@directus/api 14.0.0 → 14.0.2

package/dist/auth/drivers/oauth2.js

@@ -54,8 +54,9 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         return generators.codeVerifier();
     }
     generateAuthUrl(codeVerifier, prompt = false) {
+        const { plainCodeChallenge } = this.config;
         try {
-            const codeChallenge = generators.codeChallenge(codeVerifier);
+            const codeChallenge = plainCodeChallenge ? codeVerifier : generators.codeChallenge(codeVerifier);
             const paramsConfig = typeof this.config['params'] === 'object' ? this.config['params'] : {};
             return this.client.authorizationUrl({
                 scope: this.config['scope'] ?? 'email',
@@ -63,7 +64,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
                 code_challenge: codeChallenge,
-                code_challenge_method: 'S256',
+                code_challenge_method: plainCodeChallenge ? 'plain' : 'S256',
                 // Some providers require state even with PKCE
                 state: codeChallenge,
             });
@@ -85,10 +86,14 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
             logger.warn('[OAuth2] No code, codeVerifier or state in payload');
             throw new InvalidCredentialsError();
         }
+        const { plainCodeChallenge } = this.config;
         let tokenSet;
         let userInfo;
         try {
-            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: generators.codeChallenge(payload['codeVerifier']) });
+            const codeChallenge = plainCodeChallenge
+                ? payload['codeVerifier']
+                : generators.codeChallenge(payload['codeVerifier']);
+            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge });
             userInfo = await this.client.userinfo(tokenSet.access_token);
         }
         catch (e) {

package/dist/auth/drivers/openid.js

@@ -64,9 +64,10 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         return generators.codeVerifier();
     }
     async generateAuthUrl(codeVerifier, prompt = false) {
+        const { plainCodeChallenge } = this.config;
         try {
             const client = await this.client;
-            const codeChallenge = generators.codeChallenge(codeVerifier);
+            const codeChallenge = plainCodeChallenge ? codeVerifier : generators.codeChallenge(codeVerifier);
             const paramsConfig = typeof this.config['params'] === 'object' ? this.config['params'] : {};
             return client.authorizationUrl({
                 scope: this.config['scope'] ?? 'openid profile email',
@@ -74,7 +75,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
                 code_challenge: codeChallenge,
-                code_challenge_method: 'S256',
+                code_challenge_method: plainCodeChallenge ? 'plain' : 'S256',
                 // Some providers require state even with PKCE
                 state: codeChallenge,
                 nonce: codeChallenge,
@@ -97,11 +98,14 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             logger.warn('[OpenID] No code, codeVerifier or state in payload');
             throw new InvalidCredentialsError();
         }
+        const { plainCodeChallenge } = this.config;
         let tokenSet;
         let userInfo;
         try {
             const client = await this.client;
-            const codeChallenge = generators.codeChallenge(payload['codeVerifier']);
+            const codeChallenge = plainCodeChallenge
+                ? payload['codeVerifier']
+                : generators.codeChallenge(payload['codeVerifier']);
             tokenSet = await client.callback(this.redirectUrl, { code: payload['code'], state: payload['state'], iss: payload['iss'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge, nonce: codeChallenge });
             userInfo = tokenSet.claims();
             if (client.issuer.metadata['userinfo_endpoint']) {

package/dist/cli/index.js

@@ -1,7 +1,5 @@
 import { Command, Option } from 'commander';
-import { isInstalled } from '../database/index.js';
 import emitter from '../emitter.js';
-import { getExtensionManager } from '../extensions/index.js';
 import { startServer } from '../server.js';
 import * as pkg from '../utils/package.js';
 import bootstrap from './commands/bootstrap/index.js';
@@ -16,12 +14,10 @@ import keyGenerate from './commands/security/key.js';
 import secretGenerate from './commands/security/secret.js';
 import usersCreate from './commands/users/create.js';
 import usersPasswd from './commands/users/passwd.js';
+import { loadExtensions } from './load-extensions.js';
 export async function createCli() {
     const program = new Command();
-    if ((await isInstalled()) === true) {
-        const extensionManager = getExtensionManager();
-        await extensionManager.initialize({ schedule: false, watch: false });
-    }
+    await loadExtensions();
     await emitter.emitInit('cli.before', { program });
     program.name('directus').usage('[command] [options]');
     program.version(pkg.version, '-v, --version');

package/dist/cli/load-extensions.d.ts

@@ -0,0 +1 @@
+export declare const loadExtensions: () => Promise<void>;

package/dist/cli/load-extensions.js

@@ -0,0 +1,19 @@
+import { isInstalled, validateMigrations } from '../database/index.js';
+import { getEnv } from '../env.js';
+import { getExtensionManager } from '../extensions/index.js';
+import logger from '../logger.js';
+export const loadExtensions = async () => {
+    const env = getEnv();
+    if (!('DB_CLIENT' in env))
+        return;
+    const installed = await isInstalled();
+    if (!installed)
+        return;
+    const migrationsValid = await validateMigrations();
+    if (!migrationsValid) {
+        logger.info('Skipping CLI extensions initialization due to outstanding migrations.');
+        return;
+    }
+    const extensionManager = getExtensionManager();
+    await extensionManager.initialize({ schedule: false, watch: false });
+};

package/dist/database/system-data/app-access-permissions/app-access-permissions.yaml

@@ -99,7 +99,16 @@
     - preferences_divider
     - avatar
     - language
-    - theme
+    - appearance
+    - theme_light
+    - theme_dark
+    - theme_light_overrides
+    - theme_dark_overrides
     - tfa_secret
     - status
     - role
+
+    # This is a temporary allowed field to help people migrate from
+    # 10.6 to 10.7 and should be removed in 10.8
+    # @TODO remove
+    - theme

package/dist/database/system-data/fields/users.yaml

@@ -104,6 +104,8 @@ fields:
     interface: select-dropdown
     options:
       choices:
+        - value: null
+          text: $t:appearance_global
         - value: auto
           text: $t:appearance_auto
         - value: light

package/dist/emitter.d.ts

@@ -8,10 +8,10 @@ export declare class Emitter {
     emitFilter<T>(event: string | string[], payload: T, meta: Record<string, any>, context?: EventContext | null): Promise<T>;
     emitAction(event: string | string[], meta: Record<string, any>, context?: EventContext | null): void;
     emitInit(event: string, meta: Record<string, any>): Promise<void>;
-    onFilter(event: string, handler: FilterHandler): void;
+    onFilter<T = unknown>(event: string, handler: FilterHandler<T>): void;
     onAction(event: string, handler: ActionHandler): void;
     onInit(event: string, handler: InitHandler): void;
-    offFilter(event: string, handler: FilterHandler): void;
+    offFilter<T = unknown>(event: string, handler: FilterHandler<T>): void;
     offAction(event: string, handler: ActionHandler): void;
     offInit(event: string, handler: InitHandler): void;
     offAll(): void;

package/dist/extensions/manager.js

@@ -38,11 +38,12 @@ const virtual = virtualDefault;
 const alias = aliasDefault;
 const nodeResolve = nodeResolveDefault;
 const __dirname = dirname(fileURLToPath(import.meta.url));
+const defaultOptions = {
+    schedule: true,
+    watch: env['EXTENSIONS_AUTO_RELOAD'] && env['NODE_ENV'] !== 'development',
+};
 export class ExtensionManager {
-    options = {
-        schedule: true,
-        watch: env['EXTENSIONS_AUTO_RELOAD'] && env['NODE_ENV'] !== 'development',
-    };
+    options = defaultOptions;
     /**
      * Whether or not the extensions have been read from disk and registered into the system
      */
@@ -105,12 +106,10 @@ export class ExtensionManager {
      * @param {boolean} options.watch - Whether or not to watch the local extensions folder for changes
      */
     async initialize(options = {}) {
-        if (options.schedule !== undefined) {
-            this.options.schedule = options.schedule;
-        }
-        if (options.watch !== undefined) {
-            this.options.watch = options.watch;
-        }
+        this.options = {
+            ...defaultOptions,
+            ...options,
+        };
         const wasWatcherInitialized = this.watcher !== null;
         if (this.options.watch && !wasWatcherInitialized) {
             this.initializeWatcher();
@@ -567,7 +566,8 @@ export class ExtensionManager {
      */
     registerEndpoint(config, name) {
         const endpointRegistrationCallback = typeof config === 'function' ? config : config.handler;
-        const routeName = typeof config === 'function' ? name : config.id;
+        const nameWithoutType = name.includes(':') ? name.split(':')[0] : name;
+        const routeName = typeof config === 'function' ? nameWithoutType : config.id;
         const scopedRouter = express.Router();
         this.endpointRouter.use(`/${routeName}`, scopedRouter);
         endpointRegistrationCallback(scopedRouter, {

package/dist/middleware/respond.js

@@ -19,6 +19,16 @@ export const respond = asyncHandler(async (req, res) => {
         const maxSize = parseBytesConfiguration(env['CACHE_VALUE_MAX_SIZE']);
         exceedsMaxSize = valueSize > maxSize;
     }
+    if (req.sanitizedQuery.version &&
+        req.collection &&
+        (req.singleton || req.params['pk']) &&
+        'data' in res.locals['payload']) {
+        const versionsService = new VersionsService({ accountability: req.accountability ?? null, schema: req.schema });
+        const saves = await versionsService.getVersionSaves(req.sanitizedQuery.version, req.collection, req.params['pk']);
+        if (saves) {
+            assign(res.locals['payload'].data, ...saves);
+        }
+    }
     if ((req.method.toLowerCase() === 'get' || req.originalUrl?.startsWith('/graphql')) &&
         env['CACHE_ENABLED'] === true &&
         cache &&
@@ -41,16 +51,6 @@ export const respond = asyncHandler(async (req, res) => {
         res.setHeader('Cache-Control', 'no-cache');
         res.setHeader('Vary', 'Origin, Cache-Control');
     }
-    if (req.sanitizedQuery.version &&
-        req.collection &&
-        (req.singleton || req.params['pk']) &&
-        'data' in res.locals['payload']) {
-        const versionsService = new VersionsService({ accountability: req.accountability ?? null, schema: req.schema });
-        const saves = await versionsService.getVersionSaves(req.sanitizedQuery.version, req.collection, req.params['pk']);
-        if (saves) {
-            assign(res.locals['payload'].data, ...saves);
-        }
-    }
     if (req.sanitizedQuery.export) {
         const exportService = new ExportService({ accountability: req.accountability ?? null, schema: req.schema });
         let filename = '';

package/dist/middleware/validate-batch.js

@@ -2,6 +2,7 @@ import Joi from 'joi';
 import { InvalidPayloadError } from '@directus/errors';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
+import { validateQuery } from '../utils/validate-query.js';
 export const validateBatch = (scope) => asyncHandler(async (req, _res, next) => {
     if (req.method.toLowerCase() === 'get') {
         req.body = {};
@@ -18,6 +19,7 @@ export const validateBatch = (scope) => asyncHandler(async (req, _res, next) =>
     // In reads, the query in the body should override the query params for searching
     if (scope === 'read' && req.body.query) {
         req.sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
+        validateQuery(req.sanitizedQuery);
     }
     // Every cRUD action has either keys or query
     let batchSchema = Joi.object().keys({

package/dist/server.js

@@ -10,9 +10,9 @@ import emitter from './emitter.js';
 import env from './env.js';
 import logger from './logger.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
+import { toBoolean } from './utils/to-boolean.js';
 import { createSubscriptionController, createWebSocketController, getSubscriptionController, getWebSocketController, } from './websocket/controllers/index.js';
 import { startWebSocketHandlers } from './websocket/handlers/index.js';
-import { toBoolean } from './utils/to-boolean.js';
 export let SERVER_ONLINE = true;
 export async function createServer() {
     const server = http.createServer(await createApp());
@@ -116,6 +116,7 @@ export async function startServer() {
     server
         .listen(port, host, () => {
         logger.info(`Server started at http://${host}:${port}`);
+        process.send?.('ready');
         emitter.emitAction('server.start', { server }, {
             database: getDatabase(),
             schema: null,

package/dist/services/extensions.js

@@ -89,7 +89,22 @@ export class ExtensionsService {
             let bundleName = null;
             let name = meta.name;
             if (name.includes('/')) {
-                [bundleName, name] = name.split('/');
+                const parts = name.split('/');
+                // NPM packages can have an optional organization scope in the format
+                // `@<org>/<package>`. This is limited to a single `/`.
+                //
+                // `foo` -> extension
+                // `foo/bar` -> bundle
+                // `@rijk/foo` -> extension
+                // `@rijk/foo/bar -> bundle
+                const hasOrg = parts.at(0).startsWith('@');
+                if (hasOrg && parts.length > 2) {
+                    name = parts.pop();
+                    bundleName = parts.join('/');
+                }
+                else if (hasOrg === false) {
+                    [bundleName, name] = parts;
+                }
             }
             let schema;
             if (bundleName) {

package/dist/services/files.js

@@ -29,23 +29,23 @@ export class FilesService extends ItemsService {
      */
     async uploadOne(stream, data, primaryKey, opts) {
         const storage = await getStorage();
-        let existingFile = {};
+        let existingFile = null;
         if (primaryKey !== undefined) {
             existingFile =
                 (await this.knex
                     .select('folder', 'filename_download')
                     .from('directus_files')
                     .where({ id: primaryKey })
-                    .first()) ?? {};
+                    .first()) ?? null;
         }
-        const payload = { ...existingFile, ...clone(data) };
+        const payload = { ...(existingFile ?? {}), ...clone(data) };
         if ('folder' in payload === false) {
             const settings = await this.knex.select('storage_default_folder').from('directus_settings').first();
             if (settings?.storage_default_folder) {
                 payload.folder = settings.storage_default_folder;
             }
         }
-        if (primaryKey !== undefined) {
+        if (existingFile !== null && primaryKey !== undefined) {
             await this.updateOne(primaryKey, payload, { emitEvents: false });
             // If the file you're uploading already exists, we'll consider this upload a replace. In that case, we'll
             // delete the previously saved file and thumbnails to ensure they're generated fresh

package/dist/services/versions.js

@@ -3,8 +3,10 @@ import { InvalidPayloadError, UnprocessableContentError } from '@directus/errors
 import Joi from 'joi';
 import { assign, pick } from 'lodash-es';
 import objectHash from 'object-hash';
+import { getCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
+import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { ActivityService } from './activity.js';
 import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
@@ -188,6 +190,10 @@ export class VersionsService extends ItemsService {
             data: revisionDelta,
             delta: revisionDelta,
         });
+        const { cache } = getCache();
+        if (shouldClearCache(cache, undefined, version['collection'])) {
+            cache.clear();
+        }
         return data;
     }
     async promote(version, mainHash, fields) {

package/dist/utils/delete-from-require-cache.js

@@ -1,5 +1,12 @@
 import { createRequire } from 'node:module';
+import logger from '../logger.js';
 const require = createRequire(import.meta.url);
 export function deleteFromRequireCache(modulePath) {
-    delete require.cache[require.resolve(modulePath)];
+    try {
+        const moduleCachePath = require.resolve(modulePath);
+        delete require.cache[moduleCachePath];
+    }
+    catch (error) {
+        logger.trace(`Module cache not found for ${modulePath}, skipped cache delete.`);
+    }
 }

package/dist/utils/redact-object.d.ts

@@ -19,5 +19,5 @@ export declare function redactObject(input: UnknownObject, redact: {
 /**
  * Replace values and extract Error objects for use with JSON.stringify()
  */
-export declare function getReplacer(replacement: Replacement, values?: Values): (_key: string, value: unknown) => unknown;
+export declare function getReplacer(replacement: Replacement, values?: Values): (_key: string, value: unknown) => any;
 export {};

package/dist/utils/redact-object.js

@@ -84,31 +84,44 @@ export function getReplacer(replacement, values) {
     const filteredValues = values
         ? Object.entries(values).filter(([_k, v]) => typeof v === 'string' && v.length > 0)
         : [];
-    const seen = new WeakSet();
-    return (_key, value) => {
-        // Skip circular values
-        if (isObject(value)) {
-            if (seen.has(value)) {
-                return;
+    const replacer = (seen) => {
+        return function (_key, value) {
+            if (value instanceof Error) {
+                return {
+                    name: value.name,
+                    message: value.message,
+                    stack: value.stack,
+                    cause: value.cause,
+                };
             }
-            seen.add(value);
-        }
-        if (value instanceof Error) {
-            return {
-                name: value.name,
-                message: value.message,
-                stack: value.stack,
-                cause: value.cause,
-            };
-        }
-        if (!values || filteredValues.length === 0 || typeof value !== 'string')
-            return value;
-        let finalValue = value;
-        for (const [redactKey, valueToRedact] of filteredValues) {
-            if (finalValue.includes(valueToRedact)) {
-                finalValue = finalValue.replace(new RegExp(valueToRedact, 'g'), replacement(redactKey));
+            if (value !== null && typeof value === 'object') {
+                if (seen.has(value)) {
+                    return '[Circular]';
+                }
+                seen.add(value);
+                const newValue = Array.isArray(value) ? [] : {};
+                for (const [key2, value2] of Object.entries(value)) {
+                    if (typeof value2 === 'string') {
+                        newValue[key2] = value2;
+                    }
+                    else {
+                        newValue[key2] = replacer(seen)(key2, value2);
+                    }
+                }
+                seen.delete(value);
+                return newValue;
             }
-        }
-        return finalValue;
+            if (!values || filteredValues.length === 0 || typeof value !== 'string')
+                return value;
+            let finalValue = value;
+            for (const [redactKey, valueToRedact] of filteredValues) {
+                if (finalValue.includes(valueToRedact)) {
+                    finalValue = finalValue.replace(new RegExp(valueToRedact, 'g'), replacement(redactKey));
+                }
+            }
+            return finalValue;
+        };
     };
+    const seen = new WeakSet();
+    return replacer(seen);
 }

package/dist/utils/sanitize-query.js

@@ -81,6 +81,7 @@ function sanitizeSort(rawSort) {
         fields = rawSort.split(',');
     else if (Array.isArray(rawSort))
         fields = rawSort;
+    fields = fields.map((field) => field.trim());
     return fields;
 }
 function sanitizeAggregate(rawAggregate) {

package/dist/worker-pool.js

@@ -1,3 +1,4 @@
+import os from 'node:os';
 import Tinypool from 'tinypool';
 let workerPool;
 export function getWorkerPool() {
@@ -6,6 +7,13 @@ export function getWorkerPool() {
             minThreads: 0,
             maxQueue: 'auto',
         });
+        // TODO Workaround currently required for failing CPU count on ARM in Tinypool,
+        //      remove again once fixed upstream
+        if (workerPool.options.maxThreads === 0) {
+            const availableParallelism = os.availableParallelism();
+            workerPool.options.maxThreads = availableParallelism;
+            workerPool.options.maxQueue = availableParallelism ** 2;
+        }
     }
     return workerPool;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@directus/api",
-  "version": "14.0.0",
+  "version": "14.0.2",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -144,23 +144,23 @@
     "ws": "8.14.2",
     "zod": "3.22.4",
     "zod-validation-error": "1.0.1",
-    "@directus/app": "10.10.0",
+    "@directus/app": "10.12.0",
     "@directus/constants": "11.0.1",
+    "@directus/extensions": "0.1.1",
     "@directus/errors": "0.2.0",
-    "@directus/extensions": "0.1.0",
-    "@directus/extensions-sdk": "10.1.13",
+    "@directus/extensions-sdk": "10.1.14",
     "@directus/pressure": "1.0.12",
     "@directus/schema": "11.0.0",
-    "@directus/specs": "10.2.0",
+    "@directus/specs": "10.2.1",
     "@directus/storage": "10.0.7",
     "@directus/storage-driver-azure": "10.0.13",
-    "@directus/storage-driver-cloudinary": "10.0.13",
     "@directus/storage-driver-gcs": "10.0.13",
-    "@directus/storage-driver-local": "10.0.13",
+    "@directus/storage-driver-cloudinary": "10.0.13",
     "@directus/storage-driver-s3": "10.0.13",
+    "@directus/storage-driver-local": "10.0.13",
     "@directus/storage-driver-supabase": "1.0.5",
-    "@directus/utils": "11.0.1",
-    "@directus/validation": "0.0.8"
+    "@directus/validation": "0.0.8",
+    "@directus/utils": "11.0.1"
   },
   "devDependencies": {
     "@ngneat/falso": "6.4.0",