@directus/api 15.0.0 → 16.0.0

package/dist/middleware/respond.js

@@ -1,8 +1,8 @@
+import { useEnv } from '@directus/env';
 import { parse as parseBytesConfiguration } from 'bytes';
 import { assign } from 'lodash-es';
 import { getCache, setCacheValue } from '../cache.js';
-import env from '../env.js';
-import logger from '../logger.js';
+import { useLogger } from '../logger.js';
 import { ExportService } from '../services/import-export/index.js';
 import { VersionsService } from '../services/versions.js';
 import asyncHandler from '../utils/async-handler.js';
@@ -12,6 +12,8 @@ import { getDateFormatted } from '../utils/get-date-formatted.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stringByteSize } from '../utils/get-string-byte-size.js';
 export const respond = asyncHandler(async (req, res) => {
+    const env = useEnv();
+    const logger = useLogger();
     const { cache } = getCache();
     let exceedsMaxSize = false;
     if (env['CACHE_VALUE_MAX_SIZE'] !== false) {

package/dist/operations/log/index.js

@@ -1,9 +1,10 @@
 import { defineOperationApi } from '@directus/extensions';
 import { optionToString } from '@directus/utils';
-import logger from '../../logger.js';
+import { useLogger } from '../../logger.js';
 export default defineOperationApi({
     id: 'log',
     handler: ({ message }) => {
+        const logger = useLogger();
         logger.info(optionToString(message));
     },
 });

package/dist/rate-limiter.d.ts

@@ -1,4 +1,5 @@
 import type { IRateLimiterOptions, IRateLimiterStoreOptions, RateLimiterAbstract } from 'rate-limiter-flexible';
+import { RateLimiterRes } from 'rate-limiter-flexible';
 type IRateLimiterOptionsOverrides = Partial<IRateLimiterOptions> | Partial<IRateLimiterStoreOptions>;
 export declare function createRateLimiter(configPrefix?: string, configOverrides?: IRateLimiterOptionsOverrides): RateLimiterAbstract;
-export {};
+export { RateLimiterRes };

package/dist/rate-limiter.js

@@ -1,10 +1,11 @@
+import { useEnv } from '@directus/env';
 import { merge } from 'lodash-es';
-import { RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
-import env from './env.js';
+import { RateLimiterMemory, RateLimiterRedis, RateLimiterRes } from 'rate-limiter-flexible';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { createRequire } from 'node:module';
 const require = createRequire(import.meta.url);
 export function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides) {
+    const env = useEnv();
     switch (env['RATE_LIMITER_STORE']) {
         case 'redis':
             return new RateLimiterRedis(getConfig('redis', configPrefix, configOverrides));
@@ -13,10 +14,12 @@ export function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides
             return new RateLimiterMemory(getConfig('memory', configPrefix, configOverrides));
     }
 }
+export { RateLimiterRes };
 function getConfig(store = 'memory', configPrefix = 'RATE_LIMITER', overrides) {
     const config = getConfigFromEnv(`${configPrefix}_`, `${configPrefix}_${store}_`);
     if (store === 'redis') {
         const Redis = require('ioredis');
+        const env = useEnv();
         config.storeClient = new Redis(env[`REDIS`] || getConfigFromEnv(`REDIS_`));
     }
     delete config.enabled;

package/dist/redis/index.d.ts

@@ -1,2 +1,3 @@
-export { useRedis } from './use-redis.js';
-export { createRedis } from './create-redis.js';
+export { createRedis } from './lib/create-redis.js';
+export { useRedis } from './lib/use-redis.js';
+export { redisConfigAvailable } from './utils/redis-config-available.js';

package/dist/redis/index.js

@@ -1,2 +1,3 @@
-export { useRedis } from './use-redis.js';
-export { createRedis } from './create-redis.js';
+export { createRedis } from './lib/create-redis.js';
+export { useRedis } from './lib/use-redis.js';
+export { redisConfigAvailable } from './utils/redis-config-available.js';

package/dist/redis/{create-redis.js → lib/create-redis.js}

@@ -1,6 +1,6 @@
+import { useEnv } from '@directus/env';
 import { Redis } from 'ioredis';
-import { useEnv } from '../env.js';
-import { getConfigFromEnv } from '../utils/get-config-from-env.js';
+import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 /**
  * Create a new Redis instance based on the global env configuration
  *

package/dist/redis/utils/redis-config-available.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Check if Redis configuration exists in the current project's environment configuration
+ */
+export declare const redisConfigAvailable: () => boolean;

package/dist/redis/utils/redis-config-available.js

@@ -0,0 +1,8 @@
+import { useEnv } from '@directus/env';
+/**
+ * Check if Redis configuration exists in the current project's environment configuration
+ */
+export const redisConfigAvailable = () => {
+    const env = useEnv();
+    return 'REDIS' in env || Object.keys(env).some((key) => key.startsWith('REDIS_'));
+};

package/dist/request/request-interceptor.js

@@ -2,9 +2,10 @@ import axios from 'axios';
 import { lookup } from 'node:dns/promises';
 import { isIP } from 'node:net';
 import { URL } from 'node:url';
-import logger from '../logger.js';
-import { validateIP } from './validate-ip.js';
+import { useLogger } from '../logger.js';
+import { validateIp } from './validate-ip.js';
 export const requestInterceptor = async (config) => {
+    const logger = useLogger();
     const uri = axios.getUri(config);
     const { hostname } = new URL(uri);
     let ip;
@@ -13,14 +14,15 @@ export const requestInterceptor = async (config) => {
             const dns = await lookup(hostname);
             ip = dns.address;
         }
-        catch (err) {
-            logger.warn(err, `Couldn't lookup the DNS for url "${uri}"`);
+        catch (error) {
+            logger.warn(`Couldn't lookup the DNS for URL "${uri}"`);
+            logger.warn(error);
             throw new Error(`Requested URL "${uri}" resolves to a denied IP address`);
         }
     }
     else {
         ip = hostname;
     }
-    await validateIP(ip, uri);
+    validateIp(ip, uri);
     return config;
 };

package/dist/request/response-interceptor.js

@@ -1,5 +1,5 @@
-import { validateIP } from './validate-ip.js';
+import { validateIp } from './validate-ip.js';
 export const responseInterceptor = async (config) => {
-    await validateIP(config.request.socket.remoteAddress, config.request.url);
+    validateIp(config.request.socket.remoteAddress, config.request.url);
     return config;
 };

package/dist/request/validate-ip.d.ts

@@ -1 +1 @@
-export declare const validateIP: (ip: string, url: string) => Promise<void>;
+export declare function validateIp(ip: string, url: string): void;

package/dist/request/validate-ip.js

@@ -1,19 +1,35 @@
+import { useEnv } from '@directus/env';
 import os from 'node:os';
-import env from '../env.js';
-export const validateIP = async (ip, url) => {
-    if (env['IMPORT_IP_DENY_LIST'].includes(ip)) {
-        throw new Error(`Requested URL "${url}" resolves to a denied IP address`);
+import { useLogger } from '../logger.js';
+import { ipInNetworks } from '../utils/ip-in-networks.js';
+const deniedError = (url) => new Error(`Requested URL "${url}" resolves to a denied IP address`);
+export function validateIp(ip, url) {
+    const env = useEnv();
+    const logger = useLogger();
+    const ipDenyList = env['IMPORT_IP_DENY_LIST'];
+    if (ipDenyList.length === 0)
+        return;
+    let denied;
+    try {
+        denied = ipInNetworks(ip, ipDenyList);
     }
-    if (env['IMPORT_IP_DENY_LIST'].includes('0.0.0.0')) {
+    catch (error) {
+        logger.warn(`Invalid "IMPORT_IP_DENY_LIST" configuration`);
+        logger.warn(error);
+        throw deniedError(url);
+    }
+    if (denied)
+        throw deniedError(url);
+    if (ipDenyList.includes('0.0.0.0')) {
         const networkInterfaces = os.networkInterfaces();
         for (const networkInfo of Object.values(networkInterfaces)) {
             if (!networkInfo)
                 continue;
             for (const info of networkInfo) {
                 if (info.address === ip) {
-                    throw new Error(`Requested URL "${url}" resolves to a denied IP address`);
+                    throw deniedError(url);
                 }
             }
         }
     }
-};
+}

package/dist/server.js

@@ -1,3 +1,6 @@
+import { useEnv } from '@directus/env';
+import { toBoolean } from '@directus/utils';
+import { getNodeEnv } from '@directus/utils/node';
 import { createTerminus } from '@godaddy/terminus';
 import * as http from 'http';
 import * as https from 'https';
@@ -7,13 +10,14 @@ import url from 'url';
 import createApp from './app.js';
 import getDatabase from './database/index.js';
 import emitter from './emitter.js';
-import env from './env.js';
-import logger from './logger.js';
+import { useLogger } from './logger.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
-import { toBoolean } from './utils/to-boolean.js';
+import { getIPFromReq } from './utils/get-ip-from-req.js';
 import { createSubscriptionController, createWebSocketController, getSubscriptionController, getWebSocketController, } from './websocket/controllers/index.js';
 import { startWebSocketHandlers } from './websocket/handlers/index.js';
 export let SERVER_ONLINE = true;
+const env = useEnv();
+const logger = useLogger();
 export async function createServer() {
     const server = http.createServer(await createApp());
     Object.assign(server, getConfigFromEnv('SERVER_'));
@@ -57,7 +61,7 @@ export async function createServer() {
                     size: metrics.out,
                     headers: res.getHeaders(),
                 },
-                ip: req.headers['x-forwarded-for'] || req.socket?.remoteAddress,
+                ip: getIPFromReq(req),
                 duration: elapsedMilliseconds.toFixed(),
             };
             emitter.emitAction('response', info, {
@@ -86,7 +90,7 @@ export async function createServer() {
     createTerminus(server, terminusOptions);
     return server;
     async function beforeShutdown() {
-        if (env['NODE_ENV'] !== 'development') {
+        if (getNodeEnv() !== 'development') {
             logger.info('Shutting down...');
         }
         SERVER_ONLINE = false;
@@ -104,7 +108,7 @@ export async function createServer() {
             schema: null,
             accountability: null,
         });
-        if (env['NODE_ENV'] !== 'development') {
+        if (getNodeEnv() !== 'development') {
             logger.info('Directus shut down OK. Bye bye!');
         }
     }
@@ -112,7 +116,7 @@ export async function createServer() {
 export async function startServer() {
     const server = await createServer();
     const host = env['HOST'];
-    const port = env['PORT'];
+    const port = parseInt(env['PORT']);
     server
         .listen(port, host, () => {
         logger.info(`Server started at http://${host}:${port}`);

package/dist/services/activity.js

@@ -1,10 +1,9 @@
 import { Action } from '@directus/constants';
-import { isDirectusError } from '@directus/errors';
+import { useEnv } from '@directus/env';
+import { ErrorCode, isDirectusError } from '@directus/errors';
 import { uniq } from 'lodash-es';
 import validateUUID from 'uuid-validate';
-import env from '../env.js';
-import { ErrorCode } from '@directus/errors';
-import logger from '../logger.js';
+import { useLogger } from '../logger.js';
 import { getPermissions } from '../utils/get-permissions.js';
 import { Url } from '../utils/url.js';
 import { userName } from '../utils/user-name.js';
@@ -12,6 +11,8 @@ import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
 import { NotificationsService } from './notifications.js';
 import { UsersService } from './users.js';
+const env = useEnv();
+const logger = useLogger();
 export class ActivityService extends ItemsService {
     notificationsService;
     usersService;

package/dist/services/assets.d.ts

@@ -5,10 +5,12 @@ import type { Knex } from 'knex';
 import type { Readable } from 'node:stream';
 import type { AbstractServiceOptions, TransformationSet } from '../types/index.js';
 import { AuthorizationService } from './authorization.js';
+import { FilesService } from './files.js';
 export declare class AssetsService {
     knex: Knex;
     accountability: Accountability | null;
     authorizationService: AuthorizationService;
+    filesService: FilesService;
     constructor(options: AbstractServiceOptions);
     getAsset(id: string, transformation?: TransformationSet, range?: Range): Promise<{
         stream: Readable;

package/dist/services/assets.js

@@ -1,3 +1,5 @@
+import { useEnv } from '@directus/env';
+import { ForbiddenError, IllegalAssetTransformationError, RangeNotSatisfiableError, ServiceUnavailableError, } from '@directus/errors';
 import { clamp } from 'lodash-es';
 import { contentType } from 'mime-types';
 import hash from 'object-hash';
@@ -6,20 +8,23 @@ import sharp from 'sharp';
 import validateUUID from 'uuid-validate';
 import { SUPPORTED_IMAGE_TRANSFORM_FORMATS } from '../constants.js';
 import getDatabase from '../database/index.js';
-import env from '../env.js';
-import { ForbiddenError, IllegalAssetTransformationError, RangeNotSatisfiableError, ServiceUnavailableError, } from '@directus/errors';
-import logger from '../logger.js';
+import { useLogger } from '../logger.js';
 import { getStorage } from '../storage/index.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import * as TransformationUtils from '../utils/transformations.js';
 import { AuthorizationService } from './authorization.js';
+import { FilesService } from './files.js';
+const env = useEnv();
+const logger = useLogger();
 export class AssetsService {
     knex;
     accountability;
     authorizationService;
+    filesService;
     constructor(options) {
         this.knex = options.knex || getDatabase();
         this.accountability = options.accountability || null;
+        this.filesService = new FilesService(options);
         this.authorizationService = new AuthorizationService(options);
     }
     async getAsset(id, transformation, range) {
@@ -40,7 +45,7 @@ export class AssetsService {
         if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
             await this.authorizationService.checkAccess('read', 'directus_files', id);
         }
-        const file = (await this.knex.select('*').from('directus_files').where({ id }).first());
+        const file = (await this.filesService.readOne(id, { limit: 1 }));
         if (!file)
             throw new ForbiddenError();
         const exists = await storage.location(file.storage).exists(file.filename_disk);

package/dist/services/authentication.js

@@ -1,4 +1,6 @@
 import { Action } from '@directus/constants';
+import { useEnv } from '@directus/env';
+import { InvalidCredentialsError, InvalidOtpError, InvalidProviderError, ServiceUnavailableError, UserSuspendedError, } from '@directus/errors';
 import jwt from 'jsonwebtoken';
 import { clone, cloneDeep } from 'lodash-es';
 import { performance } from 'perf_hooks';
@@ -6,15 +8,13 @@ import { getAuthProvider } from '../auth.js';
 import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import env from '../env.js';
-import { InvalidCredentialsError, InvalidProviderError, UserSuspendedError } from '@directus/errors';
-import { InvalidOtpError } from '@directus/errors';
-import { createRateLimiter } from '../rate-limiter.js';
+import { RateLimiterRes, createRateLimiter } from '../rate-limiter.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stall } from '../utils/stall.js';
 import { ActivityService } from './activity.js';
 import { SettingsService } from './settings.js';
 import { TFAService } from './tfa.js';
+const env = useEnv();
 const loginAttemptsLimiter = createRateLimiter('RATE_LIMITER', { duration: 0 });
 export class AuthenticationService {
     knex;
@@ -100,11 +100,19 @@ export class AuthenticationService {
             try {
                 await loginAttemptsLimiter.consume(user.id);
             }
-            catch {
-                await this.knex('directus_users').update({ status: 'suspended' }).where({ id: user.id });
-                user.status = 'suspended';
-                // This means that new attempts after the user has been re-activated will be accepted
-                await loginAttemptsLimiter.set(user.id, 0, 0);
+            catch (error) {
+                if (error instanceof RateLimiterRes && error.remainingPoints === 0) {
+                    await this.knex('directus_users').update({ status: 'suspended' }).where({ id: user.id });
+                    user.status = 'suspended';
+                    // This means that new attempts after the user has been re-activated will be accepted
+                    await loginAttemptsLimiter.set(user.id, 0, 0);
+                }
+                else {
+                    throw new ServiceUnavailableError({
+                        service: 'authentication',
+                        reason: 'Rate limiter unreachable',
+                    });
+                }
             }
         }
         try {

package/dist/services/collections.js

@@ -1,3 +1,5 @@
+import { useEnv } from '@directus/env';
+import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
 import { createInspector } from '@directus/schema';
 import { addFieldFlag } from '@directus/utils';
 import { chunk, groupBy, merge, omit } from 'lodash-es';
@@ -7,12 +9,10 @@ import { getHelpers } from '../database/helpers/index.js';
 import getDatabase, { getSchemaInspector } from '../database/index.js';
 import { systemCollectionRows } from '../database/system-data/collections/index.js';
 import emitter from '../emitter.js';
-import env from '../env.js';
-import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
-import { FieldsService } from './fields.js';
-import { ItemsService } from './items.js';
 import { getSchema } from '../utils/get-schema.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
+import { FieldsService } from './fields.js';
+import { ItemsService } from './items.js';
 export class CollectionsService {
     knex;
     helpers;
@@ -206,6 +206,7 @@ export class CollectionsService {
      * Read all collections. Currently doesn't support any query.
      */
     async readByQuery() {
+        const env = useEnv();
         const collectionItemsService = new ItemsService('directus_collections', {
             knex: this.knex,
             schema: this.schema,

package/dist/services/extensions.d.ts

@@ -1,28 +1,34 @@
 import type { ApiOutput, ExtensionSettings } from '@directus/extensions';
-import type { SchemaInspector } from '@directus/schema';
 import type { Accountability, DeepPartial, SchemaOverview } from '@directus/types';
-import type Keyv from 'keyv';
 import type { Knex } from 'knex';
-import type { Helpers } from '../database/helpers/index.js';
 import type { ExtensionManager } from '../extensions/manager.js';
 import type { AbstractServiceOptions } from '../types/index.js';
 import { ItemsService } from './items.js';
-import { PermissionsService } from './permissions.js';
+export declare class ExtensionReadError extends Error {
+    originalError: unknown;
+    constructor(originalError: unknown);
+}
 export declare class ExtensionsService {
     knex: Knex;
-    permissionsService: PermissionsService;
-    schemaInspector: SchemaInspector;
     accountability: Accountability | null;
     schema: SchemaOverview;
     extensionsItemService: ItemsService<ExtensionSettings>;
-    systemCache: Keyv<any>;
-    helpers: Helpers;
     extensionsManager: ExtensionManager;
     constructor(options: AbstractServiceOptions);
     readAll(): Promise<ApiOutput[]>;
     readOne(bundle: string | null, name: string): Promise<ApiOutput>;
-    updateOne(bundle: string | null, name: string, data: DeepPartial<ApiOutput>): Promise<void>;
+    updateOne(bundle: string | null, name: string, data: DeepPartial<ApiOutput>): Promise<ApiOutput>;
     private getKey;
+    /**
+     * Sync a bundles enabled status
+     *  - If the extension or extensions parent is not a bundle changes are skipped
+     *  - If a bundles status is toggled, all children are set to that status
+     *  - If an entries status is toggled, then if the:
+     *    - Parent bundle is non-partial throws UnprocessableContentError
+     *    - Entry status change resulted in all children being disabled then the parent bundle is disabled
+     *    - Entry status change resulted in at least one child being enabled then the parent bundle is enabled
+     */
+    private checkBundleAndSyncStatus;
     /**
      * Combine the settings stored in the database with the information available from the installed
      * extensions into the standardized extensions api output

package/dist/services/extensions.js

@@ -1,50 +1,39 @@
-import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
-import { createInspector } from '@directus/schema';
-import Joi from 'joi';
+import { ForbiddenError, InvalidPayloadError, UnprocessableContentError } from '@directus/errors';
+import { isObject } from '@directus/utils';
 import { omit, pick } from 'lodash-es';
-import { getCache } from '../cache.js';
-import { getHelpers } from '../database/helpers/index.js';
-import getDatabase, { getSchemaInspector } from '../database/index.js';
+import getDatabase from '../database/index.js';
 import { getExtensionManager } from '../extensions/index.js';
 import { ItemsService } from './items.js';
-import { PermissionsService } from './permissions.js';
+export class ExtensionReadError extends Error {
+    originalError;
+    constructor(originalError) {
+        super();
+        this.originalError = originalError;
+    }
+}
 export class ExtensionsService {
     knex;
-    permissionsService;
-    schemaInspector;
     accountability;
     schema;
     extensionsItemService;
-    systemCache;
-    helpers;
     extensionsManager;
     constructor(options) {
         this.knex = options.knex || getDatabase();
-        this.permissionsService = new PermissionsService(options);
-        this.schemaInspector = options.knex ? createInspector(options.knex) : getSchemaInspector();
         this.schema = options.schema;
         this.accountability = options.accountability || null;
         this.extensionsManager = getExtensionManager();
         this.extensionsItemService = new ItemsService('directus_extensions', {
             knex: this.knex,
             schema: this.schema,
-            // No accountability here, as every other method is hardcoded to be admin only
+            accountability: this.accountability,
         });
-        this.systemCache = getCache().systemCache;
-        this.helpers = getHelpers(this.knex);
     }
     async readAll() {
-        if (this.accountability?.admin !== true) {
-            throw new ForbiddenError();
-        }
         const installedExtensions = this.extensionsManager.getExtensions();
         const configuredExtensions = await this.extensionsItemService.readByQuery({ limit: -1 });
         return this.stitch(installedExtensions, configuredExtensions);
     }
     async readOne(bundle, name) {
-        if (this.accountability?.admin !== true) {
-            throw new ForbiddenError();
-        }
         const key = this.getKey(bundle, name);
         const schema = this.extensionsManager.getExtensions().find((extension) => extension.name === (bundle ?? name));
         const meta = await this.extensionsItemService.readOne(key);
@@ -54,27 +43,73 @@ export class ExtensionsService {
         throw new ForbiddenError();
     }
     async updateOne(bundle, name, data) {
-        if (this.accountability?.admin !== true) {
-            throw new ForbiddenError();
-        }
-        const key = this.getKey(bundle, name);
-        const updateExtensionSchema = Joi.object({
-            meta: Joi.object({
-                enabled: Joi.boolean(),
-            }),
+        const result = await this.knex.transaction(async (trx) => {
+            if (!isObject(data.meta)) {
+                throw new InvalidPayloadError({ reason: `"meta" is required` });
+            }
+            const service = new ExtensionsService({
+                knex: trx,
+                accountability: this.accountability,
+                schema: this.schema,
+            });
+            const key = this.getKey(bundle, name);
+            await service.extensionsItemService.updateOne(key, data.meta);
+            let extension;
+            try {
+                extension = await service.readOne(bundle, name);
+            }
+            catch (error) {
+                throw new ExtensionReadError(error);
+            }
+            if ('enabled' in data.meta) {
+                await service.checkBundleAndSyncStatus(trx, extension);
+            }
+            return extension;
         });
-        const { error } = updateExtensionSchema.validate(data);
-        if (error) {
-            throw new InvalidPayloadError({ reason: error.message });
-        }
-        if ('meta' in data && 'enabled' in data.meta) {
-            await this.knex('directus_extensions').update({ enabled: data.meta.enabled }).where({ name: key });
-            this.extensionsManager.reload();
-        }
+        this.extensionsManager.reload();
+        return result;
     }
     getKey(bundle, name) {
         return bundle ? `${bundle}/${name}` : name;
     }
+    /**
+     * Sync a bundles enabled status
+     *  - If the extension or extensions parent is not a bundle changes are skipped
+     *  - If a bundles status is toggled, all children are set to that status
+     *  - If an entries status is toggled, then if the:
+     *    - Parent bundle is non-partial throws UnprocessableContentError
+     *    - Entry status change resulted in all children being disabled then the parent bundle is disabled
+     *    - Entry status change resulted in at least one child being enabled then the parent bundle is enabled
+     */
+    async checkBundleAndSyncStatus(trx, extension) {
+        if (extension.bundle === null) {
+            if (extension.schema?.type === 'bundle') {
+                await trx('directus_extensions')
+                    .update({ enabled: extension.meta.enabled })
+                    .where('name', 'LIKE', this.getKey(extension.name, '%'));
+            }
+            return;
+        }
+        const parent = await this.readOne(null, extension.bundle);
+        if (parent.schema?.type !== 'bundle') {
+            return;
+        }
+        if (parent.schema.partial === false) {
+            throw new UnprocessableContentError({
+                reason: 'Unable to toggle status of an entry for a bundle marked as non partial',
+            });
+        }
+        const child = await trx('directus_extensions')
+            .where('name', 'LIKE', this.getKey(extension.bundle, '%'))
+            .where({ enabled: true })
+            .first();
+        if (!child && parent.meta.enabled) {
+            await trx('directus_extensions').update({ enabled: false }).where({ name: parent.name });
+        }
+        else if (child && !parent.meta.enabled) {
+            await trx('directus_extensions').update({ enabled: true }).where({ name: parent.name });
+        }
+    }
     /**
      * Combine the settings stored in the database with the information available from the installed
      * extensions into the standardized extensions api output
@@ -128,7 +163,7 @@ export class ExtensionsService {
             return {
                 name,
                 bundle: bundleName,
-                schema: schema ? pick(schema, 'type', 'local', 'version') : null,
+                schema: schema ? pick(schema, 'type', 'local', 'version', 'partial') : null,
                 meta: omit(meta, 'name'),
             };
         });

package/dist/services/fields.js

@@ -319,14 +319,19 @@ export class FieldsService {
             }
             if (hookAdjustedField.schema) {
                 const existingColumn = await this.schemaInspector.columnInfo(collection, hookAdjustedField.field);
+                if (hookAdjustedField.schema?.is_nullable === true && existingColumn.is_primary_key) {
+                    throw new InvalidPayloadError({ reason: 'Primary key cannot be null' });
+                }
                 // Sanitize column only when applying snapshot diff as opts is only passed from /utils/apply-diff.ts
                 const columnToCompare = opts?.bypassLimits && opts.autoPurgeSystemCache === false ? sanitizeColumn(existingColumn) : existingColumn;
                 if (!isEqual(columnToCompare, hookAdjustedField.schema)) {
                     try {
-                        await this.knex.schema.alterTable(collection, (table) => {
-                            if (!hookAdjustedField.schema)
-                                return;
-                            this.addColumnToTable(table, field, existingColumn);
+                        await this.knex.transaction(async (trx) => {
+                            await trx.schema.alterTable(collection, async (table) => {
+                                if (!hookAdjustedField.schema)
+                                    return;
+                                this.addColumnToTable(table, field, existingColumn);
+                            });
                         });
                     }
                     catch (err) {