Merge branch 'main' into multi-level-bug

Author: eric-pSAP

.github/actions/integration-tests/action.yml

@@ -54,6 +54,8 @@ runs:
         done
 
     - uses: actions/checkout@v5
+      with:
+        ref: ${{ github.event.pull_request.head.sha || github.sha }}
     - name: Use Node.js ${{ inputs.NODE_VERSION}}
       uses: actions/setup-node@v6
       with:
@@ -67,8 +69,12 @@ runs:
     - name: Set node env for HANA
       run: echo "NODE_VERSION_HANA=$(echo ${{ inputs.NODE_VERSION }} | tr . _)" >> $GITHUB_ENV
       shell: bash
+    - name: CDS Versions being used
+      run: cds v -i
+      shell: bash
+
     # Deploy model to HANA
-    - name: Create Object store 
+    - name: Create Object store
       shell: bash
       run: cf create-service objectstore standard cap-js-attachments-object-store-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA
     - name: Create Basic Auth Malware scanner
@@ -79,32 +85,38 @@ runs:
       run: cf create-service hana hdi-shared cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA
     - run: cd tests/incidents-app/ && cds deploy --to hana:cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA
       shell: bash
+
     # Create service key
-    - run: cf create-service-key cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA-key
+    - run: cf create-service-key cap-js-attachments-scanner-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA cap-js-attachments-scanner-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA-key
       if: ${{ inputs.SCANNER_AUTH == 'basic' }}
-      shell: bash 
-    - run: cf create-service-key cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA gcp-cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA-key -c '{"auth":"mtls"}'
+      shell: bash
+    - run: cf create-service-key cap-js-attachments-scanner-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA cap-js-attachments-scanner-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA-key -c '{"auth":"mtls"}'
       if: ${{ inputs.SCANNER_AUTH == 'mtls' }}
       shell: bash
+
     # Bind against BTP services
     - run: cds bind db -2 cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA -o package.json
       shell: bash
-    - run: cds bind objectStore -2 cap-js-attachments-object-store-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA -o package.json
+    - name: Bind object store
       shell: bash
+      run: |
+        for i in {1..3}; do
+          cds bind objectStore -2 cap-js-attachments-object-store-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA -o package.json && break
+          echo "cds bind objectStore failed, retrying ($i/3)..."
+          sleep 100
+          if [ "$i" -eq 3 ]; then
+            echo "❌ cds bind objectStore failed after 3 attempts."
+            exit 1
+          fi
+        done
     - run: cds bind malware-scanner -2 cap-js-attachments-scanner-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA -o package.json
       shell: bash
 
-    # Set Hyperscaler for attachment plugin in package.json
-    - run: |
-        cd tests/incidents-app
-        npx -y json -I -f package.json -e "this['cds']['requires']['attachments'] = { 'kind': '${{inputs.OBJECT_STORE_KIND}}' }"
-      shell: bash
-
     # Run tests in hybrid mode
     - run: cds bind --exec npm run test
       shell: bash
 
-    # Cleanup
+    # Cleanup BTP services
     - name: Delete Malware Scanner instance
       if: ${{ always() }}
       run: cf delete-service cap-js-attachments-scanner-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA -f
@@ -117,7 +129,8 @@ runs:
       if: ${{ always() }}
       run: cf delete-service-key cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA cap-js-attachments-hana-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.SCANNER_AUTH }}-$NODE_VERSION_HANA-key -f
       shell: bash
-    # Somehow first delete always fails with a "ongoing operation on service binding" error
+
+    # Note: The initial delete attempt often fails due to an "ongoing operation on service binding" error.
     - name: Delete HDI Container
       if: ${{ always() }}
       shell: bash

.github/workflows/release.yml

@@ -5,6 +5,7 @@ on:
 
 permissions:
   contents: write
+  id-token: write
 
 jobs:
 
@@ -15,7 +16,7 @@ jobs:
     - uses: actions/checkout@v4
     - uses: actions/setup-node@v4
       with:
-        node-version: 20
+        node-version: 24
         registry-url: https://registry.npmjs.org/
 
     - name: Run Tests
@@ -39,6 +40,4 @@ jobs:
       with:
         tag: 'v${{ steps.package-version.outputs.current-version }}'
         body: '${{ steps.parse-changelog.outputs.body }}'
-    - run: npm publish --access public
-      env:
-        NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+    - run: npm publish --access public --provenance 

.github/workflows/test.yml

@@ -3,10 +3,10 @@ name: CI
 on:
   workflow_dispatch:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request_target:
-    branches: [ main ]
-    types: [ reopened, synchronize, opened ]
+    branches: [main]
+    types: [reopened, synchronize, opened]
 
 jobs:
   requires-approval:
@@ -26,7 +26,9 @@ jobs:
       matrix:
         node-version: [20.x, 22.x]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v5
+      with:
+        ref: ${{ github.event.pull_request.head.sha || github.sha }}
     - name: Use Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@v2
       with:
@@ -35,6 +37,7 @@ jobs:
     - run: npm i
     - run: cd tests/incidents-app && npm i
     - run: npm run test
+    
   integration-tests:
     runs-on: ubuntu-latest
     needs: requires-approval
@@ -47,16 +50,18 @@ jobs:
         hyperscaler: [AWS, AZURE, GCP]
         scanner-auth: [basic, mtls]
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v5
-    - name: Integration tests
-      uses: ./.github/actions/integration-tests
-      with:
-        CF_API: ${{ secrets[format('CF_API_{0}', matrix.hyperscaler)] }}
-        CF_USERNAME: ${{ secrets['CF_USERNAME'] }}
-        CF_PASSWORD: ${{ secrets['CF_PASSWORD'] }}
-        CF_ORG: ${{ secrets[format('CF_ORG_{0}', matrix.hyperscaler)] }}
-        CF_SPACE: ${{ secrets[format('CF_SPACE_{0}', matrix.hyperscaler)] }}
-        OBJECT_STORE_KIND: ${{ vars[format('OBJECT_STORE_KIND_{0}', matrix.hyperscaler)] }}
-        NODE_VERSION: ${{ matrix.node-version }}
-        SCANNER_AUTH: ${{ matrix.scanner-auth }}
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+      - name: Integration tests
+        uses: ./.github/actions/integration-tests
+        with:
+          CF_API: ${{ secrets[format('CF_API_{0}', matrix.hyperscaler)] }}
+          CF_USERNAME: ${{ secrets['CF_USERNAME'] }}
+          CF_PASSWORD: ${{ secrets['CF_PASSWORD'] }}
+          CF_ORG: ${{ secrets[format('CF_ORG_{0}', matrix.hyperscaler)] }}
+          CF_SPACE: ${{ secrets[format('CF_SPACE_{0}', matrix.hyperscaler)] }}
+          OBJECT_STORE_KIND: ${{ vars[format('OBJECT_STORE_KIND_{0}', matrix.hyperscaler)] }}
+          NODE_VERSION: ${{ matrix.node-version }}
+          SCANNER_AUTH: ${{ matrix.scanner-auth }}

CHANGELOG.md

@@ -4,6 +4,47 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## Version 3.4.0
+
+### Added
+
+- Introduced support for the `@Core.AcceptableMediaTypes` annotation, allowing specification of permitted MIME types for attachment uploads:
+    ```cds
+    annotate my.Books.attachments with {
+        content @Core.AcceptableMediaTypes: ['image/jpeg'];
+    }
+    ```
+- Added support for the `@Validation.Maximum` annotation to define the maximum allowed file size for attachments:
+    ```cds
+    annotate my.Books.attachments with {
+        content @Validation.Maximum: '2MB';
+    }
+    ```
+
+### Fixed
+
+- Removed the previous hard limit of `400 MB` for file uploads. Files exceeding this size may still fail during malware scanning and will be marked with a `Failed` status.
+- Resolved issues with generic handler registration, enabling services to intercept the attachments plugin using middleware.
+
+## Version 3.3.0
+
+### Added
+
+- Added [`standard`](./README.md#supported-storage-provider) kind and set it as the default so that the configuration needs no adjustment when switching hyper-scalers.
+- Added support for uploading and updating attachments via `srv.run(INSERT.into(Attachments).entries())` or `srv.run(UPDATE.entity(Attachments).set())`
+
+### Fixed
+
+- Fixed an issue that in multi-tenancy scenarios with separate object stores duplicate object stores per tenant were created when updating the tenant binding via the SaaS dependency service.
+- Fixed a race-condition where tenant isolation in separate object store mode could be broken.
+- Fixed a case where attachments were not correctly deleted.
+- Fixed a server crash when using the `AttachmentsSrv.put` API to upload an attachment.
+- Fixed a server crash when no object store would be bound to the application on BTP.
+- Fixed a server crash when the filename would not be given when creating new attachment metadata.
+- Fixed an issue where attachment handlers would be missing when all Attachments entity were behind feature toggles.
+- Fixed an issue where with storage kind `db` attachments could not be uploaded as drafts.
+- Fixed an issue where the content could be uploaded for a not existing attachments entity. 
+
 ## Version 3.2.0
 
 ### Added
@@ -15,8 +56,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - Added criticality status to the attachment scan status.
 - Provided translations for all SAP-supported languages.
 
-### Fixed
-
 ## Version 3.1.0
 
 ### Added

README.md

@@ -56,7 +56,7 @@ For a quick local development setup with in-memory storage:
         // (...)
         "[hybrid]": {  
           "attachments": {  
-            "kind": "s3"  
+            "kind": "standard"  
             // (...)
           }  
         }  
@@ -200,9 +200,11 @@ Scan status codes:
 - `Failed`: Scanning failed. 
 
 > [!Note]
-> The plugin currently supports file uploads up to 400 MB in size per attachment as this is a limitation of the [malware scanning service](https://help.sap.com/docs/malware-scanning-servce/sap-malware-scanning-service/what-is-sap-malware-scanning-service). Please note: this limitation remains even with the malware scanner disabled. 
 > The malware scanner supports mTLS authentication which requires an annual renewal of the certificate. Previously, basic authentication was used which has now been deprecated.
 
+> [!Note]
+> If the malware scanner reports a file size larger than the limit specified via [@Validation.Maximum](#specify-the-maximum-file-size) it removes the file and sets the status of the attachment metadata to failed.
+
 
 ### Visibility Control for Attachments UI Facet Generation
 
@@ -243,6 +245,56 @@ The typical sequence includes:
 1. **POST** -> create attachment metadata, returns ID  
 2. **PUT** -> upload file content using the ID
 
+### Specify the maximum file size
+
+You can specify the maximum file size by annotating the attachments content property with `@Validation.Maximum`
+
+```cds
+entity Incidents {
+  ...
+  attachments: Composition of many Attachments;
+}
+
+annotate Incidents.attachments with {
+  content @Validation.Maximum : '20MB';
+}
+```
+
+The default is 400MB
+
+### Restrict allowed MIME types
+
+You can restrict which MIME types are allowed for attachments by annotating the content property with `@Core.AcceptableMediaTypes`. This validation is performed during file upload.
+
+```cds
+entity Incidents {
+  ...
+  attachments: Composition of many Attachments;
+}
+
+annotate Incidents.attachments with {
+  content @Core.AcceptableMediaTypes : ['image/jpeg', 'image/png', 'application/pdf'];
+}
+```
+
+Wildcard patterns are supported:
+
+```cds
+annotate Incidents.attachments with {
+  content @Core.AcceptableMediaTypes : ['image/*', 'application/pdf'];
+}
+```
+
+To allow all MIME types (default behavior), either omit the annotation or use:
+
+```cds
+annotate Incidents.attachments with {
+  content @Core.AcceptableMediaTypes : ['*/*'];
+}
+```
+
+When a file with a disallowed MIME type is uploaded, the request will be rejected with a `400` error.
+
 ## Releases
 
 - The plugin is released to [NPM Registry](https://www.npmjs.com/package/@cap-js/attachments).
@@ -258,12 +310,21 @@ The typical sequence includes:
 ## Architecture Overview
 ### Multitenancy
 
-The plugin supports multitenancy scenarios, allowing both shared and tenant-specific object store instances.
+The plugin supports multi-tenancy scenarios, allowing both shared and tenant-specific object store instances.
 
 > [!Note]
-> Starting from version 2.1.0, **separate mode** for object store instances is the default setting for multitenancy.  
+> Starting from version 2.1.0, **separate mode** for object store instances is the default setting for multi-tenancy.  
 
-For multitenant applications, `@cap-js/attachments` must be included in the dependencies of both the application-level and _mtx/sidecar/package.json_ files.
+For multi-tenant applications, `@cap-js/attachments` must be included in the dependencies of both the application-level and _mtx/sidecar/package.json_ files.
+
+#### Separate object store instances
+
+By default the plugin creates for each tenant its own object store instance during the tenants subscription.
+
+When the tenant unsubscribes the object store instance is deleted.
+
+> [!WARNING]
+> When you remove the plugin from an application after separate object stores already have been created, the object stores are not automatically removed!
 
 #### Shared Object Store Instance
 
@@ -333,10 +394,10 @@ To set the binding, please see the section [Storage Targets](#storage-targets).
 
 ##### Supported Storage Provider
 
-- **AWS S3** (`kind: "s3"`)
-- **Azure Blob Storage** (`kind: "azure"`)
-- **Google Cloud Platform** (`kind: "gcp"`)
-
+- **Standard** (`kind: "standard"`) | Depending on the bound object store credentials, uses AWS S3, Azure Blob Storage or GCP Cloud Storage. You can manually specify the implementation by adjusting the type to:
+    - **AWS S3** (`kind: "s3"`)
+    - **Azure Blob Storage** (`kind: "azure"`)
+    - **GCP Cloud Storage** (`kind: "gcp"`)
 
 ### Model Texts
 

_i18n/messages.properties

@@ -0,0 +1,4 @@
+UnableToDownloadAttachmentScanStatusNotClean=Unable to download the attachment as scan status is not clean.
+AttachmentSizeExceeded=File size limit exceeded beyond {0}.
+MultiUpdateNotSupported=Multi update is not supported.
+AttachmentMimeTypeDisallowed=The attachment file type '{mimeType}' is not allowed.

db/data/sap.attachments-ScanStates.csv

@@ -3,4 +3,4 @@ Unscanned;Unscanned;The file is not yet scanned for malware.;2
 Scanning;Scanning;The file is currently being scanned for malware.;2
 Infected;Infected;The file contains malware! Do not download!;1
 Clean;Clean;The file does not contain any malware.;3
-Failed;Failed;The file could not be scanned for malware.;1
+Failed;Failed;The file could not be scanned for malware.;1

db/data/sap.attachments-ScanStates_texts.csv

@@ -3,4 +3,4 @@ en;Unscanned;Unscanned;The file is not yet scanned for malware.
 en;Scanning;Scanning;The file is currently being scanned for malware.
 en;Infected;Infected;The file contains malware! Do not download!
 en;Clean;Clean;The file does not contain any malware.
-en;Failed;Failed;The file could not be scanned for malware.
+en;Failed;Failed;The file could not be scanned for malware.

jest.config.js

@@ -1,7 +1,6 @@
 const config = {
-    testTimeout: 60000,
+    testTimeout: 120000,
     testMatch: ['**/*.test.js'],
-    setupFilesAfterEnv: ['<rootDir>/tests/setup.js'],
     forceExit: true,
     detectOpenHandles: true
   }