@directus/api 18.2.1 → 19.0.1

package/dist/websocket/controllers/base.d.ts

@@ -1,11 +1,9 @@
 /// <reference types="node" resolution-mode="require"/>
 /// <reference types="node" resolution-mode="require"/>
 /// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
 /// <reference types="node/http.js" />
 /// <reference types="pino-http" />
 import type { IncomingMessage, Server as httpServer } from 'http';
-import type { ParsedUrlQuery } from 'querystring';
 import type { RateLimiterAbstract } from 'rate-limiter-flexible';
 import type internal from 'stream';
 import WebSocket from 'ws';
@@ -34,7 +32,7 @@ export default abstract class SocketController {
     protected getRateLimiter(): RateLimiterAbstract | null;
     private catchInvalidMessages;
     protected handleUpgrade(request: IncomingMessage, socket: internal.Duplex, head: Buffer): Promise<void>;
-    protected handleStrictUpgrade({ request, socket, head }: UpgradeContext, query: ParsedUrlQuery): Promise<void>;
+    protected handleTokenUpgrade({ request, socket, head }: UpgradeContext, token: string): Promise<void>;
     protected handleHandshakeUpgrade({ request, socket, head }: UpgradeContext): Promise<void>;
     createClient(ws: WebSocket, { accountability, expires_at }: AuthenticationState): WebSocketClient;
     protected parseMessage(data: string): WebSocketMessage;

package/dist/websocket/controllers/base.js

@@ -16,6 +16,7 @@ import { getExpiresAtForToken } from '../utils/get-expires-at-for-token.js';
 import { getMessageType } from '../utils/message.js';
 import { waitForAnyMessage, waitForMessageType } from '../utils/wait-for-message.js';
 import { registerWebSocketEvents } from './hooks.js';
+import cookie from 'cookie';
 const TOKEN_CHECK_INTERVAL = 15 * 60 * 1000; // 15 minutes
 const logger = useLogger();
 export default class SocketController {
@@ -96,9 +97,18 @@ export default class SocketController {
             socket.destroy();
             return;
         }
+        const env = useEnv();
+        const cookies = request.headers.cookie ? cookie.parse(request.headers.cookie) : {};
         const context = { request, socket, head };
+        const sessionCookieName = env['SESSION_COOKIE_NAME'];
+        if (cookies[sessionCookieName]) {
+            const token = cookies[sessionCookieName];
+            await this.handleTokenUpgrade(context, token);
+            return;
+        }
         if (this.authentication.mode === 'strict') {
-            await this.handleStrictUpgrade(context, query);
+            const token = query['access_token'];
+            await this.handleTokenUpgrade(context, token);
             return;
         }
         if (this.authentication.mode === 'handshake') {
@@ -111,10 +121,9 @@ export default class SocketController {
             this.server.emit('connection', ws, state);
         });
     }
-    async handleStrictUpgrade({ request, socket, head }, query) {
+    async handleTokenUpgrade({ request, socket, head }, token) {
         let accountability, expires_at;
         try {
-            const token = query['access_token'];
             accountability = await getAccountabilityForToken(token);
             expires_at = getExpiresAtForToken(token);
         }

package/dist/websocket/utils/items.d.ts

@@ -39,5 +39,5 @@ export declare function getFieldsPayload(subscription: PSubscription, accountabi
  * @param event Event data
  * @returns the fetched data
  */
-export declare function getItemsPayload(subscription: PSubscription, accountability: Accountability | null, schema: SchemaOverview, event?: WebSocketEvent): Promise<string | number | import("../../types/items.js").Item | (string | number)[] | import("../../types/items.js").Item[]>;
+export declare function getItemsPayload(subscription: PSubscription, accountability: Accountability | null, schema: SchemaOverview, event?: WebSocketEvent): Promise<string | number | import("@directus/types").Item | (string | number)[] | import("@directus/types").Item[]>;
 export {};

package/license

@@ -1,7 +1,7 @@
 Licensor:             Monospace, Inc.
 
 Licensed Work:        Directus
-                      The Licensed Work is Copyright © 2023 Monospace, Inc.
+                      The Licensed Work is Copyright © 2024 Monospace, Inc.
 
 Additional Use Grant: You may use the Licensed Work in production as long as
                       your Total Finances do not exceed US $5,000,000 for the

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@directus/api",
-  "version": "18.2.1",
+  "version": "19.0.1",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -59,15 +59,15 @@
   ],
   "dependencies": {
     "@authenio/samlify-node-xmllint": "2.0.0",
-    "@aws-sdk/client-ses": "3.529.0",
-    "@directus/format-title": "10.1.0",
+    "@aws-sdk/client-ses": "3.552.0",
     "@godaddy/terminus": "4.12.1",
     "@rollup/plugin-alias": "5.1.0",
     "@rollup/plugin-node-resolve": "15.2.3",
     "@rollup/plugin-virtual": "3.0.2",
+    "@types/cookie": "0.6.0",
     "argon2": "0.40.1",
     "async": "3.2.5",
-    "axios": "1.6.7",
+    "axios": "1.6.8",
     "busboy": "1.6.0",
     "bytes": "3.1.2",
     "camelcase": "8.0.0",
@@ -75,10 +75,11 @@
     "chokidar": "3.6.0",
     "commander": "12.0.0",
     "content-disposition": "0.5.4",
+    "cookie": "0.6.0",
     "cookie-parser": "1.4.6",
     "cors": "2.8.5",
     "cron-parser": "4.9.0",
-    "date-fns": "3.4.0",
+    "date-fns": "3.6.0",
     "deep-diff": "1.0.2",
     "destroy": "1.2.0",
     "dotenv": "16.4.5",
@@ -86,7 +87,7 @@
     "eventemitter2": "6.4.9",
     "execa": "8.0.1",
     "exif-reader": "2.0.1",
-    "express": "4.18.3",
+    "express": "4.19.2",
     "flat": "6.0.1",
     "fs-extra": "11.2.0",
     "glob-to-regexp": "0.4.1",
@@ -95,7 +96,7 @@
     "graphql-ws": "5.15.0",
     "helmet": "7.1.0",
     "icc": "3.0.0",
-    "inquirer": "9.2.15",
+    "inquirer": "9.2.16",
     "ioredis": "5.3.2",
     "ip-matching": "2.1.2",
     "isolated-vm": "4.7.2",
@@ -109,18 +110,18 @@
     "ldapjs": "2.3.3",
     "liquidjs": "10.10.1",
     "lodash-es": "4.17.21",
-    "marked": "12.0.0",
+    "marked": "12.0.1",
     "micromustache": "8.0.3",
     "mime-types": "2.1.35",
     "minimatch": "9.0.3",
     "mnemonist": "0.39.8",
     "ms": "2.1.3",
-    "nanoid": "5.0.6",
+    "nanoid": "5.0.7",
     "node-machine-id": "1.1.12",
     "node-schedule": "2.1.1",
-    "nodemailer": "6.9.11",
+    "nodemailer": "6.9.13",
     "object-hash": "3.0.0",
-    "openapi3-ts": "4.2.2",
+    "openapi3-ts": "4.3.1",
     "openid-client": "5.6.5",
     "ora": "8.0.1",
     "otplib": "12.0.1",
@@ -135,7 +136,7 @@
     "rate-limiter-flexible": "5.0.0",
     "rollup": "4.12.0",
     "samlify": "2.8.11",
-    "sanitize-html": "2.12.1",
+    "sanitize-html": "2.13.0",
     "sharp": "0.33.2",
     "snappy": "7.2.2",
     "stream-json": "1.8.0",
@@ -145,28 +146,29 @@
     "ws": "8.16.0",
     "zod": "3.22.4",
     "zod-validation-error": "3.0.3",
-    "@directus/app": "11.0.4",
-    "@directus/env": "1.1.0",
-    "@directus/constants": "11.0.3",
+    "@directus/app": "12.0.1",
+    "@directus/env": "1.1.1",
     "@directus/errors": "0.2.4",
-    "@directus/extensions": "1.0.1",
-    "@directus/extensions-registry": "1.0.1",
-    "@directus/extensions-sdk": "11.0.1",
-    "@directus/memory": "1.0.5",
-    "@directus/specs": "10.2.8",
-    "@directus/pressure": "1.0.17",
+    "@directus/extensions-registry": "1.0.3",
+    "@directus/constants": "11.0.3",
+    "@directus/extensions": "1.0.3",
+    "@directus/extensions-sdk": "11.0.3",
+    "@directus/format-title": "10.1.1",
+    "@directus/memory": "1.0.6",
+    "@directus/pressure": "1.0.18",
     "@directus/schema": "11.0.1",
+    "@directus/specs": "10.2.8",
+    "@directus/storage-driver-azure": "10.0.19",
     "@directus/storage": "10.0.11",
-    "@directus/storage-driver-cloudinary": "10.0.18",
-    "@directus/storage-driver-azure": "10.0.18",
-    "@directus/storage-driver-gcs": "10.0.18",
+    "@directus/storage-driver-gcs": "10.0.19",
+    "@directus/storage-driver-cloudinary": "10.0.19",
+    "@directus/storage-driver-s3": "10.0.20",
+    "@directus/storage-driver-supabase": "1.0.11",
     "@directus/storage-driver-local": "10.0.18",
-    "@directus/storage-driver-s3": "10.0.19",
-    "@directus/system-data": "1.0.1",
-    "@directus/storage-driver-supabase": "1.0.10",
-    "@directus/utils": "11.0.6",
-    "@directus/validation": "0.0.13",
-    "directus": "10.10.4"
+    "@directus/system-data": "1.0.2",
+    "@directus/validation": "0.0.14",
+    "@directus/utils": "11.0.7",
+    "directus": "10.10.6"
   },
   "devDependencies": {
     "@ngneat/falso": "7.2.0",
@@ -191,34 +193,34 @@
     "@types/lodash-es": "4.17.12",
     "@types/mime-types": "2.1.4",
     "@types/ms": "0.7.34",
-    "@types/node": "18.19.21",
+    "@types/node": "18.19.26",
     "@types/node-schedule": "2.1.6",
     "@types/nodemailer": "6.4.14",
     "@types/object-hash": "3.0.6",
     "@types/papaparse": "5.3.14",
-    "@types/qs": "6.9.12",
+    "@types/qs": "6.9.14",
     "@types/sanitize-html": "2.11.0",
     "@types/stream-json": "1.7.7",
     "@types/tar": "6.1.11",
     "@types/wellknown": "0.5.8",
     "@types/ws": "8.5.10",
-    "@vitest/coverage-v8": "1.3.1",
+    "@vitest/coverage-v8": "1.4.0",
     "copyfiles": "2.4.1",
     "form-data": "4.0.0",
     "knex-mock-client": "2.0.1",
     "typescript": "5.3.3",
     "vitest": "1.3.1",
     "@directus/random": "0.2.7",
-    "@directus/tsconfig": "1.0.1",
-    "@directus/types": "11.0.7"
+    "@directus/types": "11.1.0",
+    "@directus/tsconfig": "1.0.1"
   },
   "optionalDependencies": {
     "@keyv/redis": "2.8.4",
     "mysql": "2.18.1",
     "nodemailer-mailgun-transport": "2.1.5",
     "nodemailer-sendgrid": "1.0.3",
-    "oracledb": "6.3.0",
-    "pg": "8.11.3",
+    "oracledb": "6.4.0",
+    "pg": "8.11.4",
     "sqlite3": "5.1.7",
     "tedious": "17.0.0"
   },

package/dist/webhooks.d.ts

@@ -1,4 +0,0 @@
-export declare function init(): Promise<void>;
-export declare function reload(): Promise<void>;
-export declare function register(): Promise<void>;
-export declare function unregister(): void;

package/dist/webhooks.js

@@ -1,80 +0,0 @@
-import { useBus } from './bus/index.js';
-import getDatabase from './database/index.js';
-import emitter from './emitter.js';
-import { useLogger } from './logger.js';
-import { getAxios } from './request/index.js';
-import { WebhooksService } from './services/webhooks.js';
-import { getSchema } from './utils/get-schema.js';
-import { JobQueue } from './utils/job-queue.js';
-let registered = [];
-const reloadQueue = new JobQueue();
-export async function init() {
-    await register();
-    const messenger = useBus();
-    messenger.subscribe('webhooks', (event) => {
-        if (event['type'] === 'reload') {
-            reloadQueue.enqueue(async () => {
-                await reload();
-            });
-        }
-    });
-}
-export async function reload() {
-    unregister();
-    await register();
-}
-export async function register() {
-    const webhookService = new WebhooksService({ knex: getDatabase(), schema: await getSchema() });
-    const webhooks = await webhookService.readByQuery({ filter: { status: { _eq: 'active' } } });
-    for (const webhook of webhooks) {
-        for (const action of webhook.actions) {
-            const event = `items.${action}`;
-            const handler = createHandler(webhook, event);
-            emitter.onAction(event, handler);
-            registered.push({ event, handler });
-        }
-    }
-}
-export function unregister() {
-    for (const { event, handler } of registered) {
-        emitter.offAction(event, handler);
-    }
-    registered = [];
-}
-function createHandler(webhook, event) {
-    const logger = useLogger();
-    return async (meta, context) => {
-        if (webhook.collections.includes(meta['collection']) === false)
-            return;
-        const axios = await getAxios();
-        const webhookPayload = {
-            event,
-            accountability: context.accountability
-                ? {
-                    user: context.accountability.user,
-                    role: context.accountability.role,
-                }
-                : null,
-            ...meta,
-        };
-        try {
-            await axios({
-                url: webhook.url,
-                method: webhook.method,
-                data: webhook.data ? webhookPayload : null,
-                headers: mergeHeaders(webhook.headers),
-            });
-        }
-        catch (error) {
-            logger.warn(`Webhook "${webhook.name}" (id: ${webhook.id}) failed`);
-            logger.warn(error);
-        }
-    };
-}
-function mergeHeaders(headerArray) {
-    const headers = {};
-    for (const { header, value } of headerArray ?? []) {
-        headers[header] = value;
-    }
-    return headers;
-}