@directus/api 10.0.0 → 10.2.0

package/dist/app.js

@@ -1,3 +1,4 @@
+import { handlePressure } from '@directus/pressure';
 import cookieParser from 'cookie-parser';
 import express from 'express';
 import { merge } from 'lodash-es';
@@ -38,6 +39,7 @@ import { isInstalled, validateDatabaseConnection, validateDatabaseExtensions, va
 import emitter from './emitter.js';
 import env from './env.js';
 import { InvalidPayloadException } from './exceptions/invalid-payload.js';
+import { ServiceUnavailableException } from './exceptions/service-unavailable.js';
 import { getExtensionManager } from './extensions.js';
 import { getFlowManager } from './flows.js';
 import logger, { expressLogger } from './logger.js';
@@ -84,6 +86,21 @@ export default async function createApp() {
     app.disable('x-powered-by');
     app.set('trust proxy', env['IP_TRUST_PROXY']);
     app.set('query parser', (str) => qs.parse(str, { depth: 10 }));
+    if (env['PRESSURE_LIMITER_ENABLED']) {
+        const sampleInterval = Number(env['PRESSURE_LIMITER_SAMPLE_INTERVAL']);
+        if (Number.isNaN(sampleInterval) === true || Number.isFinite(sampleInterval) === false) {
+            throw new Error(`Invalid value for PRESSURE_LIMITER_SAMPLE_INTERVAL environment variable`);
+        }
+        app.use(handlePressure({
+            sampleInterval,
+            maxEventLoopUtilization: env['PRESSURE_LIMITER_MAX_EVENT_LOOP_UTILIZATION'],
+            maxEventLoopDelay: env['PRESSURE_LIMITER_MAX_EVENT_LOOP_DELAY'],
+            maxMemoryRss: env['PRESSURE_LIMITER_MAX_MEMORY_RSS'],
+            maxMemoryHeapUsed: env['PRESSURE_LIMITER_MAX_MEMORY_HEAP_USED'],
+            error: new ServiceUnavailableException('Under pressure', { service: 'api' }),
+            retryAfter: env['PRESSURE_LIMITER_RETRY_AFTER'],
+        }));
+    }
     app.use(helmet.contentSecurityPolicy(merge({
         useDefaults: true,
         directives: {

package/dist/auth/drivers/oauth2.js

@@ -117,7 +117,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         if (userId) {
             // Run hook so the end user has the chance to augment the
             // user that is about to be updated
-            const updatedUserPayload = await emitter.emitFilter(`auth.update`, {}, {
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, { auth_data: userPayload.auth_data ?? null }, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, userInfo },

package/dist/auth/drivers/openid.js

@@ -136,7 +136,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         if (userId) {
             // Run hook so the end user has the chance to augment the
             // user that is about to be updated
-            const updatedUserPayload = await emitter.emitFilter(`auth.update`, {}, {
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, { auth_data: userPayload.auth_data ?? null }, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, userInfo },

package/dist/cli/commands/bootstrap/index.js

@@ -34,6 +34,7 @@ export default async function bootstrap({ skipAdminInit }) {
         logger.info('Running migrations...');
         await runMigrations(database, 'latest');
     }
+    await database.destroy();
     logger.info('Done');
     process.exit(0);
 }

package/dist/cli/utils/create-env/env-stub.liquid

@@ -43,6 +43,10 @@ PUBLIC_URL="/"
 # Whether or not to enable GraphQL Introspection [true]
 # GRAPHQL_INTROSPECTION=true
 
+# Limit the maximum amount of items that can get requested in one query.
+# QUERY_LIMIT_DEFAULT=100
+# QUERY_LIMIT_MAX=Infinity
+
 # The maximum number of items for batch mutations when creating, updating and deleting. ["Infinity"]
 # MAX_BATCH_MUTATION="Infinity"
 

package/dist/controllers/assets.js

@@ -106,21 +106,17 @@ asyncHandler(async (req, res) => {
         schema: req.schema,
     });
     const vary = ['Origin', 'Cache-Control'];
-    const transformation = res.locals['transformation'].key
+    const transformationParams = res.locals['transformation'].key
         ? res.locals['shortcuts'].find((transformation) => transformation['key'] === res.locals['transformation'].key)
         : res.locals['transformation'];
-    if (transformation.format === 'auto') {
-        let format;
+    let acceptFormat;
+    if (transformationParams.format === 'auto') {
         if (req.headers.accept?.includes('image/avif')) {
-            format = 'avif';
+            acceptFormat = 'avif';
         }
         else if (req.headers.accept?.includes('image/webp')) {
-            format = 'webp';
+            acceptFormat = 'webp';
         }
-        else {
-            format = 'jpg';
-        }
-        transformation.format = format;
         vary.push('Accept');
     }
     let range = undefined;
@@ -140,7 +136,7 @@ asyncHandler(async (req, res) => {
             }
         }
     }
-    const { stream, file, stat } = await service.getAsset(id, transformation, range);
+    const { stream, file, stat } = await service.getAsset(id, { transformationParams, acceptFormat }, range);
     const filename = req.params['filename'] ?? file.filename_download;
     res.attachment(filename);
     res.setHeader('Content-Type', file.type);

package/dist/controllers/flows.js

@@ -13,7 +13,7 @@ const router = express.Router();
 router.use(useCollection('directus_flows'));
 const webhookFlowHandler = asyncHandler(async (req, res, next) => {
     const flowManager = getFlowManager();
-    const result = await flowManager.runWebhookFlow(`${req.method}-${req.params['pk']}`, {
+    const { result, cacheEnabled } = await flowManager.runWebhookFlow(`${req.method}-${req.params['pk']}`, {
         path: req.path,
         query: req.query,
         body: req.body,
@@ -23,6 +23,9 @@ const webhookFlowHandler = asyncHandler(async (req, res, next) => {
         accountability: req.accountability,
         schema: req.schema,
     });
+    if (!cacheEnabled) {
+        res.locals['cache'] = false;
+    }
     res.locals['payload'] = result;
     return next();
 });

package/dist/controllers/schema.js

@@ -15,20 +15,17 @@ router.get('/snapshot', asyncHandler(async (req, res, next) => {
     res.locals['payload'] = { data: currentSnapshot };
     return next();
 }), respond);
-router.post('/apply', asyncHandler(async (req, _res, next) => {
-    const service = new SchemaService({ accountability: req.accountability });
-    await service.apply(req.body);
-    return next();
-}), respond);
 const schemaMultipartHandler = (req, res, next) => {
     if (req.is('application/json')) {
-        if (Object.keys(req.body).length === 0)
+        if (Object.keys(req.body).length === 0) {
             throw new InvalidPayloadException(`No data was included in the body`);
-        res.locals['uploadedSnapshot'] = req.body;
+        }
+        res.locals['upload'] = req.body;
         return next();
     }
-    if (!req.is('multipart/form-data'))
+    if (!req.is('multipart/form-data')) {
         throw new UnsupportedMediaTypeException(`Unsupported Content-Type header`);
+    }
     const headers = req.headers['content-type']
         ? req.headers
         : {
@@ -37,7 +34,7 @@ const schemaMultipartHandler = (req, res, next) => {
         };
     const busboy = Busboy({ headers });
     let isFileIncluded = false;
-    let uploadedSnapshot = null;
+    let upload = null;
     busboy.on('file', async (_, fileStream, { mimeType }) => {
         if (isFileIncluded)
             return next(new InvalidPayloadException(`More than one file was included in the body`));
@@ -47,25 +44,26 @@ const schemaMultipartHandler = (req, res, next) => {
             const uploadedString = await readableStreamToString(fileStream);
             if (mimeType === 'application/json') {
                 try {
-                    uploadedSnapshot = parseJSON(uploadedString);
+                    upload = parseJSON(uploadedString);
                 }
                 catch (err) {
                     logger.warn(err);
-                    throw new InvalidPayloadException('Invalid JSON schema snapshot');
+                    throw new InvalidPayloadException('The provided JSON is invalid.');
                 }
             }
             else {
                 try {
-                    uploadedSnapshot = (await loadYaml(uploadedString));
+                    upload = await loadYaml(uploadedString);
                 }
                 catch (err) {
                     logger.warn(err);
-                    throw new InvalidPayloadException('Invalid YAML schema snapshot');
+                    throw new InvalidPayloadException('The provided YAML is invalid.');
                 }
             }
-            if (!uploadedSnapshot)
+            if (!upload) {
                 throw new InvalidPayloadException(`No file was included in the body`);
-            res.locals['uploadedSnapshot'] = uploadedSnapshot;
+            }
+            res.locals['upload'] = upload;
             return next();
         }
         catch (error) {
@@ -81,7 +79,7 @@ const schemaMultipartHandler = (req, res, next) => {
 };
 router.post('/diff', asyncHandler(schemaMultipartHandler), asyncHandler(async (req, res, next) => {
     const service = new SchemaService({ accountability: req.accountability });
-    const snapshot = res.locals['uploadedSnapshot'];
+    const snapshot = res.locals['upload'];
     const currentSnapshot = await service.snapshot();
     const snapshotDiff = await service.diff(snapshot, { currentSnapshot, force: 'force' in req.query });
     if (!snapshotDiff)
@@ -90,4 +88,10 @@ router.post('/diff', asyncHandler(schemaMultipartHandler), asyncHandler(async (r
     res.locals['payload'] = { data: { hash: currentSnapshotHash, diff: snapshotDiff } };
     return next();
 }), respond);
+router.post('/apply', asyncHandler(schemaMultipartHandler), asyncHandler(async (req, res, next) => {
+    const service = new SchemaService({ accountability: req.accountability });
+    const diff = res.locals['upload'];
+    await service.apply(diff);
+    return next();
+}), respond);
 export default router;

package/dist/controllers/utils.js

@@ -15,8 +15,9 @@ import { sanitizeQuery } from '../utils/sanitize-query.js';
 const router = Router();
 router.get('/random/string', asyncHandler(async (req, res) => {
     const { nanoid } = await import('nanoid');
-    if (req.query && req.query['length'] && Number(req.query['length']) > 500)
+    if (req.query && req.query['length'] && Number(req.query['length']) > 500) {
         throw new InvalidQueryException(`"length" can't be more than 500 characters`);
+    }
     const string = nanoid(req.query?.['length'] ? Number(req.query['length']) : 32);
     return res.json({ data: string });
 }));
@@ -61,8 +62,9 @@ router.post('/revert/:revision', asyncHandler(async (req, _res, next) => {
     next();
 }), respond);
 router.post('/import/:collection', collectionExists, asyncHandler(async (req, res, next) => {
-    if (req.is('multipart/form-data') === false)
+    if (req.is('multipart/form-data') === false) {
         throw new UnsupportedMediaTypeException(`Unsupported Content-Type header`);
+    }
     const service = new ImportService({
         accountability: req.accountability,
         schema: req.schema,

package/dist/database/migrations/run.js

@@ -7,13 +7,14 @@ import path from 'path';
 import { flushCaches } from '../../cache.js';
 import env from '../../env.js';
 import logger from '../../logger.js';
+import getModuleDefault from '../../utils/get-module-default.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 export default async function run(database, direction, log = true) {
     let migrationFiles = await fse.readdir(__dirname);
     const customMigrationsPath = path.resolve(env['EXTENSIONS_PATH'], 'migrations');
     let customMigrationFiles = ((await fse.pathExists(customMigrationsPath)) && (await fse.readdir(customMigrationsPath))) || [];
     migrationFiles = migrationFiles.filter((file) => /^[0-9]+[A-Z]-[^.]+\.(?:js|ts)$/.test(file));
-    customMigrationFiles = customMigrationFiles.filter((file) => file.endsWith('.js'));
+    customMigrationFiles = customMigrationFiles.filter((file) => /\.(c|m)?js$/.test(file));
     const completedMigrations = await database.select('*').from('directus_migrations').orderBy('version');
     const migrations = [
         ...migrationFiles.map((path) => parseFilePath(path)),
@@ -84,7 +85,7 @@ export default async function run(database, direction, log = true) {
         for (const migration of migrations) {
             if (migration.completed === false) {
                 needsCacheFlush = true;
-                const { up } = await import(`file://${migration.file}`);
+                const { up } = getModuleDefault(await import(`file://${migration.file}`));
                 if (log) {
                     logger.info(`Applying ${migration.name}...`);
                 }

package/dist/database/run-ast.js

@@ -151,7 +151,7 @@ async function getDBQuery(schema, knex, table, fieldNodes, query) {
     const preProcess = getColumnPreprocessor(knex, schema, table);
     const queryCopy = clone(query);
     const helpers = getHelpers(knex);
-    queryCopy.limit = typeof queryCopy.limit === 'number' ? queryCopy.limit : 100;
+    queryCopy.limit = typeof queryCopy.limit === 'number' ? queryCopy.limit : Number(env['QUERY_LIMIT_DEFAULT']);
     // Queries with aggregates and groupBy will not have duplicate result
     if (queryCopy.aggregate || queryCopy.group) {
         const flatQuery = knex.select(fieldNodes.map(preProcess)).from(table);
@@ -322,13 +322,13 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
             });
             parentItem[nestedNode.fieldKey].push(...itemChildren);
             if (nestedNode.query.page && nestedNode.query.page > 1) {
-                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice((nestedNode.query.limit ?? 100) * (nestedNode.query.page - 1));
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice((nestedNode.query.limit ?? Number(env['QUERY_LIMIT_DEFAULT'])) * (nestedNode.query.page - 1));
             }
             if (nestedNode.query.offset && nestedNode.query.offset >= 0) {
                 parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(nestedNode.query.offset);
             }
             if (nestedNode.query.limit !== -1) {
-                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, nestedNode.query.limit ?? 100);
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, nestedNode.query.limit ?? Number(env['QUERY_LIMIT_DEFAULT']));
             }
             parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].sort((a, b) => {
                 // This is pre-filled in get-ast-from-query

package/dist/env.js

@@ -25,6 +25,8 @@ const allowedEnvironmentVars = [
     'GRAPHQL_INTROSPECTION',
     'MAX_BATCH_MUTATION',
     'LOGGER_.+',
+    'QUERY_LIMIT_MAX',
+    'QUERY_LIMIT_DEFAULT',
     'ROBOTS_TXT',
     // server
     'SERVER_.+',
@@ -196,6 +198,7 @@ const defaults = {
     PUBLIC_URL: '/',
     MAX_PAYLOAD_SIZE: '1mb',
     MAX_RELATIONAL_DEPTH: 10,
+    QUERY_LIMIT_DEFAULT: 100,
     MAX_BATCH_MUTATION: Infinity,
     ROBOTS_TXT: 'User-agent: *\nDisallow: /',
     DB_EXCLUDE_TABLES: 'spatial_ref_sys,sysdiagrams',
@@ -262,6 +265,13 @@ const defaults = {
     GRAPHQL_INTROSPECTION: true,
     FLOWS_EXEC_ALLOWED_MODULES: false,
     FLOWS_ENV_ALLOW_LIST: false,
+    PRESSURE_LIMITER_ENABLED: true,
+    PRESSURE_LIMITER_SAMPLE_INTERVAL: 250,
+    PRESSURE_LIMITER_MAX_EVENT_LOOP_UTILIZATION: 0.99,
+    PRESSURE_LIMITER_MAX_EVENT_LOOP_DELAY: 500,
+    PRESSURE_LIMITER_MAX_MEMORY_RSS: false,
+    PRESSURE_LIMITER_MAX_MEMORY_HEAP_USED: false,
+    PRESSURE_LIMITER_RETRY_AFTER: false,
 };
 // Allows us to force certain environment variable into a type, instead of relying
 // on the auto-parsed type in processValues. ref #3705

package/dist/extensions.js

@@ -1,4 +1,4 @@
-import { APP_EXTENSION_TYPES, APP_SHARED_DEPS, HYBRID_EXTENSION_TYPES, NESTED_EXTENSION_TYPES, } from '@directus/constants';
+import { APP_EXTENSION_TYPES, APP_SHARED_DEPS, HYBRID_EXTENSION_TYPES, JAVASCRIPT_FILE_EXTS, NESTED_EXTENSION_TYPES, } from '@directus/constants';
 import * as sharedExceptions from '@directus/exceptions';
 import { isIn, isTypeIn, pluralize } from '@directus/utils';
 import { ensureExtensionDirs, generateExtensionsEntrypoint, getLocalExtensions, getPackageExtensions, pathToRelativeUrl, resolvePackage, resolvePackageExtensions, } from '@directus/utils/node';
@@ -201,15 +201,14 @@ class ExtensionManager {
         const extensionDirUrl = pathToRelativeUrl(env['EXTENSIONS_PATH']);
         const localExtensionUrls = NESTED_EXTENSION_TYPES.flatMap((type) => {
             const typeDir = path.posix.join(extensionDirUrl, pluralize(type));
-            const fileExts = ['js', 'mjs', 'cjs'];
             if (isIn(type, HYBRID_EXTENSION_TYPES)) {
                 return [
-                    path.posix.join(typeDir, '*', `app.{${fileExts.join()}}`),
-                    path.posix.join(typeDir, '*', `api.{${fileExts.join()}}`),
+                    path.posix.join(typeDir, '*', `app.{${JAVASCRIPT_FILE_EXTS.join()}}`),
+                    path.posix.join(typeDir, '*', `api.{${JAVASCRIPT_FILE_EXTS.join()}}`),
                 ];
             }
             else {
-                return path.posix.join(typeDir, '*', `index.{${fileExts.join()}}`);
+                return path.posix.join(typeDir, '*', `index.{${JAVASCRIPT_FILE_EXTS.join()}}`);
             }
         });
         this.watcher = chokidar.watch([path.resolve('package.json'), path.posix.join(extensionDirUrl, '*', 'package.json'), ...localExtensionUrls], {

package/dist/flows.d.ts

@@ -13,7 +13,10 @@ declare class FlowManager {
     addOperation(id: string, operation: OperationHandler): void;
     clearOperations(): void;
     runOperationFlow(id: string, data: unknown, context: Record<string, unknown>): Promise<unknown>;
-    runWebhookFlow(id: string, data: unknown, context: Record<string, unknown>): Promise<unknown>;
+    runWebhookFlow(id: string, data: unknown, context: Record<string, unknown>): Promise<{
+        result: unknown;
+        cacheEnabled: boolean;
+    }>;
     private load;
     private unload;
     private executeFlow;

package/dist/flows.js

@@ -9,7 +9,6 @@ import getDatabase from './database/index.js';
 import emitter from './emitter.js';
 import env from './env.js';
 import * as exceptions from './exceptions/index.js';
-import { BaseException } from '@directus/exceptions';
 import logger from './logger.js';
 import { getMessenger } from './messenger.js';
 import { ActivityService } from './services/activity.js';
@@ -20,6 +19,7 @@ import { constructFlowTree } from './utils/construct-flow-tree.js';
 import { getSchema } from './utils/get-schema.js';
 import { JobQueue } from './utils/job-queue.js';
 import { mapValuesDeep } from './utils/map-values-deep.js';
+import { sanitizeError } from './utils/sanitize-error.js';
 let flowManager;
 const redactLogs = fastRedact({
     censor: '--redacted--',
@@ -167,16 +167,20 @@ class FlowManager {
                 this.operationFlowHandlers[flow.id] = handler;
             }
             else if (flow.trigger === 'webhook') {
-                const handler = (data, context) => {
+                const method = flow.options?.['method'] ?? 'GET';
+                const handler = async (data, context) => {
+                    let cacheEnabled = true;
+                    if (method === 'GET') {
+                        cacheEnabled = flow.options['cacheEnabled'] !== false;
+                    }
                     if (flow.options['async']) {
                         this.executeFlow(flow, data, context);
-                        return undefined;
+                        return { result: undefined, cacheEnabled };
                     }
                     else {
-                        return this.executeFlow(flow, data, context);
+                        return { result: await this.executeFlow(flow, data, context), cacheEnabled };
                     }
                 };
-                const method = flow.options?.['method'] ?? 'GET';
                 // Default return to $last for webhooks
                 flow.options['return'] = flow.options['return'] ?? '$last';
                 this.webhookFlowHandlers[`${method}-${flow.id}`] = handler;
@@ -325,11 +329,9 @@ class FlowManager {
         }
         catch (error) {
             let data;
-            if (error instanceof BaseException) {
-                data = { message: error.message, code: error.code, extensions: error.extensions, status: error.status };
-            }
-            else if (error instanceof Error) {
-                data = { message: error.message };
+            if (error instanceof Error) {
+                // make sure we dont expose the stack trace
+                data = sanitizeError(error);
             }
             else if (typeof error === 'string') {
                 // If the error is a JSON string, parse it and use that as the error data

package/dist/services/assets.d.ts

@@ -3,14 +3,14 @@ import type { Range, Stat } from '@directus/storage';
 import type { Accountability } from '@directus/types';
 import type { Knex } from 'knex';
 import type { Readable } from 'node:stream';
-import type { AbstractServiceOptions, TransformationParams } from '../types/index.js';
+import type { AbstractServiceOptions, TransformationSet } from '../types/index.js';
 import { AuthorizationService } from './authorization.js';
 export declare class AssetsService {
     knex: Knex;
     accountability: Accountability | null;
     authorizationService: AuthorizationService;
     constructor(options: AbstractServiceOptions);
-    getAsset(id: string, transformation: TransformationParams, range?: Range): Promise<{
+    getAsset(id: string, transformation: TransformationSet, range?: Range): Promise<{
         stream: Readable;
         file: any;
         stat: Stat;

package/dist/services/collections.js

@@ -60,7 +60,7 @@ export class CollectionsService {
                     // Directus heavily relies on the primary key of a collection, so we have to make sure that
                     // every collection that is created has a primary key. If no primary key field is created
                     // while making the collection, we default to an auto incremented id named `id`
-                    if (!payload.fields)
+                    if (!payload.fields) {
                         payload.fields = [
                             {
                                 field: 'id',
@@ -76,6 +76,7 @@ export class CollectionsService {
                                 },
                             },
                         ];
+                    }
                     // Ensure that every field meta has the field/collection fields filled correctly
                     payload.fields = payload.fields.map((field) => {
                         if (field.meta) {

package/dist/services/fields.js

@@ -311,7 +311,9 @@ export class FieldsService {
             }
             if (hookAdjustedField.schema) {
                 const existingColumn = await this.schemaInspector.columnInfo(collection, hookAdjustedField.field);
-                if (!isEqual(sanitizeColumn(existingColumn), hookAdjustedField.schema)) {
+                // Sanitize column only when applying snapshot diff as opts is only passed from /utils/apply-diff.ts
+                const columnToCompare = opts?.bypassLimits && opts.autoPurgeSystemCache === false ? sanitizeColumn(existingColumn) : existingColumn;
+                if (!isEqual(columnToCompare, hookAdjustedField.schema)) {
                     try {
                         await this.knex.schema.alterTable(collection, (table) => {
                             if (!hookAdjustedField.schema)

package/dist/services/graphql/index.js

@@ -98,8 +98,9 @@ export class GraphQLService {
         const formattedResult = {};
         if (result['data'])
             formattedResult.data = result['data'];
-        if (result['errors'])
+        if (result['errors']) {
             formattedResult.errors = result['errors'].map((error) => processError(this.accountability, error));
+        }
         if (result['extensions'])
             formattedResult.extensions = result['extensions'];
         return formattedResult;
@@ -285,8 +286,9 @@ export class GraphQLService {
                             type = new GraphQLNonNull(type);
                         }
                         if (collection.primary === field.field) {
-                            if (!field.defaultValue && !field.special.includes('uuid') && action === 'create')
+                            if (!field.defaultValue && !field.special.includes('uuid') && action === 'create') {
                                 type = new GraphQLNonNull(GraphQLID);
+                            }
                             else if (['create', 'update'].includes(action))
                                 type = GraphQLID;
                             else
@@ -1537,6 +1539,15 @@ export class GraphQLService {
                         },
                     }),
                 },
+                queryLimit: {
+                    type: new GraphQLObjectType({
+                        name: 'server_info_query_limit',
+                        fields: {
+                            default: { type: GraphQLInt },
+                            max: { type: GraphQLInt },
+                        },
+                    }),
+                },
             });
         }
         if (this.accountability?.admin === true) {

package/dist/services/items.js

@@ -144,7 +144,7 @@ export class ItemsService {
                 // to read from it
                 payload[primaryKeyField] = primaryKey;
             }
-            const { revisions: revisionsO2M, nestedActionEvents: nestedActionEventsO2M } = await payloadService.processO2M(payload, primaryKey, opts);
+            const { revisions: revisionsO2M, nestedActionEvents: nestedActionEventsO2M } = await payloadService.processO2M(payloadWithPresets, primaryKey, opts);
             nestedActionEvents.push(...nestedActionEventsM2O);
             nestedActionEvents.push(...nestedActionEventsA2O);
             nestedActionEvents.push(...nestedActionEventsO2M);

package/dist/services/permissions.js

@@ -50,31 +50,49 @@ export class PermissionsService extends ItemsService {
     async createOne(data, opts) {
         const res = await super.createOne(data, opts);
         await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
         return res;
     }
     async createMany(data, opts) {
         const res = await super.createMany(data, opts);
         await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
         return res;
     }
     async updateBatch(data, opts) {
         const res = await super.updateBatch(data, opts);
         await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
         return res;
     }
     async updateMany(keys, data, opts) {
         const res = await super.updateMany(keys, data, opts);
         await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
         return res;
     }
     async upsertMany(payloads, opts) {
         const res = await super.upsertMany(payloads, opts);
         await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
         return res;
     }
     async deleteMany(keys, opts) {
         const res = await super.deleteMany(keys, opts);
         await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
         return res;
     }
 }

package/dist/services/server.js

@@ -64,6 +64,10 @@ export class ServerService {
             info['flows'] = {
                 execAllowedModules: env['FLOWS_EXEC_ALLOWED_MODULES'] ? toArray(env['FLOWS_EXEC_ALLOWED_MODULES']) : [],
             };
+            info['queryLimit'] = {
+                default: env['QUERY_LIMIT_DEFAULT'],
+                max: Number.isFinite(env['QUERY_LIMIT_MAX']) ? env['QUERY_LIMIT_MAX'] : -1,
+            };
         }
         if (this.accountability?.admin === true) {
             const { osType, osVersion } = getOSInfo();

package/dist/types/assets.d.ts

@@ -6,10 +6,15 @@ export type TransformationMap = {
 };
 export type Transformation = TransformationMap[keyof TransformationMap];
 export type TransformationResize = Pick<ResizeOptions, 'width' | 'height' | 'fit' | 'withoutEnlargement'>;
+export type TransformationFormat = 'jpg' | 'jpeg' | 'png' | 'webp' | 'tiff' | 'avif';
 export type TransformationParams = {
     key?: string;
     transforms?: Transformation[];
-    format?: 'auto' | 'jpg' | 'jpeg' | 'png' | 'webp' | 'tiff' | 'avif';
+    format?: TransformationFormat | 'auto';
     quality?: number;
 } & TransformationResize;
+export type TransformationSet = {
+    transformationParams: TransformationParams;
+    acceptFormat?: TransformationFormat | undefined;
+};
 export {};