Merge branch 'main' into feat/78-add-well-known-ord-link-to-the-defau…

…lts-page

.vscode/.settings.json

@@ -0,0 +1,9 @@
+{
+    "editor.defaultFormatter": "rvest.vs-code-prettier-eslint",
+    "editor.formatOnType": false,
+    "editor.formatOnPaste": true,
+    "editor.formatOnSave": true,
+    "editor.formatOnSaveMode": "file",
+    "files.autoSave": "onFocusChange",
+    "vs-code-prettier-eslint.prettierLast": false
+}

.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "rvest.vs-code-prettier-eslint"
+    ]
+}

CHANGELOG.md

@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
+## 1.2.0 (2024-11-18)
+
+### What's Changed
+
+* Version of ORD document generation
+* API short description
+* Default lastUpdate and consumptionBundles properties
+* Filtering of resources based on visibility
+* Added Unit tests
+* Added logger
+
 ## 1.1.0 (2024-10-24)
 
 ### What's Changed

CONTRIBUTING.md

@@ -36,3 +36,32 @@ The following rule governs code contributions:
 * We use GitHub issues to track bugs and enhancement requests.
 
 * Please provide as much context as possible when you open an issue. The information you provide must be comprehensive enough to reproduce that issue for the assignee.
+
+## Development Setup
+
+As this is a CAP plugin, it is best to develop in the following calesi environment:
+
+```bash
+git clone --recursive https://github.com/cap-js/calesi.git
+cd calesi
+npm i
+```
+
+Then clone this repository inside the calesi projects plugin folder:
+
+```bash
+cd plugins
+git clone https://github.com/cap-js/ORD
+cd ORD
+npm i
+```
+
+For testing an example app is available in the `xmpl` folder:
+
+```bash
+#If not already globally installed, install cds-dk
+npm install -g @sap/cds-dk
+cds w xmpl
+```
+
+After the CAP app has started, open this link in your browser: <http://localhost:4004/.well-known/open-resource-discovery>

LICENSE

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -1,4 +1,4 @@
-[![REUSE status](https://api.reuse.software/badge/github.com/cap-js/ord)](https://api.reuse.software/info/github.com/cap-js/cds-plugin-for-ord)
+[![REUSE status](https://api.reuse.software/badge/github.com/cap-js/ord)](https://api.reuse.software/info/github.com/cap-js/ord)
 
 # CDS Plugin for ORD
 
@@ -10,9 +10,7 @@ You can use this information to construct a static metadata catalog or to perfor
 
 For more information, have a look at the [Open Resource Discovery](https://sap.github.io/open-resource-discovery/) page.
 
-> ⚠ By installing this plugin, the metadata describing your CAP application will be made openly accessible. 
-> 
-> If you have a need to protect your metadata, please refrain from installing this plugin until we support metadata protection (planned).
+> ⚠ By installing this plugin, the metadata describing your CAP application will be made openly accessible. If you want to secure your CAP application's metadata, configure `basic` authentication by setting the environment variables or updating the `.cdsrc.json` file. The plugin prioritizes environment variables, then checks `.cdsrc.json`. If neither is configured, metadata remains publicly accessible.
 
 ## Requirements and Setup
 
@@ -22,6 +20,81 @@ For more information, have a look at the [Open Resource Discovery](https://sap.g
 npm install @cap-js/ord
 ```
 
+### Authentication
+
+To enforce authentication in the ORD Plugin, set the following environment variables:
+
+- `ORD_AUTH_TYPE`: Specifies the authentication types.
+- `BASIC_AUTH`: Contains credentials for `basic` authentication.
+
+If `ORD_AUTH_TYPE` is not set, the application starts without authentication. This variable accepts `open` and `basic` (UCL-mTLS is also planned).
+> Note: `open` cannot be combined with `basic` or any other (future) authentication types.
+
+#### Open
+
+The `open` authentication type bypasses authentication checks.
+
+#### Basic Authentication
+
+The server supports Basic Authentication through an environment variable that contains a JSON string mapping usernames to bcrypt-hashed passwords:
+
+```bash
+BASIC_AUTH='{"admin":"***"}'
+```
+
+Alternatively, configure authentication in `.cdsrc.json`:
+
+```json
+"authentication": {
+    "types": ["basic"],
+    "credentials": {
+        "admin": "***"
+    }
+}
+```
+
+To generate bcrypt hashes, use the [htpasswd](https://httpd.apache.org/docs/2.4/programs/htpasswd.html) utility:
+
+```bash
+htpasswd -Bnb <user> <password>
+```
+
+This will output something like `admin:$2y$05$...` - use only the hash part (starting with `$2y$`) in your `BASIC_AUTH` JSON.
+
+> [!IMPORTANT]
+> Make sure to use strong passwords and handle the BASIC_AUTH environment variable securely. Never commit real credentials or .env files to version control.
+
+<details>
+<summary>Using htpasswd in your environment</summary>
+
+- **Platform independent**:
+
+    > Prerequisite is to have [NodeJS](https://nodejs.org/en) installed on the machine.
+
+    ```bash
+    npm install -g htpasswd
+    ```
+
+    After installing package globally, command `htpasswd` should be available in the Terminal.
+
+- **macOS**:
+
+    Installation of any additional packages is not required. Utility `htpasswd` is available in Terminal by default.
+
+- **Linux**:
+
+    Install apache2-utils package:
+
+    ```bash
+    # Debian/Ubuntu
+    sudo apt-get install apache2-utils
+
+    # RHEL/CentOS
+    sudo yum install httpd-tools
+    ```
+
+</details>
+
 ### Usage
 
 #### Programmatic API
@@ -47,7 +120,7 @@ cds compile <path to srv folder> --to ord [-o] [destinationFilePath]
 #### ORD Endpoints
 
 1. Run `cds watch` in the application's root.
-2. Check the following relative paths for ORD information - `/.well-known/open-resource-discovery` , `/open-resource-discovery/v1/documents/1`.
+2. Check the following relative paths for ORD information - `/.well-known/open-resource-discovery` , `/ord/v1/documents/ord-document`.
 
 <img width="1300" alt="Sample Application Demo" style="border-radius:0.5rem;" src="./asset/etc/ordEndpoint.gif">
 

REUSE.toml

@@ -0,0 +1,11 @@
+version = 1
+SPDX-PackageName = "ord"
+SPDX-PackageSupplier = "The CAP team <[email protected]>"
+SPDX-PackageDownloadLocation = "https://github.com/cap-js/ord"
+SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products,or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls."
+
+[[annotations]]
+path = "**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2024 SAP SE or an SAP affiliate company and cap-js/ord contributors"
+SPDX-License-Identifier = "Apache-2.0"