Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@cap-js/change-tracking
Advanced tools
CDS plugin providing out-of-the box support for automatic capturing, storing, and viewing of the change records of modeled entities.
a CDS plugin for automatic capturing, storing, and viewing of the change records of modeled entities
[!IMPORTANT] This release establishes compatibility with CDS 8.
Since the prior release was using APIs deprecated in CDS8, the code was modified significantly to enable compatibility. While we tested extensively, there may still be glitches or unexpected situations which we did not cover. So please test this release extensively before applying it to productive scenarios. Please also report any bugs or glitches, ideally by contributing a test-case for us to incorporate.
See the changelog for a full list of changes
In this guide, we use the Incidents Management reference sample app as the base to add change tracking to.
Clone the repository and apply the step-by-step instructions:
git clone https://github.com/cap-js/incidents-app
cd incidents-app
npm i
Alternatively, you can clone the incidents app including the prepared enhancements for change-tracking:
git clone https://github.com/cap-js/calesi --recursive
cd calesi
npm i
cds w samples/change-tracking
To enable change tracking, simply add this self-configuring plugin package to your project:
npm add @cap-js/change-tracking
[!WARNING] Please be aware that sensitive or personal data (annotated with
@PersonalData
) is not change tracked, since viewing the log allows users to circumvent audit-logging.
All we need to do is to identify what should be change-tracked by annotating respective entities and elements in our model with the @changelog
annotation. Following the best practice of separation of concerns, we do so in a separate file srv/change-tracking.cds:
using { ProcessorService } from './processor-service';
annotate ProcessorService.Incidents {
customer @changelog: [customer.name];
title @changelog;
status @changelog;
}
annotate ProcessorService.Conversations with @changelog: [author, timestamp] {
message @changelog @Common.Label: 'Message';
}
The minimal annotation we require for change tracking is @changelog
on elements, as for the elements title
and status
in the sample snippet above.
Additional identifiers or labels can be added to obtain more human-readable change records as described below.
With the steps above, we have successfully set up change tracking for our reference application. Let's see that in action.
cds watch
sap.changelog.ChangeLog
) and made available in a pre-defined view, namely the Change History view for your convenience.[!IMPORTANT] To ensure proper lazy loading of the Change History table, please use SAPUI5 version 1.120.0 or higher.
<br>
If you wish to disable this feature, please see the customization section on how to disable lazy loading.
If you have a Fiori Element application, the CDS plugin automatically provides and generates a view sap.changelog.ChangeView
, the facet of which is automatically added to the Fiori Object Page of your change-tracked entities/elements. In the UI, this corresponds to the Change History table which serves to help you to view and search the stored change records of your modeled entities.
By default the implementation looks up Object Type names or Field names from respective @title
or @Common.Label
annotations, and applies i18n lookups. If no such annotations are given, the technical names of the respective CDS definitions are displayed.
For example, without the @title
annotation, changes to conversation entries would show up with the technical entity name:
With an annotation, and possible i18n translations like so:
annotate Conversations with @title: 'Conversations';
We get a human-readable display for Object Type:
The changelog annotations for Object ID are defined at entity level.
These are already human-readable by default, unless the @changelog
definition cannot be uniquely mapped such as types enum
or Association
.
For example, having a @changelog
annotation without any additional identifiers, changes to conversation entries would show up as simple entity IDs:
However, this is not advisable as we cannot easily distinguish between changes. It is more appropriate to annotate as follows:
annotate ProcessorService.Conversations with @changelog: [author, timestamp] {
Expanding the changelog annotation by additional identifiers [author, timestamp]
, we can now better identify the message
change events by their respective author and timestamp.
The changelog annotations for New Value and Old Value are defined at element level.
They are already human-readable by default, unless the @changelog
definition cannot be uniquely mapped such as types enum
or Association
.
For example, having a @changelog
annotation without any additional identifiers, changes to incident customer would show up as UUIDs:
customer @changelog;
Hence, here it is essential to add a unique identifier to obtain human-readable value columns:
customer @changelog: [customer.name];
The Change History view can be easily adapted and configured to your own needs by simply changing or extending it. For example, let's assume we only want to show the first 5 columns in equal spacing, we would extend srv/change-tracking.cds
as follows:
using from '@cap-js/change-tracking';
annotate sap.changelog.ChangeView with @(
UI.LineItem : [
{ Value: modification, @HTML5.CssDefaults: { width:'20%' }},
{ Value: createdAt, @HTML5.CssDefaults: { width:'20%' }},
{ Value: createdBy, @HTML5.CssDefaults: { width:'20%' }},
{ Value: entity, @HTML5.CssDefaults: { width:'20%' }},
{ Value: objectID, @HTML5.CssDefaults: { width:'20%' }}
]
);
In the UI, the Change History table now contains 5 equally-spaced columns with the desired properties:
For more information and examples on adding Fiori Annotations, see Adding SAP Fiori Annotations.
To disable the lazy loading feature of the Change History table, you can add the following annotation to your srv/change-tracking.cds
:
using from '@cap-js/change-tracking';
annotate sap.changelog.aspect @(UI.Facets: [{
$Type : 'UI.ReferenceFacet',
ID : 'ChangeHistoryFacet',
Label : '{i18n>ChangeHistory}',
Target: 'changes/@UI.PresentationVariant',
![@UI.PartOfPreview]
}]);
The system now uses the SAPUI5 default setting ![@UI.PartOfPreview]: true
, such that the table will always shown when navigating to that respective Object page.
If you do not want the UI facet added to a specific UI, you can annotate the service entity with @changelog.disable_facet
. This will disable the automatic addition of the UI faced to this specific entity, but also all views or further projections up the chain.
For some scenarios, e.g. when doing UNION
and the @changelog
annotion is still propageted, the automatic addition of the association to changes
does not make sense. You can use @changelog.disable_assoc
for this to be disabled on entity level.
[!IMPORTANT] This will also supress the addition of the UI facet, since the change-view is not available as target entity anymore.
By default, deleting a record will also automatically delete all associated change logs. This helps reduce the impact on the size of the database.
You can turn this behavior off globally by adding the following switch to the package.json
of your project
...
"cds": {
"requires": {
...
"change-tracking": {
"preserveDeletes": true
}
...
}
}
...
[!IMPORTANT] Preserving the change logs of deleted data can have a significant impact on the size of the change logging table, since now such data also survives automated data retention runs. You must implement an own data retention strategy for the change logging table in order to manage the size and performance of your database.
This section describes modelling cases for further reference, from simple to complex, including the following:
Use cases for Object ID annotation
Modelling in db/schema.cds
entity Incidents : cuid, managed {
...
customer : Association to Customers;
title : String @title: 'Title';
urgency : Association to Urgency default 'M';
status : Association to Status default 'N';
...
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [customer.name, urgency.code, status.criticality] {
title @changelog;
}
Modelling in db/schema.cds
entity Incidents : cuid, managed {
...
customer : Association to Customers;
title : String @title: 'Title';
...
}
entity Customers : cuid, managed {
...
email : EMailAddress; // customized type
phone : PhoneNumber; // customized type
...
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [customer.email, customer.phone] {
title @changelog;
}
Modelling in db/schema.cds
entity Incidents : cuid, managed {
...
customer : Association to Customers;
...
}
entity Customers : cuid, managed {
...
addresses : Association to Addresses;
...
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [customer.addresses.city, customer.addresses.postCode] {
title @changelog;
}
Change-tracking supports annotating chained associated entities from the current entity as object ID of current entity in case the entity in consumer applications is a pure relation table. However, the usage of chained associated entities is not recommended due to performance cost.
Use cases for tracing changes
Modelling in db/schema.cds
entity Incidents : managed, cuid {
...
title : String @title: 'Title';
conversation : Composition of many Conversation;
...
}
aspect Conversation: managed, cuid {
...
message : String;
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [title] {
conversation @changelog: [conversation.message];
}
Modelling in db/schema.cds
entity Incidents : cuid, managed {
...
customer : Association to Customers;
title : String @title: 'Title';
...
}
entity Customers : cuid, managed {
...
email : EMailAddress;
...
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [title] {
customer @changelog: [customer.email];
}
Modelling in db/schema.cds
type StatusType : Association to Status;
entity Incidents : cuid, managed {
...
title : String @title: 'Title';
status : StatusType default 'N';
...
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [title] {
status @changelog: [status.code];
}
Modelling in db/schema.cds
entity Incidents : cuid, managed {
...
title : String @title: 'Title';
customer : Association to Customers;
...
}
entity Customers : cuid, managed {
...
addresses : Association to Addresses;
...
}
Add the following @changelog
annotations in srv/change-tracking.cds
annotate ProcessorService.Incidents with @changelog: [title] {
customer @changelog: [customer.addresses.city, customer.addresses.streetAddress];
}
Change-tracking supports analyzing chained associated entities from the current entity in case the entity in consumer applications is a pure relation table. However, the usage of chained associated entities is not recommended due to performance cost.
Payable.cds
:
entity Payables : cuid {
displayId : String;
@changelog
name : String;
cryptoAmount : Decimal;
fiatAmount : Decimal;
};
Payment.cds
:
entity Payments : cuid {
displayId : String; //readable ID
@changelog
name : String;
};
Union entity in BusinessTransaction.cds
:
entity BusinessTransactions as(
select from payments.Payments{
key ID,
displayId,
name,
changes : Association to many ChangeView
on changes.objectID = ID AND changes.entity = 'payments.Payments'
}
)
union all
(
select from payables.Payables {
key ID,
displayId,
name,
changes : Association to many ChangeView
on changes.objectID = ID AND changes.entity = 'payables.Payables'
}
);
Don'ts
Association to many
entity Customers : cuid, managed {
...
incidents : Association to many Incidents on incidents.customer = $self;
}
The reason is that: the relationship: Association to many
is only for modelling purpose and there is no concrete field in database table. In the above sample, there is no column for incidents in the table Customers, but there is a navigation property of incidents in Customers OData entity metadata.
entity AggregatedBusinessTransactionData @(cds.autoexpose) : cuid {
FootprintInventory: Association to one FootprintInventories
on FootprintInventory.month = month
and FootprintInventory.year = year
and FootprintInventory.FootprintInventoryScope.ID = FootprintInventoryScope.ID;
...
}
The reason is that: When deploying to relational databases, Associations are mapped to foreign keys. Yet, when mapped to non-relational databases they're just references. More details could be found in Prefer Managed Associations. In the above sample, there is no column for FootprintInventory in the table AggregatedBusinessTransactionData, but there is a navigation property FootprintInventoryof in OData entity metadata.
this.on("UpdateActivationStatus", async (req) =>
// PaymentAgreementsOutgoingDb is the DB entity
await UPDATE.entity(PaymentAgreementsOutgoingDb)
.where({ ID: paymentAgreement.ID })
.set({ ActivationStatus_code: ActivationCodes.ACTIVE });
);
The reason is that: Application level services are by design the only place where business logic is enforced. This by extension means, that it also is the only point where e.g. change-tracking would be enabled. The underlying method used to do change tracking is req.diff
which is responsible to read the necessary before-image from the database, and this method is not available on DB level.
This project is open to feature requests/suggestions, bug reports etc. via GitHub issues. Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines.
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its Code of Conduct at all times.
Copyright 2023 SAP SE or an SAP affiliate company and contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.
Version 1.0.7 - 20.08.24
FAQs
CDS plugin providing out-of-the box support for automatic capturing, storing, and viewing of the change records of modeled entities.
The npm package @cap-js/change-tracking receives a total of 702 weekly downloads. As such, @cap-js/change-tracking popularity was classified as not popular.
We found that @cap-js/change-tracking demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.