@directus/api 17.1.0 → 18.0.0

package/dist/controllers/extensions.js

@@ -1,6 +1,10 @@
 import { useEnv } from '@directus/env';
 import { ErrorCode, ForbiddenError, RouteNotFoundError, isDirectusError } from '@directus/errors';
+import { EXTENSION_TYPES } from '@directus/extensions';
+import { account, describe, list, } from '@directus/extensions-registry';
+import { isIn } from '@directus/utils';
 import express from 'express';
+import { UUID_REGEX } from '../constants.js';
 import { getExtensionManager } from '../extensions/index.js';
 import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
@@ -20,18 +24,96 @@ router.get('/', asyncHandler(async (req, res, next) => {
     res.locals['payload'] = { data: extensions || null };
     return next();
 }), respond);
-router.patch('/:bundleOrName/:name?', asyncHandler(async (req, res, next) => {
+router.get('/registry', asyncHandler(async (req, res, next) => {
+    if (req.accountability && req.accountability.admin !== true) {
+        throw new ForbiddenError();
+    }
+    const { search, limit, offset, type, by, sort } = req.query;
+    const query = {};
+    if (typeof search === 'string') {
+        query.search = search;
+    }
+    if (typeof limit === 'string') {
+        query.limit = Number(limit);
+    }
+    if (typeof offset === 'string') {
+        query.offset = Number(offset);
+    }
+    if (typeof by === 'string') {
+        query.by = by;
+    }
+    if (typeof sort === 'string' && isIn(sort, ['popular', 'recent', 'downloads'])) {
+        query.sort = sort;
+    }
+    if (typeof type === 'string') {
+        if (isIn(type, EXTENSION_TYPES) === false) {
+            throw new ForbiddenError();
+        }
+        query.type = type;
+    }
+    if (env['MARKETPLACE_TRUST'] === 'sandbox') {
+        query.sandbox = true;
+    }
+    const options = {};
+    if (env['MARKETPLACE_REGISTRY'] && typeof env['MARKETPLACE_REGISTRY'] === 'string') {
+        options.registry = env['MARKETPLACE_REGISTRY'];
+    }
+    const payload = await list(query, options);
+    res.locals['payload'] = payload;
+    return next();
+}), respond);
+router.get(`/registry/account/:pk(${UUID_REGEX})`, asyncHandler(async (req, res, next) => {
+    if (typeof req.params['pk'] !== 'string') {
+        throw new ForbiddenError();
+    }
+    const options = {};
+    if (env['MARKETPLACE_REGISTRY'] && typeof env['MARKETPLACE_REGISTRY'] === 'string') {
+        options.registry = env['MARKETPLACE_REGISTRY'];
+    }
+    const payload = await account(req.params['pk'], options);
+    res.locals['payload'] = payload;
+    return next();
+}), respond);
+router.get(`/registry/extension/:pk(${UUID_REGEX})`, asyncHandler(async (req, res, next) => {
+    if (typeof req.params['pk'] !== 'string') {
+        throw new ForbiddenError();
+    }
+    const options = {};
+    if (env['MARKETPLACE_REGISTRY'] && typeof env['MARKETPLACE_REGISTRY'] === 'string') {
+        options.registry = env['MARKETPLACE_REGISTRY'];
+    }
+    const payload = await describe(req.params['pk'], options);
+    res.locals['payload'] = payload;
+    return next();
+}), respond);
+router.post('/registry/install', asyncHandler(async (req, _res, next) => {
+    if (req.accountability && req.accountability.admin !== true) {
+        throw new ForbiddenError();
+    }
+    const { version, extension } = req.body;
+    if (!version || !extension) {
+        throw new ForbiddenError();
+    }
     const service = new ExtensionsService({
         accountability: req.accountability,
         schema: req.schema,
     });
-    const bundle = req.params['name'] ? req.params['bundleOrName'] : null;
-    const name = req.params['name'] ? req.params['name'] : req.params['bundleOrName'];
-    if (bundle === undefined || !name) {
+    await service.install(extension, version);
+    return next();
+}), respond);
+router.patch(`/:pk(${UUID_REGEX})`, asyncHandler(async (req, res, next) => {
+    if (req.accountability && req.accountability.admin !== true) {
         throw new ForbiddenError();
     }
+    if (typeof req.params['pk'] !== 'string') {
+        throw new ForbiddenError();
+    }
+    const service = new ExtensionsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
     try {
-        const result = await service.updateOne(bundle, name, req.body);
+        const result = await service.updateOne(req.params['pk'], req.body);
         res.locals['payload'] = { data: result || null };
     }
     catch (error) {
@@ -46,6 +128,21 @@ router.patch('/:bundleOrName/:name?', asyncHandler(async (req, res, next) => {
     }
     return next();
 }), respond);
+router.delete(`/:pk(${UUID_REGEX})`, asyncHandler(async (req, _res, next) => {
+    if (req.accountability && req.accountability.admin !== true) {
+        throw new ForbiddenError();
+    }
+    const service = new ExtensionsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const pk = req.params['pk'];
+    if (typeof pk !== 'string') {
+        throw new ForbiddenError();
+    }
+    await service.deleteOne(pk);
+    return next();
+}), respond);
 router.get('/sources/:chunk', asyncHandler(async (req, res) => {
     const chunk = req.params['chunk'];
     const extensionManager = getExtensionManager();

package/dist/controllers/items.js

@@ -4,6 +4,7 @@ import { ErrorCode, ForbiddenError, RouteNotFoundError } from '@directus/errors'
 import collectionExists from '../middleware/collection-exists.js';
 import { respond } from '../middleware/respond.js';
 import { validateBatch } from '../middleware/validate-batch.js';
+import { mergeContentVersions } from '../middleware/merge-content-versions.js';
 import { ItemsService } from '../services/items.js';
 import { MetaService } from '../services/meta.js';
 import asyncHandler from '../utils/async-handler.js';
@@ -76,7 +77,7 @@ const readHandler = asyncHandler(async (req, res, next) => {
     return next();
 });
 router.search('/:collection', collectionExists, validateBatch('read'), readHandler, respond);
-router.get('/:collection', collectionExists, readHandler, respond);
+router.get('/:collection', collectionExists, readHandler, mergeContentVersions, respond);
 router.get('/:collection/:pk', collectionExists, asyncHandler(async (req, res, next) => {
     if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
@@ -89,7 +90,7 @@ router.get('/:collection/:pk', collectionExists, asyncHandler(async (req, res, n
         data: result || null,
     };
     return next();
-}), respond);
+}), mergeContentVersions, respond);
 router.patch('/:collection', collectionExists, validateBatch('update'), asyncHandler(async (req, res, next) => {
     if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();

package/dist/controllers/permissions.js

@@ -4,7 +4,7 @@ import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
 import { validateBatch } from '../middleware/validate-batch.js';
 import { MetaService } from '../services/meta.js';
-import { PermissionsService } from '../services/permissions.js';
+import { PermissionsService } from '../services/permissions/index.js';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
 const router = express.Router();

package/dist/controllers/shares.js

@@ -2,7 +2,7 @@ import { useEnv } from '@directus/env';
 import { ErrorCode, InvalidPayloadError, isDirectusError } from '@directus/errors';
 import express from 'express';
 import Joi from 'joi';
-import { COOKIE_OPTIONS, UUID_REGEX } from '../constants.js';
+import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS, UUID_REGEX } from '../constants.js';
 import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
 import { validateBatch } from '../middleware/validate-batch.js';
@@ -15,6 +15,7 @@ router.use(useCollection('directus_shares'));
 const sharedLoginSchema = Joi.object({
     share: Joi.string().required(),
     password: Joi.string(),
+    mode: Joi.string().valid('cookie', 'json', 'session').optional(),
 }).unknown();
 router.post('/auth', asyncHandler(async (req, res, next) => {
     // This doesn't use accountability, as the user isn't logged in at this point
@@ -25,9 +26,23 @@ router.post('/auth', asyncHandler(async (req, res, next) => {
     if (error) {
         throw new InvalidPayloadError({ reason: error.message });
     }
-    const { accessToken, refreshToken, expires } = await service.login(req.body);
-    res.cookie(env['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, COOKIE_OPTIONS);
-    res.locals['payload'] = { data: { access_token: accessToken, expires } };
+    const mode = req.body.mode ?? 'json';
+    const { accessToken, refreshToken, expires } = await service.login(req.body, {
+        session: mode === 'session',
+    });
+    const payload = { expires };
+    if (mode === 'json') {
+        payload.refresh_token = refreshToken;
+        payload.access_token = accessToken;
+    }
+    if (mode === 'cookie') {
+        res.cookie(env['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, REFRESH_COOKIE_OPTIONS);
+        payload.access_token = accessToken;
+    }
+    if (mode === 'session') {
+        res.cookie(env['SESSION_COOKIE_NAME'], accessToken, SESSION_COOKIE_OPTIONS);
+    }
+    res.locals['payload'] = { data: payload };
     return next();
 }), respond);
 const sharedInviteSchema = Joi.object({

package/dist/database/migrations/20220429A-add-flows.js

@@ -1,5 +1,5 @@
 import { parseJSON, toArray } from '@directus/utils';
-import { v4 as uuid } from 'uuid';
+import { randomUUID } from 'node:crypto';
 export async function up(knex) {
     await knex.schema.createTable('directus_flows', (table) => {
         table.uuid('id').primary().notNullable();
@@ -33,7 +33,7 @@ export async function up(knex) {
     const flows = [];
     const operations = [];
     for (const webhook of webhooks) {
-        const flowID = uuid();
+        const flowID = randomUUID();
         flows.push({
             id: flowID,
             name: webhook.name,
@@ -47,7 +47,7 @@ export async function up(knex) {
             }),
         });
         operations.push({
-            id: uuid(),
+            id: randomUUID(),
             name: 'Request',
             key: 'request',
             type: 'request',

package/dist/database/migrations/20230526A-migrate-translation-strings.js

@@ -1,11 +1,11 @@
 import { set } from 'lodash-es';
-import { v4 as uuid } from 'uuid';
+import { randomUUID } from 'node:crypto';
 function transformStringsNewFormat(oldStrings) {
     return oldStrings.reduce((result, item) => {
         if (!item.key || !item.translations)
             return result;
         for (const [language, value] of Object.entries(item.translations)) {
-            result.push({ id: uuid(), key: item.key, language, value });
+            result.push({ id: randomUUID(), key: item.key, language, value });
         }
         return result;
     }, []);

package/dist/database/migrations/20240204A-marketplace.d.ts

@@ -0,0 +1,3 @@
+import type { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20240204A-marketplace.js

@@ -0,0 +1,68 @@
+import { resolvePackage } from '@directus/utils/node';
+import { randomUUID } from 'node:crypto';
+import { dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+export async function up(knex) {
+    await knex.schema.alterTable('directus_extensions', (table) => {
+        table.uuid('id').nullable();
+        table.string('source', 255);
+        table.uuid('bundle');
+    });
+    const installedExtensions = await knex.select('name').from('directus_extensions');
+    // name: id
+    const idMap = new Map();
+    for (const { name } of installedExtensions) {
+        // Delete extension meta status that used the legacy `${name}:${type}` name syntax for
+        // extension-folder scoped extensions
+        if (name.includes(':')) {
+            await knex('directus_extensions').delete().where({ name });
+        }
+        else {
+            const id = randomUUID();
+            let source;
+            try {
+                // The NPM package name is the name used in the database. If we can resolve the
+                // extension as a node module it's safe to assume it's a npm-module source
+                resolvePackage(name, __dirname);
+                source = 'module';
+            }
+            catch {
+                source = 'local';
+            }
+            await knex('directus_extensions').update({ id, source }).where({ name });
+            idMap.set(name, id);
+        }
+    }
+    for (const { name } of installedExtensions) {
+        if (!name.includes('/'))
+            continue;
+        const splittedName = name.split('/');
+        const isScopedModuleBundleParent = name.startsWith('@') && splittedName.length == 2;
+        if (isScopedModuleBundleParent)
+            continue;
+        const isScopedModuleBundleChild = name.startsWith('@') && splittedName.length > 2;
+        const bundleParentName = isScopedModuleBundleParent || isScopedModuleBundleChild ? splittedName.slice(0, 2).join('/') : splittedName[0];
+        const bundleParentId = idMap.get(bundleParentName);
+        if (!bundleParentId)
+            continue;
+        await knex('directus_extensions')
+            .update({ bundle: bundleParentId, name: name.substring(bundleParentName.length + 1) })
+            .where({ name });
+    }
+    await knex.schema.alterTable('directus_extensions', (table) => {
+        table.dropPrimary();
+        table.uuid('id').alter().primary().notNullable();
+        table.string('source', 255).alter().notNullable().defaultTo('local');
+        table.renameColumn('name', 'folder');
+    });
+}
+export async function down(knex) {
+    await knex.schema.alterTable('directus_extensions', (table) => {
+        table.dropColumns('id', 'source', 'bundle');
+        table.renameColumn('folder', 'name');
+    });
+    await knex.schema.alterTable('directus_extensions', (table) => {
+        table.string('name', 255).primary().alter();
+    });
+}

package/dist/database/migrations/run.js

@@ -1,3 +1,4 @@
+import { useEnv } from '@directus/env';
 import formatTitle from '@directus/format-title';
 import fse from 'fs-extra';
 import { orderBy } from 'lodash-es';
@@ -5,14 +6,14 @@ import { dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import path from 'path';
 import { flushCaches } from '../../cache.js';
-import { getExtensionsPath } from '../../extensions/lib/get-extensions-path.js';
 import { useLogger } from '../../logger.js';
 import getModuleDefault from '../../utils/get-module-default.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 export default async function run(database, direction, log = true) {
+    const env = useEnv();
     const logger = useLogger();
     let migrationFiles = await fse.readdir(__dirname);
-    const customMigrationsPath = path.resolve(getExtensionsPath(), 'migrations');
+    const customMigrationsPath = path.resolve(env['MIGRATIONS_PATH']);
     let customMigrationFiles = ((await fse.pathExists(customMigrationsPath)) && (await fse.readdir(customMigrationsPath))) || [];
     migrationFiles = migrationFiles.filter((file) => /^[0-9]+[A-Z]-[^.]+\.(?:js|ts)$/.test(file));
     customMigrationFiles = customMigrationFiles.filter((file) => file.includes('-') && /\.(c|m)?js$/.test(file));

package/dist/extensions/lib/get-extensions-settings.d.ts

@@ -1,7 +1,11 @@
-import type { Extension } from '@directus/extensions';
+import type { Extension, ExtensionSettings } from '@directus/extensions';
 /**
  * Loads stored settings for all extensions. Creates empty new rows in extensions tables for
  * extensions that don't have settings yet, and remove any settings for extensions that are no
  * longer installed.
  */
-export declare const getExtensionsSettings: (extensions: Extension[]) => Promise<import("@directus/extensions").ExtensionSettings[]>;
+export declare const getExtensionsSettings: ({ local, module, registry, }: {
+    local: Map<string, Extension>;
+    module: Map<string, Extension>;
+    registry: Map<string, Extension>;
+}) => Promise<ExtensionSettings[]>;

package/dist/extensions/lib/get-extensions-settings.js

@@ -1,4 +1,4 @@
-import { difference } from 'lodash-es';
+import { randomUUID } from 'node:crypto';
 import getDatabase from '../../database/index.js';
 import { ExtensionsService } from '../../services/extensions.js';
 import { getSchema } from '../../utils/get-schema.js';
@@ -7,33 +7,81 @@ import { getSchema } from '../../utils/get-schema.js';
  * extensions that don't have settings yet, and remove any settings for extensions that are no
  * longer installed.
  */
-export const getExtensionsSettings = async (extensions) => {
+export const getExtensionsSettings = async ({ local, module, registry, }) => {
     const database = getDatabase();
     const service = new ExtensionsService({
         knex: database,
         schema: await getSchema(),
     });
-    const settings = await service.extensionsItemService.readByQuery({ limit: -1 });
-    const extensionNames = extensions
-        .map((extension) => {
+    const existingSettings = await service.extensionsItemService.readByQuery({ limit: -1 });
+    const newSettings = [];
+    const localSettings = existingSettings.filter(({ source }) => source === 'local');
+    const registrySettings = existingSettings.filter(({ source }) => source === 'registry');
+    const moduleSettings = existingSettings.filter(({ source }) => source === 'module');
+    const generateSettingsEntry = (folder, extension, source) => {
         if (extension.type === 'bundle') {
-            return [extension.name, ...extension.entries.map((entry) => `${extension.name}/${entry.name}`)];
+            const bundleId = randomUUID();
+            newSettings.push({
+                id: bundleId,
+                enabled: true,
+                source: source,
+                bundle: null,
+                folder: folder,
+            });
+            for (const entry of extension.entries) {
+                newSettings.push({
+                    id: randomUUID(),
+                    enabled: true,
+                    source: source,
+                    bundle: bundleId,
+                    folder: entry.name,
+                });
+            }
         }
-        return extension.name;
-    })
-        .flat();
-    const extensionSettingNames = settings.map(({ name }) => name);
-    const missing = difference(extensionNames, extensionSettingNames);
-    if (missing.length > 0) {
-        const missingRows = missing.map((name) => ({ name, enabled: true }));
-        await database.insert(missingRows).into('directus_extensions');
-        settings.push(...missingRows);
+        else {
+            newSettings.push({
+                id: randomUUID(),
+                enabled: true,
+                source: source,
+                bundle: null,
+                folder: folder,
+            });
+        }
+    };
+    for (const [folder, extension] of local.entries()) {
+        const settingsExist = localSettings.some((settings) => settings.folder === folder);
+        if (settingsExist)
+            continue;
+        const settingsForName = localSettings.find((settings) => settings.folder === extension.name);
+        /*
+         * TODO: Consider removing this in follow-up versions after v10.10.0
+         *
+         * Previously, the package name (from package.json) was used to identify
+         * local extensions - now it's the folder name.
+         * If those two are different, we need to check for existing settings
+         * with the package name, too. On a match and if there's no other local extension
+         * with such a folder name, these settings can be taken over with the folder updated.
+         */
+        if (settingsForName && !local.has(extension.name)) {
+            await service.extensionsItemService.updateOne(settingsForName.id, { folder });
+            continue;
+        }
+        if (!settingsExist)
+            generateSettingsEntry(folder, extension, 'local');
+    }
+    for (const [folder, extension] of module.entries()) {
+        const settingsExist = moduleSettings.some((settings) => settings.folder === folder);
+        if (!settingsExist)
+            generateSettingsEntry(folder, extension, 'module');
+    }
+    for (const [folder, extension] of registry.entries()) {
+        const settingsExist = registrySettings.some((settings) => settings.folder === folder);
+        if (!settingsExist)
+            generateSettingsEntry(folder, extension, 'registry');
+    }
+    if (newSettings.length > 0) {
+        await database.insert(newSettings).into('directus_extensions');
     }
-    /**
-     * Silently ignore settings for extensions that have been manually removed from the extensions
-     * folder. Having them automatically synced feels dangerous, as it's a destructive action. In the
-     * edge case you'd deploy / start with the extensions folder misconfigured, it would remove all
-     * previous options on startup, without an option to undo.
-     */
-    return settings.filter(({ name }) => extensionNames.includes(name));
+    const settings = [...existingSettings, ...newSettings];
+    return settings;
 };

package/dist/extensions/lib/get-extensions.d.ts

@@ -1 +1,5 @@
-export declare const getExtensions: () => Promise<any[]>;
+export declare const getExtensions: () => Promise<{
+    local: Map<string, import("@directus/extensions/node").Extension>;
+    registry: Map<string, import("@directus/extensions/node").Extension>;
+    module: Map<string, import("@directus/extensions/node").Extension>;
+}>;

package/dist/extensions/lib/get-extensions.js

@@ -1,36 +1,12 @@
 import { useEnv } from '@directus/env';
-import { getLocalExtensions, getPackageExtensions, resolvePackageExtensions } from '@directus/extensions/node';
-import { useLogger } from '../../logger.js';
+import { resolveFsExtensions, resolveModuleExtensions } from '@directus/extensions/node';
+import { join } from 'node:path';
 import { getExtensionsPath } from './get-extensions-path.js';
 export const getExtensions = async () => {
     const env = useEnv();
-    const logger = useLogger();
-    const loadedExtensions = new Map();
-    const duplicateExtensions = [];
-    const filterDuplicates = (extension) => {
-        const isExistingExtension = loadedExtensions.has(extension.name);
-        if (isExistingExtension) {
-            duplicateExtensions.push(extension.name);
-            return;
-        }
-        if (extension.type === 'bundle') {
-            const bundleEntryNames = new Set();
-            for (const entry of extension.entries) {
-                if (bundleEntryNames.has(entry.name)) {
-                    // Do not load entire bundle if it has duplicated entries
-                    duplicateExtensions.push(extension.name);
-                    return;
-                }
-                bundleEntryNames.add(entry.name);
-            }
-        }
-        loadedExtensions.set(extension.name, extension);
-    };
-    (await getLocalExtensions(getExtensionsPath())).forEach(filterDuplicates);
-    (await resolvePackageExtensions(getExtensionsPath())).forEach(filterDuplicates);
-    (await getPackageExtensions(env['PACKAGE_FILE_LOCATION'])).forEach(filterDuplicates);
-    if (duplicateExtensions.length > 0) {
-        logger.warn(`Failed to load the following extensions because they have/contain duplicate names: ${duplicateExtensions.join(', ')}`);
-    }
-    return Array.from(loadedExtensions.values());
+    const localExtensions = await resolveFsExtensions(getExtensionsPath());
+    const registryExtensions = await resolveFsExtensions(join(getExtensionsPath(), '.registry'));
+    /** Extensions that are listed as dependencies in the root package.json */
+    const moduleExtensions = await resolveModuleExtensions(env['PACKAGE_FILE_LOCATION']);
+    return { local: localExtensions, registry: registryExtensions, module: moduleExtensions };
 };

package/dist/extensions/lib/installation/index.d.ts

@@ -0,0 +1,2 @@
+import { InstallationManager } from './manager.js';
+export declare function getInstallationManager(): InstallationManager;

package/dist/extensions/lib/installation/index.js

@@ -0,0 +1,9 @@
+import { InstallationManager } from './manager.js';
+let manager;
+export function getInstallationManager() {
+    if (manager) {
+        return manager;
+    }
+    manager = new InstallationManager();
+    return manager;
+}

package/dist/extensions/lib/installation/manager.d.ts

@@ -0,0 +1,5 @@
+export declare class InstallationManager {
+    extensionPath: string;
+    install(versionId: string): Promise<void>;
+    uninstall(folder: string): Promise<void>;
+}

package/dist/extensions/lib/installation/manager.js

@@ -0,0 +1,90 @@
+import { useEnv } from '@directus/env';
+import { ServiceUnavailableError } from '@directus/errors';
+import { EXTENSION_PKG_KEY, ExtensionManifest } from '@directus/extensions';
+import { download } from '@directus/extensions-registry';
+import DriverLocal from '@directus/storage-driver-local';
+import { move, remove } from 'fs-extra';
+import { mkdir, readFile, rm } from 'node:fs/promises';
+import { Readable } from 'node:stream';
+import Queue from 'p-queue';
+import { join } from 'path';
+import tar from 'tar';
+import { useLogger } from '../../../logger.js';
+import { getStorage } from '../../../storage/index.js';
+import { getExtensionsPath } from '../get-extensions-path.js';
+const env = useEnv();
+export class InstallationManager {
+    extensionPath = getExtensionsPath();
+    async install(versionId) {
+        const logger = useLogger();
+        const tempDir = join(env['TEMP_PATH'], 'marketplace', versionId);
+        const tmpStorage = new DriverLocal({ root: tempDir });
+        try {
+            await mkdir(tempDir, { recursive: true });
+            const options = {};
+            if (env['MARKETPLACE_REGISTRY'] && typeof env['MARKETPLACE_REGISTRY'] === 'string') {
+                options.registry = env['MARKETPLACE_REGISTRY'];
+            }
+            const tarReadableStream = await download(versionId, env['MARKETPLACE_TRUST'] === 'sandbox', options);
+            if (!tarReadableStream) {
+                throw new Error(`No readable stream returned from download`);
+            }
+            const tarStream = Readable.fromWeb(tarReadableStream);
+            const tarPath = join(tempDir, `bin.tar.tgz`);
+            await tmpStorage.write('bin.tar.tgz', tarStream);
+            /**
+             * NPM modules that are packed are always tarballed in a folder called "package"
+             */
+            const extractedPath = 'package';
+            await tar.extract({
+                file: tarPath,
+                cwd: tempDir,
+            });
+            const packageFile = JSON.parse(await readFile(join(tempDir, extractedPath, 'package.json'), { encoding: 'utf-8' }));
+            const extensionManifest = await ExtensionManifest.parseAsync(packageFile);
+            if (!extensionManifest[EXTENSION_PKG_KEY]?.type) {
+                throw new Error(`Extension type not found in package.json`);
+            }
+            if (env['EXTENSIONS_LOCATION']) {
+                // Upload the extension into the configured extensions location
+                const storage = await getStorage();
+                const remoteDisk = storage.location(env['EXTENSIONS_LOCATION']);
+                const queue = new Queue({ concurrency: 1000 });
+                for await (const filepath of tmpStorage.list(extractedPath)) {
+                    const readStream = await tmpStorage.read(filepath);
+                    const remotePath = join(env['EXTENSIONS_PATH'], '.registry', versionId, filepath.substring(extractedPath.length));
+                    queue.add(() => remoteDisk.write(remotePath, readStream));
+                }
+                await queue.onIdle();
+            }
+            else {
+                // No custom location, so save to regular local extensions folder
+                const dest = join(this.extensionPath, '.registry', versionId);
+                await move(join(tempDir, extractedPath), dest, { overwrite: true });
+            }
+        }
+        catch (err) {
+            logger.warn(err);
+            throw new ServiceUnavailableError({ service: 'marketplace', reason: 'Could not download and extract the extension' }, { cause: err });
+        }
+        finally {
+            await rm(tempDir, { recursive: true });
+        }
+    }
+    async uninstall(folder) {
+        if (env['EXTENSIONS_LOCATION']) {
+            const storage = await getStorage();
+            const remoteDisk = storage.location(env['EXTENSIONS_LOCATION']);
+            const queue = new Queue({ concurrency: 1000 });
+            const prefix = join(env['EXTENSIONS_PATH'], '.registry', folder);
+            for await (const filepath of remoteDisk.list(prefix)) {
+                queue.add(() => remoteDisk.delete(filepath));
+            }
+            await queue.onIdle();
+        }
+        else {
+            const path = join(this.extensionPath, '.registry', folder);
+            await remove(path);
+        }
+    }
+}

package/dist/extensions/lib/sandbox/generate-api-extensions-sandbox-entrypoint.d.ts

@@ -16,7 +16,7 @@ export declare function generateApiExtensionsSandboxEntrypoint(type: ApiExtensio
     unregisterFunction: () => Promise<void>;
 } | {
     code: string;
-    hostFunctions: ((path: import("isolated-vm").Reference<string>, method: import("isolated-vm").Reference<"GET" | "POST" | "DELETE" | "PATCH" | "PUT">, cb: import("isolated-vm").Reference<(req: {
+    hostFunctions: ((path: import("isolated-vm").Reference<string>, method: import("isolated-vm").Reference<"GET" | "POST" | "DELETE" | "PUT" | "PATCH">, cb: import("isolated-vm").Reference<(req: {
         url: string;
         headers: import("http").IncomingHttpHeaders;
         body: string;