@directus/api 14.0.1 → 14.1.0

package/dist/extensions/manager.js

@@ -1,6 +1,6 @@
 import { JAVASCRIPT_FILE_EXTS } from '@directus/constants';
 import { APP_SHARED_DEPS, HYBRID_EXTENSION_TYPES, NESTED_EXTENSION_TYPES } from '@directus/extensions';
-import { ensureExtensionDirs, generateExtensionsEntrypoint } from '@directus/extensions/node';
+import { generateExtensionsEntrypoint } from '@directus/extensions/node';
 import { isIn, isTypeIn, pluralize } from '@directus/utils';
 import { pathToRelativeUrl } from '@directus/utils/node';
 import aliasDefault from '@rollup/plugin-alias';
@@ -27,11 +27,13 @@ import { getSchema } from '../utils/get-schema.js';
 import { importFileUrl } from '../utils/import-file-url.js';
 import { JobQueue } from '../utils/job-queue.js';
 import { scheduleSynchronizedJob, validateCron } from '../utils/schedule.js';
+import { getExtensionsPath } from './lib/get-extensions-path.js';
 import { getExtensionsSettings } from './lib/get-extensions-settings.js';
 import { getExtensions } from './lib/get-extensions.js';
 import { getSharedDepsMapping } from './lib/get-shared-deps-mapping.js';
 import { generateApiExtensionsSandboxEntrypoint } from './lib/sandbox/generate-api-extensions-sandbox-entrypoint.js';
 import { instantiateSandboxSdk } from './lib/sandbox/sdk/instantiate.js';
+import { syncExtensions } from './lib/sync-extensions.js';
 import { wrapEmbeds } from './lib/wrap-embeds.js';
 // Workaround for https://github.com/rollup/plugins/issues/1329
 const virtual = virtualDefault;
@@ -132,13 +134,20 @@ export class ExtensionManager {
      */
     async load() {
         try {
-            await ensureExtensionDirs(env['EXTENSIONS_PATH'], NESTED_EXTENSION_TYPES);
+            await syncExtensions();
+        }
+        catch (error) {
+            logger.error(`Failed to sync extensions`);
+            logger.error(error);
+            process.exit(1);
+        }
+        try {
             this.extensions = await getExtensions();
             this.extensionsSettings = await getExtensionsSettings(this.extensions);
         }
-        catch (err) {
+        catch (error) {
             logger.warn(`Couldn't load extensions`);
-            logger.warn(err);
+            logger.warn(error);
         }
         await this.registerHooks();
         await this.registerEndpoints();
@@ -223,7 +232,7 @@ export class ExtensionManager {
      */
     initializeWatcher() {
         logger.info('Watching extensions for changes...');
-        const extensionDirUrl = pathToRelativeUrl(env['EXTENSIONS_PATH']);
+        const extensionDirUrl = pathToRelativeUrl(getExtensionsPath());
         const localExtensionUrls = NESTED_EXTENSION_TYPES.flatMap((type) => {
             const typeDir = path.posix.join(extensionDirUrl, pluralize(type));
             if (isIn(type, HYBRID_EXTENSION_TYPES)) {
@@ -566,7 +575,8 @@ export class ExtensionManager {
      */
     registerEndpoint(config, name) {
         const endpointRegistrationCallback = typeof config === 'function' ? config : config.handler;
-        const routeName = typeof config === 'function' ? name : config.id;
+        const nameWithoutType = name.includes(':') ? name.split(':')[0] : name;
+        const routeName = typeof config === 'function' ? nameWithoutType : config.id;
         const scopedRouter = express.Router();
         this.endpointRouter.use(`/${routeName}`, scopedRouter);
         endpointRegistrationCallback(scopedRouter, {

package/dist/logger.d.ts

@@ -1,7 +1,8 @@
 /// <reference types="qs" />
 import type { RequestHandler } from 'express';
-import type { LoggerOptions } from 'pino';
+import { type LoggerOptions } from 'pino';
 export declare const httpLoggerOptions: LoggerOptions;
 declare const logger: import("pino").Logger<LoggerOptions & Record<string, any>>;
+export declare const httpLoggerEnvConfig: Record<string, any>;
 export declare const expressLogger: RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
 export default logger;

package/dist/logger.js

@@ -1,8 +1,8 @@
 import { REDACTED_TEXT, toArray } from '@directus/utils';
 import { merge } from 'lodash-es';
+import { URL } from 'node:url';
 import { pino } from 'pino';
 import { pinoHttp, stdSerializers } from 'pino-http';
-import { URL } from 'url';
 import env from './env.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 const pinoOptions = {
@@ -82,7 +82,18 @@ if (loggerEnvConfig['levels']) {
     delete loggerEnvConfig['levels'];
 }
 const logger = pino(merge(pinoOptions, loggerEnvConfig));
-const httpLoggerEnvConfig = getConfigFromEnv('LOGGER_HTTP', ['LOGGER_HTTP_LOGGER']);
+export const httpLoggerEnvConfig = getConfigFromEnv('LOGGER_HTTP', ['LOGGER_HTTP_LOGGER']);
+if (env['LOG_HTTP_IGNORE_PATHS']) {
+    const ignorePathsSet = new Set(env['LOG_HTTP_IGNORE_PATHS']);
+    httpLoggerEnvConfig['autoLogging'] = {
+        ignore: (req) => {
+            if (!req.url)
+                return false;
+            const { pathname } = new URL(req.url, 'http://example.com/');
+            return ignorePathsSet.has(pathname);
+        },
+    };
+}
 export const expressLogger = pinoHttp({
     logger: pino(merge(httpLoggerOptions, loggerEnvConfig)),
     ...httpLoggerEnvConfig,

package/dist/messenger.js

@@ -1,6 +1,6 @@
 import { parseJSON } from '@directus/utils';
 import { Redis } from 'ioredis';
-import { getEnv } from './env.js';
+import env from './env.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 export class MessengerMemory {
     handlers;
@@ -30,7 +30,6 @@ export class MessengerRedis {
     sub;
     constructor() {
         const config = getConfigFromEnv('REDIS');
-        const env = getEnv();
         this.pub = new Redis(env['REDIS'] ?? config);
         this.sub = new Redis(env['REDIS'] ?? config);
         this.namespace = env['MESSENGER_NAMESPACE'] ?? 'directus-messenger';
@@ -55,7 +54,6 @@ let messenger;
 export function getMessenger() {
     if (messenger)
         return messenger;
-    const env = getEnv();
     if (env['MESSENGER_STORE'] === 'redis') {
         messenger = new MessengerRedis();
     }

package/dist/middleware/validate-batch.js

@@ -2,6 +2,7 @@ import Joi from 'joi';
 import { InvalidPayloadError } from '@directus/errors';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
+import { validateQuery } from '../utils/validate-query.js';
 export const validateBatch = (scope) => asyncHandler(async (req, _res, next) => {
     if (req.method.toLowerCase() === 'get') {
         req.body = {};
@@ -18,6 +19,7 @@ export const validateBatch = (scope) => asyncHandler(async (req, _res, next) =>
     // In reads, the query in the body should override the query params for searching
     if (scope === 'read' && req.body.query) {
         req.sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
+        validateQuery(req.sanitizedQuery);
     }
     // Every cRUD action has either keys or query
     let batchSchema = Joi.object().keys({

package/dist/request/validate-ip.js

@@ -1,7 +1,6 @@
 import os from 'node:os';
-import { getEnv } from '../env.js';
+import env from '../env.js';
 export const validateIP = async (ip, url) => {
-    const env = getEnv();
     if (env['IMPORT_IP_DENY_LIST'].includes(ip)) {
         throw new Error(`Requested URL "${url}" resolves to a denied IP address`);
     }

package/dist/services/extensions.js

@@ -128,7 +128,7 @@ export class ExtensionsService {
             return {
                 name,
                 bundle: bundleName,
-                schema: schema ? pick(schema, 'type', 'local') : null,
+                schema: schema ? pick(schema, 'type', 'local', 'version') : null,
                 meta: omit(meta, 'name'),
             };
         });

package/dist/services/files.d.ts

@@ -1,5 +1,5 @@
 /// <reference types="node" resolution-mode="require"/>
-import type { File } from '@directus/types';
+import type { File, BusboyFileStream } from '@directus/types';
 import type { Readable } from 'node:stream';
 import type { AbstractServiceOptions, MutationOptions, PrimaryKey } from '../types/index.js';
 import { ItemsService } from './items.js';
@@ -9,7 +9,7 @@ export declare class FilesService extends ItemsService {
     /**
      * Upload a single new file to the configured storage adapter
      */
-    uploadOne(stream: Readable, data: Partial<File> & {
+    uploadOne(stream: BusboyFileStream | Readable, data: Partial<File> & {
         storage: string;
     }, primaryKey?: PrimaryKey, opts?: MutationOptions): Promise<PrimaryKey>;
     /**

package/dist/services/files.js

@@ -14,7 +14,7 @@ import url from 'url';
 import { SUPPORTED_IMAGE_METADATA_FORMATS } from '../constants.js';
 import emitter from '../emitter.js';
 import env from '../env.js';
-import { ForbiddenError, InvalidPayloadError, ServiceUnavailableError } from '@directus/errors';
+import { ContentTooLargeError, ForbiddenError, InvalidPayloadError, ServiceUnavailableError } from '@directus/errors';
 import logger from '../logger.js';
 import { getAxios } from '../request/index.js';
 import { getStorage } from '../storage/index.js';
@@ -29,59 +29,125 @@ export class FilesService extends ItemsService {
      */
     async uploadOne(stream, data, primaryKey, opts) {
         const storage = await getStorage();
-        let existingFile = {};
+        let existingFile = null;
+        // If the payload contains a primary key, we'll check if the file already exists
         if (primaryKey !== undefined) {
+            // If the file you're uploading already exists, we'll consider this upload a replace so we'll fetch the existing file's folder and filename_download
             existingFile =
                 (await this.knex
-                    .select('folder', 'filename_download')
+                    .select('folder', 'filename_download', 'filename_disk', 'title', 'description', 'metadata')
                     .from('directus_files')
                     .where({ id: primaryKey })
-                    .first()) ?? {};
+                    .first()) ?? null;
         }
-        const payload = { ...existingFile, ...clone(data) };
+        // Merge the existing file's folder and filename_download with the new payload
+        const payload = { ...(existingFile ?? {}), ...clone(data) };
+        const disk = storage.location(payload.storage);
+        // If no folder is specified, we'll use the default folder from the settings if it exists
         if ('folder' in payload === false) {
             const settings = await this.knex.select('storage_default_folder').from('directus_settings').first();
             if (settings?.storage_default_folder) {
                 payload.folder = settings.storage_default_folder;
             }
         }
-        if (primaryKey !== undefined) {
-            await this.updateOne(primaryKey, payload, { emitEvents: false });
-            // If the file you're uploading already exists, we'll consider this upload a replace. In that case, we'll
-            // delete the previously saved file and thumbnails to ensure they're generated fresh
-            const disk = storage.location(payload.storage);
-            for await (const filepath of disk.list(String(primaryKey))) {
-                await disk.delete(filepath);
-            }
-        }
-        else {
+        // Is this file a replacement? if the file data already exists and we have a primary key
+        const isReplacement = existingFile !== null && primaryKey !== undefined;
+        // If this is a new file upload, we need to generate a new primary key and DB record
+        if (isReplacement === false || primaryKey === undefined) {
             primaryKey = await this.createOne(payload, { emitEvents: false });
         }
         const fileExtension = path.extname(payload.filename_download) || (payload.type && '.' + extension(payload.type)) || '';
+        // The filename_disk is the FINAL filename on disk
         payload.filename_disk = primaryKey + (fileExtension || '');
+        // Temp filename is used for replacements
+        const tempFilenameDisk = 'temp_' + payload.filename_disk;
         if (!payload.type) {
             payload.type = 'application/octet-stream';
         }
+        // Used to clean up if something goes wrong
+        const cleanUp = async () => {
+            try {
+                if (isReplacement === true) {
+                    // If this is a replacement that failed, we need to delete the temp file
+                    await disk.delete(tempFilenameDisk);
+                }
+                else {
+                    // If this is a new file that failed
+                    // delete the DB record
+                    await super.deleteMany([primaryKey]);
+                    // delete the final file
+                    await disk.delete(payload.filename_disk);
+                }
+            }
+            catch (err) {
+                if (isReplacement === true) {
+                    logger.warn(`Couldn't delete temp file ${tempFilenameDisk}`);
+                }
+                else {
+                    logger.warn(`Couldn't delete file ${payload.filename_disk}`);
+                }
+                logger.warn(err);
+            }
+        };
         try {
-            await storage.location(data.storage).write(payload.filename_disk, stream, payload.type);
+            // If this is a replacement, we'll write the file to a temp location first to ensure we don't overwrite the existing file if something goes wrong
+            if (isReplacement === true) {
+                await disk.write(tempFilenameDisk, stream, payload.type);
+            }
+            else {
+                // If this is a new file upload, we'll write the file to the final location
+                await disk.write(payload.filename_disk, stream, payload.type);
+            }
+            // Check if the file was truncated (if the stream ended early) and throw limit error if it was
+            if ('truncated' in stream && stream.truncated === true) {
+                throw new ContentTooLargeError();
+            }
         }
         catch (err) {
             logger.warn(`Couldn't save file ${payload.filename_disk}`);
             logger.warn(err);
-            await this.deleteOne(primaryKey);
-            throw new ServiceUnavailableError({ service: 'files', reason: `Couldn't save file ${payload.filename_disk}` });
+            await cleanUp();
+            if (err instanceof ContentTooLargeError) {
+                throw err;
+            }
+            else {
+                throw new ServiceUnavailableError({ service: 'files', reason: `Couldn't save file ${payload.filename_disk}` });
+            }
+        }
+        // If the file is a replacement, we need to update the DB record with the new payload, delete the old files, and upgrade the temp file
+        if (isReplacement === true) {
+            await this.updateOne(primaryKey, payload, { emitEvents: false });
+            // delete the previously saved file and thumbnails to ensure they're generated fresh
+            for await (const filepath of disk.list(String(primaryKey))) {
+                await disk.delete(filepath);
+            }
+            // Upgrade the temp file to the final filename
+            await disk.move(tempFilenameDisk, payload.filename_disk);
         }
         const { size } = await storage.location(data.storage).stat(payload.filename_disk);
         payload.filesize = size;
         if (SUPPORTED_IMAGE_METADATA_FORMATS.includes(payload.type)) {
             const stream = await storage.location(data.storage).read(payload.filename_disk);
             const { height, width, description, title, tags, metadata } = await this.getMetadata(stream);
-            payload.height ??= height ?? null;
-            payload.width ??= width ?? null;
-            payload.description ??= description ?? null;
-            payload.title ??= title ?? null;
-            payload.tags ??= tags ?? null;
-            payload.metadata ??= metadata ?? null;
+            if (!payload.height && height) {
+                payload.height = height;
+            }
+            if (!payload.width && width) {
+                payload.width = width;
+            }
+            if (!payload.metadata && metadata) {
+                payload.metadata = metadata;
+            }
+            // Note that if this is a replace file upload, the below properities are fetched and included in the payload above in the `existingFile` variable...so this will ONLY set the values if they're not already set
+            if (!payload.description && description) {
+                payload.description = description;
+            }
+            if (!payload.title && title) {
+                payload.title = title;
+            }
+            if (!payload.tags && tags) {
+                payload.tags = tags;
+            }
         }
         // We do this in a service without accountability. Even if you don't have update permissions to the file,
         // we still want to be able to set the extracted values from the file on create
@@ -255,15 +321,16 @@ export class FilesService extends ItemsService {
      */
     async deleteMany(keys) {
         const storage = await getStorage();
-        const files = await super.readMany(keys, { fields: ['id', 'storage'], limit: -1 });
+        const files = await super.readMany(keys, { fields: ['id', 'storage', 'filename_disk'], limit: -1 });
         if (!files) {
             throw new ForbiddenError();
         }
         await super.deleteMany(keys);
         for (const file of files) {
             const disk = storage.location(file['storage']);
+            const filePrefix = path.parse(file['filename_disk']).name;
             // Delete file + thumbnails
-            for await (const filepath of disk.list(file['id'])) {
+            for await (const filepath of disk.list(filePrefix)) {
                 await disk.delete(filepath);
             }
         }

package/dist/services/mail/index.js

@@ -1,16 +1,17 @@
+import { InvalidPayloadError } from '@directus/errors';
 import fse from 'fs-extra';
 import { Liquid } from 'liquidjs';
 import path from 'path';
 import { fileURLToPath } from 'url';
 import getDatabase from '../../database/index.js';
 import env from '../../env.js';
-import { InvalidPayloadError } from '@directus/errors';
+import { getExtensionsPath } from '../../extensions/lib/get-extensions-path.js';
 import logger from '../../logger.js';
 import getMailer from '../../mailer.js';
 import { Url } from '../../utils/url.js';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const liquidEngine = new Liquid({
-    root: [path.resolve(env['EXTENSIONS_PATH'], 'templates'), path.resolve(__dirname, 'templates')],
+    root: [path.resolve(getExtensionsPath(), 'templates'), path.resolve(__dirname, 'templates')],
     extname: '.liquid',
 });
 export class MailService {
@@ -56,7 +57,7 @@ export class MailService {
         return info;
     }
     async renderTemplate(template, variables) {
-        const customTemplatePath = path.resolve(env['EXTENSIONS_PATH'], 'templates', template + '.liquid');
+        const customTemplatePath = path.resolve(getExtensionsPath(), 'templates', template + '.liquid');
         const systemTemplatePath = path.join(__dirname, 'templates', template + '.liquid');
         const templatePath = (await fse.pathExists(customTemplatePath)) ? customTemplatePath : systemTemplatePath;
         if ((await fse.pathExists(templatePath)) === false) {
@@ -73,7 +74,7 @@ export class MailService {
             .first();
         return {
             projectName: projectInfo?.project_name || 'Directus',
-            projectColor: projectInfo?.project_color || '#546e7a',
+            projectColor: projectInfo?.project_color || '#171717',
             projectLogo: getProjectLogoURL(projectInfo?.project_logo),
             projectUrl: projectInfo?.project_url || '',
         };