@directus/api 17.0.1 → 18.0.0

package/dist/services/roles.d.ts

@@ -1,13 +1,18 @@
 import type { Query } from '@directus/types';
-import type { AbstractServiceOptions, MutationOptions, PrimaryKey } from '../types/index.js';
+import type { AbstractServiceOptions, Item, MutationOptions, PrimaryKey } from '../types/index.js';
 import { ItemsService } from './items.js';
 export declare class RolesService extends ItemsService {
     constructor(options: AbstractServiceOptions);
     private checkForOtherAdminRoles;
     private checkForOtherAdminUsers;
-    updateOne(key: PrimaryKey, data: Record<string, any>, opts?: MutationOptions): Promise<PrimaryKey>;
-    updateBatch(data: Record<string, any>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
-    updateMany(keys: PrimaryKey[], data: Record<string, any>, opts?: MutationOptions): Promise<PrimaryKey[]>;
+    private isIpAccessValid;
+    private assertValidIpAccess;
+    createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    createMany(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
+    updateOne(key: PrimaryKey, data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateBatch(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
+    updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
+    updateByQuery(query: Query, data: Partial<Item>, opts?: MutationOptions | undefined): Promise<PrimaryKey[]>;
     deleteOne(key: PrimaryKey): Promise<PrimaryKey>;
     deleteMany(keys: PrimaryKey[]): Promise<PrimaryKey[]>;
     deleteByQuery(query: Query, opts?: MutationOptions): Promise<PrimaryKey[]>;

package/dist/services/roles.js

@@ -1,6 +1,7 @@
-import { ForbiddenError, UnprocessableContentError } from '@directus/errors';
+import { ForbiddenError, InvalidPayloadError, UnprocessableContentError } from '@directus/errors';
+import { getMatch } from 'ip-matching';
 import { ItemsService } from './items.js';
-import { PermissionsService } from './permissions.js';
+import { PermissionsService } from './permissions/index.js';
 import { PresetsService } from './presets.js';
 import { UsersService } from './users.js';
 export class RolesService extends ItemsService {
@@ -74,7 +75,7 @@ export class RolesService extends ItemsService {
                     .count('*', { as: 'count' })
                     .from('directus_users')
                     .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
-                    .whereNotIn('directus_users.id', usersAdded)
+                    .whereNotIn('directus_users.id', usersAdded.map((user) => user.id))
                     .andWhere({ 'directus_roles.admin_access': true, status: 'active' })
                     .first();
                 const otherAdminUsersCount = Number(otherAdminUsers?.count ?? 0);
@@ -121,7 +122,46 @@ export class RolesService extends ItemsService {
         }
         return;
     }
+    isIpAccessValid(value) {
+        if (value === undefined)
+            return false;
+        if (value === null)
+            return true;
+        if (Array.isArray(value) && value.length === 0)
+            return true;
+        for (const ip of value) {
+            if (typeof ip !== 'string' || ip.includes('*'))
+                return false;
+            try {
+                const match = getMatch(ip);
+                if (match.type == 'IPMask')
+                    return false;
+            }
+            catch {
+                return false;
+            }
+        }
+        return true;
+    }
+    assertValidIpAccess(partialItem) {
+        if ('ip_access' in partialItem && !this.isIpAccessValid(partialItem['ip_access'])) {
+            throw new InvalidPayloadError({
+                reason: 'IP Access contains an incorrect value. Valid values are: IP addresses, IP ranges and CIDR blocks',
+            });
+        }
+    }
+    async createOne(data, opts) {
+        this.assertValidIpAccess(data);
+        return super.createOne(data, opts);
+    }
+    async createMany(data, opts) {
+        for (const partialItem of data) {
+            this.assertValidIpAccess(partialItem);
+        }
+        return super.createMany(data, opts);
+    }
     async updateOne(key, data, opts) {
+        this.assertValidIpAccess(data);
         try {
             if ('users' in data) {
                 await this.checkForOtherAdminUsers(key, data['users']);
@@ -133,6 +173,9 @@ export class RolesService extends ItemsService {
         return super.updateOne(key, data, opts);
     }
     async updateBatch(data, opts) {
+        for (const partialItem of data) {
+            this.assertValidIpAccess(partialItem);
+        }
         const primaryKeyField = this.schema.collections[this.collection].primary;
         const keys = data.map((item) => item[primaryKeyField]);
         const setsToNoAdmin = data.some((item) => item['admin_access'] === false);
@@ -147,6 +190,7 @@ export class RolesService extends ItemsService {
         return super.updateBatch(data, opts);
     }
     async updateMany(keys, data, opts) {
+        this.assertValidIpAccess(data);
         try {
             if ('admin_access' in data && data['admin_access'] === false) {
                 await this.checkForOtherAdminRoles(keys);
@@ -157,6 +201,10 @@ export class RolesService extends ItemsService {
         }
         return super.updateMany(keys, data, opts);
     }
+    async updateByQuery(query, data, opts) {
+        this.assertValidIpAccess(data);
+        return super.updateByQuery(query, data, opts);
+    }
     async deleteOne(key) {
         await this.deleteMany([key]);
         return key;

package/dist/services/server.js

@@ -68,6 +68,9 @@ export class ServerService {
             else {
                 info['rateLimitGlobal'] = false;
             }
+            info['extensions'] = {
+                limit: env['EXTENSIONS_LIMIT'] ?? null,
+            };
             info['queryLimit'] = {
                 default: env['QUERY_LIMIT_DEFAULT'],
                 max: Number.isFinite(env['QUERY_LIMIT_MAX']) ? env['QUERY_LIMIT_MAX'] : -1,

package/dist/services/shares.d.ts

@@ -5,7 +5,9 @@ export declare class SharesService extends ItemsService {
     authorizationService: AuthorizationService;
     constructor(options: AbstractServiceOptions);
     createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
-    login(payload: Record<string, any>): Promise<LoginResult>;
+    login(payload: Record<string, any>, options?: Partial<{
+        session: boolean;
+    }>): Promise<Omit<LoginResult, 'id'>>;
     /**
      * Send a link to the given share ID to the given email(s). Note: you can only send a link to a share
      * if you have read access to that particular share

package/dist/services/shares.js

@@ -25,7 +25,7 @@ export class SharesService extends ItemsService {
         await this.authorizationService.checkAccess('share', data['collection'], data['item']);
         return super.createOne(data, opts);
     }
-    async login(payload) {
+    async login(payload, options) {
         const { nanoid } = await import('nanoid');
         const record = await this.knex
             .select({
@@ -70,12 +70,16 @@ export class SharesService extends ItemsService {
                 collection: record.share_collection,
             },
         };
+        const refreshToken = nanoid(64);
+        const refreshTokenExpiration = new Date(Date.now() + getMilliseconds(env['REFRESH_TOKEN_TTL'], 0));
+        if (options?.session) {
+            tokenPayload.session = refreshToken;
+        }
+        const TTL = env[options?.session ? 'SESSION_COOKIE_TTL' : 'ACCESS_TOKEN_TTL'];
         const accessToken = jwt.sign(tokenPayload, env['SECRET'], {
-            expiresIn: env['ACCESS_TOKEN_TTL'],
+            expiresIn: TTL,
             issuer: 'directus',
         });
-        const refreshToken = nanoid(64);
-        const refreshTokenExpiration = new Date(Date.now() + getMilliseconds(env['REFRESH_TOKEN_TTL'], 0));
         await this.knex('directus_sessions').insert({
             token: refreshToken,
             expires: refreshTokenExpiration,
@@ -88,7 +92,7 @@ export class SharesService extends ItemsService {
         return {
             accessToken,
             refreshToken,
-            expires: getMilliseconds(env['ACCESS_TOKEN_TTL']),
+            expires: getMilliseconds(TTL),
         };
     }
     /**

package/dist/storage/index.js

@@ -9,8 +9,9 @@ export const getStorage = async () => {
         return _cache.storage;
     const { StorageManager } = await import('@directus/storage');
     validateEnv(['STORAGE_LOCATIONS']);
-    _cache.storage = new StorageManager();
-    await registerDrivers(_cache.storage);
-    await registerLocations(_cache.storage);
-    return _cache.storage;
+    const storage = new StorageManager();
+    await registerDrivers(storage);
+    await registerLocations(storage);
+    _cache.storage = storage;
+    return storage;
 };

package/dist/types/auth.d.ts

@@ -27,6 +27,7 @@ export interface Session {
 export type DirectusTokenPayload = {
     id?: string;
     role: string | null;
+    session?: string;
     app_access: boolean | number;
     admin_access: boolean | number;
     share?: string;
@@ -47,8 +48,9 @@ export type ShareData = {
     share_password?: string;
 };
 export type LoginResult = {
-    accessToken: any;
-    refreshToken: any;
-    expires: any;
-    id?: any;
+    accessToken: string;
+    refreshToken: string;
+    expires: number;
+    id?: string;
 };
+export type AuthenticationMode = 'json' | 'cookie' | 'session';

package/dist/types/graphql.d.ts

@@ -1,3 +1,4 @@
+/// <reference types="cookie-parser" />
 import type { Request, Response } from 'express';
 import type { DocumentNode } from 'graphql';
 export interface GraphQLParams {

package/dist/utils/apply-query.js

@@ -1,12 +1,12 @@
+import { InvalidQueryError } from '@directus/errors';
 import { getFilterOperatorsForType, getOutputTypeForFunction } from '@directus/utils';
 import { clone, isPlainObject } from 'lodash-es';
 import { customAlphabet } from 'nanoid/non-secure';
-import validate from 'uuid-validate';
 import { getHelpers } from '../database/helpers/index.js';
-import { InvalidQueryError } from '@directus/errors';
 import { getColumnPath } from './get-column-path.js';
 import { getColumn } from './get-column.js';
 import { getRelationInfo } from './get-relation-info.js';
+import { isValidUuid } from './is-valid-uuid.js';
 import { stripFunction } from './strip-function.js';
 export const generateAlias = customAlphabet('abcdefghijklmnopqrstuvwxyz', 5);
 /**
@@ -548,7 +548,7 @@ export async function applySearch(schema, dbQuery, searchQuery, collection) {
                     this.orWhere({ [`${collection}.${name}`]: number });
                 }
             }
-            else if (field.type === 'uuid' && validate(searchQuery)) {
+            else if (field.type === 'uuid' && isValidUuid(searchQuery)) {
                 this.orWhere({ [`${collection}.${name}`]: searchQuery });
             }
         });

package/dist/utils/filter-items.d.ts

@@ -1,2 +1,2 @@
-import type { Query } from '@directus/types';
-export declare function filterItems(items: Record<string, any>[], filter: Query['filter']): Record<string, any>[];
+import type { Item, Query } from '@directus/types';
+export declare function filterItems<T extends Item[]>(items: T, filter: Query['filter']): T;

package/dist/utils/filter-items.js

@@ -6,9 +6,7 @@ import { generateJoi } from '@directus/utils';
 export function filterItems(items, filter) {
     if (!filter)
         return items;
-    return items.filter((item) => {
-        return passesFilter(item, filter);
-    });
+    return items.filter((item) => passesFilter(item, filter));
     function passesFilter(item, filter) {
         if (!filter || Object.keys(filter).length === 0)
             return true;

package/dist/utils/get-cache-headers.d.ts

@@ -1,3 +1,4 @@
+/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 /**
  * Returns the Cache-Control header for the current request

package/dist/utils/get-cache-key.d.ts

@@ -1,2 +1,3 @@
+/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getCacheKey(req: Request): string;

package/dist/utils/get-graphql-query-and-variables.d.ts

@@ -1,2 +1,3 @@
+/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getGraphqlQueryAndVariables(req: Request): Pick<any, "query" | "variables">;

package/dist/utils/get-ip-from-req.d.ts

@@ -1,2 +1,3 @@
+/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getIPFromReq(req: Request): string | null;

package/dist/utils/get-milliseconds.d.ts

@@ -1,4 +1,4 @@
 /**
  * Safely parse human readable time format into milliseconds
  */
-export declare function getMilliseconds<T>(value: unknown, fallback?: T): number | T;
+export declare function getMilliseconds<T = undefined>(value: unknown, fallback?: T): number | T;

package/dist/utils/get-milliseconds.js

@@ -1,5 +1,8 @@
 import ms from 'ms';
-export function getMilliseconds(value, fallback = undefined) {
+/**
+ * Safely parse human readable time format into milliseconds
+ */
+export function getMilliseconds(value, fallback) {
     if ((typeof value !== 'string' && typeof value !== 'number') || value === '') {
         return fallback;
     }

package/dist/utils/is-login-redirect-allowed.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Checks if the defined redirect after successful SSO login is in the allow list
+ */
+export declare function isLoginRedirectAllowed(redirect: unknown, provider: string): boolean;

package/dist/utils/is-login-redirect-allowed.js

@@ -0,0 +1,34 @@
+import { useEnv } from '@directus/env';
+import { toArray } from '@directus/utils';
+import isUrlAllowed from './is-url-allowed.js';
+/**
+ * Checks if the defined redirect after successful SSO login is in the allow list
+ */
+export function isLoginRedirectAllowed(redirect, provider) {
+    if (!redirect)
+        return true; // empty redirect
+    if (typeof redirect !== 'string')
+        return false; // invalid type
+    const env = useEnv();
+    const publicUrl = env['PUBLIC_URL'];
+    if (URL.canParse(redirect) === false) {
+        if (redirect.startsWith('//') === false) {
+            // should be a relative path like `/admin/test`
+            return true;
+        }
+        // domain without protocol `//example.com/test`
+        return false;
+    }
+    const { protocol: redirectProtocol, hostname: redirectDomain } = new URL(redirect);
+    const envKey = `AUTH_${provider.toUpperCase()}_REDIRECT_ALLOW_LIST`;
+    if (envKey in env) {
+        if (isUrlAllowed(redirect, [...toArray(env[envKey]), publicUrl]))
+            return true;
+    }
+    if (URL.canParse(publicUrl) === false) {
+        return false;
+    }
+    // allow redirects to the defined PUBLIC_URL
+    const { protocol: publicProtocol, hostname: publicDomain } = new URL(publicUrl);
+    return `${redirectProtocol}//${redirectDomain}` === `${publicProtocol}//${publicDomain}`;
+}

package/dist/utils/is-url-allowed.d.ts

@@ -1,4 +1,4 @@
 /**
- * Check if url matches allow list either exactly or by domain+path
+ * Check if URL matches allow list either exactly or by origin (protocol+domain+port) + pathname
  */
 export default function isUrlAllowed(url: string, allowList: string | string[]): boolean;

package/dist/utils/is-url-allowed.js

@@ -2,7 +2,7 @@ import { toArray } from '@directus/utils';
 import { URL } from 'url';
 import { useLogger } from '../logger.js';
 /**
- * Check if url matches allow list either exactly or by domain+path
+ * Check if URL matches allow list either exactly or by origin (protocol+domain+port) + pathname
  */
 export default function isUrlAllowed(url, allowList) {
     const logger = useLogger();
@@ -12,8 +12,8 @@ export default function isUrlAllowed(url, allowList) {
     const parsedWhitelist = urlAllowList
         .map((allowedURL) => {
         try {
-            const { hostname, pathname } = new URL(allowedURL);
-            return hostname + pathname;
+            const { origin, pathname } = new URL(allowedURL);
+            return origin + pathname;
         }
         catch {
             logger.warn(`Invalid URL used "${url}"`);
@@ -22,8 +22,8 @@ export default function isUrlAllowed(url, allowList) {
     })
         .filter((f) => f);
     try {
-        const { hostname, pathname } = new URL(url);
-        return parsedWhitelist.includes(hostname + pathname);
+        const { origin, pathname } = new URL(url);
+        return parsedWhitelist.includes(origin + pathname);
     }
     catch {
         return false;

package/dist/utils/is-valid-uuid.d.ts

@@ -0,0 +1,3 @@
+type UUID = `${string}-${string}-${string}-${string}-${string}`;
+export declare function isValidUuid(value: string): value is UUID;
+export {};

package/dist/utils/is-valid-uuid.js

@@ -0,0 +1,21 @@
+/**
+ * Based on the patterns found in the 'uuid' and 'uuid-validate' npm packages, both of which are MIT licensed.
+ *
+ * The primary difference between this pattern and the patterns found in the referenced packages is that
+ * no validation over the version component (the 14th character) is performed, while the
+ * packages fail if the version is not a known one (only versions 1 through 5 are accepted).
+ *
+ * This specification complies with all major database vendors.
+ *
+ * e22f209d-9e85-4ef5-b1fe-7dc09d2b67cf
+ *               ^ version
+ *
+ * @see https://datatracker.ietf.org/doc/html/rfc4122
+ * @see https://github.com/uuidjs/uuid/blob/bc46e198ab06311a9d82d3c9c6222062dd27f760/src/regex.js
+ * @see https://github.com/microsoft/uuid-validate/blob/06554db1b093aa6bb429156fa8964e1cde2b750c/index.js
+ * @see https://github.com/directus/directus/issues/21573
+ */
+const regex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+export function isValidUuid(value) {
+    return regex.test(value);
+}

package/dist/utils/jwt.d.ts

@@ -1,3 +1,3 @@
 import type { DirectusTokenPayload } from '../types/index.js';
-export declare function verifyJWT(token: string, secret: string): Record<string, any>;
+export declare function verifyJWT(token: string, secret: string): Record<string, unknown>;
 export declare function verifyAccessJWT(token: string, secret: string): DirectusTokenPayload;

package/dist/utils/jwt.js

@@ -21,9 +21,9 @@ export function verifyJWT(token, secret) {
     return payload;
 }
 export function verifyAccessJWT(token, secret) {
-    const { id, role, app_access, admin_access, share, share_scope } = verifyJWT(token, secret);
-    if (role === undefined || app_access === undefined || admin_access === undefined) {
+    const payload = verifyJWT(token, secret);
+    if (payload.role === undefined || payload.app_access === undefined || payload.admin_access === undefined) {
         throw new InvalidTokenError();
     }
-    return { id, role, app_access, admin_access, share, share_scope };
+    return payload;
 }

package/dist/utils/merge-version-data.d.ts

@@ -0,0 +1,3 @@
+import type { Item, SchemaOverview } from '@directus/types';
+export declare function mergeVersionsRaw(item: Item, versionData: Partial<Item>[]): Item;
+export declare function mergeVersionsRecursive(item: Item, versionData: Item[], collection: string, schema: SchemaOverview): Item;

package/dist/utils/merge-version-data.js

@@ -0,0 +1,134 @@
+import Joi from 'joi';
+import { isObject } from '@directus/utils';
+import { cloneDeep } from 'lodash-es';
+const alterationSchema = Joi.object({
+    create: Joi.array().items(Joi.object().unknown()),
+    update: Joi.array().items(Joi.object().unknown()),
+    delete: Joi.array().items(Joi.string(), Joi.number()),
+});
+export function mergeVersionsRaw(item, versionData) {
+    const result = cloneDeep(item);
+    for (const versionRecord of versionData) {
+        for (const key of Object.keys(versionRecord)) {
+            result[key] = versionRecord[key];
+        }
+    }
+    return result;
+}
+export function mergeVersionsRecursive(item, versionData, collection, schema) {
+    if (versionData.length === 0)
+        return item;
+    return recursiveMerging(item, versionData, collection, schema);
+}
+function recursiveMerging(data, versionData, collection, schema) {
+    const result = cloneDeep(data);
+    const relations = getRelations(collection, schema);
+    for (const versionRecord of versionData) {
+        if (!isObject(versionRecord)) {
+            continue;
+        }
+        for (const key of Object.keys(data)) {
+            if (key in versionRecord === false) {
+                continue;
+            }
+            const currentValue = data[key];
+            const newValue = versionRecord[key];
+            if (typeof newValue !== 'object' || newValue === null) {
+                // primitive type substitution, json and non relational array values are handled in the next check
+                result[key] = newValue;
+                continue;
+            }
+            if (key in relations === false) {
+                // check for m2a exception
+                if (isManyToAnyCollection(collection, schema) && key === 'item') {
+                    const item = addMissingKeys(isObject(currentValue) ? currentValue : {}, newValue);
+                    result[key] = recursiveMerging(item, [newValue], data['collection'], schema);
+                }
+                else {
+                    // item is not a relation
+                    result[key] = newValue;
+                }
+                continue;
+            }
+            const { error } = alterationSchema.validate(newValue);
+            if (error) {
+                if (typeof newValue === 'object' && key in relations) {
+                    const newItem = !currentValue || typeof currentValue !== 'object' ? newValue : currentValue;
+                    result[key] = recursiveMerging(newItem, [newValue], relations[key], schema);
+                }
+                continue;
+            }
+            const alterations = newValue;
+            const currentPrimaryKeyField = schema.collections[collection].primary;
+            const relatedPrimaryKeyField = schema.collections[relations[key]].primary;
+            const mergedRelation = [];
+            if (Array.isArray(currentValue)) {
+                if (alterations.delete.length > 0) {
+                    for (const currentItem of currentValue) {
+                        const currentId = typeof currentItem === 'object' ? currentItem[currentPrimaryKeyField] : currentItem;
+                        if (alterations.delete.includes(currentId) === false) {
+                            mergedRelation.push(currentItem);
+                        }
+                    }
+                }
+                else {
+                    mergedRelation.push(...currentValue);
+                }
+                if (alterations.update.length > 0) {
+                    for (const updatedItem of alterations.update) {
+                        // find existing item to update
+                        const itemIndex = mergedRelation.findIndex((currentItem) => currentItem[relatedPrimaryKeyField] === updatedItem[currentPrimaryKeyField]);
+                        if (itemIndex === -1) {
+                            // check for raw primary keys
+                            const pkIndex = mergedRelation.findIndex((currentItem) => currentItem === updatedItem[currentPrimaryKeyField]);
+                            if (pkIndex === -1) {
+                                // nothing to update so add the item as is
+                                mergedRelation.push(updatedItem);
+                            }
+                            else {
+                                mergedRelation[pkIndex] = updatedItem;
+                            }
+                            continue;
+                        }
+                        const item = addMissingKeys(mergedRelation[itemIndex], updatedItem);
+                        mergedRelation[itemIndex] = recursiveMerging(item, [updatedItem], relations[key], schema);
+                    }
+                }
+            }
+            if (alterations.create.length > 0) {
+                for (const createdItem of alterations.create) {
+                    const item = addMissingKeys({}, createdItem);
+                    mergedRelation.push(recursiveMerging(item, [createdItem], relations[key], schema));
+                }
+            }
+            result[key] = mergedRelation;
+        }
+    }
+    return result;
+}
+function addMissingKeys(item, edits) {
+    const result = { ...item };
+    for (const key of Object.keys(edits)) {
+        if (key in item === false) {
+            result[key] = null;
+        }
+    }
+    return result;
+}
+function isManyToAnyCollection(collection, schema) {
+    const relation = schema.relations.find((relation) => relation.collection === collection && relation.meta?.many_collection === collection);
+    if (!relation || !relation.meta?.one_field || !relation.related_collection)
+        return false;
+    return Boolean(schema.collections[relation.related_collection]?.fields[relation.meta.one_field]?.special.includes('m2a'));
+}
+function getRelations(collection, schema) {
+    return schema.relations.reduce((result, relation) => {
+        if (relation.related_collection === collection && relation.meta?.one_field) {
+            result[relation.meta.one_field] = relation.collection;
+        }
+        if (relation.collection === collection && relation.related_collection) {
+            result[relation.field] = relation.related_collection;
+        }
+        return result;
+    }, {});
+}

package/dist/utils/sanitize-query.js

@@ -48,6 +48,8 @@ export function sanitizeQuery(rawQuery, accountability) {
     }
     if (rawQuery['version']) {
         query.version = rawQuery['version'];
+        // whether or not to merge the relational results
+        query.versionRaw = Boolean('versionRaw' in rawQuery && (rawQuery['versionRaw'] === '' || rawQuery['versionRaw'] === 'true'));
     }
     if (rawQuery['export']) {
         query.export = rawQuery['export'];

package/dist/utils/should-skip-cache.d.ts

@@ -1,3 +1,4 @@
+/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 /**
  * Whether to skip caching for the current request

package/dist/utils/validate-keys.js

@@ -1,5 +1,5 @@
 import { ForbiddenError } from '@directus/errors';
-import validateUUID from 'uuid-validate';
+import { isValidUuid } from './is-valid-uuid.js';
 /**
  * Validate keys based on its type
  */
@@ -11,7 +11,7 @@ export function validateKeys(schema, collection, keyField, keys) {
     }
     else {
         const primaryKeyFieldType = schema.collections[collection]?.fields[keyField]?.type;
-        if (primaryKeyFieldType === 'uuid' && !validateUUID(String(keys))) {
+        if (primaryKeyFieldType === 'uuid' && !isValidUuid(String(keys))) {
             throw new ForbiddenError();
         }
         else if (primaryKeyFieldType === 'integer' && !Number.isInteger(Number(keys))) {

package/dist/utils/validate-query.js

@@ -22,6 +22,7 @@ const querySchema = Joi.object({
     search: Joi.string(),
     export: Joi.string().valid('csv', 'json', 'xml', 'yaml'),
     version: Joi.string(),
+    versionRaw: Joi.boolean(),
     aggregate: Joi.object(),
     deep: Joi.object(),
     alias: Joi.object(),

package/dist/websocket/controllers/base.js

@@ -1,8 +1,8 @@
 import { useEnv } from '@directus/env';
 import { InvalidProviderConfigError, TokenExpiredError } from '@directus/errors';
 import { parseJSON, toBoolean } from '@directus/utils';
+import { randomUUID } from 'node:crypto';
 import { parse } from 'url';
-import { v4 as uuid } from 'uuid';
 import WebSocket, { WebSocketServer } from 'ws';
 import { fromZodError } from 'zod-validation-error';
 import emitter from '../../emitter.js';
@@ -157,7 +157,7 @@ export default class SocketController {
         const client = ws;
         client.accountability = accountability;
         client.expires_at = expires_at;
-        client.uid = uuid();
+        client.uid = randomUUID();
         client.auth_timer = null;
         ws.on('message', async (data) => {
             if (this.rateLimiter !== null) {

package/dist/websocket/controllers/hooks.js

@@ -130,7 +130,7 @@ function registerSortHooks() {
  */
 function registerAction(event, transform) {
     const messenger = useBus();
-    emitter.onAction(event, async (data) => {
+    emitter.onAction(event, (data) => {
         // push the event through the Redis pub/sub
         messenger.publish('websocket.event', transform(data));
     });