@directus/api 13.1.0-beta.0 → 13.1.0

package/dist/types/collection.d.ts

@@ -7,7 +7,6 @@ export type CollectionMeta = {
     singleton: boolean;
     icon: string | null;
     translations: Record<string, string>;
-    branches_enabled: boolean;
     item_duplication_fields: string[] | null;
     accountability: 'all' | 'accountability' | null;
     group: string | null;

package/dist/types/items.d.ts

@@ -47,6 +47,7 @@ export type MutationOptions = {
      */
     mutationTracker?: MutationTracker | undefined;
     preMutationError?: DirectusError | undefined;
+    bypassAutoIncrementSequenceReset?: boolean;
 };
 export type ActionEventParams = {
     event: string | string[];

package/dist/utils/sanitize-query.js

@@ -46,9 +46,6 @@ export function sanitizeQuery(rawQuery, accountability) {
     if (rawQuery['search'] && typeof rawQuery['search'] === 'string') {
         query.search = rawQuery['search'];
     }
-    if (rawQuery['branch']) {
-        query.branch = rawQuery['branch'];
-    }
     if (rawQuery['export']) {
         query.export = rawQuery['export'];
     }

package/dist/utils/validate-query.js

@@ -17,7 +17,6 @@ const querySchema = Joi.object({
     meta: Joi.array().items(Joi.string().valid('total_count', 'filter_count')),
     search: Joi.string(),
     export: Joi.string().valid('csv', 'json', 'xml', 'yaml'),
-    branch: Joi.string(),
     aggregate: Joi.object(),
     deep: Joi.object(),
     alias: Joi.object(),

package/dist/websocket/controllers/base.d.ts

@@ -30,6 +30,7 @@ export default abstract class SocketController {
         maxConnections: number;
     };
     protected getRateLimiter(): RateLimiterAbstract | null;
+    private catchInvalidMessages;
     protected handleUpgrade(request: IncomingMessage, socket: internal.Duplex, head: Buffer): Promise<void>;
     protected handleStrictUpgrade({ request, socket, head }: UpgradeContext, query: ParsedUrlQuery): Promise<void>;
     protected handleHandshakeUpgrade({ request, socket, head }: UpgradeContext): Promise<void>;

package/dist/websocket/controllers/base.js

@@ -67,6 +67,19 @@ export default class SocketController {
         }
         return null;
     }
+    catchInvalidMessages(ws) {
+        /**
+         * This fix was done to prevent the API from crashing on receiving invalid WebSocket frames
+         * https://github.com/directus/directus/security/advisories/GHSA-hmgw-9jrg-hf2m
+         * https://github.com/websockets/ws/issues/2098
+         */
+        // @ts-ignore <- required because "_socket" is not typed on WS
+        ws._socket.prependListener('data', (data) => data.toString());
+        ws.on('error', (error) => {
+            if (error.message)
+                logger.debug(error.message);
+        });
+    }
     async handleUpgrade(request, socket, head) {
         const { pathname, query } = parse(request.url, true);
         if (pathname !== this.endpoint)
@@ -87,6 +100,7 @@ export default class SocketController {
             return;
         }
         this.server.handleUpgrade(request, socket, head, async (ws) => {
+            this.catchInvalidMessages(ws);
             const state = { accountability: null, expires_at: null };
             this.server.emit('connection', ws, state);
         });
@@ -109,12 +123,14 @@ export default class SocketController {
             return;
         }
         this.server.handleUpgrade(request, socket, head, async (ws) => {
+            this.catchInvalidMessages(ws);
             const state = { accountability, expires_at };
             this.server.emit('connection', ws, state);
         });
     }
     async handleHandshakeUpgrade({ request, socket, head }) {
         this.server.handleUpgrade(request, socket, head, async (ws) => {
+            this.catchInvalidMessages(ws);
             try {
                 const payload = await waitForAnyMessage(ws, this.authentication.timeout);
                 if (getMessageType(payload) !== 'auth')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@directus/api",
-  "version": "13.1.0-beta.0",
+  "version": "13.1.0",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -131,7 +131,7 @@
     "rollup": "3.22.0",
     "samlify": "2.8.10",
     "sanitize-html": "2.10.0",
-    "sharp": "0.32.1",
+    "sharp": "0.32.5",
     "snappy": "7.2.2",
     "stream-json": "1.7.5",
     "strip-bom-stream": "5.0.0",
@@ -143,22 +143,22 @@
     "ws": "8.12.1",
     "zod": "3.21.4",
     "zod-validation-error": "1.0.1",
-    "@directus/app": "10.8.0-beta.0",
-    "@directus/constants": "10.2.4-beta.0",
+    "@directus/app": "10.8.0",
+    "@directus/constants": "10.2.3",
     "@directus/errors": "0.0.2",
-    "@directus/extensions-sdk": "10.1.10-beta.0",
-    "@directus/pressure": "1.0.9-beta.0",
+    "@directus/extensions-sdk": "10.1.10",
+    "@directus/pressure": "1.0.9",
     "@directus/schema": "10.0.2",
     "@directus/specs": "10.2.0",
     "@directus/storage": "10.0.5",
-    "@directus/storage-driver-azure": "10.0.10-beta.0",
-    "@directus/storage-driver-cloudinary": "10.0.10-beta.0",
-    "@directus/storage-driver-gcs": "10.0.10-beta.0",
-    "@directus/storage-driver-local": "10.0.10-beta.0",
-    "@directus/storage-driver-s3": "10.0.10-beta.0",
-    "@directus/storage-driver-supabase": "1.0.2-beta.0",
-    "@directus/utils": "10.0.10-beta.0",
-    "@directus/validation": "0.0.5-beta.0"
+    "@directus/storage-driver-azure": "10.0.10",
+    "@directus/storage-driver-cloudinary": "10.0.10",
+    "@directus/storage-driver-gcs": "10.0.10",
+    "@directus/storage-driver-local": "10.0.10",
+    "@directus/storage-driver-s3": "10.0.10",
+    "@directus/storage-driver-supabase": "1.0.2",
+    "@directus/utils": "10.0.10",
+    "@directus/validation": "0.0.5"
   },
   "devDependencies": {
     "@ngneat/falso": "6.4.0",
@@ -207,7 +207,7 @@
     "vitest": "0.31.1",
     "@directus/random": "0.2.2",
     "@directus/tsconfig": "1.0.0",
-    "@directus/types": "10.1.6-beta.0"
+    "@directus/types": "10.1.6"
   },
   "optionalDependencies": {
     "@keyv/redis": "2.5.8",

package/dist/controllers/branches.d.ts

@@ -1,2 +0,0 @@
-declare const router: import("express-serve-static-core").Router;
-export default router;

package/dist/controllers/branches.js

@@ -1,190 +0,0 @@
-import { isDirectusError } from '@directus/errors';
-import express from 'express';
-import { assign } from 'lodash-es';
-import { ErrorCode, InvalidPayloadError } from '../errors/index.js';
-import { respond } from '../middleware/respond.js';
-import useCollection from '../middleware/use-collection.js';
-import { validateBatch } from '../middleware/validate-batch.js';
-import { BranchesService } from '../services/branches.js';
-import { MetaService } from '../services/meta.js';
-import asyncHandler from '../utils/async-handler.js';
-import { sanitizeQuery } from '../utils/sanitize-query.js';
-const router = express.Router();
-router.use(useCollection('directus_branches'));
-router.post('/', asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const savedKeys = [];
-    if (Array.isArray(req.body)) {
-        const keys = await service.createMany(req.body);
-        savedKeys.push(...keys);
-    }
-    else {
-        const primaryKey = await service.createOne(req.body);
-        savedKeys.push(primaryKey);
-    }
-    try {
-        if (Array.isArray(req.body)) {
-            const records = await service.readMany(savedKeys, req.sanitizedQuery);
-            res.locals['payload'] = { data: records };
-        }
-        else {
-            const record = await service.readOne(savedKeys[0], req.sanitizedQuery);
-            res.locals['payload'] = { data: record };
-        }
-    }
-    catch (error) {
-        if (isDirectusError(error, ErrorCode.Forbidden)) {
-            return next();
-        }
-        throw error;
-    }
-    return next();
-}), respond);
-const readHandler = asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const metaService = new MetaService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    let result;
-    if (req.singleton) {
-        result = await service.readSingleton(req.sanitizedQuery);
-    }
-    else if (req.body.keys) {
-        result = await service.readMany(req.body.keys, req.sanitizedQuery);
-    }
-    else {
-        result = await service.readByQuery(req.sanitizedQuery);
-    }
-    const meta = await metaService.getMetaForQuery(req.collection, req.sanitizedQuery);
-    res.locals['payload'] = { data: result, meta };
-    return next();
-});
-router.get('/', validateBatch('read'), readHandler, respond);
-router.search('/', validateBatch('read'), readHandler, respond);
-router.get('/:pk', asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const record = await service.readOne(req.params['pk'], req.sanitizedQuery);
-    res.locals['payload'] = { data: record || null };
-    return next();
-}), respond);
-router.patch('/', validateBatch('update'), asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    let keys = [];
-    if (Array.isArray(req.body)) {
-        keys = await service.updateBatch(req.body);
-    }
-    else if (req.body.keys) {
-        keys = await service.updateMany(req.body.keys, req.body.data);
-    }
-    else {
-        const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
-        keys = await service.updateByQuery(sanitizedQuery, req.body.data);
-    }
-    try {
-        const result = await service.readMany(keys, req.sanitizedQuery);
-        res.locals['payload'] = { data: result || null };
-    }
-    catch (error) {
-        if (isDirectusError(error, ErrorCode.Forbidden)) {
-            return next();
-        }
-        throw error;
-    }
-    return next();
-}), respond);
-router.patch('/:pk', asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const primaryKey = await service.updateOne(req.params['pk'], req.body);
-    try {
-        const record = await service.readOne(primaryKey, req.sanitizedQuery);
-        res.locals['payload'] = { data: record || null };
-    }
-    catch (error) {
-        if (isDirectusError(error, ErrorCode.Forbidden)) {
-            return next();
-        }
-        throw error;
-    }
-    return next();
-}), respond);
-router.delete('/', validateBatch('delete'), asyncHandler(async (req, _res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    if (Array.isArray(req.body)) {
-        await service.deleteMany(req.body);
-    }
-    else if (req.body.keys) {
-        await service.deleteMany(req.body.keys);
-    }
-    else {
-        const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
-        await service.deleteByQuery(sanitizedQuery);
-    }
-    return next();
-}), respond);
-router.delete('/:pk', asyncHandler(async (req, _res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    await service.deleteOne(req.params['pk']);
-    return next();
-}), respond);
-router.get('/:pk/compare', asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const branch = await service.readOne(req.params['pk']);
-    const { outdated, mainHash } = await service.verifyHash(branch['collection'], branch['item'], branch['hash']);
-    const commits = await service.getBranchCommits(branch['id']);
-    const current = assign({}, ...commits);
-    const fields = Object.keys(current);
-    const mainBranchItem = await service.getMainBranchItem(branch['collection'], branch['item'], fields.length > 0 ? { fields } : undefined);
-    res.locals['payload'] = { data: { outdated, mainHash, current, main: mainBranchItem } };
-    return next();
-}), respond);
-router.post('/:pk/commit', asyncHandler(async (req, res, next) => {
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const branch = await service.readOne(req.params['pk']);
-    const mainBranchItem = await service.getMainBranchItem(branch['collection'], branch['item']);
-    await service.commit(req.params['pk'], req.body);
-    const commits = await service.getBranchCommits(req.params['pk']);
-    const result = assign(mainBranchItem, ...commits);
-    res.locals['payload'] = { data: result || null };
-    return next();
-}), respond);
-router.post('/:pk/merge', asyncHandler(async (req, res, next) => {
-    if (typeof req.body.mainHash !== 'string') {
-        throw new InvalidPayloadError({ reason: `"mainHash" field is required` });
-    }
-    const service = new BranchesService({
-        accountability: req.accountability,
-        schema: req.schema,
-    });
-    const updatedItemKey = await service.merge(req.params['pk'], req.body.mainHash, req.body?.['fields']);
-    res.locals['payload'] = { data: updatedItemKey || null };
-    return next();
-}), respond);
-export default router;

package/dist/database/migrations/20230823A-add-content-versioning.d.ts

@@ -1,3 +0,0 @@
-import type { Knex } from 'knex';
-export declare function up(knex: Knex): Promise<void>;
-export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20230823A-add-content-versioning.js

@@ -1,26 +0,0 @@
-export async function up(knex) {
-    await knex.schema.createTable('directus_branches', (table) => {
-        table.uuid('id').primary().notNullable();
-        table.string('name').notNullable();
-        table.string('collection', 64).references('collection').inTable('directus_collections').onDelete('CASCADE');
-        table.string('item');
-        table.string('hash').notNullable();
-        table.timestamp('date_created').defaultTo(knex.fn.now());
-        table.uuid('user_created').references('id').inTable('directus_users').onDelete('SET NULL');
-    });
-    await knex.schema.alterTable('directus_collections', (table) => {
-        table.boolean('branches_enabled').notNullable().defaultTo(false);
-    });
-    await knex.schema.alterTable('directus_revisions', (table) => {
-        table.uuid('branch').references('id').inTable('directus_branches').onDelete('CASCADE');
-    });
-}
-export async function down(knex) {
-    await knex.schema.dropTable('directus_branches');
-    await knex.schema.alterTable('directus_collections', (table) => {
-        table.dropColumn('branches_enabled');
-    });
-    await knex.schema.alterTable('directus_revisions', (table) => {
-        table.dropColumn('branch');
-    });
-}

package/dist/database/system-data/fields/branches.yaml

@@ -1,19 +0,0 @@
-table: directus_branches
-
-fields:
-  - field: id
-    special:
-      - uuid
-    readonly: true
-    hidden: true
-  - field: name
-  - field: collection
-  - field: item
-  - field: hash
-  - field: date_created
-    special:
-      - date-created
-      - cast-timestamp
-  - field: user_created
-    special:
-      - user-created

package/dist/services/branches.d.ts

@@ -1,25 +0,0 @@
-import type { Item, PrimaryKey, Query } from '@directus/types';
-import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
-import { AuthorizationService } from './authorization.js';
-import { CollectionsService } from './collections.js';
-import { ItemsService } from './items.js';
-export declare class BranchesService extends ItemsService {
-    authorizationService: AuthorizationService;
-    collectionsService: CollectionsService;
-    constructor(options: AbstractServiceOptions);
-    private validateCreateData;
-    private validateUpdateData;
-    getMainBranchItem(collection: string, item: PrimaryKey, query?: Query): Promise<Item>;
-    verifyHash(collection: string, item: PrimaryKey, hash: string): Promise<{
-        outdated: boolean;
-        mainHash: string;
-    }>;
-    getBranchCommits(key: PrimaryKey): Promise<Partial<Item>[]>;
-    createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
-    createMany(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
-    updateBatch(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
-    updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
-    updateByQuery(query: Query, data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
-    commit(key: PrimaryKey, data: Partial<Item>): Promise<Partial<Item>>;
-    merge(branch: PrimaryKey, mainHash: string, fields?: string[]): Promise<import("../types/items.js").PrimaryKey>;
-}

package/dist/services/branches.js

@@ -1,205 +0,0 @@
-import Joi from 'joi';
-import { assign, pick } from 'lodash-es';
-import objectHash from 'object-hash';
-import getDatabase from '../database/index.js';
-import emitter from '../emitter.js';
-import { InvalidPayloadError, UnprocessableContentError } from '../errors/index.js';
-import { ActivityService } from './activity.js';
-import { AuthorizationService } from './authorization.js';
-import { CollectionsService } from './collections.js';
-import { ItemsService } from './items.js';
-import { PayloadService } from './payload.js';
-import { RevisionsService } from './revisions.js';
-const branchUpdateSchema = Joi.object({
-    name: Joi.string(),
-});
-export class BranchesService extends ItemsService {
-    authorizationService;
-    collectionsService;
-    constructor(options) {
-        super('directus_branches', options);
-        this.authorizationService = new AuthorizationService({
-            accountability: this.accountability,
-            knex: this.knex,
-            schema: this.schema,
-        });
-        this.collectionsService = new CollectionsService({
-            accountability: this.accountability,
-            knex: this.knex,
-            schema: this.schema,
-        });
-    }
-    async validateCreateData(data) {
-        if (!data['name'])
-            throw new InvalidPayloadError({ reason: `"name" is required` });
-        // Reserves the "main" branch name for the branch query parameter
-        if (data['name'] === 'main')
-            throw new InvalidPayloadError({ reason: `"main" is a reserved branch name` });
-        if (!data['collection']) {
-            throw new InvalidPayloadError({ reason: `"collection" is required` });
-        }
-        if (!data['item'])
-            throw new InvalidPayloadError({ reason: `"item" is required` });
-        // will throw an error if the collection does not exist or the accountability does not have permission to read it
-        const existingCollection = await this.collectionsService.readOne(data['collection']);
-        if (!existingCollection.meta?.branches_enabled) {
-            throw new UnprocessableContentError({
-                reason: `Branch feature is not enabled for collection "${data['collection']}"`,
-            });
-        }
-        const existingBranches = await super.readByQuery({
-            fields: ['name', 'collection', 'item'],
-            filter: { name: { _eq: data['name'] }, collection: { _eq: data['collection'] }, item: { _eq: data['item'] } },
-        });
-        if (existingBranches.length > 0) {
-            throw new UnprocessableContentError({
-                reason: `Branch "${data['name']}" already exists for item "${data['item']}" in collection "${data['collection']}"`,
-            });
-        }
-        // will throw an error if the accountability does not have permission to read the item
-        await this.authorizationService.checkAccess('read', data['collection'], data['item']);
-    }
-    async validateUpdateData(data) {
-        // Only allow updates on "name" field
-        const { error } = branchUpdateSchema.validate(data);
-        if (error)
-            throw new InvalidPayloadError({ reason: error.message });
-        // Reserves the "main" branch name for the branch query parameter
-        if ('name' in data && data['name'] === 'main') {
-            throw new InvalidPayloadError({ reason: `"main" is a reserved branch name` });
-        }
-    }
-    async getMainBranchItem(collection, item, query) {
-        // will throw an error if the accountability does not have permission to read the item
-        await this.authorizationService.checkAccess('read', collection, item);
-        const itemsService = new ItemsService(collection, {
-            knex: this.knex,
-            accountability: this.accountability,
-            schema: this.schema,
-        });
-        return await itemsService.readOne(item, query);
-    }
-    async verifyHash(collection, item, hash) {
-        const mainBranchItem = await this.getMainBranchItem(collection, item);
-        const mainHash = objectHash(mainBranchItem);
-        return { outdated: hash !== mainHash, mainHash };
-    }
-    async getBranchCommits(key) {
-        const revisionsService = new RevisionsService({
-            knex: this.knex,
-            schema: this.schema,
-        });
-        const result = await revisionsService.readByQuery({
-            filter: { branch: { _eq: key } },
-        });
-        return result.map((revision) => revision['delta']);
-    }
-    async createOne(data, opts) {
-        await this.validateCreateData(data);
-        const mainBranchItem = await this.getMainBranchItem(data['collection'], data['item']);
-        data['hash'] = objectHash(mainBranchItem);
-        return super.createOne(data, opts);
-    }
-    async createMany(data, opts) {
-        if (!Array.isArray(data)) {
-            throw new InvalidPayloadError({ reason: 'Input should be an array of items' });
-        }
-        for (const item of data) {
-            await this.validateCreateData(item);
-            const mainBranchItem = await this.getMainBranchItem(item['collection'], item['item']);
-            item['hash'] = objectHash(mainBranchItem);
-        }
-        return super.createMany(data, opts);
-    }
-    async updateBatch(data, opts) {
-        if (!Array.isArray(data)) {
-            throw new InvalidPayloadError({ reason: 'Input should be an array of items' });
-        }
-        for (const item of data) {
-            await this.validateUpdateData(item);
-        }
-        return super.updateBatch(data, opts);
-    }
-    async updateMany(keys, data, opts) {
-        await this.validateUpdateData(data);
-        return super.updateMany(keys, data, opts);
-    }
-    async updateByQuery(query, data, opts) {
-        await this.validateUpdateData(data);
-        return super.updateByQuery(query, data, opts);
-    }
-    async commit(key, data) {
-        const branch = await super.readOne(key);
-        const payloadService = new PayloadService(this.collection, {
-            accountability: this.accountability,
-            knex: this.knex,
-            schema: this.schema,
-        });
-        const activityService = new ActivityService({
-            knex: this.knex,
-            schema: this.schema,
-        });
-        const revisionsService = new RevisionsService({
-            knex: this.knex,
-            schema: this.schema,
-        });
-        const activity = await activityService.createOne({
-            action: 'commit',
-            user: this.accountability?.user ?? null,
-            collection: branch['collection'],
-            ip: this.accountability?.ip ?? null,
-            user_agent: this.accountability?.userAgent ?? null,
-            origin: this.accountability?.origin ?? null,
-            item: branch['item'],
-        });
-        const revisionDelta = await payloadService.prepareDelta(data);
-        await revisionsService.createOne({
-            activity,
-            branch: key,
-            collection: branch['collection'],
-            item: branch['item'],
-            data: revisionDelta,
-            delta: revisionDelta,
-        });
-        return data;
-    }
-    async merge(branch, mainHash, fields) {
-        const { id, collection, item } = (await this.readOne(branch));
-        // will throw an error if the accountability does not have permission to update the item
-        await this.authorizationService.checkAccess('update', collection, item);
-        const { outdated } = await this.verifyHash(collection, item, mainHash);
-        if (outdated) {
-            throw new UnprocessableContentError({
-                reason: `Main branch has changed since this branch was last updated`,
-            });
-        }
-        const commits = await this.getBranchCommits(id);
-        const branchResult = assign({}, ...commits);
-        const payloadToUpdate = fields ? pick(branchResult, fields) : branchResult;
-        const itemsService = new ItemsService(collection, {
-            accountability: this.accountability,
-            schema: this.schema,
-        });
-        const payloadAfterHooks = await emitter.emitFilter(['items.merge', `${collection}.items.merge`], payloadToUpdate, {
-            collection,
-            item,
-            branch,
-        }, {
-            database: getDatabase(),
-            schema: this.schema,
-            accountability: this.accountability,
-        });
-        const updatedItemKey = await itemsService.updateOne(item, payloadAfterHooks);
-        emitter.emitAction(['items.merge', `${collection}.items.merge`], {
-            payload: payloadAfterHooks,
-            collection,
-            item: updatedItemKey,
-            branch,
-        }, {
-            database: getDatabase(),
-            schema: this.schema,
-            accountability: this.accountability,
-        });
-        return updatedItemKey;
-    }
-}