Append suffix of duplicate file names

CHANGELOG.md

@@ -8,8 +8,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
 ### Added
 
-- Emit the following security events on the attachments service: - AttachmentDownloadRejected, AttachmentSizeExceeded AttachmentUploadRejected
-- If `@cap-js/audit-logging` is installed automatically trigger audit logs for the security events
+- Emit the following security events on the attachments service: - AttachmentDownloadRejected, AttachmentSizeExceeded AttachmentUploadRejected.
+- If `@cap-js/audit-logging` is installed automatically trigger audit logs for the security events.
+- Duplicate file names to a single attachment entity are automatically assigned a distinguishing suffix.
+- Local testing using a Postgres database now possible.
 
 ### Fixed
 

_i18n/messages.properties

@@ -6,4 +6,4 @@ InvalidContentLengthHeader=The 'Content-Length' header value '{contentLength}' i
 AttachmentAlreadyExistsCannotBeOverwritten=Attachment {0} already exists and cannot be overwritten.
 MaximumAmountExceeded=Cannot upload more than {0} attachments!
 MinimumAmountNotFulfilled=At least {0} attachments must be uploaded!
-UnableToDownloadAttachmentScanStatusExpired=The previous scan was more than 3 days ago, please wait for the attachment to be rescanned.
+UnableToDownloadAttachmentScanStatusExpired=The previous scan was more than 3 days ago, please wait for the attachment to be rescanned.

lib/helper.js

@@ -4,6 +4,7 @@ const crypto = require("crypto")
 const stream = require("stream/promises")
 const cds = require("@sap/cds")
 const LOG = cds.log("attachments")
+const { extname } = require("path")
 
 /**
  * Validates the presence of required Service Manager credentials
@@ -514,6 +515,218 @@ function sizeInBytes(size, target) {
   return value * multipliers[unit]
 }
 
+/**
+ * Builds a single string key from an ordered list of values for Map lookups.
+ * @param {Array} values - Array of values to join
+ * @returns {string}
+ */
+function makeTupleKey(values) {
+  return values.map(String).join("\x00")
+}
+
+/**
+ * Builds a CQN xpr for parent key matching.
+ *   Single key:    up__ID in (val1, val2, ...)
+ *   Composite key: (up__sampleID = val1 and up__gjahr = val2) or (...)
+ * @param {string[]} parentKeys - The parent key column names
+ * @param {object[]} tuples - Array of parent key value objects
+ * @returns {object} CQN xpr object
+ */
+function buildParentCondition(parentKeys, tuples) {
+  if (parentKeys.length === 1) {
+    const key = parentKeys[0]
+    return {
+      xpr: [
+        { ref: [key] },
+        "in",
+        { list: tuples.map((t) => ({ val: t[key] })) },
+      ],
+    }
+  }
+  const xpr = []
+  for (const tuple of tuples) {
+    if (xpr.length > 0) xpr.push("or")
+    xpr.push("(")
+    for (let i = 0; i < parentKeys.length; i++) {
+      if (i > 0) xpr.push("and")
+      xpr.push({ ref: [parentKeys[i]] }, "=", { val: tuple[parentKeys[i]] })
+    }
+    xpr.push(")")
+  }
+  return { xpr }
+}
+
+/**
+ * Builds a CQN xpr for filename matching conditions.
+ *   (filename = 'sample.pdf' or filename like 'sample-%.pdf') or ...
+ * @param {Set<string>} incomingFilenames - Set of filenames to match
+ * @returns {object} CQN xpr object
+ */
+function buildFilenameCondition(incomingFilenames) {
+  const { extname, basename } = require("path")
+  const xpr = []
+  for (const filename of incomingFilenames) {
+    if (xpr.length > 0) xpr.push("or")
+    const base = basename(filename, extname(filename))
+    const ext = extname(filename)
+    xpr.push(
+      "(",
+      { ref: ["filename"] },
+      "=",
+      { val: filename },
+      "or",
+      { ref: ["filename"] },
+      "like",
+      { val: `${base}-%${ext}` },
+      ")",
+    )
+  }
+  return { xpr }
+}
+
+/**
+ * Builds a DB-specific ORDER BY expression to extract the numeric suffix from filenames.
+ * These use DB-native functions that cannot be abstracted by cds.ql, so they remain
+ * per-dialect. The rest of the query (SELECT, WHERE, columns) is fully DB-agnostic.
+ * @param {string} dbKind - The database kind ('hana', 'postgres', 'sqlite')
+ * @returns {string|null} Raw SQL expression string, or null if unsupported
+ */
+function buildSuffixOrderBy(dbKind) {
+  if (dbKind === "hana") {
+    return cds.ql
+      .expr`LPAD(SUBSTRING_REGEXPR('([0-9]+)(?!.*[0-9])' IN filename), 10, '0')`
+  } else if (dbKind === "postgres") {
+    return cds.ql
+      .expr`LPAD(COALESCE(NULLIF(REGEXP_REPLACE(filename, '.*-(\\d+)\\..*', '\\1'), filename), '0'), 10, '0')`
+  } else if (dbKind === "sqlite") {
+    return cds.ql
+      .expr`CAST(SUBSTR(filename, INSTR(filename, '-') + 1, INSTR(SUBSTR(filename, INSTR(filename, '-') + 1), '.') - 1) AS cds.Integer)`
+  }
+  return null
+}
+
+/**
+ * Handles duplicate filename checks and renaming for a batch of attachments.
+ * Performs a single database query to fetch all potential duplicates for all incoming files,
+ * then renames them as needed by appending a numerical suffix.
+ * @param {Array<object>} entries - The array of attachment data from the request.
+ * @param {import('@sap/cds').Entity} attachmentTarget - The target attachment entity.
+ * @param {Array<string>} parentKeys - The names of the parent key columns (e.g., ['up__ID']).
+ */
+async function handleDuplicates(entries, attachmentTarget, parentKeys) {
+  if (!Array.isArray(parentKeys)) parentKeys = [parentKeys]
+
+  const parentTupleMap = new Map()
+  const incomingFilenames = new Set()
+
+  // Collect parent IDs and incoming filenames from the request data
+  for (const entry of entries) {
+    if (entry.attachments && Array.isArray(entry.attachments)) {
+      // Deep insert case
+      const values = parentKeys.map((k) => entry[k.replace(/^up__/, "")])
+      parentTupleMap.set(
+        makeTupleKey(values),
+        Object.fromEntries(parentKeys.map((k, i) => [k, values[i]])),
+      )
+      for (const att of entry.attachments) {
+        if (att.filename) {
+          incomingFilenames.add(att.filename)
+        }
+      }
+    } else if (entry.filename) {
+      // Single attachment case
+      const values = parentKeys.map((k) => entry[k])
+      parentTupleMap.set(
+        makeTupleKey(values),
+        Object.fromEntries(parentKeys.map((k, i) => [k, values[i]])),
+      )
+      incomingFilenames.add(entry.filename)
+    }
+  }
+
+  if (parentTupleMap.size === 0 || incomingFilenames.size === 0) {
+    return
+  }
+
+  const tuples = [...parentTupleMap.values()]
+  const db = await cds.connect.to("db")
+
+  const query = SELECT.from(attachmentTarget)
+    .columns("filename", ...parentKeys)
+    .where([
+      buildParentCondition(parentKeys, tuples),
+      "and",
+      buildFilenameCondition(incomingFilenames),
+    ])
+    .orderBy("filename")
+
+  const suffixOrderSql = buildSuffixOrderBy(db.kind)
+  if (suffixOrderSql) {
+    query.SELECT.orderBy.push({ xpr: [suffixOrderSql], sort: "desc" })
+  }
+
+  const allExistingAttachments = await query
+
+  // Group existing filenames by compound parent key
+  const existingFilenamesByParent = allExistingAttachments.reduce(
+    (acc, att) => {
+      const compoundKey = makeTupleKey(parentKeys.map((k) => att[k]))
+      if (!acc[compoundKey]) acc[compoundKey] = new Set()
+      acc[compoundKey].add(att.filename)
+      return acc
+    },
+    {},
+  )
+
+  for (const entry of entries) {
+    if (entry.attachments) {
+      // Deep insert: build key from parent's own fields (no up__ prefix)
+      const values = parentKeys.map((k) => entry[k.replace(/^up__/, "")])
+      const tupleKey = makeTupleKey(values)
+      const filenames = existingFilenamesByParent[tupleKey] || new Set()
+      for (const attachment of entry.attachments) {
+        parentKeys.forEach((k, i) => {
+          attachment[k] = values[i]
+        })
+        renameFile(attachment, filenames)
+        filenames.add(attachment.filename)
+      }
+    } else if (entry[parentKeys[0]]) {
+      // Single attachment: build key from up__ fields directly
+      const tupleKey = makeTupleKey(parentKeys.map((k) => entry[k]))
+      const filenames = existingFilenamesByParent[tupleKey] || new Set()
+      renameFile(entry, filenames)
+      filenames.add(entry.filename)
+    }
+  }
+}
+
+/**
+ * Renames a filename by appending a numerical suffix (e.g., 'file-1.txt') and modifies the data object.
+ * @param {object} data - The attachment data object, which will be modified.
+ * @param {Set<string>} existingFilenames - A set of filenames to check for duplicates against.
+ */
+function renameFile(data, existingFilenames) {
+  if (!data.filename || !existingFilenames) {
+    return
+  }
+
+  if (existingFilenames.has(data.filename)) {
+    const ext = extname(data.filename)
+    const basename =
+      ext.length > 0 ? data.filename.slice(0, -ext.length) : data.filename
+    let counter = 1
+    let newFilename
+
+    do {
+      newFilename = `${basename}-${counter}${ext}`
+      counter++
+    } while (existingFilenames.has(newFilename))
+
+    data.filename = newFilename
+  }
+}
+
 function traverseEntity(root, path) {
   let current = root
   for (const part of path) {
@@ -624,5 +837,6 @@ module.exports = {
   MAX_FILE_SIZE,
   inferTargetCAP8,
   getAttachmentKind,
+  handleDuplicates,
   createSizeCheckHandler,
 }

lib/plugin.js

@@ -7,7 +7,11 @@ const {
   validateAttachmentMimeType,
   validateAndInsertAttachmentFromDBHandler,
 } = require("./generic-handlers")
-const { inferTargetCAP8, getAttachmentKind } = require("./helper")
+const {
+  inferTargetCAP8,
+  getAttachmentKind,
+  handleDuplicates,
+} = require("./helper")
 require("./csn-runtime-extension")
 const LOG = cds.log("attachments")
 
@@ -126,7 +130,17 @@ cds.ApplicationService.handle_attachments = cds.service.impl(async function () {
   this.before("PUT", validateAttachmentSize)
   this.before("POST", validateAttachmentMimeType)
   this.before("NEW", onPrepareAttachment)
-  this.before("CREATE", (req) => {
+  this.before("CREATE", async (req) => {
+    const entries = Array.isArray(req.data) ? req.data : [req.data]
+    const attachmentTarget =
+      req.target.elements.attachments?._target || req.target
+    const parentKeyColumn = Object.keys(attachmentTarget.elements).filter((k) =>
+      k.startsWith("up__"),
+    )
+    if (parentKeyColumn.length > 0) {
+      await handleDuplicates(entries, attachmentTarget, parentKeyColumn)
+    }
+
     return onPrepareAttachment(req)
   })
 

package.json

@@ -30,9 +30,11 @@
   },
   "devDependencies": {
     "@cap-js/cds-test": ">=0",
+    "@cap-js/cds-types": "^0.16.0",
+    "@cap-js/hana": "^2.7.0",
     "@cap-js/sqlite": "^2",
-    "eslint": "^10",
     "@eslint/js": "^10",
+    "eslint": "^10",
     "express": "^4.18.2",
     "husky": "^9.1.7"
   },

tests/incidents-app/db/attachments.cds

@@ -2,7 +2,7 @@ using {sap.capire.incidents as my} from './schema';
 using {Attachments} from '@cap-js/attachments';
 
 extend my.Incidents with {
-  @Validation.MaxItems: 2
+  @Validation.MaxItems: 3
   attachments            : Composition of many Attachments;
   @attachments.disable_facet
   @Validation.MaxItems : (urgency.code = 'H' ? 2 : 3)