diff --git a/README.md b/README.md index d5bfa71e..24441abd 100755 --- a/README.md +++ b/README.md @@ -2,124 +2,213 @@ # Attachments Plugin -The `@cap-js/attachments` package is a [CDS plugin](https://cap.cloud.sap/docs/node.js/cds-plugins#cds-plugin-packages) that provides out-of-the box asset storage and handling by using an *aspect* `Attachments`. It also provides a CAP-level, easy to use integration of the SAP Object Store. +The `@cap-js/attachments` package is a [CDS plugin](https://cap.cloud.sap/docs/node.js/cds-plugins#cds-plugin-packages) that provides out-of-the box asset storage and handling by using an [*aspect*](https://cap.cloud.sap/docs/cds/cdl#aspects) called `Attachments`. It also provides a CAP-level, easy-to-use integration of the [SAP Object Store](https://help.sap.com/docs/object-store/object-store-service-on-sap-btp/what-is-object-store). ### Table of Contents -- [Setup](#setup) -- [Use `Attachments`](#use-attachments) -- [Test-drive Locally](#test-drive-locally) -- [Using SAP Object Store](#using-sap-object-store) -- [Using SAP Malware Scanning service](#using-sap-malware-scanning-service) -- [Multitenancy](#multi-tenancy) -- [Contributing](#contributing) -- [Code of Conduct](#code-of-conduct) -- [Licensing](#licensing) + + +* [Usage](#usage) + * [Quick Start](#quick-start) + * [Local Walk-Through](#local-walk-through) + * [Changes in the CDS Models](#changes-in-the-cds-models) + * [Storage Targets](#storage-targets) + * [Malware Scanner](#malware-scanner) + * [Visibility Control](#visibility-control-for-attachments-ui-facet-generation) + * [Non-Draft Uploading](non-draft-upload) +* [Releases](#releases) +* [Minimum UI5 and CAP NodeJS Version](#minimum-ui5-and-cap-nodejs-version) +* [Architecture Overview](#architecture-overview) + * [Multitenancy](#multitenancy) + * [Object Stores](#object-stores) + * [Model Texts](#model-texts) +* [Monitoring & Logging](#monitoring--logging) +* [Support, Feedback, Contributing ](#support-feedback-and-contributing) +* [Code of Conduct](#code-of-conduct) +* [Licensing](#licensing) + +## Usage + +### Quick Start + +For a quick local development setup with in-memory storage: + +- The plugin is self-configuring as described, see the following details section. To enable attachments, simply add the plugin package to your project: + ```sh + npm add @cap-js/attachments + ``` + +
+ The attachments plugin needs to be referenced in the package.json of the consuming CAP NodeJS application: + + ```cds + "devDependencies": { + "@cap-js/attachments": "", + // (...) + } + ``` -## Setup + In addition, different profiles can be found in `package.json` as well, such as: + + ```json + "cds": { + "requires": { + // (...) + "[hybrid]": { + "attachments": { + "kind": "s3" + // (...) + } + } + } + } + ``` +
-To enable attachments, simply add this self-configuring plugin package to your project: +- To use Attachments, extend a CDS model by adding an element that refers to the pre-defined Attachments type (see [Changes in the CDS Models](#changes-in-the-cds-models) for more details): -```sh - npm add @cap-js/attachments -``` + ```cds + using { Attachments } from '@cap-js/attachments'; -In this guide, we use the [Incidents Management reference sample app](https://github.com/cap-js/incidents-app) as the base application, to add `Attachments` type to the CDS model. + entity Incidents { + // (...) + attachments: Composition of many Attachments; + } + ``` -> [!Note] -> To be able to use the Fiori *uploadTable* feature, you must ensure 1.121.0/ 1.122.0/ ^1.125.0 SAPUI5 version is updated in the application's _index.html_ +In this guide, we use the [Incidents Management reference sample app](https://github.com/cap-js/incidents-app) as the base application to provide a demonstration how to use this plugin. A miniature version of this app can be found within the [tests](./tests/incidents-app) directory for local testing. -> [!Note] -> The plugin supports cds 8 & 9 +For productive use, a valid object store binding is required, see [Object Stores](#object-stores) and [Storage Targets](#storage-targets). -## Use Attachments +### Local Walk-Through -> [!Note] -> To be able to use the plugin with Fiori elements UI, make sure *draft* is enabled for the entity. +With the steps above, we have successfully set up asset handling for our reference application. To test the application locally, use the following steps. -> [!Note] -> The plugin currently supports file uploads up to **400 MB** in size per attachment. +> [!NOTE] +> For local testing, the attachment objects are stored in a [local database](https://cap.cloud.sap/docs/guides/databases-sqlite). -To use Attachments, simply add an element referring to the pre-defined `Attachments` type as follows: +1. **Start the server**: -```cds -using { Attachments } from '@cap-js/attachments'; +- *Default* scenario (In memory database): + ```sh + cds watch + ``` -entity Incidents { - // ... - attachments: Composition of many Attachments; -} -``` +2. **Navigate to the object page** of the incident `Solar panel broken`: +Go to object page for incident **Solar panel broken** +3. The `Attachments` type has generated an out-of-the-box Attachments table (see 1) at the bottom of the Object page: + Attachments Table -## Test-drive Locally -With the steps above, we have successfully set up asset handling for our reference application. Let's see that in action. -We can try out the scenarios where the attachments contents are stored locally in the database. +4. **Upload a file** by going into Edit mode and either using the **Upload** button on the Attachments table or by drag/drop. Then click the **Save** button to have that file stored that file in the dedicated resource (database, S3 bucket, etc.). We demonstrate this by uploading the PDF file from [_tests/integration/content/sample.pdf_](./tests/integration/content/sample.pdf): + Upload an attachment -1. **Start the server**: +5. **Delete a file** by going into Edit mode, selecting the file, and pressing the **Delete** button above the Attachments table. Clicking the **Save** button will then delete that file from the resource (database, S3 bucket, etc.). + Delete an attachment - - *Default* scenario (In memory database): - ```sh - cds watch - ``` +### Changes in the CDS Models -2. **Navigate to the object page** of the incident `Solar panel broken`: +To use the aspect `Attachments` on an existing entity, the corresponding entity needs to either include attachments as an element in the model definition or be extended in a CDS file in the `srv` module. In the quick start, the former was done, adding an element to the model definition: - Go to [Object page for incident **Solar panel broken**](http://localhost:4004/incidents/app/#/Incidents(ID=3583f982-d7df-4aad-ab26-301d4a157cd7,IsActiveEntity=true)) +```cds +using { Attachments } from '@cap-js/attachments'; -3. The `Attachments` type has generated an out-of-the-box Attachments table (see 1) at the bottom of the Object page: -Attachments Table +entity Incidents { + // ... + attachments: Composition of many Attachments; +} +``` + +The entity Incidents can also be extended in the `srv` module, as seen in the following example: -4. **Upload a file** by going into Edit mode and either using the **Upload** button on the Attachments table or by drag/drop. Then click the **Save** button to have that file stored that file in the dedicated resource (database, S3 bucket, etc.). We demonstrate this by uploading the PDF file from [_tests/integration/content/sample.pdf_](./tests/integration/content/sample.pdf): -Upload an attachment +```cds +using { Attachments } from '@cap-js/attachments'; + +extend my.Incidents with { + attachments: Composition of many Attachments; +} + +service ProcessorService { + entity Incidents as projection on my.Incidents +} +``` + +Both methods directly add the respective UI Facet. To use the plugin with an SAP Fiori elements UI, be sure that [`draft` is enabled](https://cap.cloud.sap/docs/advanced/fiori#enabling-draft-with-odata-draft-enabled) for the entity using `@odata.draft.enabled`. For example: + +```cds +annotate service.Incidents with @odata.draft.enabled; +``` -6. **Delete a file** by going into Edit mode and selecting the file(s) and by using the **Delete** button on the Attachments table. Then click the **Save** button to have that file deleted from the resource (database, S3 bucket, etc.). We demonstrate this by deleting the previously uploaded PDF file: `Solar Panel Report.pdf` -Delete an attachment +### Storage Targets +When testing locally, the plugin operates without a dedicated storage target, storing attachments directly in the underlying database. In a hybrid setup, a dedicated storage target is preferred. You can bind it by using the `cds bind` command as described in the [CAP documentation for hybrid testing].(https://cap.cloud.sap/docs/advanced/hybrid-testing#services-on-cloud-foundry). -## Using SAP Object Store +Meanwhile, with a dedicated storage target the attachment is not stored in the underlying database; instead, it is saved on the specified storage target and only a reference to the file including metadata is kept in the database, as defined in the CDS model. -For using SAP Object Store, you must already have a SAP Object Store service instance with a bucket which you can access. To connect it, follow this setup. +For productive use, you need a valid object store binding. Currently, only the AWS S3 object store is supported. +For using an AWS S3 Object Store in BTP, you must already have an SAP Object Store service instance on an AWS landscape created. To bind it in a hybrid setup, follow this setup: 1. Log in to Cloud Foundry: - ```sh - cf login -a -o -s - ``` + ```sh + cf login -a -o -s --sso -2. To bind to the service continue with the steps below. +2. To bind to the service, generate a new file _.cdsrc-private.json in the project directory by running: - In the project directory, you can generate a new file _.cdsrc-private.json by running: + ```sh + cds bind --to - ```sh - cds bind objectstore -2 : --kind s3 - ``` +Where `HybridObjectStoreName` can be any name given by the user here and `RemoteObjectStoreName` is the name of your object store instance in SAP BTP. + +3. To run the application in hybrid mode, run the command: -## Using SAP Malware Scanning Service +```bash +cds watch --profile hybrid +``` -For using [SAP Malware Scanning Service](https://discovery-center.cloud.sap/serviceCatalog/malware-scanning-service), you must already have a service instance which you can access. +See [Object Stores](#object-stores) for further information on SAP Object Store. -1. To bind to the service continue with the steps below. +### Malware Scanner - ```sh - cds bind malware-scanner -2 : - ``` +The BTP malware scanning service is used in the `AttachmentService` to scan attachments for vulnerabilities. + +For using [SAP Malware Scanning Service](https://discovery-center.cloud.sap/serviceCatalog/malware-scanning-service), you must already have a service instance which you can access. To bind it, run the following command: + +```sh +cds bind --to +``` -By default, malware scanning is enabled for all profiles except development profile. You can configure malware scanning by setting: +By default, malware scanning is enabled for all profiles if a storage provider has been specified. You can configure malware scanning by setting: ```json -"attachments": { - "scan": true -} +{ + "cds": { + // (...) + "attachments": { + "scan": true + } + } +} ``` +If there is no malware scanner available and the scanner is not disabled, then the upload will fail. + +Scan status codes: +- `Unscanned`: Attachment is still unscanned. +- `Scanning`: Immediately after upload, the attachment is marked as Scanning. Depending on processing speed, it may already appear as Clean when the page is reloaded. +- `Clean`: Only attachments with the status Clean are accessible. +- `Infected`: The attachment is infected. +- `Failed`: Scanning failed. + +> [!Note] +> The plugin currently supports file uploads up to 400 MB in size per attachment as this is a limitation of the [malware scanning service](https://help.sap.com/docs/malware-scanning-servce/sap-malware-scanning-service/what-is-sap-malware-scanning-service). Please note: this limitation remains even with the malware scanner disabled. + -## Visibility control for Attachments UI Facet generation +### Visibility Control for Attachments UI Facet Generation -By setting the `@UI.Hidden` property to `true`, developers can hide the plugin from the UI achieving visibility. -This feature is particularly useful in scenarios where the visibility of the plugin needs to be dynamically controlled based on certain conditions. +By setting the `@UI.Hidden` property to `true`, developers can hide the visibility of the plugin in the UI. This feature is particularly useful in scenarios where the visibility of the plugin needs to be dynamically controlled based on certain conditions. -### Example Usage +#### Example Usage ```cds entity Incidents { @@ -128,8 +217,8 @@ entity Incidents { attachments: Composition of many Attachments; } ``` -In this example, the `@UI.Hidden` is set to `true`, which means the plugin will be hidden by default. You can also use dynamic expressions which are then added to the facet. +In this example, the `@UI.Hidden` is set to `true`, which means the plugin will be hidden by default. You can also use dynamic expressions which are then added to the facet. ```cds entity Incidents { @@ -145,49 +234,151 @@ entity Incidents { } ``` -## Non-Draft Upload Example +### Non-Draft Upload -For scenarios where the entity is not draft-enabled, see [`tests/non-draft-request.http`](./tests/non-draft-request.http) for sample `.http` requests to perform metadata creation and content upload. +For scenarios where the entity is not draft-enabled, for example [`tests/non-draft-request.http`](./tests/non-draft-request.http), separate HTTP requests for metadata creation and asset uploading need to be performed manually. The typical sequence includes: -1. **POST** to create attachment metadata -2. **PUT** to upload file content using the ID returned +1. **POST** -> create attachment metadata, returns ID +2. **PUT** -> upload file content using the ID + +## Releases + +- The plugin is released to [NPM Registry](https://www.npmjs.com/package/@cap-js/attachments). +- See the [changelog](./CHANGELOG.md) or [GitHub Releases](https://github.com/cap-js/attachments/releases) for the latest changes. -> This is useful for non-draft-enabled entity sets. Make sure to replace `{{host}}`, `{{auth}}`, and IDs accordingly. +## Minimum UI5 and CAP NodeJS Version -## Multitenancy +| Component | Minimum Version | +|-----------|-----------------| +| CAP Node | 8.0.0 | +| UI5 | 1.136.0 | + +## Architecture Overview +### Multitenancy The plugin supports multitenancy scenarios, allowing both shared and tenant-specific object store instances. > [!Note] > Starting from version 2.1.0, **separate mode** for object store instances is the default setting for multitenancy. -> As of version 2.2.0, both the `standard` and `S3-standard` plans of the SAP Object Store offering are supported. -> **Important:** The `S3-standard` plan is no longer available for new subscriptions. For new object store instances, use the `standard` plan. - -For multitenant applications, make sure to include `@cap-js/attachments` in the dependencies of both the application-level and mtx/sidecar package.json files. -### Shared Object Store Instance +For multitenant applications, `@cap-js/attachments` must be included in the dependencies of both the application-level and _mtx/sidecar/package.json_ files. -> [!Note] -> Ensure the shared object store instance is bound to the `mtx` application module before deployment. +#### Shared Object Store Instance To configure a shared object store instance, modify both the package.json files as follows: ```json "cds": { - "requires": { - "attachments": { - "objectStore": { - "kind": "shared" - } - } + "requires": { + "attachments": { + "objectStore": { + "kind": "shared" + } + } + } +} +``` +To ensure tenant identification when using a shared object store instance, the plugin prefixes attachment URLs with the tenant ID. Be sure the shared object store instance is bound to the `mtx` application module before deployment. + +### Object Stores + +A valid object store service binding is required, typically one provisioned through SAP BTP. See [Storage Targets](#storage-targets) and [Deployment to Cloud Foundry](#deployment-to-cloud-foundry) on how to use this object store service binding. + +#### Deployment to Cloud Foundry + +The corresponding entry in the [mta-file](https://cap.cloud.sap/docs/guides/deployment/to-cf#add-mta-yaml) possibly looks like: + +``` +_schema-version: '0.1' +ID: consuming-app +version: 1.0.0 +description: "App consuming the attachments plugin with an object store" +parameters: + ... +modules: + - name: consuming-app-srv +# ------------------------------------------------------------ + type: nodejs + path: srv + parameters: + ... + properties: + ... + build-parameters: + ... + requires: + - name: consuming-app-hdi-container + - name: consuming-app-uaa + - name: cf-logging + - name: **object-store-service** +... +resources: + ... + - name: **object-store-service** + type: org.cloudfoundry.managed-service + parameters: + service: objectstore + service-plan: standard +``` + + +##### Tests + +The unit tests in this module do not need a binding to the respective object stores, run them with `npm install`. To achieve a clean install, the command `rm -rf node_modules` should be used before installation. + +The integration tests need a binding to a real object store. Run them with `npm run test`. +To set the binding, provide the following environment variables: +- AWS_S3_BUCKET +- AWS_S3_REGION +- AWS_S3_ACCESS_KEY_ID +- AWS_S3_SECRET_ACCESS_KEY + +##### Supported Storage Backends + +- **AWS S3** + +### Model Texts + +In the model, several fields are annotated with the `@title` annotation. Default texts are provided in [2 languages](./_i18n). If these defaults are not sufficient for an application, they can be overwritten by applications with custom texts or translations. + +The following table gives an overview of the fields and the i18n codes: + +| Field Name | i18n Code | +|------------|--------------| +| `mimeType` | `MediaType` | +| `fileName` | `FileName` | +| `status` | `ScanStatus` | +| `note` | `note` | + +In addition to the field names, header information (`@UI.HeaderInfo`) are also annotated: + +| Header Info | i18n Code | +|------------------|---------------| +| `TypeName` | `Attachment` | +| `TypeNamePlural` | `Attachments` | + + +## Monitoring & Logging + +To configure logging for the attachments plugin, add the following configuration to the `package.json` of the consuming application: + +```json +{ + "cds": { + "log": { + "levels": { + // (...) + "attachments": "debug" + } } + } } +... ``` -To ensure tenant identification when using a shared object store instance, the plugin prefixes attachment URLs with the tenant ID. -## Contributing +## Support, Feedback, and Contributing This project is open to feature requests/suggestions, bug reports etc. via [GitHub issues](https://github.com/cap-js/attachments/issues). Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, the **local development setup**, as well as additional contribution information, see our [Contribution Guidelines](CONTRIBUTING.md).