sm_url, HTTP_METHOD.GET, PATH.SERVICE_INSTANCE, token, { labelQuery: `service eq 'OBJECT_STORE' and tenant_id eq '${tenant}'` })
+        return instanceId.id
+    } catch (error) {
+        LOG.error(`Error fetching service instance id for tenant - ${tenant}`, error,
+            'Check Service Manager connectivity and credentials',
+            { sm_url, tenant })
+    }
+}
+/**
+ * Deletes an object store instance
+ * @param {string} sm_url - Service Manager URL
+ * @param {string} instanceID - Service Instance ID
+ * @param {string} token - OAuth token
+ */
+const _deleteObjectStoreInstance = async (sm_url, instanceID, token) => {
+    if (instanceID) {
+        try {
+            const response = await axios.delete(`${sm_url}/${PATH.SERVICE_INSTANCE}/${instanceID}`, {
+                headers: { 'Accept': 'application/json', 'Authorization': `Bearer ${token}` }
+            })
+            const instancePath = response.headers.get("location").substring(1)
+            await _pollUntilDone(sm_url, instancePath, token) // remove
+            LOG.debug('Object store instance deleted', { instanceID })
+        } catch (error) {
+            LOG.error(
+                `Error deleting object store instance - ${instanceID}`, error,
+                'Check Service Manager connectivity and credentials',
+                { sm_url, instanceID })
+        }
+    }
+}
+cds.on('listening', async () => {
+    const profile = cds.env.profile
+    const objectStoreKind = cds.env.requires?.attachments?.objectStore?.kind
+    if (profile === 'mtx-sidecar') {
+        const ds = await cds.connect.to("cds.xt.DeploymentService")
+        if (objectStoreKind === "separate") {
+            ds.after('subscribe', async (_, req) => {
+                const { tenant } = req.data
+                try {
+                    const serviceManagerCredentials = cds.env.requires?.serviceManager?.credentials || {}
+                    validateServiceManagerCredentials(serviceManagerCredentials)
+                    const { sm_url, url, clientid, clientsecret, certificate, key } = serviceManagerCredentials
+                    const token = await _fetchToken(url, clientid, clientsecret, certificate, key)
+                    const existingTenantBindings = await fetchObjectStoreBinding(tenant, token);
+                    if (existingTenantBindings.length) {
+                        LOG.info(`Existing tenant specific object store for ${tenant} exists. Skipping creation of new one.`)
+                        return;
+                    }
+                    const offeringID = await _getOfferingID(sm_url, token)
+                    const planID = await _getPlanID(sm_url, token, offeringID)
+                    const instanceID = await _createObjectStoreInstance(sm_url, tenant, planID, token)
+                    LOG.debug('Object Store instance created', { tenant, instanceID })
+                    await _bindObjectStoreInstance(sm_url, tenant, instanceID, token)
+                } catch (error) {
+                    LOG.error(`Error setting up object store for tenant - ${tenant}`, error,
+                        'Check Service Manager connectivity and credentials',
+                        { tenant })
+                }
+            })
+            ds.after('unsubscribe', async (_, req) => {
+                const { tenant } = req.data
+                try {
+                    const serviceManagerCredentials = cds.env.requires?.serviceManager?.credentials || {}
+                    validateServiceManagerCredentials(serviceManagerCredentials)
+                    const { sm_url, url, clientid, clientsecret, certificate, key } = serviceManagerCredentials
+                    const token = await _fetchToken(url, clientid, clientsecret, certificate, key)
+                    const bindingID = await _getBindingIdForDeletion(sm_url, tenant, token)
+                    await _deleteBinding(sm_url, bindingID, token)
+                    const service_instance_id = await _getInstanceIdForDeletion(sm_url, tenant, token)
+                    await _deleteObjectStoreInstance(sm_url, service_instance_id, token)
+                } catch (error) {
+                    LOG.error(
+                        `Error deleting object store service for tenant - ${tenant}`, error,
+                        'Check Service Manager connectivity and credentials',
+                        { tenant })
+                }
+            })
+        } else if (objectStoreKind === "shared") {
+            ds.after('unsubscribe', async (_, req) => {
+                const { tenant } = req.data
+                const creds = cds.env.requires?.objectStore?.credentials
+                if (!creds) throw new Error("SAP Object Store instance credentials not found.")
+                switch (cds.env.requires?.attachments?.kind) {
+                    case "s3":
+                        await _cleanupAWSS3Objects(creds, tenant)
+                        break
+                    case "azure":
+                        await _cleanupAzureBlobObjects(creds, tenant)
+                        break
+                    case "gcp":
+                        await _cleanupGoogleCloudObjects(creds, tenant)
+                        break
+                    default:
+                        LOG.warn('Unsupported object store kind for cleanup', { kind: cds.env.requires?.attachments?.kind, tenant })
+                }
+            })
+        }
+    }
+    module.exports = cds.server
+})
+/**
+ * Cleanup for AWS S3 objects for a given tenant
+ * @param {*} creds - AWS S3 credentials
+ * @param {string} tenant - Tenant ID
+ */
+const _cleanupAWSS3Objects = async (creds, tenant) => {
+    const client = new S3Client({
+        region: creds.region,
+        credentials: {
+            accessKeyId: creds.access_key_id,
+            secretAccessKey: creds.secret_access_key,
+        },
+    })
+    const bucket = creds.bucket
+    const keysToDelete = []
+    try {
+        const paginator = paginateListObjectsV2({ client }, {
+            Bucket: bucket,
+            Prefix: tenant,
+        })
+        for await (const page of paginator) {
+            page.Contents?.forEach(obj => {
+                keysToDelete.push({ Key: obj.Key })
+            })
+        }
+        if (keysToDelete.length > 0) {
+            await client.send(new DeleteObjectsCommand({
+                Bucket: bucket,
+                Delete: { Objects: keysToDelete },
+            }))
+            LOG.debug('[AWS S3] S3 objects deleted for tenant', { tenant, deletedCount: keysToDelete.length })
+        } else {
+            LOG.debug('[AWS S3] No S3 objects found for tenant during cleanup', { tenant })
+        }
+    } catch (error) {
+        LOG.error(
+            `Failed to clean up S3 objects for tenant "${tenant}"`, error,
+            'Check AWS S3 connectivity and permissions',
+            { tenant })
+    }
+}
+/**
+ * Cleanup for Azure Blob Storage objects for a given tenant
+ * @param {*} creds - Azure Blob Storage credentials
+ * @param {string} tenant - Tenant ID
+ */
+const _cleanupAzureBlobObjects = async (creds, tenant) => {
+    const blobServiceClient = new BlobServiceClient(`${creds.container_uri}?${creds.sas_token}`)
+    const containerClient = blobServiceClient.getContainerClient(creds.container)
+    try {
+        const blobsToDelete = []
+        for await (const blob of containerClient.listBlobsFlat({ prefix: tenant })) {
+            blobsToDelete.push(blob.name)
+        }
+        for (const blobName of blobsToDelete) {
+            const blockBlobClient = containerClient.getBlockBlobClient(blobName)
+            await blockBlobClient.delete()
+        }
+        LOG.debug('[Azure] Azure Blob objects deleted for tenant', { tenant, deletedCount: blobsToDelete.length })
+    } catch (error) {
+        LOG.error(
+            `Failed to clean up Azure Blob objects for tenant "${tenant}"`, error,
+            'Check Azure Blob Storage connectivity and permissions',
+            { tenant })
+    }
+}
+/**
+ * Cleanup for Google Cloud Storage objects for a given tenant
+ * @param {*} creds - Google Cloud Storage credentials
+ * @param {string} tenant - Tenant ID
+ */
+const _cleanupGoogleCloudObjects = async (creds, tenant) => {
+    const storageClient = new Storage({
+        projectId: creds.project_id,
+        credentials: creds.service_account
+    })
+    const bucket = storageClient.bucket(creds.bucket_name)
+    try {
+        let pageToken = undefined
+        let totalDeleted = 0
+        do {
+            const [files, nextQuery] = await bucket.getFiles({
+                prefix: tenant,
+                maxResults: 1000, // or another reasonable batch size
+                pageToken
+            })
+            const deletePromises = files.map(file => file.delete())
+            await Promise.all(deletePromises)
+            totalDeleted += files.length
+            pageToken = nextQuery?.pageToken
+        } while (pageToken)
+        LOG.debug('[GCP] Google Cloud Storage objects deleted for tenant', { tenant, deletedCount: totalDeleted })
+    } catch (error) {
+        LOG.error(
+            `Failed to clean up Google Cloud Platform objects for tenant "${tenant}"`, error,
+            'Check Google Cloud Storage connectivity and permissions',
+            { tenant })
+    }
+}
+module.exports = {
+    _fetchToken,
+    _serviceManagerRequest,
+    _getOfferingID,
+    _getPlanID,
+    _createObjectStoreInstance
+}

package/lib/plugin.js ADDED Viewed

@@ -0,0 +1,112 @@
+const cds = require("@sap/cds")
+const { validateAttachment, readAttachment, validateAttachmentSize, onPrepareAttachment, validateAttachmentMimeType } = require("./generic-handlers")
+require("./csn-runtime-extension")
+const LOG = cds.log('attachments')
+cds.on(cds.version >= "8.6.0" ? "compile.to.edmx" : "loaded", unfoldModel)
+function unfoldModel(csn) {
+  const meta = csn.meta ??= {}
+  if (!("sap.attachments.Attachments" in csn.definitions)) return
+  if (meta._enhanced_for_attachments) return
+  // const csnCopy = structuredClone(csn) // REVISIT: Why did we add this cloning?
+  const hasFacetForComp = (comp, facets) => facets.some(f => f.Target === `${comp.name}/@UI.LineItem` || (f.Facets && hasFacetForComp(comp, f.Facets)))
+  cds.linked(csn).forall("Composition", (comp) => {
+    if (comp._target && comp._target["@_is_media_data"] && comp.parent && comp.is2many) {
+      let facets = comp.parent["@UI.Facets"]
+      if (!facets) return
+      if (comp["@attachments.disable_facet"] !== undefined) {
+        LOG.warn(`@attachments.disable_facet is deprecated! Please annotate ${comp.name} with @UI.Hidden`)
+      }
+      if (!comp["@attachments.disable_facet"] && !hasFacetForComp(comp, facets)) {
+        LOG.debug(`Adding @UI.Facet to: ${comp.parent.name}`)
+        const attachmentsFacet = {
+          $Type: "UI.ReferenceFacet",
+          Target: `${comp.name}/@UI.LineItem`,
+          ID: `${comp.name}_attachments`,
+          Label: "{i18n>Attachments}",
+        }
+        if (comp["@UI.Hidden"]) {
+          attachmentsFacet["@UI.Hidden"] = comp["@UI.Hidden"]
+        }
+        facets.push(attachmentsFacet)
+        //Hide parent key so it cannot be selected from Columns on the UI
+        Object.keys(comp._target.elements).filter(e => e.startsWith('up__')).forEach(ele => {
+          comp._target.elements[ele]['@UI.Hidden'] = true;
+        })
+        if (comp._target.elements['up_']) {
+          comp._target.elements['up_']['@UI.Hidden'] = true;
+        }
+      }
+    }
+  })
+  meta._enhanced_for_attachments = true
+}
+cds.ApplicationService.handle_attachments = cds.service.impl(async function () {
+  if (!cds.env.requires.attachments) return;
+  LOG.debug(`Registering handlers for attachments entities for service: ${this.name}`)
+  this.before("READ", validateAttachment)
+  this.after("READ", readAttachment)
+  this.before("PUT", validateAttachmentSize)
+  this.before("PUT", validateAttachmentMimeType)
+  this.before("NEW", onPrepareAttachment)
+  this.before("CREATE", (req) => {
+    return onPrepareAttachment(req)
+  })
+  this.before(["DELETE", "UPDATE"], async function collectDeletedAttachmentsForDraftEnabled(req) {
+    if (!req.target?._attachments.hasAttachmentsComposition) return;
+    const AttachmentsSrv = await cds.connect.to("attachments")
+    return AttachmentsSrv.attachDeletionData.bind(AttachmentsSrv)(req)
+  })
+  this.after(["DELETE", "UPDATE"], async function deleteCollectedDeletedAttachmentsForDraftEnabled(res, req) {
+    if (!req.target?._attachments.hasAttachmentsComposition) return;
+    const AttachmentsSrv = await cds.connect.to("attachments")
+    return AttachmentsSrv.deleteAttachmentsWithKeys.bind(AttachmentsSrv)(res, req)
+  })
+  this.prepend(() =>
+    this.on(
+      ["PUT", "UPDATE"],
+      async function putUpdateAttachments(req, next) {
+        // Skip entities which are not Attachments and skip if content is not updated
+        if (!req.target._attachments.isAttachmentsEntity || !req.data.content) return next()
+        let metadata = await this.run(SELECT.from(req.subject).columns('url', ...Object.keys(req.target.keys)))
+        if (metadata.length > 1) {
+          return req.error(501, 'MultiUpdateNotSupported')
+        }
+        metadata = metadata[0]
+        if (!metadata) {
+          return req.reject(404)
+        }
+        req.data.ID = metadata.ID
+        req.data.url ??= metadata.url
+        for (const key in metadata) {
+          if (key.startsWith('up_')) {
+            req.data[key] = metadata[key]
+          }
+        }
+        const AttachmentsSrv = await cds.connect.to("attachments")
+        return await AttachmentsSrv.put(req.target, req.data)
+      }
+    )
+  )
+  this.prepend(() =>
+    this.on(
+      ["CREATE"],
+      async function createAttachments(req, next) {
+        if (!req.target._attachments.isAttachmentsEntity || req.req?.url?.endsWith('/content') || !req.data.url || !(req.data.content || (Array.isArray(req.data) && req.data[0]?.content))) return next()
+        const AttachmentsSrv = await cds.connect.to("attachments")
+        return AttachmentsSrv.put(req.target, req.data)
+      }
+    )
+  )
+  const AttachmentsSrv = await cds.connect.to("attachments")
+  AttachmentsSrv.registerHandlers(this)
+})