@directus/api 15.0.0 → 17.0.0

package/dist/middleware/respond.js

@@ -1,9 +1,9 @@
+import { useEnv } from '@directus/env';
 import { parse as parseBytesConfiguration } from 'bytes';
 import { assign } from 'lodash-es';
 import { getCache, setCacheValue } from '../cache.js';
-import env from '../env.js';
-import logger from '../logger.js';
-import { ExportService } from '../services/import-export/index.js';
+import { useLogger } from '../logger.js';
+import { ExportService } from '../services/import-export.js';
 import { VersionsService } from '../services/versions.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getCacheControlHeader } from '../utils/get-cache-headers.js';
@@ -12,6 +12,8 @@ import { getDateFormatted } from '../utils/get-date-formatted.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stringByteSize } from '../utils/get-string-byte-size.js';
 export const respond = asyncHandler(async (req, res) => {
+    const env = useEnv();
+    const logger = useLogger();
     const { cache } = getCache();
     let exceedsMaxSize = false;
     if (env['CACHE_VALUE_MAX_SIZE'] !== false) {

package/dist/operations/log/index.js

@@ -1,9 +1,10 @@
 import { defineOperationApi } from '@directus/extensions';
 import { optionToString } from '@directus/utils';
-import logger from '../../logger.js';
+import { useLogger } from '../../logger.js';
 export default defineOperationApi({
     id: 'log',
     handler: ({ message }) => {
+        const logger = useLogger();
         logger.info(optionToString(message));
     },
 });

package/dist/rate-limiter.d.ts

@@ -1,4 +1,5 @@
 import type { IRateLimiterOptions, IRateLimiterStoreOptions, RateLimiterAbstract } from 'rate-limiter-flexible';
+import { RateLimiterRes } from 'rate-limiter-flexible';
 type IRateLimiterOptionsOverrides = Partial<IRateLimiterOptions> | Partial<IRateLimiterStoreOptions>;
 export declare function createRateLimiter(configPrefix?: string, configOverrides?: IRateLimiterOptionsOverrides): RateLimiterAbstract;
-export {};
+export { RateLimiterRes };

package/dist/rate-limiter.js

@@ -1,10 +1,11 @@
+import { useEnv } from '@directus/env';
 import { merge } from 'lodash-es';
-import { RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
-import env from './env.js';
+import { RateLimiterMemory, RateLimiterRedis, RateLimiterRes } from 'rate-limiter-flexible';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { createRequire } from 'node:module';
 const require = createRequire(import.meta.url);
 export function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides) {
+    const env = useEnv();
     switch (env['RATE_LIMITER_STORE']) {
         case 'redis':
             return new RateLimiterRedis(getConfig('redis', configPrefix, configOverrides));
@@ -13,10 +14,12 @@ export function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides
             return new RateLimiterMemory(getConfig('memory', configPrefix, configOverrides));
     }
 }
+export { RateLimiterRes };
 function getConfig(store = 'memory', configPrefix = 'RATE_LIMITER', overrides) {
     const config = getConfigFromEnv(`${configPrefix}_`, `${configPrefix}_${store}_`);
     if (store === 'redis') {
         const Redis = require('ioredis');
+        const env = useEnv();
         config.storeClient = new Redis(env[`REDIS`] || getConfigFromEnv(`REDIS_`));
     }
     delete config.enabled;

package/dist/redis/index.d.ts

@@ -1,2 +1,3 @@
-export { useRedis } from './use-redis.js';
-export { createRedis } from './create-redis.js';
+export { createRedis } from './lib/create-redis.js';
+export { useRedis } from './lib/use-redis.js';
+export { redisConfigAvailable } from './utils/redis-config-available.js';

package/dist/redis/index.js

@@ -1,2 +1,3 @@
-export { useRedis } from './use-redis.js';
-export { createRedis } from './create-redis.js';
+export { createRedis } from './lib/create-redis.js';
+export { useRedis } from './lib/use-redis.js';
+export { redisConfigAvailable } from './utils/redis-config-available.js';

package/dist/redis/{create-redis.js → lib/create-redis.js}

@@ -1,6 +1,6 @@
+import { useEnv } from '@directus/env';
 import { Redis } from 'ioredis';
-import { useEnv } from '../env.js';
-import { getConfigFromEnv } from '../utils/get-config-from-env.js';
+import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 /**
  * Create a new Redis instance based on the global env configuration
  *

package/dist/redis/utils/redis-config-available.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Check if Redis configuration exists in the current project's environment configuration
+ */
+export declare const redisConfigAvailable: () => boolean;

package/dist/redis/utils/redis-config-available.js

@@ -0,0 +1,8 @@
+import { useEnv } from '@directus/env';
+/**
+ * Check if Redis configuration exists in the current project's environment configuration
+ */
+export const redisConfigAvailable = () => {
+    const env = useEnv();
+    return 'REDIS' in env || Object.keys(env).some((key) => key.startsWith('REDIS_'));
+};

package/dist/request/request-interceptor.js

@@ -2,9 +2,10 @@ import axios from 'axios';
 import { lookup } from 'node:dns/promises';
 import { isIP } from 'node:net';
 import { URL } from 'node:url';
-import logger from '../logger.js';
-import { validateIP } from './validate-ip.js';
+import { useLogger } from '../logger.js';
+import { validateIp } from './validate-ip.js';
 export const requestInterceptor = async (config) => {
+    const logger = useLogger();
     const uri = axios.getUri(config);
     const { hostname } = new URL(uri);
     let ip;
@@ -13,14 +14,15 @@ export const requestInterceptor = async (config) => {
             const dns = await lookup(hostname);
             ip = dns.address;
         }
-        catch (err) {
-            logger.warn(err, `Couldn't lookup the DNS for url "${uri}"`);
+        catch (error) {
+            logger.warn(`Couldn't lookup the DNS for URL "${uri}"`);
+            logger.warn(error);
             throw new Error(`Requested URL "${uri}" resolves to a denied IP address`);
         }
     }
     else {
         ip = hostname;
     }
-    await validateIP(ip, uri);
+    validateIp(ip, uri);
     return config;
 };

package/dist/request/response-interceptor.js

@@ -1,5 +1,5 @@
-import { validateIP } from './validate-ip.js';
+import { validateIp } from './validate-ip.js';
 export const responseInterceptor = async (config) => {
-    await validateIP(config.request.socket.remoteAddress, config.request.url);
+    validateIp(config.request.socket.remoteAddress, config.request.url);
     return config;
 };

package/dist/request/validate-ip.d.ts

@@ -1 +1 @@
-export declare const validateIP: (ip: string, url: string) => Promise<void>;
+export declare function validateIp(ip: string, url: string): void;

package/dist/request/validate-ip.js

@@ -1,19 +1,35 @@
+import { useEnv } from '@directus/env';
 import os from 'node:os';
-import env from '../env.js';
-export const validateIP = async (ip, url) => {
-    if (env['IMPORT_IP_DENY_LIST'].includes(ip)) {
-        throw new Error(`Requested URL "${url}" resolves to a denied IP address`);
+import { useLogger } from '../logger.js';
+import { ipInNetworks } from '../utils/ip-in-networks.js';
+const deniedError = (url) => new Error(`Requested URL "${url}" resolves to a denied IP address`);
+export function validateIp(ip, url) {
+    const env = useEnv();
+    const logger = useLogger();
+    const ipDenyList = env['IMPORT_IP_DENY_LIST'];
+    if (ipDenyList.length === 0)
+        return;
+    let denied;
+    try {
+        denied = ipInNetworks(ip, ipDenyList);
     }
-    if (env['IMPORT_IP_DENY_LIST'].includes('0.0.0.0')) {
+    catch (error) {
+        logger.warn(`Invalid "IMPORT_IP_DENY_LIST" configuration`);
+        logger.warn(error);
+        throw deniedError(url);
+    }
+    if (denied)
+        throw deniedError(url);
+    if (ipDenyList.includes('0.0.0.0')) {
         const networkInterfaces = os.networkInterfaces();
         for (const networkInfo of Object.values(networkInterfaces)) {
             if (!networkInfo)
                 continue;
             for (const info of networkInfo) {
                 if (info.address === ip) {
-                    throw new Error(`Requested URL "${url}" resolves to a denied IP address`);
+                    throw deniedError(url);
                 }
             }
         }
     }
-};
+}

package/dist/server.js

@@ -1,3 +1,6 @@
+import { useEnv } from '@directus/env';
+import { toBoolean } from '@directus/utils';
+import { getNodeEnv } from '@directus/utils/node';
 import { createTerminus } from '@godaddy/terminus';
 import * as http from 'http';
 import * as https from 'https';
@@ -7,13 +10,14 @@ import url from 'url';
 import createApp from './app.js';
 import getDatabase from './database/index.js';
 import emitter from './emitter.js';
-import env from './env.js';
-import logger from './logger.js';
+import { useLogger } from './logger.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
-import { toBoolean } from './utils/to-boolean.js';
+import { getIPFromReq } from './utils/get-ip-from-req.js';
 import { createSubscriptionController, createWebSocketController, getSubscriptionController, getWebSocketController, } from './websocket/controllers/index.js';
 import { startWebSocketHandlers } from './websocket/handlers/index.js';
 export let SERVER_ONLINE = true;
+const env = useEnv();
+const logger = useLogger();
 export async function createServer() {
     const server = http.createServer(await createApp());
     Object.assign(server, getConfigFromEnv('SERVER_'));
@@ -57,7 +61,7 @@ export async function createServer() {
                     size: metrics.out,
                     headers: res.getHeaders(),
                 },
-                ip: req.headers['x-forwarded-for'] || req.socket?.remoteAddress,
+                ip: getIPFromReq(req),
                 duration: elapsedMilliseconds.toFixed(),
             };
             emitter.emitAction('response', info, {
@@ -86,7 +90,7 @@ export async function createServer() {
     createTerminus(server, terminusOptions);
     return server;
     async function beforeShutdown() {
-        if (env['NODE_ENV'] !== 'development') {
+        if (getNodeEnv() !== 'development') {
             logger.info('Shutting down...');
         }
         SERVER_ONLINE = false;
@@ -104,7 +108,7 @@ export async function createServer() {
             schema: null,
             accountability: null,
         });
-        if (env['NODE_ENV'] !== 'development') {
+        if (getNodeEnv() !== 'development') {
             logger.info('Directus shut down OK. Bye bye!');
         }
     }
@@ -112,7 +116,7 @@ export async function createServer() {
 export async function startServer() {
     const server = await createServer();
     const host = env['HOST'];
-    const port = env['PORT'];
+    const port = parseInt(env['PORT']);
     server
         .listen(port, host, () => {
         logger.info(`Server started at http://${host}:${port}`);

package/dist/services/activity.js

@@ -1,10 +1,9 @@
 import { Action } from '@directus/constants';
-import { isDirectusError } from '@directus/errors';
+import { useEnv } from '@directus/env';
+import { ErrorCode, isDirectusError } from '@directus/errors';
 import { uniq } from 'lodash-es';
 import validateUUID from 'uuid-validate';
-import env from '../env.js';
-import { ErrorCode } from '@directus/errors';
-import logger from '../logger.js';
+import { useLogger } from '../logger.js';
 import { getPermissions } from '../utils/get-permissions.js';
 import { Url } from '../utils/url.js';
 import { userName } from '../utils/user-name.js';
@@ -12,6 +11,8 @@ import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
 import { NotificationsService } from './notifications.js';
 import { UsersService } from './users.js';
+const env = useEnv();
+const logger = useLogger();
 export class ActivityService extends ItemsService {
     notificationsService;
     usersService;

package/dist/services/assets.d.ts

@@ -5,10 +5,12 @@ import type { Knex } from 'knex';
 import type { Readable } from 'node:stream';
 import type { AbstractServiceOptions, TransformationSet } from '../types/index.js';
 import { AuthorizationService } from './authorization.js';
+import { FilesService } from './files.js';
 export declare class AssetsService {
     knex: Knex;
     accountability: Accountability | null;
     authorizationService: AuthorizationService;
+    filesService: FilesService;
     constructor(options: AbstractServiceOptions);
     getAsset(id: string, transformation?: TransformationSet, range?: Range): Promise<{
         stream: Readable;

package/dist/services/assets.js

@@ -1,3 +1,5 @@
+import { useEnv } from '@directus/env';
+import { ForbiddenError, IllegalAssetTransformationError, RangeNotSatisfiableError, ServiceUnavailableError, } from '@directus/errors';
 import { clamp } from 'lodash-es';
 import { contentType } from 'mime-types';
 import hash from 'object-hash';
@@ -6,20 +8,23 @@ import sharp from 'sharp';
 import validateUUID from 'uuid-validate';
 import { SUPPORTED_IMAGE_TRANSFORM_FORMATS } from '../constants.js';
 import getDatabase from '../database/index.js';
-import env from '../env.js';
-import { ForbiddenError, IllegalAssetTransformationError, RangeNotSatisfiableError, ServiceUnavailableError, } from '@directus/errors';
-import logger from '../logger.js';
+import { useLogger } from '../logger.js';
 import { getStorage } from '../storage/index.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import * as TransformationUtils from '../utils/transformations.js';
 import { AuthorizationService } from './authorization.js';
+import { FilesService } from './files.js';
+const env = useEnv();
+const logger = useLogger();
 export class AssetsService {
     knex;
     accountability;
     authorizationService;
+    filesService;
     constructor(options) {
         this.knex = options.knex || getDatabase();
         this.accountability = options.accountability || null;
+        this.filesService = new FilesService({ ...options, accountability: null });
         this.authorizationService = new AuthorizationService(options);
     }
     async getAsset(id, transformation, range) {
@@ -40,9 +45,7 @@ export class AssetsService {
         if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
             await this.authorizationService.checkAccess('read', 'directus_files', id);
         }
-        const file = (await this.knex.select('*').from('directus_files').where({ id }).first());
-        if (!file)
-            throw new ForbiddenError();
+        const file = (await this.filesService.readOne(id, { limit: 1 }));
         const exists = await storage.location(file.storage).exists(file.filename_disk);
         if (!exists)
             throw new ForbiddenError();

package/dist/services/authentication.js

@@ -1,4 +1,6 @@
 import { Action } from '@directus/constants';
+import { useEnv } from '@directus/env';
+import { InvalidCredentialsError, InvalidOtpError, InvalidProviderError, ServiceUnavailableError, UserSuspendedError, } from '@directus/errors';
 import jwt from 'jsonwebtoken';
 import { clone, cloneDeep } from 'lodash-es';
 import { performance } from 'perf_hooks';
@@ -6,15 +8,13 @@ import { getAuthProvider } from '../auth.js';
 import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import env from '../env.js';
-import { InvalidCredentialsError, InvalidProviderError, UserSuspendedError } from '@directus/errors';
-import { InvalidOtpError } from '@directus/errors';
-import { createRateLimiter } from '../rate-limiter.js';
+import { RateLimiterRes, createRateLimiter } from '../rate-limiter.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stall } from '../utils/stall.js';
 import { ActivityService } from './activity.js';
 import { SettingsService } from './settings.js';
 import { TFAService } from './tfa.js';
+const env = useEnv();
 const loginAttemptsLimiter = createRateLimiter('RATE_LIMITER', { duration: 0 });
 export class AuthenticationService {
     knex;
@@ -100,11 +100,19 @@ export class AuthenticationService {
             try {
                 await loginAttemptsLimiter.consume(user.id);
             }
-            catch {
-                await this.knex('directus_users').update({ status: 'suspended' }).where({ id: user.id });
-                user.status = 'suspended';
-                // This means that new attempts after the user has been re-activated will be accepted
-                await loginAttemptsLimiter.set(user.id, 0, 0);
+            catch (error) {
+                if (error instanceof RateLimiterRes && error.remainingPoints === 0) {
+                    await this.knex('directus_users').update({ status: 'suspended' }).where({ id: user.id });
+                    user.status = 'suspended';
+                    // This means that new attempts after the user has been re-activated will be accepted
+                    await loginAttemptsLimiter.set(user.id, 0, 0);
+                }
+                else {
+                    throw new ServiceUnavailableError({
+                        service: 'authentication',
+                        reason: 'Rate limiter unreachable',
+                    });
+                }
             }
         }
         try {

package/dist/services/authorization.d.ts

@@ -13,5 +13,5 @@ export declare class AuthorizationService {
      * Checks if the provided payload matches the configured permissions, and adds the presets to the payload.
      */
     validatePayload(action: PermissionsAction, collection: string, data: Partial<Item>): Partial<Item>;
-    checkAccess(action: PermissionsAction, collection: string, pk: PrimaryKey | PrimaryKey[]): Promise<void>;
+    checkAccess(action: PermissionsAction, collection: string, pk?: PrimaryKey | PrimaryKey[]): Promise<void>;
 }

package/dist/services/authorization.js

@@ -1,9 +1,9 @@
+import { ForbiddenError } from '@directus/errors';
 import { validatePayload } from '@directus/utils';
 import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
 import { cloneDeep, flatten, isArray, isNil, merge, reduce, uniq, uniqWith } from 'lodash-es';
 import { GENERATE_SPECIAL } from '../constants.js';
 import getDatabase from '../database/index.js';
-import { ForbiddenError } from '@directus/errors';
 import { getRelationInfo } from '../utils/get-relation-info.js';
 import { stripFunction } from '../utils/strip-function.js';
 import { ItemsService } from './items.js';
@@ -430,15 +430,27 @@ export class AuthorizationService {
         };
         if (Array.isArray(pk)) {
             const result = await itemsService.readMany(pk, { ...query, limit: pk.length }, { permissionsAction: action });
-            if (!result)
+            // for the unexpected case that the result is not an array (for example due to filter hook)
+            if (!isArray(result))
                 throw new ForbiddenError();
             if (result.length !== pk.length)
                 throw new ForbiddenError();
         }
-        else {
+        else if (pk) {
             const result = await itemsService.readOne(pk, query, { permissionsAction: action });
             if (!result)
                 throw new ForbiddenError();
         }
+        else {
+            query.limit = 1;
+            const result = await itemsService.readByQuery(query, { permissionsAction: action });
+            // for the unexpected case that the result is not an array (for example due to filter hook)
+            if (!isArray(result))
+                throw new ForbiddenError();
+            // for create action, an empty array is expected - for other actions, the first item is expected to be available
+            const access = action === 'create' ? result.length === 0 : !!result[0];
+            if (!access)
+                throw new ForbiddenError();
+        }
     }
 }

package/dist/services/collections.js

@@ -1,3 +1,5 @@
+import { useEnv } from '@directus/env';
+import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
 import { createInspector } from '@directus/schema';
 import { addFieldFlag } from '@directus/utils';
 import { chunk, groupBy, merge, omit } from 'lodash-es';
@@ -7,12 +9,10 @@ import { getHelpers } from '../database/helpers/index.js';
 import getDatabase, { getSchemaInspector } from '../database/index.js';
 import { systemCollectionRows } from '../database/system-data/collections/index.js';
 import emitter from '../emitter.js';
-import env from '../env.js';
-import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
-import { FieldsService } from './fields.js';
-import { ItemsService } from './items.js';
 import { getSchema } from '../utils/get-schema.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
+import { FieldsService } from './fields.js';
+import { ItemsService } from './items.js';
 export class CollectionsService {
     knex;
     helpers;
@@ -206,6 +206,7 @@ export class CollectionsService {
      * Read all collections. Currently doesn't support any query.
      */
     async readByQuery() {
+        const env = useEnv();
         const collectionItemsService = new ItemsService('directus_collections', {
             knex: this.knex,
             schema: this.schema,

package/dist/services/extensions.d.ts

@@ -1,28 +1,34 @@
 import type { ApiOutput, ExtensionSettings } from '@directus/extensions';
-import type { SchemaInspector } from '@directus/schema';
 import type { Accountability, DeepPartial, SchemaOverview } from '@directus/types';
-import type Keyv from 'keyv';
 import type { Knex } from 'knex';
-import type { Helpers } from '../database/helpers/index.js';
 import type { ExtensionManager } from '../extensions/manager.js';
 import type { AbstractServiceOptions } from '../types/index.js';
 import { ItemsService } from './items.js';
-import { PermissionsService } from './permissions.js';
+export declare class ExtensionReadError extends Error {
+    originalError: unknown;
+    constructor(originalError: unknown);
+}
 export declare class ExtensionsService {
     knex: Knex;
-    permissionsService: PermissionsService;
-    schemaInspector: SchemaInspector;
     accountability: Accountability | null;
     schema: SchemaOverview;
     extensionsItemService: ItemsService<ExtensionSettings>;
-    systemCache: Keyv<any>;
-    helpers: Helpers;
     extensionsManager: ExtensionManager;
     constructor(options: AbstractServiceOptions);
     readAll(): Promise<ApiOutput[]>;
     readOne(bundle: string | null, name: string): Promise<ApiOutput>;
-    updateOne(bundle: string | null, name: string, data: DeepPartial<ApiOutput>): Promise<void>;
+    updateOne(bundle: string | null, name: string, data: DeepPartial<ApiOutput>): Promise<ApiOutput>;
     private getKey;
+    /**
+     * Sync a bundles enabled status
+     *  - If the extension or extensions parent is not a bundle changes are skipped
+     *  - If a bundles status is toggled, all children are set to that status
+     *  - If an entries status is toggled, then if the:
+     *    - Parent bundle is non-partial throws UnprocessableContentError
+     *    - Entry status change resulted in all children being disabled then the parent bundle is disabled
+     *    - Entry status change resulted in at least one child being enabled then the parent bundle is enabled
+     */
+    private checkBundleAndSyncStatus;
     /**
      * Combine the settings stored in the database with the information available from the installed
      * extensions into the standardized extensions api output