@directus/api 11.0.1 → 12.0.0

package/dist/middleware/authenticate.js

@@ -1,12 +1,9 @@
 import { isEqual } from 'lodash-es';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import env from '../env.js';
-import { InvalidCredentialsException } from '../exceptions/index.js';
 import asyncHandler from '../utils/async-handler.js';
+import { getAccountabilityForToken } from '../utils/get-accountability-for-token.js';
 import { getIPFromReq } from '../utils/get-ip-from-req.js';
-import isDirectusJWT from '../utils/is-directus-jwt.js';
-import { verifyAccessJWT } from '../utils/jwt.js';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
@@ -36,40 +33,7 @@ export const handler = async (req, _res, next) => {
         req.accountability = customAccountability;
         return next();
     }
-    req.accountability = defaultAccountability;
-    if (req.token) {
-        if (isDirectusJWT(req.token)) {
-            const payload = verifyAccessJWT(req.token, env['SECRET']);
-            req.accountability.role = payload.role;
-            req.accountability.admin = payload.admin_access === true || payload.admin_access == 1;
-            req.accountability.app = payload.app_access === true || payload.app_access == 1;
-            if (payload.share)
-                req.accountability.share = payload.share;
-            if (payload.share_scope)
-                req.accountability.share_scope = payload.share_scope;
-            if (payload.id)
-                req.accountability.user = payload.id;
-        }
-        else {
-            // Try finding the user with the provided token
-            const user = await database
-                .select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
-                .from('directus_users')
-                .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
-                .where({
-                'directus_users.token': req.token,
-                status: 'active',
-            })
-                .first();
-            if (!user) {
-                throw new InvalidCredentialsException();
-            }
-            req.accountability.user = user.id;
-            req.accountability.role = user.role;
-            req.accountability.admin = user.admin_access === true || user.admin_access == 1;
-            req.accountability.app = user.app_access === true || user.app_access == 1;
-        }
-    }
+    req.accountability = await getAccountabilityForToken(req.token, defaultAccountability);
     return next();
 };
 export default asyncHandler(handler);

package/dist/middleware/check-ip.js

@@ -1,5 +1,5 @@
 import getDatabase from '../database/index.js';
-import { InvalidIPException } from '../exceptions/index.js';
+import { InvalidIpError } from '../errors/index.js';
 import asyncHandler from '../utils/async-handler.js';
 export const checkIP = asyncHandler(async (req, _res, next) => {
     const database = getDatabase();
@@ -13,6 +13,6 @@ export const checkIP = asyncHandler(async (req, _res, next) => {
     const role = await query.first();
     const ipAllowlist = (role?.ip_access || '').split(',').filter((ip) => ip);
     if (ipAllowlist.length > 0 && ipAllowlist.includes(req.accountability.ip) === false)
-        throw new InvalidIPException();
+        throw new InvalidIpError();
     return next();
 });

package/dist/middleware/collection-exists.js

@@ -2,13 +2,13 @@
  * Check if requested collection exists, and save it to req.collection
  */
 import { systemCollectionRows } from '../database/system-data/collections/index.js';
-import { ForbiddenException } from '../exceptions/index.js';
+import { ForbiddenError } from '../errors/index.js';
 import asyncHandler from '../utils/async-handler.js';
 const collectionExists = asyncHandler(async (req, _res, next) => {
     if (!req.params['collection'])
         return next();
     if (req.params['collection'] in req.schema.collections === false) {
-        throw new ForbiddenException();
+        throw new ForbiddenError();
     }
     req.collection = req.params['collection'];
     if (req.collection.startsWith('directus_')) {

package/dist/middleware/error-handler.js

@@ -1,9 +1,9 @@
-import { BaseException } from '@directus/exceptions';
+import { isDirectusError } from '@directus/errors';
 import { toArray } from '@directus/utils';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import env from '../env.js';
-import { MethodNotAllowedException } from '../exceptions/index.js';
+import { ErrorCode, MethodNotAllowedError } from '../errors/index.js';
 import logger from '../logger.js';
 // Note: keep all 4 parameters here. That's how Express recognizes it's the error handler, even if
 // we don't use next
@@ -12,7 +12,7 @@ const errorHandler = (err, req, res, _next) => {
         errors: [],
     };
     const errors = toArray(err);
-    if (errors.some((err) => err instanceof BaseException === false)) {
+    if (errors.some((err) => isDirectusError(err) === false)) {
         res.status(500);
     }
     else {
@@ -33,18 +33,18 @@ const errorHandler = (err, req, res, _next) => {
                 stack: err.stack,
             };
         }
-        if (err instanceof BaseException) {
+        if (isDirectusError(err)) {
             logger.debug(err);
             res.status(err.status);
             payload.errors.push({
                 message: err.message,
                 extensions: {
                     code: err.code,
-                    ...err.extensions,
+                    ...(err.extensions ?? {}),
                 },
             });
-            if (err instanceof MethodNotAllowedException) {
-                res.header('Allow', err.extensions['allow'].join(', '));
+            if (isDirectusError(err, ErrorCode.MethodNotAllowed)) {
+                res.header('Allow', err.extensions.allowed.join(', '));
             }
         }
         else {

package/dist/middleware/graphql.js

@@ -1,10 +1,11 @@
 import { parseJSON } from '@directus/utils';
 import { getOperationAST, parse, Source } from 'graphql';
-import { InvalidPayloadException, InvalidQueryException, MethodNotAllowedException } from '../exceptions/index.js';
+import { InvalidPayloadError, InvalidQueryError, MethodNotAllowedError } from '../errors/index.js';
+import { GraphQLValidationError } from '../services/graphql/errors/validation.js';
 import asyncHandler from '../utils/async-handler.js';
 export const parseGraphQL = asyncHandler(async (req, res, next) => {
     if (req.method !== 'GET' && req.method !== 'POST') {
-        throw new MethodNotAllowedException('GraphQL only supports GET and POST requests.', { allow: ['GET', 'POST'] });
+        throw new MethodNotAllowedError({ allowed: ['GET', 'POST'], current: req.method });
     }
     let query = null;
     let variables = null;
@@ -17,7 +18,7 @@ export const parseGraphQL = asyncHandler(async (req, res, next) => {
                 variables = parseJSON(req.query['variables']);
             }
             catch {
-                throw new InvalidQueryException(`Variables are invalid JSON.`);
+                throw new InvalidQueryError({ reason: `Variables are invalid JSON` });
             }
         }
         else {
@@ -31,21 +32,22 @@ export const parseGraphQL = asyncHandler(async (req, res, next) => {
         operationName = req.body.operationName || null;
     }
     if (query === null) {
-        throw new InvalidPayloadException('Must provide query string.');
+        throw new InvalidPayloadError({ reason: 'Must provide query string' });
     }
     try {
         document = parse(new Source(query));
     }
     catch (err) {
-        throw new InvalidPayloadException(`GraphQL schema validation error.`, {
-            graphqlErrors: [err],
+        throw new GraphQLValidationError({
+            errors: [err],
         });
     }
     const operationAST = getOperationAST(document, operationName);
-    // You can only do `query` through GET
+    // Mutations can't happen through GET requests
     if (req.method === 'GET' && operationAST?.operation !== 'query') {
-        throw new MethodNotAllowedException(`Can only perform a ${operationAST?.operation} from a POST request.`, {
-            allow: ['POST'],
+        throw new MethodNotAllowedError({
+            allowed: ['POST'],
+            current: 'GET',
         });
     }
     // Prevent caching responses when mutations are made

package/dist/middleware/rate-limiter-global.d.ts

@@ -1,5 +1,5 @@
 import type { RequestHandler } from 'express';
-import type { RateLimiterMemcache, RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
+import type { RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
 declare let checkRateLimit: RequestHandler;
-export declare let rateLimiterGlobal: RateLimiterRedis | RateLimiterMemcache | RateLimiterMemory;
+export declare let rateLimiterGlobal: RateLimiterRedis | RateLimiterMemory;
 export default checkRateLimit;

package/dist/middleware/rate-limiter-global.js

@@ -1,6 +1,5 @@
-import ms from 'ms';
 import env from '../env.js';
-import { HitRateLimitException } from '../exceptions/index.js';
+import { HitRateLimitError } from '../errors/index.js';
 import logger from '../logger.js';
 import { createRateLimiter } from '../rate-limiter.js';
 import asyncHandler from '../utils/async-handler.js';
@@ -20,7 +19,7 @@ if (env['RATE_LIMITER_GLOBAL_ENABLED'] === true) {
             if (rateLimiterRes instanceof Error)
                 throw rateLimiterRes;
             res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
-            throw new HitRateLimitException(`Too many requests, retry after ${ms(rateLimiterRes.msBeforeNext)}.`, {
+            throw new HitRateLimitError({
                 limit: +env['RATE_LIMITER_GLOBAL_POINTS'],
                 reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
             });

package/dist/middleware/rate-limiter-ip.d.ts

@@ -1,5 +1,5 @@
 import type { RequestHandler } from 'express';
-import type { RateLimiterMemcache, RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
+import type { RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
 declare let checkRateLimit: RequestHandler;
-export declare let rateLimiter: RateLimiterRedis | RateLimiterMemcache | RateLimiterMemory;
+export declare let rateLimiter: RateLimiterRedis | RateLimiterMemory;
 export default checkRateLimit;

package/dist/middleware/rate-limiter-ip.js

@@ -1,6 +1,5 @@
-import ms from 'ms';
 import env from '../env.js';
-import { HitRateLimitException } from '../exceptions/index.js';
+import { HitRateLimitError } from '../errors/index.js';
 import { createRateLimiter } from '../rate-limiter.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getIPFromReq } from '../utils/get-ip-from-req.js';
@@ -18,7 +17,7 @@ if (env['RATE_LIMITER_ENABLED'] === true) {
             if (rateLimiterRes instanceof Error)
                 throw rateLimiterRes;
             res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
-            throw new HitRateLimitException(`Too many requests, retry after ${ms(rateLimiterRes.msBeforeNext)}.`, {
+            throw new HitRateLimitError({
                 limit: +env['RATE_LIMITER_POINTS'],
                 reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
             });

package/dist/middleware/validate-batch.js

@@ -1,6 +1,5 @@
-import { FailedValidationException } from '@directus/exceptions';
 import Joi from 'joi';
-import { InvalidPayloadException } from '../exceptions/index.js';
+import { InvalidPayloadError } from '../errors/index.js';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
 export const validateBatch = (scope) => asyncHandler(async (req, _res, next) => {
@@ -12,7 +11,7 @@ export const validateBatch = (scope) => asyncHandler(async (req, _res, next) =>
         return next();
     }
     if (!req.body)
-        throw new InvalidPayloadException('Payload in body is required');
+        throw new InvalidPayloadError({ reason: 'Payload in body is required' });
     if (['update', 'delete'].includes(scope) && Array.isArray(req.body)) {
         return next();
     }
@@ -36,7 +35,7 @@ export const validateBatch = (scope) => asyncHandler(async (req, _res, next) =>
     }
     const { error } = batchSchema.validate(req.body);
     if (error) {
-        throw new FailedValidationException(error.details[0]);
+        throw new InvalidPayloadError({ reason: error.details[0].message });
     }
     return next();
 });

package/dist/rate-limiter.js

@@ -1,5 +1,5 @@
 import { merge } from 'lodash-es';
-import { RateLimiterMemcache, RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
+import { RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
 import env from './env.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { createRequire } from 'node:module';
@@ -8,8 +8,6 @@ export function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides
     switch (env['RATE_LIMITER_STORE']) {
         case 'redis':
             return new RateLimiterRedis(getConfig('redis', configPrefix, configOverrides));
-        case 'memcache':
-            return new RateLimiterMemcache(getConfig('memcache', configPrefix, configOverrides));
         case 'memory':
         default:
             return new RateLimiterMemory(getConfig('memory', configPrefix, configOverrides));
@@ -19,12 +17,7 @@ function getConfig(store = 'memory', configPrefix = 'RATE_LIMITER', overrides) {
     const config = getConfigFromEnv(`${configPrefix}_`, `${configPrefix}_${store}_`);
     if (store === 'redis') {
         const Redis = require('ioredis');
-        delete config.redis;
-        config.storeClient = new Redis(env[`${configPrefix}_REDIS`] || getConfigFromEnv(`${configPrefix}_REDIS_`));
-    }
-    if (store === 'memcache') {
-        const Memcached = require('memcached');
-        config.storeClient = new Memcached(env[`${configPrefix}_MEMCACHE`], getConfigFromEnv(`${configPrefix}_MEMCACHE_`));
+        config.storeClient = new Redis(env[`REDIS`] || getConfigFromEnv(`REDIS_`));
     }
     delete config.enabled;
     delete config.store;

package/dist/server.js

@@ -10,6 +10,9 @@ import emitter from './emitter.js';
 import env from './env.js';
 import logger from './logger.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
+import { createSubscriptionController, createWebSocketController, getSubscriptionController, getWebSocketController, } from './websocket/controllers/index.js';
+import { startWebSocketHandlers } from './websocket/handlers/index.js';
+import { toBoolean } from './utils/to-boolean.js';
 export let SERVER_ONLINE = true;
 export async function createServer() {
     const server = http.createServer(await createApp());
@@ -66,6 +69,11 @@ export async function createServer() {
         res.once('finish', complete.bind(null, true));
         res.once('close', complete.bind(null, false));
     });
+    if (toBoolean(env['WEBSOCKETS_ENABLED']) === true) {
+        createSubscriptionController(server);
+        createWebSocketController(server);
+        startWebSocketHandlers();
+    }
     const terminusOptions = {
         timeout: env['SERVER_SHUTDOWN_TIMEOUT'] >= 0 && env['SERVER_SHUTDOWN_TIMEOUT'] < Infinity
             ? env['SERVER_SHUTDOWN_TIMEOUT']
@@ -84,6 +92,8 @@ export async function createServer() {
         SERVER_ONLINE = false;
     }
     async function onSignal() {
+        getSubscriptionController()?.terminate();
+        getWebSocketController()?.terminate();
         const database = getDatabase();
         await database.destroy();
         logger.info('Database connections destroyed');

package/dist/services/activity.js

@@ -1,8 +1,9 @@
 import { Action } from '@directus/constants';
+import { isDirectusError } from '@directus/errors';
 import { uniq } from 'lodash-es';
 import validateUUID from 'uuid-validate';
 import env from '../env.js';
-import { ForbiddenException } from '../exceptions/forbidden.js';
+import { ErrorCode } from '../errors/index.js';
 import logger from '../logger.js';
 import { getPermissions } from '../utils/get-permissions.js';
 import { Url } from '../utils/url.js';
@@ -80,7 +81,7 @@ ${comment}
                     });
                 }
                 catch (err) {
-                    if (err instanceof ForbiddenException) {
+                    if (isDirectusError(err, ErrorCode.Forbidden)) {
                         logger.warn(`User ${userID} doesn't have proper permissions to receive notification for this item.`);
                     }
                     else {

package/dist/services/assets.js

@@ -7,10 +7,7 @@ import validateUUID from 'uuid-validate';
 import { SUPPORTED_IMAGE_TRANSFORM_FORMATS } from '../constants.js';
 import getDatabase from '../database/index.js';
 import env from '../env.js';
-import { ForbiddenException } from '../exceptions/forbidden.js';
-import { IllegalAssetTransformation } from '../exceptions/illegal-asset-transformation.js';
-import { RangeNotSatisfiableException } from '../exceptions/range-not-satisfiable.js';
-import { ServiceUnavailableException } from '../exceptions/service-unavailable.js';
+import { ForbiddenError, IllegalAssetTransformationError, RangeNotSatisfiableError, ServiceUnavailableError, } from '../errors/index.js';
 import logger from '../logger.js';
 import { getStorage } from '../storage/index.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
@@ -39,23 +36,23 @@ export class AssetsService {
          */
         const isValidUUID = validateUUID(id, 4);
         if (isValidUUID === false)
-            throw new ForbiddenException();
+            throw new ForbiddenError();
         if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
             await this.authorizationService.checkAccess('read', 'directus_files', id);
         }
         const file = (await this.knex.select('*').from('directus_files').where({ id }).first());
         if (!file)
-            throw new ForbiddenException();
+            throw new ForbiddenError();
         const exists = await storage.location(file.storage).exists(file.filename_disk);
         if (!exists)
-            throw new ForbiddenException();
+            throw new ForbiddenError();
         if (range) {
             const missingRangeLimits = range.start === undefined && range.end === undefined;
             const endBeforeStart = range.start !== undefined && range.end !== undefined && range.end <= range.start;
             const startOverflow = range.start !== undefined && range.start >= file.filesize;
             const endUnderflow = range.end !== undefined && range.end <= 0;
             if (missingRangeLimits || endBeforeStart || startOverflow || endUnderflow) {
-                throw new RangeNotSatisfiableException(range);
+                throw new RangeNotSatisfiableError({ range });
             }
             const lastByte = file.filesize - 1;
             if (range.end) {
@@ -106,12 +103,14 @@ export class AssetsService {
                 !height ||
                 width > env['ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION'] ||
                 height > env['ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION']) {
-                throw new IllegalAssetTransformation(`Image is too large to be transformed, or image size couldn't be determined.`);
+                logger.warn(`Image is too large to be transformed, or image size couldn't be determined.`);
+                throw new IllegalAssetTransformationError({ invalidTransformations: ['width', 'height'] });
             }
             const { queue, process } = sharp.counters();
             if (queue + process > env['ASSETS_TRANSFORM_MAX_CONCURRENT']) {
-                throw new ServiceUnavailableException('Server too busy', {
+                throw new ServiceUnavailableError({
                     service: 'files',
+                    reason: 'Server too busy',
                 });
             }
             const readStream = await storage.location(file.storage).read(file.filename_disk, range);

package/dist/services/authentication.js

@@ -7,7 +7,8 @@ import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import env from '../env.js';
-import { InvalidCredentialsException, InvalidOTPException, InvalidProviderException, UserSuspendedException, } from '../exceptions/index.js';
+import { InvalidCredentialsError, InvalidProviderError, UserSuspendedError } from '../errors/index.js';
+import { InvalidOtpError } from '../errors/index.js';
 import { createRateLimiter } from '../rate-limiter.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stall } from '../utils/stall.js';
@@ -76,16 +77,16 @@ export class AuthenticationService {
             emitStatus('fail');
             if (user?.status === 'suspended') {
                 await stall(STALL_TIME, timeStart);
-                throw new UserSuspendedException();
+                throw new UserSuspendedError();
             }
             else {
                 await stall(STALL_TIME, timeStart);
-                throw new InvalidCredentialsException();
+                throw new InvalidCredentialsError();
             }
         }
         else if (user.provider !== providerName) {
             await stall(STALL_TIME, timeStart);
-            throw new InvalidProviderException();
+            throw new InvalidProviderError();
         }
         const settingsService = new SettingsService({
             knex: this.knex,
@@ -117,7 +118,7 @@ export class AuthenticationService {
         if (user.tfa_secret && !otp) {
             emitStatus('fail');
             await stall(STALL_TIME, timeStart);
-            throw new InvalidOTPException(`"otp" is required`);
+            throw new InvalidOtpError();
         }
         if (user.tfa_secret && otp) {
             const tfaService = new TFAService({ knex: this.knex, schema: this.schema });
@@ -125,7 +126,7 @@ export class AuthenticationService {
             if (otpValid === false) {
                 emitStatus('fail');
                 await stall(STALL_TIME, timeStart);
-                throw new InvalidOTPException(`"otp" is invalid`);
+                throw new InvalidOtpError();
             }
         }
         const tokenPayload = {
@@ -188,7 +189,7 @@ export class AuthenticationService {
         const STALL_TIME = env['LOGIN_STALL_TIME'];
         const timeStart = performance.now();
         if (!refreshToken) {
-            throw new InvalidCredentialsException();
+            throw new InvalidCredentialsError();
         }
         const record = await this.knex
             .select({
@@ -230,17 +231,17 @@ export class AuthenticationService {
         })
             .first();
         if (!record || (!record.share_id && !record.user_id)) {
-            throw new InvalidCredentialsException();
+            throw new InvalidCredentialsError();
         }
         if (record.user_id && record.user_status !== 'active') {
             await this.knex('directus_sessions').where({ token: refreshToken }).del();
             if (record.user_status === 'suspended') {
                 await stall(STALL_TIME, timeStart);
-                throw new UserSuspendedException();
+                throw new UserSuspendedError();
             }
             else {
                 await stall(STALL_TIME, timeStart);
-                throw new InvalidCredentialsException();
+                throw new InvalidCredentialsError();
             }
         }
         if (record.user_id) {
@@ -330,7 +331,7 @@ export class AuthenticationService {
             .where('id', userID)
             .first();
         if (!user) {
-            throw new InvalidCredentialsException();
+            throw new InvalidCredentialsError();
         }
         const provider = getAuthProvider(user.provider);
         await provider.verify(clone(user), password);

package/dist/services/authorization.d.ts

@@ -1,6 +1,6 @@
 import type { Accountability, PermissionsAction, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
-import type { AbstractServiceOptions, AST, Item, PrimaryKey } from '../types/index.js';
+import type { AST, AbstractServiceOptions, Item, PrimaryKey } from '../types/index.js';
 import { PayloadService } from './payload.js';
 export declare class AuthorizationService {
     knex: Knex;

package/dist/services/authorization.js

@@ -1,9 +1,9 @@
-import { FailedValidationException } from '@directus/exceptions';
 import { validatePayload } from '@directus/utils';
+import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
 import { cloneDeep, flatten, isArray, isNil, merge, reduce, uniq, uniqWith } from 'lodash-es';
 import { GENERATE_SPECIAL } from '../constants.js';
 import getDatabase from '../database/index.js';
-import { ForbiddenException } from '../exceptions/index.js';
+import { ForbiddenError } from '../errors/forbidden.js';
 import { getRelationInfo } from '../utils/get-relation-info.js';
 import { stripFunction } from '../utils/strip-function.js';
 import { ItemsService } from './items.js';
@@ -31,7 +31,7 @@ export class AuthorizationService {
         // If the permissions don't match the collections, you don't have permission to read all of them
         const uniqueCollectionsRequestedCount = uniq(collectionsRequested.map(({ collection }) => collection)).length;
         if (uniqueCollectionsRequestedCount !== permissionsForCollections.length) {
-            throw new ForbiddenException();
+            throw new ForbiddenError();
         }
         validateFields(ast);
         validateFilterPermissions(ast, this.schema, action, this.accountability);
@@ -94,7 +94,7 @@ export class AuthorizationService {
                             if (column === '*')
                                 continue;
                             if (allowedFields.includes(column) === false)
-                                throw new ForbiddenException();
+                                throw new ForbiddenError();
                         }
                     }
                 }
@@ -107,7 +107,7 @@ export class AuthorizationService {
                         continue;
                     const fieldKey = stripFunction(childNode.name);
                     if (allowedFields.includes(fieldKey) === false) {
-                        throw new ForbiddenException();
+                        throw new ForbiddenError();
                     }
                 }
             }
@@ -189,7 +189,7 @@ export class AuthorizationService {
                             });
                             // Filter key not found in parent collection
                             if (!relation)
-                                throw new ForbiddenException();
+                                throw new ForbiddenError();
                             const relatedCollectionName = relation.related_collection === parentCollection ? relation.collection : relation.related_collection;
                             // Add the `item` field to the required permissions
                             (result[relatedCollectionName] || (result[relatedCollectionName] = new Set())).add(field);
@@ -211,7 +211,7 @@ export class AuthorizationService {
                             });
                             // Filter key not found in parent collection
                             if (!relation)
-                                throw new ForbiddenException();
+                                throw new ForbiddenError();
                             parentCollection =
                                 relation.related_collection === parentCollection ? relation.collection : relation.related_collection;
                             (result[parentCollection] || (result[parentCollection] = new Set())).add(filterKey);
@@ -262,14 +262,14 @@ export class AuthorizationService {
                     if (action !== 'read' && collection === rootCollection) {
                         const actionPermission = accountability?.permissions?.find((permission) => permission.collection === collection && permission.action === action);
                         if (!actionPermission || !actionPermission.fields) {
-                            throw new ForbiddenException();
+                            throw new ForbiddenError();
                         }
                         allowedFields = permission?.fields
                             ? [...permission.fields, schema.collections[collection].primary]
                             : [schema.collections[collection].primary];
                     }
                     else if (!permission || !permission.fields) {
-                        throw new ForbiddenException();
+                        throw new ForbiddenError();
                     }
                     else {
                         allowedFields = permission.fields;
@@ -288,7 +288,7 @@ export class AuthorizationService {
                             originalFieldName = aliasMap[fieldName];
                         }
                         if (!allowedFields.includes(originalFieldName)) {
-                            throw new ForbiddenException();
+                            throw new ForbiddenError();
                         }
                     }
                 }
@@ -356,14 +356,14 @@ export class AuthorizationService {
                 return permission.collection === collection && permission.action === action;
             });
             if (!permission)
-                throw new ForbiddenException();
+                throw new ForbiddenError();
             // Check if you have permission to access the fields you're trying to access
             const allowedFields = permission.fields || [];
             if (allowedFields.includes('*') === false) {
                 const keysInData = Object.keys(payload);
                 const invalidKeys = keysInData.filter((fieldKey) => allowedFields.includes(fieldKey) === false);
                 if (invalidKeys.length > 0) {
-                    throw new ForbiddenException();
+                    throw new ForbiddenError();
                 }
             }
         }
@@ -412,7 +412,7 @@ export class AuthorizationService {
             }
         }
         const validationErrors = [];
-        validationErrors.push(...flatten(validatePayload(permission.validation, payloadWithPresets).map((error) => error.details.map((details) => new FailedValidationException(details)))));
+        validationErrors.push(...flatten(validatePayload(permission.validation, payloadWithPresets).map((error) => error.details.map((details) => new FailedValidationError(joiValidationErrorItemToErrorExtensions(details))))));
         if (validationErrors.length > 0)
             throw validationErrors;
         return payloadWithPresets;
@@ -431,14 +431,14 @@ export class AuthorizationService {
         if (Array.isArray(pk)) {
             const result = await itemsService.readMany(pk, { ...query, limit: pk.length }, { permissionsAction: action });
             if (!result)
-                throw new ForbiddenException();
+                throw new ForbiddenError();
             if (result.length !== pk.length)
-                throw new ForbiddenException();
+                throw new ForbiddenError();
         }
         else {
             const result = await itemsService.readOne(pk, query, { permissionsAction: action });
             if (!result)
-                throw new ForbiddenException();
+                throw new ForbiddenError();
         }
     }
 }