@directus/api 19.0.2 → 19.1.1

package/dist/extensions/lib/get-extensions-settings.js

@@ -15,9 +15,33 @@ export const getExtensionsSettings = async ({ local, module, registry, }) => {
     });
     const existingSettings = await service.extensionsItemService.readByQuery({ limit: -1 });
     const newSettings = [];
+    const removedSettingIds = [];
     const localSettings = existingSettings.filter(({ source }) => source === 'local');
     const registrySettings = existingSettings.filter(({ source }) => source === 'registry');
     const moduleSettings = existingSettings.filter(({ source }) => source === 'module');
+    const updateBundleEntriesSettings = (bundle, bundleSettings, allSettings) => {
+        const bundleEntriesSettings = allSettings.filter(({ bundle }) => bundle === bundleSettings.id);
+        // Remove settings of removed bundle entries from the DB
+        for (const entry of bundleEntriesSettings) {
+            const entryInBundle = bundle.entries.some(({ name }) => name === entry.folder);
+            if (entryInBundle)
+                continue;
+            removedSettingIds.push(entry.id);
+        }
+        // Add new bundle entries to the settings
+        for (const entry of bundle.entries) {
+            const settingsExist = bundleEntriesSettings.some(({ folder }) => folder === entry.name);
+            if (settingsExist)
+                continue;
+            newSettings.push({
+                id: randomUUID(),
+                enabled: bundleSettings.enabled,
+                source: bundleSettings.source,
+                bundle: bundleSettings.id,
+                folder: entry.name,
+            });
+        }
+    };
     const generateSettingsEntry = (folder, extension, source) => {
         if (extension.type === 'bundle') {
             const bundleId = randomUUID();
@@ -49,9 +73,13 @@ export const getExtensionsSettings = async ({ local, module, registry, }) => {
         }
     };
     for (const [folder, extension] of local.entries()) {
-        const settingsExist = localSettings.some((settings) => settings.folder === folder);
-        if (settingsExist)
+        const existingSettings = localSettings.find((settings) => settings.folder === folder);
+        if (existingSettings) {
+            if (extension.type === 'bundle') {
+                updateBundleEntriesSettings(extension, existingSettings, localSettings);
+            }
             continue;
+        }
         const settingsForName = localSettings.find((settings) => settings.folder === extension.name);
         /*
          * TODO: Consider removing this in follow-up versions after v10.10.0
@@ -66,22 +94,31 @@ export const getExtensionsSettings = async ({ local, module, registry, }) => {
             await service.extensionsItemService.updateOne(settingsForName.id, { folder });
             continue;
         }
-        if (!settingsExist)
-            generateSettingsEntry(folder, extension, 'local');
+        generateSettingsEntry(folder, extension, 'local');
     }
     for (const [folder, extension] of module.entries()) {
-        const settingsExist = moduleSettings.some((settings) => settings.folder === folder);
-        if (!settingsExist)
+        const existingSettings = moduleSettings.find((settings) => settings.folder === folder);
+        if (!existingSettings) {
             generateSettingsEntry(folder, extension, 'module');
+        }
+        else if (extension.type === 'bundle') {
+            updateBundleEntriesSettings(extension, existingSettings, moduleSettings);
+        }
     }
     for (const [folder, extension] of registry.entries()) {
-        const settingsExist = registrySettings.some((settings) => settings.folder === folder);
-        if (!settingsExist)
+        const existingSettings = registrySettings.find((settings) => settings.folder === folder);
+        if (!existingSettings) {
             generateSettingsEntry(folder, extension, 'registry');
+        }
+        else if (extension.type === 'bundle') {
+            updateBundleEntriesSettings(extension, existingSettings, registrySettings);
+        }
+    }
+    if (removedSettingIds.length > 0) {
+        await service.extensionsItemService.deleteMany(removedSettingIds);
     }
     if (newSettings.length > 0) {
-        await database.insert(newSettings).into('directus_extensions');
+        await service.extensionsItemService.createMany(newSettings);
     }
-    const settings = [...existingSettings, ...newSettings];
-    return settings;
+    return [...existingSettings.filter(({ id }) => !removedSettingIds.includes(id)), ...newSettings];
 };

package/dist/extensions/lib/installation/manager.js

@@ -8,7 +8,7 @@ import { mkdir, readFile, rm } from 'node:fs/promises';
 import { Readable } from 'node:stream';
 import Queue from 'p-queue';
 import { join } from 'path';
-import tar from 'tar';
+import { extract } from 'tar';
 import { useLogger } from '../../../logger.js';
 import { getStorage } from '../../../storage/index.js';
 import { getExtensionsPath } from '../get-extensions-path.js';
@@ -36,7 +36,7 @@ export class InstallationManager {
              * NPM modules that are packed are always tarballed in a folder called "package"
              */
             const extractedPath = 'package';
-            await tar.extract({
+            await extract({
                 file: tarPath,
                 cwd: tempDir,
             });

package/dist/middleware/authenticate.d.ts

@@ -4,6 +4,6 @@ import type { NextFunction, Request, Response } from 'express';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
-export declare const handler: (req: Request, _res: Response, next: NextFunction) => Promise<void>;
+export declare const handler: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 declare const _default: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: Response<any, Record<string, any>>, next: NextFunction) => Promise<void>;
 export default _default;

package/dist/middleware/authenticate.js

@@ -4,10 +4,14 @@ import emitter from '../emitter.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getAccountabilityForToken } from '../utils/get-accountability-for-token.js';
 import { getIPFromReq } from '../utils/get-ip-from-req.js';
+import { ErrorCode, isDirectusError } from '@directus/errors';
+import { useEnv } from '@directus/env';
+import { SESSION_COOKIE_OPTIONS } from '../constants.js';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
-export const handler = async (req, _res, next) => {
+export const handler = async (req, res, next) => {
+    const env = useEnv();
     const defaultAccountability = {
         user: null,
         role: null,
@@ -33,7 +37,18 @@ export const handler = async (req, _res, next) => {
         req.accountability = customAccountability;
         return next();
     }
-    req.accountability = await getAccountabilityForToken(req.token, defaultAccountability);
+    try {
+        req.accountability = await getAccountabilityForToken(req.token, defaultAccountability);
+    }
+    catch (err) {
+        if (isDirectusError(err, ErrorCode.InvalidCredentials) || isDirectusError(err, ErrorCode.InvalidToken)) {
+            if (req.cookies[env['SESSION_COOKIE_NAME']] === req.token) {
+                // clear the session token if ended up in an invalid state
+                res.clearCookie(env['SESSION_COOKIE_NAME'], SESSION_COOKIE_OPTIONS);
+            }
+        }
+        throw err;
+    }
     return next();
 };
 export default asyncHandler(handler);

package/dist/middleware/rate-limiter-global.js

@@ -10,7 +10,7 @@ const logger = useLogger();
 let checkRateLimit = (_req, _res, next) => next();
 export let rateLimiterGlobal;
 if (env['RATE_LIMITER_GLOBAL_ENABLED'] === true) {
-    validateEnv(['RATE_LIMITER_GLOBAL_STORE', 'RATE_LIMITER_GLOBAL_DURATION', 'RATE_LIMITER_GLOBAL_POINTS']);
+    validateEnv(['RATE_LIMITER_GLOBAL_DURATION', 'RATE_LIMITER_GLOBAL_POINTS']);
     validateConfiguration();
     rateLimiterGlobal = createRateLimiter('RATE_LIMITER_GLOBAL');
     checkRateLimit = asyncHandler(async (_req, res, next) => {

package/dist/middleware/rate-limiter-registration.d.ts

@@ -0,0 +1,5 @@
+import type { RequestHandler } from 'express';
+import type { RateLimiterMemory, RateLimiterRedis } from 'rate-limiter-flexible';
+declare let checkRateLimit: RequestHandler;
+export declare let rateLimiter: RateLimiterRedis | RateLimiterMemory;
+export default checkRateLimit;

package/dist/middleware/rate-limiter-registration.js

@@ -0,0 +1,32 @@
+import { useEnv } from '@directus/env';
+import { HitRateLimitError } from '@directus/errors';
+import { createRateLimiter } from '../rate-limiter.js';
+import asyncHandler from '../utils/async-handler.js';
+import { getIPFromReq } from '../utils/get-ip-from-req.js';
+import { validateEnv } from '../utils/validate-env.js';
+let checkRateLimit = (_req, _res, next) => next();
+export let rateLimiter;
+const env = useEnv();
+if (env['RATE_LIMITER_REGISTRATION_ENABLED'] === true) {
+    validateEnv(['RATE_LIMITER_REGISTRATION_DURATION', 'RATE_LIMITER_REGISTRATION_POINTS']);
+    rateLimiter = createRateLimiter('RATE_LIMITER_REGISTRATION');
+    checkRateLimit = asyncHandler(async (req, res, next) => {
+        const ip = getIPFromReq(req);
+        if (ip) {
+            try {
+                await rateLimiter.consume(ip, 1);
+            }
+            catch (rateLimiterRes) {
+                if (rateLimiterRes instanceof Error)
+                    throw rateLimiterRes;
+                res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
+                throw new HitRateLimitError({
+                    limit: +env['RATE_LIMITER_REGISTRATION_POINTS'],
+                    reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
+                });
+            }
+        }
+        next();
+    });
+}
+export default checkRateLimit;

package/dist/services/authentication.d.ts

@@ -21,6 +21,7 @@ export declare class AuthenticationService {
     refresh(refreshToken: string, options?: Partial<{
         session: boolean;
     }>): Promise<LoginResult>;
+    private updateStatefulSession;
     logout(refreshToken: string): Promise<void>;
     verifyPassword(userID: string, password: string): Promise<void>;
 }

package/dist/services/authentication.js

@@ -10,6 +10,7 @@ import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import { RateLimiterRes, createRateLimiter } from '../rate-limiter.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
+import { getSecret } from '../utils/get-secret.js';
 import { stall } from '../utils/stall.js';
 import { ActivityService } from './activity.js';
 import { SettingsService } from './settings.js';
@@ -159,7 +160,7 @@ export class AuthenticationService {
             accountability: this.accountability,
         });
         const TTL = env[options?.session ? 'SESSION_COOKIE_TTL' : 'ACCESS_TOKEN_TTL'];
-        const accessToken = jwt.sign(customClaims, env['SECRET'], {
+        const accessToken = jwt.sign(customClaims, getSecret(), {
             expiresIn: TTL,
             issuer: 'directus',
         });
@@ -206,6 +207,7 @@ export class AuthenticationService {
         const record = await this.knex
             .select({
             session_expires: 's.expires',
+            session_next_token: 's.next_token',
             user_id: 'u.id',
             user_first_name: 'u.first_name',
             user_last_name: 'u.last_name',
@@ -273,8 +275,9 @@ export class AuthenticationService {
                 admin_access: record.role_admin_access,
             });
         }
-        const newRefreshToken = nanoid(64);
-        const refreshTokenExpiration = new Date(Date.now() + getMilliseconds(env['REFRESH_TOKEN_TTL'], 0));
+        let newRefreshToken = record.session_next_token ?? nanoid(64);
+        const sessionDuration = env[options?.session ? 'SESSION_COOKIE_TTL' : 'REFRESH_TOKEN_TTL'];
+        const refreshTokenExpiration = new Date(Date.now() + getMilliseconds(sessionDuration, 0));
         const tokenPayload = {
             id: record.user_id,
             role: record.role_id,
@@ -282,8 +285,18 @@ export class AuthenticationService {
             admin_access: record.role_admin_access,
         };
         if (options?.session) {
+            newRefreshToken = await this.updateStatefulSession(record, refreshToken, newRefreshToken, refreshTokenExpiration);
             tokenPayload.session = newRefreshToken;
         }
+        else {
+            // Original stateless token behavior
+            await this.knex('directus_sessions')
+                .update({
+                token: newRefreshToken,
+                expires: refreshTokenExpiration,
+            })
+                .where({ token: refreshToken });
+        }
         if (record.share_id) {
             tokenPayload.share = record.share_id;
             tokenPayload.role = record.share_role;
@@ -306,19 +319,18 @@ export class AuthenticationService {
             accountability: this.accountability,
         });
         const TTL = env[options?.session ? 'SESSION_COOKIE_TTL' : 'ACCESS_TOKEN_TTL'];
-        const accessToken = jwt.sign(customClaims, env['SECRET'], {
+        const accessToken = jwt.sign(customClaims, getSecret(), {
             expiresIn: TTL,
             issuer: 'directus',
         });
-        await this.knex('directus_sessions')
-            .update({
-            token: newRefreshToken,
-            expires: refreshTokenExpiration,
-        })
-            .where({ token: refreshToken });
         if (record.user_id) {
             await this.knex('directus_users').update({ last_access: new Date() }).where({ id: record.user_id });
         }
+        // Clear expired sessions for the current user
+        await this.knex('directus_sessions')
+            .delete()
+            .where('user', '=', record.user_id)
+            .andWhere('expires', '<', new Date());
         return {
             accessToken,
             refreshToken: newRefreshToken,
@@ -326,6 +338,47 @@ export class AuthenticationService {
             id: record.user_id,
         };
     }
+    async updateStatefulSession(sessionRecord, oldSessionToken, newSessionToken, sessionExpiration) {
+        if (sessionRecord['session_next_token']) {
+            // The current session token was already refreshed and has a reference
+            // to the new session, update the new session timeout for the new refresh
+            await this.knex('directus_sessions')
+                .update({
+                expires: sessionExpiration,
+            })
+                .where({ token: newSessionToken });
+            return newSessionToken;
+        }
+        // Keep the old session active for a short period of time
+        const GRACE_PERIOD = getMilliseconds(env['SESSION_REFRESH_GRACE_PERIOD'], 10_000);
+        // Update the existing session record to have a short safety timeout
+        // before expiring, and add the reference to the new session token
+        const updatedSession = await this.knex('directus_sessions')
+            .update({
+            next_token: newSessionToken,
+            expires: new Date(Date.now() + GRACE_PERIOD),
+        }, ['next_token'])
+            .where({ token: oldSessionToken, next_token: null });
+        if (updatedSession.length === 0) {
+            // Don't create a new session record, we already have a "next_token" reference
+            const { next_token } = await this.knex('directus_sessions')
+                .select('next_token')
+                .where({ token: oldSessionToken })
+                .first();
+            return next_token;
+        }
+        // Instead of updating the current session record with a new token,
+        // create a new copy with the new token
+        await this.knex('directus_sessions').insert({
+            token: newSessionToken,
+            user: sessionRecord['user_id'],
+            expires: sessionExpiration,
+            ip: this.accountability?.ip,
+            user_agent: this.accountability?.userAgent,
+            origin: this.accountability?.origin,
+        });
+        return newSessionToken;
+    }
     async logout(refreshToken) {
         const record = await this.knex
             .select('u.id', 'u.first_name', 'u.last_name', 'u.email', 'u.password', 'u.status', 'u.role', 'u.provider', 'u.external_identifier', 'u.auth_data')

package/dist/services/authorization.js

@@ -5,7 +5,7 @@ import { cloneDeep, flatten, isArray, isNil, merge, reduce, uniq, uniqWith } fro
 import { GENERATE_SPECIAL } from '../constants.js';
 import getDatabase from '../database/index.js';
 import { getRelationInfo } from '../utils/get-relation-info.js';
-import { stripFunction } from '../utils/strip-function.js';
+import { parseFilterKey } from '../utils/parse-filter-key.js';
 import { ItemsService } from './items.js';
 import { PayloadService } from './payload.js';
 export class AuthorizationService {
@@ -105,8 +105,8 @@ export class AuthorizationService {
                     }
                     if (allowedFields.includes('*'))
                         continue;
-                    const fieldKey = stripFunction(childNode.name);
-                    if (allowedFields.includes(fieldKey) === false) {
+                    const { fieldName } = parseFilterKey(childNode.name);
+                    if (allowedFields.includes(fieldName) === false) {
                         throw new ForbiddenError();
                     }
                 }
@@ -282,7 +282,7 @@ export class AuthorizationService {
                     for (const field of requiredPermissions[collection]) {
                         if (field.startsWith('$FOLLOW'))
                             continue;
-                        const fieldName = stripFunction(field);
+                        const { fieldName } = parseFilterKey(field);
                         let originalFieldName = fieldName;
                         if (collection === rootCollection && aliasMap?.[fieldName]) {
                             originalFieldName = aliasMap[fieldName];

package/dist/services/fields.js

@@ -1,4 +1,4 @@
-import { KNEX_TYPES, REGEX_BETWEEN_PARENS } from '@directus/constants';
+import { KNEX_TYPES, REGEX_BETWEEN_PARENS, DEFAULT_NUMERIC_PRECISION, DEFAULT_NUMERIC_SCALE, } from '@directus/constants';
 import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
 import { createInspector } from '@directus/schema';
 import { addFieldFlag, toArray } from '@directus/utils';
@@ -586,7 +586,7 @@ export class FieldsService {
         }
         else if (['float', 'decimal'].includes(field.type)) {
             const type = field.type;
-            column = table[type](field.field, field.schema?.numeric_precision ?? 10, field.schema?.numeric_scale ?? 5);
+            column = table[type](field.field, field.schema?.numeric_precision ?? DEFAULT_NUMERIC_PRECISION, field.schema?.numeric_scale ?? DEFAULT_NUMERIC_SCALE);
         }
         else if (field.type === 'csv') {
             column = table.text(field.field);

package/dist/services/graphql/index.js

@@ -10,8 +10,11 @@ import { flatten, get, mapKeys, merge, omit, pick, set, transform, uniq } from '
 import { clearSystemCache, getCache } from '../../cache.js';
 import { DEFAULT_AUTH_PROVIDER, GENERATE_SPECIAL, REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS, } from '../../constants.js';
 import getDatabase from '../../database/index.js';
+import { rateLimiter } from '../../middleware/rate-limiter-registration.js';
 import { generateHash } from '../../utils/generate-hash.js';
 import { getGraphQLType } from '../../utils/get-graphql-type.js';
+import { getIPFromReq } from '../../utils/get-ip-from-req.js';
+import { getSecret } from '../../utils/get-secret.js';
 import { getService } from '../../utils/get-service.js';
 import isDirectusJWT from '../../utils/is-directus-jwt.js';
 import { verifyAccessJWT } from '../../utils/jwt.js';
@@ -1637,6 +1640,8 @@ export class GraphQLService {
                             public_background: { type: GraphQLString },
                             public_note: { type: GraphQLString },
                             custom_css: { type: GraphQLString },
+                            public_registration: { type: GraphQLBoolean },
+                            public_registration_verify_email: { type: GraphQLBoolean },
                         },
                     }),
                 },
@@ -1872,7 +1877,7 @@ export class GraphQLService {
                     else if (mode === 'session') {
                         const token = req?.cookies[env['SESSION_COOKIE_NAME']];
                         if (isDirectusJWT(token)) {
-                            const payload = verifyAccessJWT(token, env['SECRET']);
+                            const payload = verifyAccessJWT(token, getSecret());
                             currentRefreshToken = payload.session;
                         }
                     }
@@ -1930,7 +1935,7 @@ export class GraphQLService {
                     else if (mode === 'session') {
                         const token = req?.cookies[env['SESSION_COOKIE_NAME']];
                         if (isDirectusJWT(token)) {
-                            const payload = verifyAccessJWT(token, env['SECRET']);
+                            const payload = verifyAccessJWT(token, getSecret());
                             currentRefreshToken = payload.session;
                         }
                     }
@@ -2152,6 +2157,40 @@ export class GraphQLService {
                     return true;
                 },
             },
+            users_register: {
+                type: GraphQLBoolean,
+                args: {
+                    email: new GraphQLNonNull(GraphQLString),
+                    password: new GraphQLNonNull(GraphQLString),
+                    first_name: GraphQLString,
+                    last_name: GraphQLString,
+                },
+                resolve: async (_, args, { req }) => {
+                    const service = new UsersService({ accountability: null, schema: this.schema });
+                    const ip = req ? getIPFromReq(req) : null;
+                    if (ip) {
+                        await rateLimiter.consume(ip);
+                    }
+                    await service.registerUser({
+                        email: args.email,
+                        password: args.password,
+                        first_name: args.first_name,
+                        last_name: args.last_name,
+                    });
+                    return true;
+                },
+            },
+            users_register_verify: {
+                type: GraphQLBoolean,
+                args: {
+                    token: new GraphQLNonNull(GraphQLString),
+                },
+                resolve: async (_, args) => {
+                    const service = new UsersService({ accountability: null, schema: this.schema });
+                    await service.verifyRegistration(args.token);
+                    return true;
+                },
+            },
         });
         if ('directus_collections' in schema.read.collections) {
             Collection.addFields({

package/dist/services/mail/templates/user-registration.liquid

@@ -0,0 +1,37 @@
+{% layout 'base' %} {% block content %}
+
+<h1>Verify your email address</h1>
+
+<p style='padding-bottom: 30px'>
+  Thanks for registering at <i>{{ projectName }}</i>.
+  To complete your registration you need to verify your email address by opening the following verification-link.
+  Please feel free to ignore this email if you have not personally initiated the registration.
+</p>
+
+<a
+  class='button'
+  rel='noopener'
+  target='_blank'
+  href='{{url}}'
+  style='
+    font-size: 16px;
+    font-weight: 600;
+    color: #ffffff;
+    text-decoration: none;
+    display: inline-block;
+    padding: 11px 24px;
+    border-radius: 8px;
+    background: #171717;
+    border: 1px solid #ffffff;
+  '
+>
+  <!--[if mso]>
+    <i style="letter-spacing: 25px; mso-font-width: -100%; mso-text-raise: 30pt"
+      >&nbsp;</i
+    >
+  <![endif]-->
+  <span style='mso-text-raise: 15pt'>Verify email</span>
+  <!--[if mso]> <i style="letter-spacing: 25px; mso-font-width: -100%">&nbsp;</i> <![endif]-->
+</a>
+
+{% endblock %}

package/dist/services/meta.js

@@ -63,7 +63,7 @@ export class MetaService {
             ({ hasJoins } = applyFilter(this.knex, this.schema, dbQuery, filter, collection, {}));
         }
         if (query.search) {
-            applySearch(this.schema, dbQuery, query.search, collection);
+            applySearch(this.knex, this.schema, dbQuery, query.search, collection);
         }
         if (hasJoins) {
             const primaryKeyName = this.schema.collections[collection].primary;

package/dist/services/payload.d.ts

@@ -27,6 +27,8 @@ export declare class PayloadService {
     transformers: Transformers;
     processValues(action: Action, payloads: Partial<Item>[]): Promise<Partial<Item>[]>;
     processValues(action: Action, payload: Partial<Item>): Promise<Partial<Item>>;
+    processValues(action: Action, payloads: Partial<Item>[], aliasMap: Record<string, string>): Promise<Partial<Item>[]>;
+    processValues(action: Action, payload: Partial<Item>, aliasMap: Record<string, string>): Promise<Partial<Item>>;
     processAggregates(payload: Partial<Item>[]): void;
     processField(field: SchemaOverview['collections'][string]['fields'][string], payload: Partial<Item>, action: Action, accountability: Accountability | null): Promise<any>;
     /**

package/dist/services/payload.js

@@ -121,19 +121,31 @@ export class PayloadService {
             return value;
         },
     };
-    async processValues(action, payload) {
+    async processValues(action, payload, aliasMap = {}) {
         const processedPayload = toArray(payload);
         if (processedPayload.length === 0)
             return [];
         const fieldsInPayload = Object.keys(processedPayload[0]);
-        let specialFieldsInCollection = Object.entries(this.schema.collections[this.collection].fields).filter(([_name, field]) => field.special && field.special.length > 0);
+        const fieldEntries = Object.entries(this.schema.collections[this.collection].fields);
+        const aliasEntries = Object.entries(aliasMap);
+        let specialFields = [];
+        for (const [name, field] of fieldEntries) {
+            if (field.special && field.special.length > 0) {
+                specialFields.push([name, field]);
+                for (const [aliasName, fieldName] of aliasEntries) {
+                    if (fieldName === name) {
+                        specialFields.push([aliasName, { ...field, field: aliasName }]);
+                    }
+                }
+            }
+        }
         if (action === 'read') {
-            specialFieldsInCollection = specialFieldsInCollection.filter(([name]) => {
+            specialFields = specialFields.filter(([name]) => {
                 return fieldsInPayload.includes(name);
             });
         }
         await Promise.all(processedPayload.map(async (record) => {
-            await Promise.all(specialFieldsInCollection.map(async ([name, field]) => {
+            await Promise.all(specialFields.map(async ([name, field]) => {
                 const newValue = await this.processField(field, record, action, this.accountability);
                 if (newValue !== undefined)
                     record[name] = newValue;

package/dist/services/server.js

@@ -46,6 +46,8 @@ export class ServerService {
                 'public_favicon',
                 'public_note',
                 'custom_css',
+                'public_registration',
+                'public_registration_verify_email',
             ],
         });
         info['project'] = projectInfo;
@@ -106,7 +108,7 @@ export class ServerService {
         const data = {
             status: 'ok',
             releaseId: version,
-            serviceId: env['KEY'],
+            serviceId: env['PUBLIC_URL'],
             checks: merge(...(await Promise.all([
                 testDatabase(),
                 testCache(),

package/dist/services/shares.js

@@ -4,6 +4,7 @@ import argon2 from 'argon2';
 import jwt from 'jsonwebtoken';
 import { useLogger } from '../logger.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
+import { getSecret } from '../utils/get-secret.js';
 import { md } from '../utils/md.js';
 import { Url } from '../utils/url.js';
 import { userName } from '../utils/user-name.js';
@@ -78,7 +79,7 @@ export class SharesService extends ItemsService {
             tokenPayload.session = refreshToken;
         }
         const TTL = env[options?.session ? 'SESSION_COOKIE_TTL' : 'ACCESS_TOKEN_TTL'];
-        const accessToken = jwt.sign(tokenPayload, env['SECRET'], {
+        const accessToken = jwt.sign(tokenPayload, getSecret(), {
             expiresIn: TTL,
             issuer: 'directus',
         });

package/dist/services/users.d.ts

@@ -1,4 +1,4 @@
-import type { Item, PrimaryKey, Query } from '@directus/types';
+import type { Item, PrimaryKey, Query, RegisterUserInput } from '@directus/types';
 import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
 import { ItemsService } from './items.js';
 export declare class UsersService extends ItemsService {
@@ -62,6 +62,8 @@ export declare class UsersService extends ItemsService {
     deleteByQuery(query: Query, opts?: MutationOptions): Promise<PrimaryKey[]>;
     inviteUser(email: string | string[], role: string, url: string | null, subject?: string | null): Promise<void>;
     acceptInvite(token: string, password: string): Promise<void>;
+    registerUser(input: RegisterUserInput): Promise<void>;
+    verifyRegistration(token: string): Promise<string>;
     requestPasswordReset(email: string, url: string | null, subject?: string | null): Promise<void>;
     resetPassword(token: string, password: string): Promise<void>;
 }