npm - @directus/api - Versions diffs - 11.0.1 → 12.0.0 - Mend

@directus/api 11.0.1 → 12.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (283) hide show

package/dist/app.js +3 -4
package/dist/auth/auth.d.ts +4 -4
package/dist/auth/auth.js +2 -2
package/dist/auth/drivers/ldap.js +20 -17
package/dist/auth/drivers/local.js +5 -5
package/dist/auth/drivers/oauth2.js +16 -16
package/dist/auth/drivers/openid.js +18 -17
package/dist/auth/drivers/saml.js +6 -7
package/dist/auth.js +3 -2
package/dist/cache.js +3 -13
package/dist/cli/utils/create-env/env-stub.liquid +5 -7
package/dist/controllers/activity.js +7 -6
package/dist/controllers/assets.js +25 -12
package/dist/controllers/auth.js +8 -7
package/dist/controllers/collections.js +4 -3
package/dist/controllers/dashboards.js +5 -4
package/dist/controllers/extensions.js +3 -3
package/dist/controllers/fields.js +9 -8
package/dist/controllers/files.js +11 -11
package/dist/controllers/flows.js +5 -4
package/dist/controllers/folders.js +5 -4
package/dist/controllers/items.js +14 -13
package/dist/controllers/not-found.js +2 -2
package/dist/controllers/notifications.js +5 -4
package/dist/controllers/operations.js +5 -4
package/dist/controllers/panels.js +5 -4
package/dist/controllers/permissions.js +5 -4
package/dist/controllers/presets.js +5 -4
package/dist/controllers/relations.js +6 -5
package/dist/controllers/roles.js +5 -4
package/dist/controllers/schema.js +8 -8
package/dist/controllers/server.js +2 -2
package/dist/controllers/settings.js +3 -2
package/dist/controllers/shares.js +7 -6
package/dist/controllers/translations.js +6 -5
package/dist/controllers/users.js +22 -21
package/dist/controllers/utils.js +10 -10
package/dist/controllers/webhooks.js +5 -4
package/dist/{exceptions/database → database/errors}/dialects/mssql.js +8 -18
package/dist/{exceptions/database → database/errors}/dialects/mysql.js +9 -19
package/dist/{exceptions/database → database/errors}/dialects/oracle.js +2 -2
package/dist/{exceptions/database → database/errors}/dialects/postgres.js +7 -18
package/dist/{exceptions/database → database/errors}/dialects/sqlite.js +7 -10
package/dist/{exceptions/database → database/errors}/translate.js +1 -1
package/dist/database/migrations/run.js +10 -1
package/dist/emitter.d.ts +3 -2
package/dist/emitter.js +12 -4
package/dist/env.js +21 -17
package/dist/errors/codes.d.ts +29 -0
package/dist/errors/codes.js +30 -0
package/dist/errors/contains-null-values.d.ts +7 -0
package/dist/errors/contains-null-values.js +4 -0
package/dist/errors/content-too-large.d.ts +1 -0
package/dist/errors/content-too-large.js +3 -0
package/dist/errors/forbidden.d.ts +1 -0
package/dist/errors/forbidden.js +3 -0
package/dist/errors/hit-rate-limit.d.ts +6 -0
package/dist/errors/hit-rate-limit.js +8 -0
package/dist/errors/illegal-asset-transformation.d.ts +4 -0
package/dist/errors/illegal-asset-transformation.js +3 -0
package/dist/errors/index.d.ts +28 -0
package/dist/errors/index.js +28 -0
package/dist/errors/invalid-credentials.d.ts +1 -0
package/dist/errors/invalid-credentials.js +3 -0
package/dist/errors/invalid-foreign-key.d.ts +6 -0
package/dist/errors/invalid-foreign-key.js +14 -0
package/dist/errors/invalid-ip.d.ts +1 -0
package/dist/errors/invalid-ip.js +3 -0
package/dist/errors/invalid-otp.d.ts +1 -0
package/dist/errors/invalid-otp.js +3 -0
package/dist/errors/invalid-payload.d.ts +5 -0
package/dist/errors/invalid-payload.js +4 -0
package/dist/errors/invalid-provider-config.d.ts +5 -0
package/dist/errors/invalid-provider-config.js +3 -0
package/dist/errors/invalid-provider.d.ts +1 -0
package/dist/errors/invalid-provider.js +3 -0
package/dist/errors/invalid-query.d.ts +5 -0
package/dist/errors/invalid-query.js +4 -0
package/dist/errors/invalid-token.d.ts +1 -0
package/dist/errors/invalid-token.js +3 -0
package/dist/errors/method-not-allowed.d.ts +6 -0
package/dist/errors/method-not-allowed.js +6 -0
package/dist/errors/not-null-violation.d.ts +6 -0
package/dist/errors/not-null-violation.js +14 -0
package/dist/errors/range-not-satisfiable.d.ts +7 -0
package/dist/errors/range-not-satisfiable.js +7 -0
package/dist/errors/record-not-unique.d.ts +6 -0
package/dist/errors/record-not-unique.js +14 -0
package/dist/errors/route-not-found.d.ts +5 -0
package/dist/errors/route-not-found.js +4 -0
package/dist/errors/service-unavailable.d.ts +7 -0
package/dist/errors/service-unavailable.js +4 -0
package/dist/errors/token-expired.d.ts +1 -0
package/dist/errors/token-expired.js +3 -0
package/dist/errors/unexpected-response.d.ts +1 -0
package/dist/errors/unexpected-response.js +3 -0
package/dist/errors/unprocessable-content.d.ts +5 -0
package/dist/errors/unprocessable-content.js +4 -0
package/dist/errors/unsupported-media-type.d.ts +6 -0
package/dist/errors/unsupported-media-type.js +4 -0
package/dist/errors/user-suspended.d.ts +1 -0
package/dist/errors/user-suspended.js +3 -0
package/dist/errors/value-out-of-range.d.ts +6 -0
package/dist/errors/value-out-of-range.js +14 -0
package/dist/errors/value-too-long.d.ts +6 -0
package/dist/errors/value-too-long.js +14 -0
package/dist/extensions.js +0 -4
package/dist/flows.js +6 -8
package/dist/index.d.ts +0 -2
package/dist/index.js +0 -2
package/dist/messenger.d.ts +3 -3
package/dist/messenger.js +18 -9
package/dist/middleware/authenticate.js +2 -38
package/dist/middleware/check-ip.js +2 -2
package/dist/middleware/collection-exists.js +2 -2
package/dist/middleware/error-handler.js +7 -7
package/dist/middleware/graphql.js +11 -9
package/dist/middleware/rate-limiter-global.d.ts +2 -2
package/dist/middleware/rate-limiter-global.js +2 -3
package/dist/middleware/rate-limiter-ip.d.ts +2 -2
package/dist/middleware/rate-limiter-ip.js +2 -3
package/dist/middleware/validate-batch.js +3 -4
package/dist/rate-limiter.js +2 -9
package/dist/server.js +10 -0
package/dist/services/activity.js +3 -2
package/dist/services/assets.js +9 -10
package/dist/services/authentication.js +12 -11
package/dist/services/authorization.d.ts +1 -1
package/dist/services/authorization.js +16 -16
package/dist/services/collections.js +17 -16
package/dist/services/fields.js +16 -14
package/dist/services/files.js +7 -6
package/dist/services/graphql/errors/execution.d.ts +6 -0
package/dist/services/graphql/errors/execution.js +2 -0
package/dist/services/graphql/errors/index.d.ts +2 -0
package/dist/services/graphql/errors/index.js +2 -0
package/dist/services/graphql/errors/validation.d.ts +6 -0
package/dist/services/graphql/errors/validation.js +2 -0
package/dist/services/graphql/index.d.ts +2 -8
package/dist/services/graphql/index.js +125 -66
package/dist/services/graphql/subscription.d.ts +16 -0
package/dist/services/graphql/subscription.js +77 -0
package/dist/services/graphql/utils/process-error.js +3 -3
package/dist/services/import-export.js +7 -7
package/dist/services/index.d.ts +1 -0
package/dist/services/index.js +1 -0
package/dist/services/items.js +14 -13
package/dist/services/mail/index.js +3 -3
package/dist/services/meta.js +3 -3
package/dist/services/payload.js +11 -7
package/dist/services/relations.js +32 -22
package/dist/services/revisions.js +3 -3
package/dist/services/roles.js +10 -9
package/dist/services/schema.js +5 -5
package/dist/services/server.js +24 -0
package/dist/services/shares.js +4 -4
package/dist/services/tfa.js +6 -6
package/dist/services/translations.d.ts +2 -2
package/dist/services/translations.js +4 -4
package/dist/services/users.js +26 -29
package/dist/services/utils.js +4 -4
package/dist/services/websocket.d.ts +14 -0
package/dist/services/websocket.js +26 -0
package/dist/synchronization.js +3 -3
package/dist/types/items.d.ts +2 -2
package/dist/utils/apply-diff.js +13 -4
package/dist/utils/apply-query.js +22 -13
package/dist/utils/get-accountability-for-role.js +1 -2
package/dist/utils/get-accountability-for-token.d.ts +2 -0
package/dist/utils/get-accountability-for-token.js +50 -0
package/dist/utils/get-column-path.js +5 -3
package/dist/utils/get-column.js +3 -3
package/dist/utils/get-service.d.ts +7 -0
package/dist/utils/get-service.js +49 -0
package/dist/utils/jwt.js +5 -5
package/dist/utils/redact.d.ts +4 -0
package/dist/utils/redact.js +15 -1
package/dist/utils/to-boolean.d.ts +4 -0
package/dist/utils/to-boolean.js +6 -0
package/dist/utils/validate-diff.js +23 -9
package/dist/utils/validate-keys.js +3 -3
package/dist/utils/validate-query.d.ts +2 -0
package/dist/utils/validate-query.js +27 -21
package/dist/utils/validate-snapshot.js +11 -5
package/dist/websocket/authenticate.d.ts +6 -0
package/dist/websocket/authenticate.js +59 -0
package/dist/websocket/controllers/base.d.ts +42 -0
package/dist/websocket/controllers/base.js +279 -0
package/dist/websocket/controllers/graphql.d.ts +12 -0
package/dist/websocket/controllers/graphql.js +102 -0
package/dist/websocket/controllers/hooks.d.ts +1 -0
package/dist/websocket/controllers/hooks.js +122 -0
package/dist/websocket/controllers/index.d.ts +10 -0
package/dist/websocket/controllers/index.js +31 -0
package/dist/websocket/controllers/rest.d.ts +9 -0
package/dist/websocket/controllers/rest.js +47 -0
package/dist/websocket/errors.d.ts +16 -0
package/dist/websocket/errors.js +55 -0
package/dist/websocket/handlers/heartbeat.d.ts +11 -0
package/dist/websocket/handlers/heartbeat.js +72 -0
package/dist/websocket/handlers/index.d.ts +4 -0
package/dist/websocket/handlers/index.js +11 -0
package/dist/websocket/handlers/items.d.ts +6 -0
package/dist/websocket/handlers/items.js +103 -0
package/dist/websocket/handlers/subscribe.d.ts +43 -0
package/dist/websocket/handlers/subscribe.js +278 -0
package/dist/websocket/messages.d.ts +311 -0
package/dist/websocket/messages.js +96 -0
package/dist/websocket/types.d.ts +34 -0
package/dist/websocket/types.js +1 -0
package/dist/websocket/utils/get-expires-at-for-token.d.ts +1 -0
package/dist/websocket/utils/get-expires-at-for-token.js +8 -0
package/dist/websocket/utils/message.d.ts +4 -0
package/dist/websocket/utils/message.js +27 -0
package/dist/websocket/utils/wait-for-message.d.ts +4 -0
package/dist/websocket/utils/wait-for-message.js +45 -0
package/package.json +21 -16
package/dist/exceptions/content-too-large.d.ts +0 -4
package/dist/exceptions/content-too-large.js +0 -6
package/dist/exceptions/database/contains-null-values.d.ts +0 -9
package/dist/exceptions/database/contains-null-values.js +0 -6
package/dist/exceptions/database/invalid-foreign-key.d.ts +0 -10
package/dist/exceptions/database/invalid-foreign-key.js +0 -11
package/dist/exceptions/database/not-null-violation.d.ts +0 -9
package/dist/exceptions/database/not-null-violation.js +0 -6
package/dist/exceptions/database/record-not-unique.d.ts +0 -10
package/dist/exceptions/database/record-not-unique.js +0 -11
package/dist/exceptions/database/value-out-of-range.d.ts +0 -10
package/dist/exceptions/database/value-out-of-range.js +0 -11
package/dist/exceptions/database/value-too-long.d.ts +0 -9
package/dist/exceptions/database/value-too-long.js +0 -11
package/dist/exceptions/forbidden.d.ts +0 -6
package/dist/exceptions/forbidden.js +0 -13
package/dist/exceptions/graphql-validation.d.ts +0 -4
package/dist/exceptions/graphql-validation.js +0 -6
package/dist/exceptions/hit-rate-limit.d.ts +0 -9
package/dist/exceptions/hit-rate-limit.js +0 -6
package/dist/exceptions/illegal-asset-transformation.d.ts +0 -4
package/dist/exceptions/illegal-asset-transformation.js +0 -6
package/dist/exceptions/index.d.ts +0 -21
package/dist/exceptions/index.js +0 -21
package/dist/exceptions/invalid-config.d.ts +0 -4
package/dist/exceptions/invalid-config.js +0 -6
package/dist/exceptions/invalid-credentials.d.ts +0 -4
package/dist/exceptions/invalid-credentials.js +0 -6
package/dist/exceptions/invalid-ip.d.ts +0 -4
package/dist/exceptions/invalid-ip.js +0 -6
package/dist/exceptions/invalid-otp.d.ts +0 -4
package/dist/exceptions/invalid-otp.js +0 -6
package/dist/exceptions/invalid-payload.d.ts +0 -4
package/dist/exceptions/invalid-payload.js +0 -6
package/dist/exceptions/invalid-provider.d.ts +0 -4
package/dist/exceptions/invalid-provider.js +0 -6
package/dist/exceptions/invalid-query.d.ts +0 -4
package/dist/exceptions/invalid-query.js +0 -6
package/dist/exceptions/invalid-token.d.ts +0 -4
package/dist/exceptions/invalid-token.js +0 -6
package/dist/exceptions/method-not-allowed.d.ts +0 -8
package/dist/exceptions/method-not-allowed.js +0 -6
package/dist/exceptions/range-not-satisfiable.d.ts +0 -5
package/dist/exceptions/range-not-satisfiable.js +0 -9
package/dist/exceptions/route-not-found.d.ts +0 -4
package/dist/exceptions/route-not-found.js +0 -6
package/dist/exceptions/service-unavailable.d.ts +0 -9
package/dist/exceptions/service-unavailable.js +0 -6
package/dist/exceptions/token-expired.d.ts +0 -4
package/dist/exceptions/token-expired.js +0 -6
package/dist/exceptions/unexpected-response.d.ts +0 -4
package/dist/exceptions/unexpected-response.js +0 -6
package/dist/exceptions/unprocessable-entity.d.ts +0 -4
package/dist/exceptions/unprocessable-entity.js +0 -6
package/dist/exceptions/unsupported-media-type.d.ts +0 -4
package/dist/exceptions/unsupported-media-type.js +0 -6
package/dist/exceptions/user-suspended.d.ts +0 -4
package/dist/exceptions/user-suspended.js +0 -6
/package/dist/{exceptions/database → database/errors}/dialects/mssql.d.ts +0 -0
/package/dist/{exceptions/database → database/errors}/dialects/mysql.d.ts +0 -0
/package/dist/{exceptions/database → database/errors}/dialects/oracle.d.ts +0 -0
/package/dist/{exceptions/database → database/errors}/dialects/postgres.d.ts +0 -0
/package/dist/{exceptions/database → database/errors}/dialects/sqlite.d.ts +0 -0
/package/dist/{exceptions/database → database/errors}/dialects/types.d.ts +0 -0
/package/dist/{exceptions/database → database/errors}/dialects/types.js +0 -0
/package/dist/{exceptions/database → database/errors}/translate.d.ts +0 -0

package/dist/websocket/controllers/base.js ADDED Viewed

@@ -0,0 +1,279 @@
+import { parseJSON } from '@directus/utils';
+import { parse } from 'url';
+import { v4 as uuid } from 'uuid';
+import WebSocket, { WebSocketServer } from 'ws';
+import { fromZodError } from 'zod-validation-error';
+import emitter from '../../emitter.js';
+import env from '../../env.js';
+import { InvalidProviderConfigError, TokenExpiredError } from '../../errors/index.js';
+import logger from '../../logger.js';
+import { createRateLimiter } from '../../rate-limiter.js';
+import { getAccountabilityForToken } from '../../utils/get-accountability-for-token.js';
+import { toBoolean } from '../../utils/to-boolean.js';
+import { authenticateConnection, authenticationSuccess } from '../authenticate.js';
+import { WebSocketError, handleWebSocketError } from '../errors.js';
+import { AuthMode, WebSocketAuthMessage, WebSocketMessage } from '../messages.js';
+import { getExpiresAtForToken } from '../utils/get-expires-at-for-token.js';
+import { getMessageType } from '../utils/message.js';
+import { waitForAnyMessage, waitForMessageType } from '../utils/wait-for-message.js';
+import { registerWebSocketEvents } from './hooks.js';
+const TOKEN_CHECK_INTERVAL = 15 * 60 * 1000; // 15 minutes
+export default class SocketController {
+    server;
+    clients;
+    authentication;
+    endpoint;
+    maxConnections;
+    rateLimiter;
+    authInterval;
+    constructor(httpServer, configPrefix) {
+        this.server = new WebSocketServer({ noServer: true });
+        this.clients = new Set();
+        this.authInterval = null;
+        const { endpoint, authentication, maxConnections } = this.getEnvironmentConfig(configPrefix);
+        this.endpoint = endpoint;
+        this.authentication = authentication;
+        this.maxConnections = maxConnections;
+        this.rateLimiter = this.getRateLimiter();
+        httpServer.on('upgrade', this.handleUpgrade.bind(this));
+        this.checkClientTokens();
+        registerWebSocketEvents();
+    }
+    getEnvironmentConfig(configPrefix) {
+        const endpoint = String(env[`${configPrefix}_PATH`]);
+        const authMode = AuthMode.safeParse(String(env[`${configPrefix}_AUTH`]).toLowerCase());
+        const authTimeout = Number(env[`${configPrefix}_AUTH_TIMEOUT`]) * 1000;
+        const maxConnections = `${configPrefix}_CONN_LIMIT` in env ? Number(env[`${configPrefix}_CONN_LIMIT`]) : Number.POSITIVE_INFINITY;
+        if (!authMode.success) {
+            throw new InvalidProviderConfigError({
+                provider: 'ws',
+                reason: fromZodError(authMode.error, { prefix: `${configPrefix}_AUTH` }).message,
+            });
+        }
+        return {
+            endpoint,
+            maxConnections,
+            authentication: {
+                mode: authMode.data,
+                timeout: authTimeout,
+            },
+        };
+    }
+    getRateLimiter() {
+        if (toBoolean(env['RATE_LIMITER_ENABLED']) === true) {
+            return createRateLimiter('RATE_LIMITER', {
+                keyPrefix: 'websocket',
+            });
+        }
+        return null;
+    }
+    async handleUpgrade(request, socket, head) {
+        const { pathname, query } = parse(request.url, true);
+        if (pathname !== this.endpoint)
+            return;
+        if (this.clients.size >= this.maxConnections) {
+            logger.debug('WebSocket upgrade denied - max connections reached');
+            socket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
+            socket.destroy();
+            return;
+        }
+        const context = { request, socket, head };
+        if (this.authentication.mode === 'strict') {
+            await this.handleStrictUpgrade(context, query);
+            return;
+        }
+        if (this.authentication.mode === 'handshake') {
+            await this.handleHandshakeUpgrade(context);
+            return;
+        }
+        this.server.handleUpgrade(request, socket, head, async (ws) => {
+            const state = { accountability: null, expires_at: null };
+            this.server.emit('connection', ws, state);
+        });
+    }
+    async handleStrictUpgrade({ request, socket, head }, query) {
+        let accountability, expires_at;
+        try {
+            const token = query['access_token'];
+            accountability = await getAccountabilityForToken(token);
+            expires_at = getExpiresAtForToken(token);
+        }
+        catch {
+            accountability = null;
+            expires_at = null;
+        }
+        if (!accountability || !accountability.user) {
+            logger.debug('WebSocket upgrade denied - ' + JSON.stringify(accountability || 'invalid'));
+            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+            socket.destroy();
+            return;
+        }
+        this.server.handleUpgrade(request, socket, head, async (ws) => {
+            const state = { accountability, expires_at };
+            this.server.emit('connection', ws, state);
+        });
+    }
+    async handleHandshakeUpgrade({ request, socket, head }) {
+        this.server.handleUpgrade(request, socket, head, async (ws) => {
+            try {
+                const payload = await waitForAnyMessage(ws, this.authentication.timeout);
+                if (getMessageType(payload) !== 'auth')
+                    throw new Error();
+                const state = await authenticateConnection(WebSocketAuthMessage.parse(payload));
+                ws.send(authenticationSuccess(payload['uid'], state.refresh_token));
+                this.server.emit('connection', ws, state);
+            }
+            catch {
+                logger.debug('WebSocket authentication handshake failed');
+                const error = new WebSocketError('auth', 'AUTH_FAILED', 'Authentication handshake failed.');
+                handleWebSocketError(ws, error, 'auth');
+                ws.close();
+            }
+        });
+    }
+    createClient(ws, { accountability, expires_at }) {
+        const client = ws;
+        client.accountability = accountability;
+        client.expires_at = expires_at;
+        client.uid = uuid();
+        client.auth_timer = null;
+        ws.on('message', async (data) => {
+            if (this.rateLimiter !== null) {
+                try {
+                    await this.rateLimiter.consume(client.uid);
+                }
+                catch (limit) {
+                    const timeout = limit?.msBeforeNext ?? this.rateLimiter.msDuration;
+                    const error = new WebSocketError('server', 'REQUESTS_EXCEEDED', `Too many messages, retry after ${timeout}ms.`);
+                    handleWebSocketError(client, error, 'server');
+                    logger.debug(`WebSocket#${client.uid} is rate limited`);
+                    return;
+                }
+            }
+            let message;
+            try {
+                message = this.parseMessage(data.toString());
+            }
+            catch (err) {
+                handleWebSocketError(client, err, 'server');
+                return;
+            }
+            if (getMessageType(message) === 'auth') {
+                try {
+                    await this.handleAuthRequest(client, WebSocketAuthMessage.parse(message));
+                }
+                catch {
+                    // ignore errors
+                }
+                return;
+            }
+            // this log cannot be higher in the function or it will leak credentials
+            logger.trace(`WebSocket#${client.uid} - ${JSON.stringify(message)}`);
+            ws.emit('parsed-message', message);
+        });
+        ws.on('error', () => {
+            logger.debug(`WebSocket#${client.uid} connection errored`);
+            if (client.auth_timer) {
+                clearTimeout(client.auth_timer);
+                client.auth_timer = null;
+            }
+            this.clients.delete(client);
+        });
+        ws.on('close', () => {
+            logger.debug(`WebSocket#${client.uid} connection closed`);
+            if (client.auth_timer) {
+                clearTimeout(client.auth_timer);
+                client.auth_timer = null;
+            }
+            this.clients.delete(client);
+        });
+        logger.debug(`WebSocket#${client.uid} connected`);
+        if (accountability) {
+            logger.trace(`WebSocket#${client.uid} authenticated as ${JSON.stringify(accountability)}`);
+        }
+        this.setTokenExpireTimer(client);
+        this.clients.add(client);
+        return client;
+    }
+    parseMessage(data) {
+        let message;
+        try {
+            message = WebSocketMessage.parse(parseJSON(data));
+        }
+        catch (err) {
+            throw new WebSocketError('server', 'INVALID_PAYLOAD', 'Unable to parse the incoming message.');
+        }
+        return message;
+    }
+    async handleAuthRequest(client, message) {
+        try {
+            const { accountability, expires_at, refresh_token } = await authenticateConnection(message);
+            client.accountability = accountability;
+            client.expires_at = expires_at;
+            this.setTokenExpireTimer(client);
+            emitter.emitAction('websocket.auth.success', { client });
+            client.send(authenticationSuccess(message.uid, refresh_token));
+            logger.trace(`WebSocket#${client.uid} authenticated as ${JSON.stringify(client.accountability)}`);
+        }
+        catch (error) {
+            logger.trace(`WebSocket#${client.uid} failed authentication`);
+            emitter.emitAction('websocket.auth.failure', { client });
+            client.accountability = null;
+            client.expires_at = null;
+            const _error = error instanceof WebSocketError
+                ? error
+                : new WebSocketError('auth', 'AUTH_FAILED', 'Authentication failed.', message.uid);
+            handleWebSocketError(client, _error, 'auth');
+            if (this.authentication.mode !== 'public') {
+                client.close();
+            }
+        }
+    }
+    setTokenExpireTimer(client) {
+        if (client.auth_timer !== null) {
+            // clear up old timeouts if needed
+            clearTimeout(client.auth_timer);
+            client.auth_timer = null;
+        }
+        if (!client.expires_at)
+            return;
+        const expiresIn = client.expires_at * 1000 - Date.now();
+        if (expiresIn > TOKEN_CHECK_INTERVAL)
+            return;
+        client.auth_timer = setTimeout(() => {
+            client.accountability = null;
+            client.expires_at = null;
+            handleWebSocketError(client, new TokenExpiredError(), 'auth');
+            waitForMessageType(client, 'auth', this.authentication.timeout).catch((msg) => {
+                const error = new WebSocketError('auth', 'AUTH_TIMEOUT', 'Authentication timed out.', msg?.uid);
+                handleWebSocketError(client, error, 'auth');
+                if (this.authentication.mode !== 'public') {
+                    client.close();
+                }
+            });
+        }, expiresIn);
+    }
+    checkClientTokens() {
+        this.authInterval = setInterval(() => {
+            if (this.clients.size === 0)
+                return;
+            // check the clients and set shorter timeouts if needed
+            for (const client of this.clients) {
+                if (client.expires_at === null || client.auth_timer !== null)
+                    continue;
+                this.setTokenExpireTimer(client);
+            }
+        }, TOKEN_CHECK_INTERVAL);
+    }
+    terminate() {
+        if (this.authInterval)
+            clearInterval(this.authInterval);
+        this.clients.forEach((client) => {
+            if (client.auth_timer)
+                clearTimeout(client.auth_timer);
+        });
+        this.server.clients.forEach((ws) => {
+            ws.terminate();
+        });
+    }
+}

package/dist/websocket/controllers/graphql.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/// <reference types="node" resolution-mode="require"/>
+import type { Server } from 'graphql-ws';
+import type { Server as httpServer } from 'http';
+import type { GraphQLSocket, UpgradeContext, WebSocketClient } from '../types.js';
+import SocketController from './base.js';
+export declare class GraphQLSubscriptionController extends SocketController {
+    gql: Server<GraphQLSocket>;
+    constructor(httpServer: httpServer);
+    private bindEvents;
+    setTokenExpireTimer(client: WebSocketClient): void;
+    protected handleHandshakeUpgrade({ request, socket, head }: UpgradeContext): Promise<void>;
+}

package/dist/websocket/controllers/graphql.js ADDED Viewed

@@ -0,0 +1,102 @@
+import { CloseCode, MessageType, makeServer } from 'graphql-ws';
+import env from '../../env.js';
+import logger from '../../logger.js';
+import { bindPubSub } from '../../services/graphql/subscription.js';
+import { GraphQLService } from '../../services/index.js';
+import { getSchema } from '../../utils/get-schema.js';
+import { authenticateConnection, refreshAccountability } from '../authenticate.js';
+import { handleWebSocketError } from '../errors.js';
+import { ConnectionParams, WebSocketMessage } from '../messages.js';
+import { getMessageType } from '../utils/message.js';
+import SocketController from './base.js';
+export class GraphQLSubscriptionController extends SocketController {
+    gql;
+    constructor(httpServer) {
+        super(httpServer, 'WEBSOCKETS_GRAPHQL');
+        this.server.on('connection', (ws, auth) => {
+            this.bindEvents(this.createClient(ws, auth));
+        });
+        this.gql = makeServer({
+            schema: async (ctx) => {
+                const accountability = ctx.extra.client.accountability;
+                // for now only the items will be watched, system events tbd
+                const service = new GraphQLService({
+                    schema: await getSchema(),
+                    scope: 'items',
+                    accountability,
+                });
+                return service.getSchema();
+            },
+        });
+        bindPubSub();
+        logger.info(`GraphQL Subscriptions started at ws://${env['HOST']}:${env['PORT']}${this.endpoint}`);
+    }
+    bindEvents(client) {
+        const closedHandler = this.gql.opened({
+            protocol: client.protocol,
+            send: (data) => new Promise((resolve, reject) => {
+                client.send(data, (err) => (err ? reject(err) : resolve()));
+            }),
+            close: (code, reason) => client.close(code, reason),
+            onMessage: (cb) => {
+                client.on('parsed-message', async (message) => {
+                    try {
+                        if (getMessageType(message) === 'connection_init' && this.authentication.mode !== 'strict') {
+                            const params = ConnectionParams.parse(message['payload'] ?? {});
+                            if (this.authentication.mode === 'handshake') {
+                                if (typeof params.access_token === 'string') {
+                                    const { accountability, expires_at } = await authenticateConnection({
+                                        access_token: params.access_token,
+                                    });
+                                    client.accountability = accountability;
+                                    client.expires_at = expires_at;
+                                }
+                                else {
+                                    client.close(CloseCode.Forbidden, 'Forbidden');
+                                    return;
+                                }
+                            }
+                        }
+                        else if (this.authentication.mode === 'handshake' && !client.accountability?.user) {
+                            // the first message should authenticate successfully in this mode
+                            client.close(CloseCode.Forbidden, 'Forbidden');
+                            return;
+                        }
+                        else {
+                            client.accountability = await refreshAccountability(client.accountability);
+                        }
+                        await cb(JSON.stringify(message));
+                    }
+                    catch (error) {
+                        handleWebSocketError(client, error, MessageType.Error);
+                    }
+                });
+            },
+        }, { client });
+        // notify server that the socket closed
+        client.once('close', (code, reason) => closedHandler(code, reason.toString()));
+        // check strict authentication status
+        if (this.authentication.mode === 'strict' && !client.accountability?.user) {
+            client.close(CloseCode.Forbidden, 'Forbidden');
+        }
+    }
+    setTokenExpireTimer(client) {
+        if (client.auth_timer !== null) {
+            clearTimeout(client.auth_timer);
+            client.auth_timer = null;
+        }
+        if (this.authentication.mode !== 'handshake')
+            return;
+        client.auth_timer = setTimeout(() => {
+            if (!client.accountability?.user) {
+                client.close(CloseCode.Forbidden, 'Forbidden');
+            }
+        }, this.authentication.timeout);
+    }
+    async handleHandshakeUpgrade({ request, socket, head }) {
+        this.server.handleUpgrade(request, socket, head, async (ws) => {
+            this.server.emit('connection', ws, { accountability: null, expires_at: null });
+            // actual enforcement is handled by the setTokenExpireTimer function
+        });
+    }
+}

package/dist/websocket/controllers/hooks.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare function registerWebSocketEvents(): void;

package/dist/websocket/controllers/hooks.js ADDED Viewed

@@ -0,0 +1,122 @@
+import emitter from '../../emitter.js';
+import { getMessenger } from '../../messenger.js';
+let actionsRegistered = false;
+export function registerWebSocketEvents() {
+    if (actionsRegistered)
+        return;
+    actionsRegistered = true;
+    registerActionHooks([
+        'items',
+        'activity',
+        'collections',
+        'folders',
+        'permissions',
+        'presets',
+        'revisions',
+        'roles',
+        'settings',
+        'users',
+        'webhooks',
+    ]);
+    registerFieldsHooks();
+    registerFilesHooks();
+    registerRelationsHooks();
+}
+function registerActionHooks(modules) {
+    // register event hooks that can be handled in an uniform manner
+    for (const module of modules) {
+        registerAction(module + '.create', ({ key, collection, payload = {} }) => ({
+            collection,
+            action: 'create',
+            key,
+            payload,
+        }));
+        registerAction(module + '.update', ({ keys, collection, payload = {} }) => ({
+            collection,
+            action: 'update',
+            keys,
+            payload,
+        }));
+        registerAction(module + '.delete', ({ keys, collection, payload = [] }) => ({
+            collection,
+            action: 'delete',
+            keys,
+            payload,
+        }));
+    }
+}
+function registerFieldsHooks() {
+    // exception for field hooks that don't report `directus_fields` as being the collection
+    registerAction('fields.create', ({ key, payload = {} }) => ({
+        collection: 'directus_fields',
+        action: 'create',
+        key,
+        payload,
+    }));
+    registerAction('fields.update', ({ keys, payload = {} }) => ({
+        collection: 'directus_fields',
+        action: 'update',
+        keys,
+        payload,
+    }));
+    registerAction('fields.delete', ({ keys, payload = [] }) => ({
+        collection: 'directus_fields',
+        action: 'delete',
+        keys,
+        payload,
+    }));
+}
+function registerFilesHooks() {
+    // extra event for file uploads that doubles as create event
+    registerAction('files.upload', ({ key, collection, payload = {} }) => ({
+        collection,
+        action: 'create',
+        key,
+        payload,
+    }));
+    registerAction('files.update', ({ keys, collection, payload = {} }) => ({
+        collection,
+        action: 'update',
+        keys,
+        payload,
+    }));
+    registerAction('files.delete', ({ keys, collection, payload = [] }) => ({
+        collection,
+        action: 'delete',
+        keys,
+        payload,
+    }));
+}
+function registerRelationsHooks() {
+    // exception for relation hooks that don't report `directus_relations` as being the collection
+    registerAction('relations.create', ({ key, payload = {} }) => ({
+        collection: 'directus_relations',
+        action: 'create',
+        key,
+        payload: { ...payload, key },
+    }));
+    registerAction('relations.update', ({ keys, payload = {} }) => ({
+        collection: 'directus_relations',
+        action: 'update',
+        keys,
+        payload,
+    }));
+    registerAction('relations.delete', ({ collection, payload = [] }) => ({
+        collection: 'directus_relations',
+        action: 'delete',
+        keys: payload,
+        payload: { collection, fields: payload },
+    }));
+}
+/**
+ * Wrapper for emitter.onAction to hook into system events
+ * @param event The action event to watch
+ * @param transform Transformer function
+ */
+function registerAction(event, transform) {
+    const messenger = getMessenger();
+    emitter.onAction(event, async (data) => {
+        // push the event through the Redis pub/sub
+        messenger.publish('websocket.event', transform(data));
+    });
+}

package/dist/websocket/controllers/index.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/// <reference types="node" resolution-mode="require"/>
+import type { Server as httpServer } from 'http';
+import { GraphQLSubscriptionController } from './graphql.js';
+import { WebSocketController } from './rest.js';
+export declare function createWebSocketController(server: httpServer): void;
+export declare function getWebSocketController(): WebSocketController;
+export declare function createSubscriptionController(server: httpServer): void;
+export declare function getSubscriptionController(): GraphQLSubscriptionController | undefined;
+export * from './graphql.js';
+export * from './rest.js';

package/dist/websocket/controllers/index.js ADDED Viewed

@@ -0,0 +1,31 @@
+import env from '../../env.js';
+import { ServiceUnavailableError } from '../../errors/index.js';
+import { toBoolean } from '../../utils/to-boolean.js';
+import { GraphQLSubscriptionController } from './graphql.js';
+import { WebSocketController } from './rest.js';
+let websocketController;
+let subscriptionController;
+export function createWebSocketController(server) {
+    if (toBoolean(env['WEBSOCKETS_REST_ENABLED'])) {
+        websocketController = new WebSocketController(server);
+    }
+}
+export function getWebSocketController() {
+    if (!toBoolean(env['WEBSOCKETS_ENABLED']) || !toBoolean(env['WEBSOCKETS_REST_ENABLED'])) {
+        throw new ServiceUnavailableError({ service: 'ws', reason: 'WebSocket server is disabled' });
+    }
+    if (!websocketController) {
+        throw new ServiceUnavailableError({ service: 'ws', reason: 'WebSocket server is not initialized' });
+    }
+    return websocketController;
+}
+export function createSubscriptionController(server) {
+    if (toBoolean(env['WEBSOCKETS_GRAPHQL_ENABLED'])) {
+        subscriptionController = new GraphQLSubscriptionController(server);
+    }
+}
+export function getSubscriptionController() {
+    return subscriptionController;
+}
+export * from './graphql.js';
+export * from './rest.js';

package/dist/websocket/controllers/rest.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/// <reference types="node" resolution-mode="require"/>
+import type { Server as httpServer } from 'http';
+import { WebSocketMessage } from '../messages.js';
+import SocketController from './base.js';
+export declare class WebSocketController extends SocketController {
+    constructor(httpServer: httpServer);
+    private bindEvents;
+    protected parseMessage(data: string): WebSocketMessage;
+}

package/dist/websocket/controllers/rest.js ADDED Viewed

@@ -0,0 +1,47 @@
+import { parseJSON } from '@directus/utils';
+import emitter from '../../emitter.js';
+import env from '../../env.js';
+import logger from '../../logger.js';
+import { refreshAccountability } from '../authenticate.js';
+import { WebSocketError, handleWebSocketError } from '../errors.js';
+import { WebSocketMessage } from '../messages.js';
+import SocketController from './base.js';
+export class WebSocketController extends SocketController {
+    constructor(httpServer) {
+        super(httpServer, 'WEBSOCKETS_REST');
+        this.server.on('connection', (ws, auth) => {
+            this.bindEvents(this.createClient(ws, auth));
+        });
+        logger.info(`WebSocket Server started at ws://${env['HOST']}:${env['PORT']}${this.endpoint}`);
+    }
+    bindEvents(client) {
+        client.on('parsed-message', async (message) => {
+            try {
+                message = WebSocketMessage.parse(await emitter.emitFilter('websocket.message', message, { client }));
+                client.accountability = await refreshAccountability(client.accountability);
+                emitter.emitAction('websocket.message', { message, client });
+            }
+            catch (error) {
+                handleWebSocketError(client, error, 'server');
+                return;
+            }
+        });
+        client.on('error', (event) => {
+            emitter.emitAction('websocket.error', { client, event });
+        });
+        client.on('close', (event) => {
+            emitter.emitAction('websocket.close', { client, event });
+        });
+        emitter.emitAction('websocket.connect', { client });
+    }
+    parseMessage(data) {
+        let message;
+        try {
+            message = parseJSON(data);
+        }
+        catch (err) {
+            throw new WebSocketError('server', 'INVALID_PAYLOAD', 'Unable to parse the incoming message.');
+        }
+        return message;
+    }
+}

package/dist/websocket/errors.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { DirectusError } from '@directus/errors';
+import type { WebSocket } from 'ws';
+import { ZodError } from 'zod';
+import type { WebSocketResponse } from './messages.js';
+import type { WebSocketClient } from './types.js';
+export declare class WebSocketError extends Error {
+    type: string;
+    code: string;
+    uid: string | number | undefined;
+    constructor(type: string, code: string, message: string, uid?: string | number);
+    toJSON(): WebSocketResponse;
+    toMessage(): string;
+    static fromError(error: DirectusError<unknown>, type?: string): WebSocketError;
+    static fromZodError(error: ZodError, type?: string): WebSocketError;
+}
+export declare function handleWebSocketError(client: WebSocketClient | WebSocket, error: unknown, type?: string): void;