@directus/api 19.3.1 → 20.0.0-rc.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app.js +4 -4
- package/dist/auth/drivers/ldap.js +4 -4
- package/dist/auth/drivers/local.js +4 -4
- package/dist/auth/drivers/oauth2.js +4 -4
- package/dist/auth/drivers/openid.js +2 -4
- package/dist/cache.js +3 -0
- package/dist/cli/commands/bootstrap/index.js +8 -2
- package/dist/cli/commands/init/index.js +9 -10
- package/dist/cli/utils/defaults.d.ts +4 -11
- package/dist/cli/utils/defaults.js +7 -1
- package/dist/constants.d.ts +1 -1
- package/dist/controllers/access.d.ts +2 -0
- package/dist/controllers/access.js +148 -0
- package/dist/controllers/auth.js +5 -16
- package/dist/controllers/permissions.js +14 -2
- package/dist/controllers/policies.d.ts +2 -0
- package/dist/controllers/policies.js +169 -0
- package/dist/controllers/roles.js +22 -1
- package/dist/controllers/users.js +0 -55
- package/dist/database/errors/dialects/mysql.js +23 -23
- package/dist/database/get-ast-from-query/get-ast-from-query.d.ts +16 -0
- package/dist/database/get-ast-from-query/get-ast-from-query.js +82 -0
- package/dist/database/get-ast-from-query/lib/convert-wildcards.d.ts +13 -0
- package/dist/database/get-ast-from-query/lib/convert-wildcards.js +69 -0
- package/dist/database/get-ast-from-query/lib/parse-fields.d.ts +15 -0
- package/dist/database/get-ast-from-query/lib/parse-fields.js +190 -0
- package/dist/database/get-ast-from-query/utils/get-deep-query.d.ts +14 -0
- package/dist/database/get-ast-from-query/utils/get-deep-query.js +17 -0
- package/dist/database/get-ast-from-query/utils/get-related-collection.d.ts +2 -0
- package/dist/database/get-ast-from-query/utils/get-related-collection.js +13 -0
- package/dist/database/get-ast-from-query/utils/get-relation.d.ts +2 -0
- package/dist/database/get-ast-from-query/utils/get-relation.js +7 -0
- package/dist/database/helpers/fn/types.d.ts +2 -1
- package/dist/database/helpers/fn/types.js +1 -1
- package/dist/database/helpers/geometry/dialects/mssql.d.ts +1 -1
- package/dist/database/helpers/geometry/dialects/mssql.js +4 -2
- package/dist/database/helpers/geometry/dialects/mysql.js +1 -1
- package/dist/database/helpers/geometry/dialects/oracle.d.ts +1 -1
- package/dist/database/helpers/geometry/dialects/oracle.js +5 -3
- package/dist/database/helpers/geometry/types.d.ts +1 -1
- package/dist/database/helpers/geometry/types.js +4 -2
- package/dist/database/index.js +2 -1
- package/dist/database/migrations/20240619A-permissions-policies.d.ts +3 -0
- package/dist/database/migrations/20240619A-permissions-policies.js +163 -0
- package/dist/database/run-ast/lib/get-db-query.d.ts +4 -0
- package/dist/database/run-ast/lib/get-db-query.js +194 -0
- package/dist/database/run-ast/lib/parse-current-level.d.ts +7 -0
- package/dist/database/run-ast/lib/parse-current-level.js +41 -0
- package/dist/database/run-ast/run-ast.d.ts +7 -0
- package/dist/database/run-ast/run-ast.js +107 -0
- package/dist/database/{run-ast.d.ts → run-ast/types.d.ts} +3 -9
- package/dist/database/run-ast/types.js +1 -0
- package/dist/database/run-ast/utils/apply-case-when.d.ts +16 -0
- package/dist/database/run-ast/utils/apply-case-when.js +26 -0
- package/dist/database/run-ast/utils/apply-parent-filters.d.ts +3 -0
- package/dist/database/run-ast/utils/apply-parent-filters.js +55 -0
- package/dist/database/run-ast/utils/get-column-pre-processor.d.ts +10 -0
- package/dist/database/run-ast/utils/get-column-pre-processor.js +57 -0
- package/dist/database/run-ast/utils/get-field-alias.d.ts +2 -0
- package/dist/database/run-ast/utils/get-field-alias.js +4 -0
- package/dist/database/run-ast/utils/get-inner-query-column-pre-processor.d.ts +5 -0
- package/dist/database/run-ast/utils/get-inner-query-column-pre-processor.js +23 -0
- package/dist/database/run-ast/utils/merge-with-parent-items.d.ts +3 -0
- package/dist/database/run-ast/utils/merge-with-parent-items.js +87 -0
- package/dist/database/run-ast/utils/remove-temporary-fields.d.ts +3 -0
- package/dist/database/run-ast/utils/remove-temporary-fields.js +73 -0
- package/dist/extensions/lib/sandbox/generate-api-extensions-sandbox-entrypoint.d.ts +1 -1
- package/dist/flows.js +3 -4
- package/dist/middleware/authenticate.js +2 -7
- package/dist/middleware/cache.js +1 -1
- package/dist/middleware/cors.js +4 -4
- package/dist/middleware/respond.js +1 -1
- package/dist/permissions/cache.d.ts +2 -0
- package/dist/permissions/cache.js +23 -0
- package/dist/permissions/lib/fetch-permissions.d.ts +10 -0
- package/dist/permissions/lib/fetch-permissions.js +55 -0
- package/dist/permissions/lib/fetch-policies.d.ts +7 -0
- package/dist/permissions/lib/fetch-policies.js +28 -0
- package/dist/permissions/lib/fetch-roles-tree.d.ts +3 -0
- package/dist/permissions/lib/fetch-roles-tree.js +28 -0
- package/dist/{services/permissions → permissions}/lib/with-app-minimal-permissions.d.ts +1 -1
- package/dist/permissions/lib/with-app-minimal-permissions.js +10 -0
- package/dist/permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.d.ts +7 -0
- package/dist/permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js +56 -0
- package/dist/permissions/modules/fetch-accountability-policy-globals/fetch-accountability-policy-globals.d.ts +3 -0
- package/dist/permissions/modules/fetch-accountability-policy-globals/fetch-accountability-policy-globals.js +16 -0
- package/dist/permissions/modules/fetch-allowed-collections/fetch-allowed-collections.d.ts +8 -0
- package/dist/permissions/modules/fetch-allowed-collections/fetch-allowed-collections.js +24 -0
- package/dist/permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.d.ts +9 -0
- package/dist/permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js +31 -0
- package/dist/permissions/modules/fetch-allowed-fields/fetch-allowed-fields.d.ts +16 -0
- package/dist/permissions/modules/fetch-allowed-fields/fetch-allowed-fields.js +27 -0
- package/dist/permissions/modules/fetch-global-access/fetch-global-access.d.ts +10 -0
- package/dist/permissions/modules/fetch-global-access/fetch-global-access.js +23 -0
- package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-roles.d.ts +5 -0
- package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-roles.js +7 -0
- package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-user.d.ts +5 -0
- package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-user.js +10 -0
- package/dist/permissions/modules/fetch-global-access/types.d.ts +4 -0
- package/dist/permissions/modules/fetch-global-access/types.js +1 -0
- package/dist/permissions/modules/fetch-global-access/utils/fetch-global-access-for-query.d.ts +4 -0
- package/dist/permissions/modules/fetch-global-access/utils/fetch-global-access-for-query.js +27 -0
- package/dist/permissions/modules/fetch-inconsistent-field-map/fetch-inconsistent-field-map.d.ts +12 -0
- package/dist/permissions/modules/fetch-inconsistent-field-map/fetch-inconsistent-field-map.js +32 -0
- package/dist/permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.d.ts +4 -0
- package/dist/permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.js +29 -0
- package/dist/permissions/modules/process-ast/lib/extract-fields-from-children.d.ts +4 -0
- package/dist/permissions/modules/process-ast/lib/extract-fields-from-children.js +49 -0
- package/dist/permissions/modules/process-ast/lib/extract-fields-from-query.d.ts +3 -0
- package/dist/permissions/modules/process-ast/lib/extract-fields-from-query.js +56 -0
- package/dist/permissions/modules/process-ast/lib/field-map-from-ast.d.ts +4 -0
- package/dist/permissions/modules/process-ast/lib/field-map-from-ast.js +8 -0
- package/dist/permissions/modules/process-ast/lib/inject-cases.d.ts +9 -0
- package/dist/permissions/modules/process-ast/lib/inject-cases.js +93 -0
- package/dist/permissions/modules/process-ast/process-ast.d.ts +9 -0
- package/dist/permissions/modules/process-ast/process-ast.js +39 -0
- package/dist/permissions/modules/process-ast/types.d.ts +24 -0
- package/dist/permissions/modules/process-ast/types.js +1 -0
- package/dist/permissions/modules/process-ast/utils/collections-in-field-map.d.ts +2 -0
- package/dist/permissions/modules/process-ast/utils/collections-in-field-map.js +7 -0
- package/dist/permissions/modules/process-ast/utils/dedupe-access.d.ts +12 -0
- package/dist/permissions/modules/process-ast/utils/dedupe-access.js +30 -0
- package/dist/permissions/modules/process-ast/utils/extract-paths-from-query.d.ts +15 -0
- package/dist/permissions/modules/process-ast/utils/extract-paths-from-query.js +50 -0
- package/dist/permissions/modules/process-ast/utils/find-related-collection.d.ts +3 -0
- package/dist/permissions/modules/process-ast/utils/find-related-collection.js +9 -0
- package/dist/permissions/modules/process-ast/utils/flatten-filter.d.ts +3 -0
- package/dist/permissions/modules/process-ast/utils/flatten-filter.js +24 -0
- package/dist/permissions/modules/process-ast/utils/format-a2o-key.d.ts +1 -0
- package/dist/permissions/modules/process-ast/utils/format-a2o-key.js +3 -0
- package/dist/permissions/modules/process-ast/utils/get-info-for-path.d.ts +5 -0
- package/dist/permissions/modules/process-ast/utils/get-info-for-path.js +7 -0
- package/dist/permissions/modules/process-ast/utils/has-item-permissions.d.ts +2 -0
- package/dist/permissions/modules/process-ast/utils/has-item-permissions.js +3 -0
- package/dist/permissions/modules/process-ast/utils/stringify-query-path.d.ts +2 -0
- package/dist/permissions/modules/process-ast/utils/stringify-query-path.js +3 -0
- package/dist/permissions/modules/process-ast/utils/validate-path/create-error.d.ts +3 -0
- package/dist/permissions/modules/process-ast/utils/validate-path/create-error.js +16 -0
- package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-existence.d.ts +2 -0
- package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-existence.js +12 -0
- package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-permissions.d.ts +2 -0
- package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-permissions.js +28 -0
- package/dist/permissions/modules/process-payload/lib/is-field-nullable.d.ts +5 -0
- package/dist/permissions/modules/process-payload/lib/is-field-nullable.js +12 -0
- package/dist/permissions/modules/process-payload/process-payload.d.ts +13 -0
- package/dist/permissions/modules/process-payload/process-payload.js +77 -0
- package/dist/permissions/modules/validate-access/lib/validate-collection-access.d.ts +12 -0
- package/dist/permissions/modules/validate-access/lib/validate-collection-access.js +11 -0
- package/dist/permissions/modules/validate-access/lib/validate-item-access.d.ts +9 -0
- package/dist/permissions/modules/validate-access/lib/validate-item-access.js +33 -0
- package/dist/permissions/modules/validate-access/validate-access.d.ts +14 -0
- package/dist/permissions/modules/validate-access/validate-access.js +28 -0
- package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-count.d.ts +1 -0
- package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-count.js +8 -0
- package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-users.d.ts +5 -0
- package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-users.js +10 -0
- package/dist/permissions/types.d.ts +6 -0
- package/dist/permissions/types.js +1 -0
- package/dist/permissions/utils/create-default-accountability.d.ts +2 -0
- package/dist/permissions/utils/create-default-accountability.js +11 -0
- package/dist/permissions/utils/extract-required-dynamic-variable-context.d.ts +8 -0
- package/dist/permissions/utils/extract-required-dynamic-variable-context.js +27 -0
- package/dist/permissions/utils/fetch-dynamic-variable-context.d.ts +9 -0
- package/dist/permissions/utils/fetch-dynamic-variable-context.js +43 -0
- package/dist/permissions/utils/filter-policies-by-ip.d.ts +2 -0
- package/dist/permissions/utils/filter-policies-by-ip.js +15 -0
- package/dist/permissions/utils/get-unaliased-field-key.d.ts +5 -0
- package/dist/permissions/utils/get-unaliased-field-key.js +17 -0
- package/dist/permissions/utils/process-permissions.d.ts +7 -0
- package/dist/permissions/utils/process-permissions.js +9 -0
- package/dist/permissions/utils/with-cache.d.ts +10 -0
- package/dist/permissions/utils/with-cache.js +25 -0
- package/dist/services/access.d.ts +10 -0
- package/dist/services/access.js +43 -0
- package/dist/services/activity.js +22 -10
- package/dist/services/assets.d.ts +2 -3
- package/dist/services/assets.js +10 -5
- package/dist/services/authentication.js +18 -18
- package/dist/services/collections.js +18 -17
- package/dist/services/fields.d.ts +0 -1
- package/dist/services/fields.js +53 -24
- package/dist/services/files.d.ts +0 -4
- package/dist/services/files.js +10 -10
- package/dist/services/flows.d.ts +0 -2
- package/dist/services/flows.js +2 -14
- package/dist/services/graphql/index.d.ts +3 -3
- package/dist/services/graphql/index.js +126 -22
- package/dist/services/graphql/subscription.js +2 -4
- package/dist/services/import-export.js +23 -9
- package/dist/services/index.d.ts +3 -2
- package/dist/services/index.js +3 -2
- package/dist/services/items.d.ts +40 -14
- package/dist/services/items.js +182 -79
- package/dist/services/meta.js +60 -23
- package/dist/services/notifications.d.ts +0 -1
- package/dist/services/notifications.js +0 -7
- package/dist/services/operations.d.ts +0 -2
- package/dist/services/operations.js +2 -14
- package/dist/services/payload.d.ts +9 -10
- package/dist/services/payload.js +35 -19
- package/dist/services/{permissions/index.d.ts → permissions.d.ts} +5 -7
- package/dist/services/{permissions/index.js → permissions.js} +30 -54
- package/dist/services/policies.d.ts +12 -0
- package/dist/services/policies.js +87 -0
- package/dist/services/relations.d.ts +0 -6
- package/dist/services/relations.js +26 -29
- package/dist/services/roles.d.ts +4 -14
- package/dist/services/roles.js +56 -430
- package/dist/services/shares.d.ts +0 -2
- package/dist/services/shares.js +12 -8
- package/dist/services/specifications.d.ts +2 -2
- package/dist/services/specifications.js +39 -27
- package/dist/services/users.d.ts +2 -20
- package/dist/services/users.js +87 -192
- package/dist/services/utils.js +11 -7
- package/dist/services/versions.d.ts +0 -2
- package/dist/services/versions.js +34 -10
- package/dist/telemetry/lib/get-report.js +6 -3
- package/dist/telemetry/types/report.d.ts +4 -0
- package/dist/telemetry/utils/check-user-limits.d.ts +5 -0
- package/dist/telemetry/utils/check-user-limits.js +19 -0
- package/dist/telemetry/utils/get-filesize-sum.d.ts +5 -0
- package/dist/telemetry/utils/get-filesize-sum.js +7 -0
- package/dist/types/ast.d.ts +43 -1
- package/dist/types/items.d.ts +11 -0
- package/dist/utils/apply-query.d.ts +4 -3
- package/dist/utils/apply-query.js +37 -8
- package/dist/utils/fetch-user-count/fetch-access-lookup.d.ts +17 -0
- package/dist/utils/fetch-user-count/fetch-access-lookup.js +22 -0
- package/dist/utils/fetch-user-count/fetch-access-roles.d.ts +16 -0
- package/dist/utils/fetch-user-count/fetch-access-roles.js +37 -0
- package/dist/utils/fetch-user-count/fetch-active-users.d.ts +6 -0
- package/dist/utils/fetch-user-count/fetch-active-users.js +3 -0
- package/dist/utils/fetch-user-count/fetch-user-count.d.ts +12 -0
- package/dist/utils/fetch-user-count/fetch-user-count.js +57 -0
- package/dist/utils/fetch-user-count/get-user-count-query.d.ts +20 -0
- package/dist/utils/fetch-user-count/get-user-count-query.js +17 -0
- package/dist/utils/get-accountability-for-role.js +16 -25
- package/dist/utils/get-accountability-for-token.js +17 -16
- package/dist/utils/get-cache-key.d.ts +1 -1
- package/dist/utils/get-cache-key.js +12 -1
- package/dist/utils/get-column.d.ts +2 -1
- package/dist/utils/get-column.js +1 -0
- package/dist/utils/get-graphql-type.js +1 -0
- package/dist/utils/get-service.d.ts +1 -1
- package/dist/utils/get-service.js +14 -10
- package/dist/utils/reduce-schema.d.ts +4 -6
- package/dist/utils/reduce-schema.js +14 -34
- package/dist/utils/validate-user-count-integrity.d.ts +13 -0
- package/dist/utils/validate-user-count-integrity.js +29 -0
- package/dist/websocket/authenticate.d.ts +0 -2
- package/dist/websocket/authenticate.js +0 -12
- package/dist/websocket/controllers/graphql.js +1 -4
- package/dist/websocket/controllers/hooks.js +4 -0
- package/dist/websocket/controllers/rest.js +0 -2
- package/dist/websocket/handlers/subscribe.js +0 -2
- package/dist/websocket/utils/items.d.ts +1 -1
- package/dist/websocket/utils/items.js +4 -1
- package/package.json +31 -30
- package/dist/database/run-ast.js +0 -450
- package/dist/middleware/check-ip.d.ts +0 -2
- package/dist/middleware/check-ip.js +0 -37
- package/dist/middleware/get-permissions.d.ts +0 -3
- package/dist/middleware/get-permissions.js +0 -10
- package/dist/services/authorization.d.ts +0 -17
- package/dist/services/authorization.js +0 -456
- package/dist/services/permissions/lib/with-app-minimal-permissions.js +0 -13
- package/dist/telemetry/utils/check-increased-user-limits.d.ts +0 -7
- package/dist/telemetry/utils/check-increased-user-limits.js +0 -22
- package/dist/telemetry/utils/get-role-counts-by-roles.d.ts +0 -6
- package/dist/telemetry/utils/get-role-counts-by-roles.js +0 -27
- package/dist/telemetry/utils/get-role-counts-by-users.d.ts +0 -11
- package/dist/telemetry/utils/get-role-counts-by-users.js +0 -34
- package/dist/telemetry/utils/get-user-count.d.ts +0 -8
- package/dist/telemetry/utils/get-user-count.js +0 -33
- package/dist/telemetry/utils/get-user-counts-by-roles.d.ts +0 -7
- package/dist/telemetry/utils/get-user-counts-by-roles.js +0 -35
- package/dist/utils/get-ast-from-query.d.ts +0 -13
- package/dist/utils/get-ast-from-query.js +0 -297
- package/dist/utils/get-permissions.d.ts +0 -2
- package/dist/utils/get-permissions.js +0 -150
- package/dist/utils/merge-permissions-for-share.d.ts +0 -4
- package/dist/utils/merge-permissions-for-share.js +0 -109
- package/dist/utils/merge-permissions.d.ts +0 -3
- package/dist/utils/merge-permissions.js +0 -95
package/dist/app.js
CHANGED
|
@@ -10,6 +10,7 @@ import path from 'path';
|
|
|
10
10
|
import qs from 'qs';
|
|
11
11
|
import { registerAuthProviders } from './auth.js';
|
|
12
12
|
import activityRouter from './controllers/activity.js';
|
|
13
|
+
import accessRouter from './controllers/access.js';
|
|
13
14
|
import assetsRouter from './controllers/assets.js';
|
|
14
15
|
import authRouter from './controllers/auth.js';
|
|
15
16
|
import collectionsRouter from './controllers/collections.js';
|
|
@@ -26,6 +27,7 @@ import notificationsRouter from './controllers/notifications.js';
|
|
|
26
27
|
import operationsRouter from './controllers/operations.js';
|
|
27
28
|
import panelsRouter from './controllers/panels.js';
|
|
28
29
|
import permissionsRouter from './controllers/permissions.js';
|
|
30
|
+
import policiesRouter from './controllers/policies.js';
|
|
29
31
|
import presetsRouter from './controllers/presets.js';
|
|
30
32
|
import relationsRouter from './controllers/relations.js';
|
|
31
33
|
import revisionsRouter from './controllers/revisions.js';
|
|
@@ -46,11 +48,9 @@ import { getFlowManager } from './flows.js';
|
|
|
46
48
|
import { createExpressLogger, useLogger } from './logger.js';
|
|
47
49
|
import authenticate from './middleware/authenticate.js';
|
|
48
50
|
import cache from './middleware/cache.js';
|
|
49
|
-
import { checkIP } from './middleware/check-ip.js';
|
|
50
51
|
import cors from './middleware/cors.js';
|
|
51
52
|
import errorHandler from './middleware/error-handler.js';
|
|
52
53
|
import extractToken from './middleware/extract-token.js';
|
|
53
|
-
import getPermissions from './middleware/get-permissions.js';
|
|
54
54
|
import rateLimiterGlobal from './middleware/rate-limiter-global.js';
|
|
55
55
|
import rateLimiter from './middleware/rate-limiter-ip.js';
|
|
56
56
|
import sanitizeQuery from './middleware/sanitize-query.js';
|
|
@@ -197,16 +197,15 @@ export default async function createApp() {
|
|
|
197
197
|
}
|
|
198
198
|
app.get('/server/ping', (_req, res) => res.send('pong'));
|
|
199
199
|
app.use(authenticate);
|
|
200
|
-
app.use(checkIP);
|
|
201
200
|
app.use(sanitizeQuery);
|
|
202
201
|
app.use(cache);
|
|
203
202
|
app.use(schema);
|
|
204
|
-
app.use(getPermissions);
|
|
205
203
|
await emitter.emitInit('middlewares.after', { app });
|
|
206
204
|
await emitter.emitInit('routes.before', { app });
|
|
207
205
|
app.use('/auth', authRouter);
|
|
208
206
|
app.use('/graphql', graphqlRouter);
|
|
209
207
|
app.use('/activity', activityRouter);
|
|
208
|
+
app.use('/access', accessRouter);
|
|
210
209
|
app.use('/assets', assetsRouter);
|
|
211
210
|
app.use('/collections', collectionsRouter);
|
|
212
211
|
app.use('/dashboards', dashboardsRouter);
|
|
@@ -220,6 +219,7 @@ export default async function createApp() {
|
|
|
220
219
|
app.use('/operations', operationsRouter);
|
|
221
220
|
app.use('/panels', panelsRouter);
|
|
222
221
|
app.use('/permissions', permissionsRouter);
|
|
222
|
+
app.use('/policies', policiesRouter);
|
|
223
223
|
app.use('/presets', presetsRouter);
|
|
224
224
|
app.use('/translations', translationsRouter);
|
|
225
225
|
app.use('/relations', relationsRouter);
|
|
@@ -3,16 +3,17 @@ import { ErrorCode, InvalidCredentialsError, InvalidPayloadError, InvalidProvide
|
|
|
3
3
|
import { Router } from 'express';
|
|
4
4
|
import Joi from 'joi';
|
|
5
5
|
import ldap from 'ldapjs';
|
|
6
|
+
import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../../constants.js';
|
|
6
7
|
import getDatabase from '../../database/index.js';
|
|
7
8
|
import emitter from '../../emitter.js';
|
|
8
9
|
import { useLogger } from '../../logger.js';
|
|
9
10
|
import { respond } from '../../middleware/respond.js';
|
|
11
|
+
import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
|
|
10
12
|
import { AuthenticationService } from '../../services/authentication.js';
|
|
11
13
|
import { UsersService } from '../../services/users.js';
|
|
12
14
|
import asyncHandler from '../../utils/async-handler.js';
|
|
13
15
|
import { getIPFromReq } from '../../utils/get-ip-from-req.js';
|
|
14
16
|
import { AuthDriver } from '../auth.js';
|
|
15
|
-
import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../../constants.js';
|
|
16
17
|
// 0x2: ACCOUNTDISABLE
|
|
17
18
|
// 0x10: LOCKOUT
|
|
18
19
|
// 0x800000: PASSWORD_EXPIRED
|
|
@@ -295,10 +296,9 @@ export function createLDAPAuthRouter(provider) {
|
|
|
295
296
|
}).unknown();
|
|
296
297
|
router.post('/', asyncHandler(async (req, res, next) => {
|
|
297
298
|
const env = useEnv();
|
|
298
|
-
const accountability = {
|
|
299
|
+
const accountability = createDefaultAccountability({
|
|
299
300
|
ip: getIPFromReq(req),
|
|
300
|
-
|
|
301
|
-
};
|
|
301
|
+
});
|
|
302
302
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
303
303
|
if (userAgent)
|
|
304
304
|
accountability.userAgent = userAgent;
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
+
import { useEnv } from '@directus/env';
|
|
1
2
|
import { InvalidCredentialsError, InvalidPayloadError } from '@directus/errors';
|
|
2
3
|
import argon2 from 'argon2';
|
|
3
4
|
import { Router } from 'express';
|
|
4
5
|
import Joi from 'joi';
|
|
5
6
|
import { performance } from 'perf_hooks';
|
|
6
7
|
import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../../constants.js';
|
|
7
|
-
import { useEnv } from '@directus/env';
|
|
8
8
|
import { respond } from '../../middleware/respond.js';
|
|
9
|
+
import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
|
|
9
10
|
import { AuthenticationService } from '../../services/authentication.js';
|
|
10
11
|
import asyncHandler from '../../utils/async-handler.js';
|
|
11
12
|
import { getIPFromReq } from '../../utils/get-ip-from-req.js';
|
|
@@ -47,10 +48,9 @@ export function createLocalAuthRouter(provider) {
|
|
|
47
48
|
router.post('/', asyncHandler(async (req, res, next) => {
|
|
48
49
|
const STALL_TIME = env['LOGIN_STALL_TIME'];
|
|
49
50
|
const timeStart = performance.now();
|
|
50
|
-
const accountability = {
|
|
51
|
+
const accountability = createDefaultAccountability({
|
|
51
52
|
ip: getIPFromReq(req),
|
|
52
|
-
|
|
53
|
-
};
|
|
53
|
+
});
|
|
54
54
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
55
55
|
if (userAgent)
|
|
56
56
|
accountability.userAgent = userAgent;
|
|
@@ -11,15 +11,16 @@ import getDatabase from '../../database/index.js';
|
|
|
11
11
|
import emitter from '../../emitter.js';
|
|
12
12
|
import { useLogger } from '../../logger.js';
|
|
13
13
|
import { respond } from '../../middleware/respond.js';
|
|
14
|
+
import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
|
|
14
15
|
import { AuthenticationService } from '../../services/authentication.js';
|
|
15
16
|
import { UsersService } from '../../services/users.js';
|
|
16
17
|
import asyncHandler from '../../utils/async-handler.js';
|
|
17
18
|
import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
|
|
18
19
|
import { getIPFromReq } from '../../utils/get-ip-from-req.js';
|
|
20
|
+
import { getSecret } from '../../utils/get-secret.js';
|
|
19
21
|
import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
|
|
20
22
|
import { Url } from '../../utils/url.js';
|
|
21
23
|
import { LocalAuthDriver } from './local.js';
|
|
22
|
-
import { getSecret } from '../../utils/get-secret.js';
|
|
23
24
|
export class OAuth2AuthDriver extends LocalAuthDriver {
|
|
24
25
|
client;
|
|
25
26
|
redirectUrl;
|
|
@@ -251,10 +252,9 @@ export function createOAuth2AuthRouter(providerName) {
|
|
|
251
252
|
throw new InvalidCredentialsError();
|
|
252
253
|
}
|
|
253
254
|
const { verifier, redirect, prompt } = tokenData;
|
|
254
|
-
const accountability = {
|
|
255
|
+
const accountability = createDefaultAccountability({
|
|
255
256
|
ip: getIPFromReq(req),
|
|
256
|
-
|
|
257
|
-
};
|
|
257
|
+
});
|
|
258
258
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
259
259
|
if (userAgent)
|
|
260
260
|
accountability.userAgent = userAgent;
|
|
@@ -11,6 +11,7 @@ import getDatabase from '../../database/index.js';
|
|
|
11
11
|
import emitter from '../../emitter.js';
|
|
12
12
|
import { useLogger } from '../../logger.js';
|
|
13
13
|
import { respond } from '../../middleware/respond.js';
|
|
14
|
+
import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
|
|
14
15
|
import { AuthenticationService } from '../../services/authentication.js';
|
|
15
16
|
import { UsersService } from '../../services/users.js';
|
|
16
17
|
import asyncHandler from '../../utils/async-handler.js';
|
|
@@ -272,10 +273,7 @@ export function createOpenIDAuthRouter(providerName) {
|
|
|
272
273
|
throw new InvalidCredentialsError();
|
|
273
274
|
}
|
|
274
275
|
const { verifier, redirect, prompt } = tokenData;
|
|
275
|
-
const accountability = {
|
|
276
|
-
ip: getIPFromReq(req),
|
|
277
|
-
role: null,
|
|
278
|
-
};
|
|
276
|
+
const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
|
|
279
277
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
280
278
|
if (userAgent)
|
|
281
279
|
accountability.userAgent = userAgent;
|
package/dist/cache.js
CHANGED
|
@@ -8,6 +8,7 @@ import { compress, decompress } from './utils/compress.js';
|
|
|
8
8
|
import { getConfigFromEnv } from './utils/get-config-from-env.js';
|
|
9
9
|
import { getMilliseconds } from './utils/get-milliseconds.js';
|
|
10
10
|
import { validateEnv } from './utils/validate-env.js';
|
|
11
|
+
import { clearCache as clearPermissionCache } from './permissions/cache.js';
|
|
11
12
|
import { createRequire } from 'node:module';
|
|
12
13
|
const logger = useLogger();
|
|
13
14
|
const env = useEnv();
|
|
@@ -66,6 +67,8 @@ export async function clearSystemCache(opts) {
|
|
|
66
67
|
}
|
|
67
68
|
await sharedSchemaCache.clear();
|
|
68
69
|
await localSchemaCache.clear();
|
|
70
|
+
// Since a lot of cached permission function rely on the schema it needs to be cleared as well
|
|
71
|
+
await clearPermissionCache();
|
|
69
72
|
messenger.publish('schemaChanged', { autoPurgeCache: opts?.autoPurgeCache });
|
|
70
73
|
}
|
|
71
74
|
export async function setSystemCache(key, value, ttl) {
|
|
@@ -3,11 +3,13 @@ import getDatabase, { hasDatabaseConnection, isInstalled, validateDatabaseConnec
|
|
|
3
3
|
import runMigrations from '../../../database/migrations/run.js';
|
|
4
4
|
import installDatabase from '../../../database/seeds/run.js';
|
|
5
5
|
import { useLogger } from '../../../logger.js';
|
|
6
|
+
import { AccessService } from '../../../services/access.js';
|
|
7
|
+
import { PoliciesService } from '../../../services/policies.js';
|
|
6
8
|
import { RolesService } from '../../../services/roles.js';
|
|
7
9
|
import { SettingsService } from '../../../services/settings.js';
|
|
8
10
|
import { UsersService } from '../../../services/users.js';
|
|
9
11
|
import { getSchema } from '../../../utils/get-schema.js';
|
|
10
|
-
import { defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
|
|
12
|
+
import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
|
|
11
13
|
export default async function bootstrap({ skipAdminInit }) {
|
|
12
14
|
const logger = useLogger();
|
|
13
15
|
logger.info('Initializing bootstrap...');
|
|
@@ -58,8 +60,12 @@ async function createDefaultAdmin(schema) {
|
|
|
58
60
|
const env = useEnv();
|
|
59
61
|
const { nanoid } = await import('nanoid');
|
|
60
62
|
logger.info('Setting up first admin role...');
|
|
63
|
+
const accessService = new AccessService({ schema });
|
|
64
|
+
const policiesService = new PoliciesService({ schema });
|
|
61
65
|
const rolesService = new RolesService({ schema });
|
|
62
66
|
const role = await rolesService.createOne(defaultAdminRole);
|
|
67
|
+
const policy = await policiesService.createOne(defaultAdminPolicy);
|
|
68
|
+
await accessService.createOne({ policy, role });
|
|
63
69
|
logger.info('Adding first admin user...');
|
|
64
70
|
const usersService = new UsersService({ schema });
|
|
65
71
|
let adminEmail = env['ADMIN_EMAIL'];
|
|
@@ -72,5 +78,5 @@ async function createDefaultAdmin(schema) {
|
|
|
72
78
|
adminPassword = nanoid(12);
|
|
73
79
|
logger.info(`No admin password provided. Defaulting to "${adminPassword}"`);
|
|
74
80
|
}
|
|
75
|
-
await usersService.createOne({ email: adminEmail, password: adminPassword, role
|
|
81
|
+
await usersService.createOne({ ...defaultAdminUser, email: adminEmail, password: adminPassword, role });
|
|
76
82
|
}
|
|
@@ -9,7 +9,7 @@ import runSeed from '../../../database/seeds/run.js';
|
|
|
9
9
|
import { generateHash } from '../../../utils/generate-hash.js';
|
|
10
10
|
import createDBConnection from '../../utils/create-db-connection.js';
|
|
11
11
|
import createEnv from '../../utils/create-env/index.js';
|
|
12
|
-
import { defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
|
|
12
|
+
import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
|
|
13
13
|
import { drivers, getDriverForClient } from '../../utils/drivers.js';
|
|
14
14
|
import { databaseQuestions } from './questions.js';
|
|
15
15
|
export default async function init() {
|
|
@@ -79,18 +79,17 @@ export default async function init() {
|
|
|
79
79
|
},
|
|
80
80
|
]);
|
|
81
81
|
firstUser.password = await generateHash(firstUser.password);
|
|
82
|
-
const
|
|
83
|
-
const
|
|
84
|
-
await db('directus_roles').insert({
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
});
|
|
82
|
+
const role = randomUUID();
|
|
83
|
+
const policy = randomUUID();
|
|
84
|
+
await db('directus_roles').insert({ ...defaultAdminRole, id: role });
|
|
85
|
+
await db('directus_policies').insert({ ...defaultAdminPolicy, id: policy });
|
|
86
|
+
await db('directus_access').insert({ id: randomUUID(), role, policy });
|
|
88
87
|
await db('directus_users').insert({
|
|
89
|
-
|
|
88
|
+
...defaultAdminUser,
|
|
89
|
+
id: randomUUID(),
|
|
90
90
|
email: firstUser.email,
|
|
91
91
|
password: firstUser.password,
|
|
92
|
-
role
|
|
93
|
-
...defaultAdminUser,
|
|
92
|
+
role,
|
|
94
93
|
});
|
|
95
94
|
await db.destroy();
|
|
96
95
|
process.stdout.write(`\nYour project has been created at ${chalk.green(rootPath)}.\n`);
|
|
@@ -1,11 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
description: string;
|
|
6
|
-
};
|
|
7
|
-
export declare const defaultAdminUser: {
|
|
8
|
-
status: string;
|
|
9
|
-
first_name: string;
|
|
10
|
-
last_name: string;
|
|
11
|
-
};
|
|
1
|
+
import type { Policy, Role, User } from '@directus/types';
|
|
2
|
+
export declare const defaultAdminRole: Partial<Role>;
|
|
3
|
+
export declare const defaultAdminUser: Partial<User>;
|
|
4
|
+
export declare const defaultAdminPolicy: Partial<Policy>;
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
export const defaultAdminRole = {
|
|
2
2
|
name: 'Administrator',
|
|
3
3
|
icon: 'verified',
|
|
4
|
-
admin_access: true,
|
|
5
4
|
description: '$t:admin_description',
|
|
6
5
|
};
|
|
7
6
|
export const defaultAdminUser = {
|
|
@@ -9,3 +8,10 @@ export const defaultAdminUser = {
|
|
|
9
8
|
first_name: 'Admin',
|
|
10
9
|
last_name: 'User',
|
|
11
10
|
};
|
|
11
|
+
export const defaultAdminPolicy = {
|
|
12
|
+
name: 'Administrator',
|
|
13
|
+
icon: 'verified',
|
|
14
|
+
admin_access: true,
|
|
15
|
+
app_access: true,
|
|
16
|
+
description: '$t:admin_description',
|
|
17
|
+
};
|
package/dist/constants.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ export declare const FILTER_VARIABLES: string[];
|
|
|
6
6
|
export declare const ALIAS_TYPES: string[];
|
|
7
7
|
export declare const DEFAULT_AUTH_PROVIDER = "default";
|
|
8
8
|
export declare const COLUMN_TRANSFORMS: string[];
|
|
9
|
-
export declare const GENERATE_SPECIAL:
|
|
9
|
+
export declare const GENERATE_SPECIAL: readonly ["uuid", "date-created", "role-created", "user-created"];
|
|
10
10
|
export declare const UUID_REGEX = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}";
|
|
11
11
|
export declare const REFRESH_COOKIE_OPTIONS: CookieOptions;
|
|
12
12
|
export declare const SESSION_COOKIE_OPTIONS: CookieOptions;
|
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
import { ErrorCode, isDirectusError } from '@directus/errors';
|
|
2
|
+
import express from 'express';
|
|
3
|
+
import { respond } from '../middleware/respond.js';
|
|
4
|
+
import useCollection from '../middleware/use-collection.js';
|
|
5
|
+
import { validateBatch } from '../middleware/validate-batch.js';
|
|
6
|
+
import { MetaService } from '../services/meta.js';
|
|
7
|
+
import { AccessService } from '../services/access.js';
|
|
8
|
+
import asyncHandler from '../utils/async-handler.js';
|
|
9
|
+
import { sanitizeQuery } from '../utils/sanitize-query.js';
|
|
10
|
+
const router = express.Router();
|
|
11
|
+
router.use(useCollection('directus_access'));
|
|
12
|
+
router.post('/', asyncHandler(async (req, res, next) => {
|
|
13
|
+
const service = new AccessService({
|
|
14
|
+
accountability: req.accountability,
|
|
15
|
+
schema: req.schema,
|
|
16
|
+
});
|
|
17
|
+
const savedKeys = [];
|
|
18
|
+
if (Array.isArray(req.body)) {
|
|
19
|
+
const keys = await service.createMany(req.body);
|
|
20
|
+
savedKeys.push(...keys);
|
|
21
|
+
}
|
|
22
|
+
else {
|
|
23
|
+
const key = await service.createOne(req.body);
|
|
24
|
+
savedKeys.push(key);
|
|
25
|
+
}
|
|
26
|
+
try {
|
|
27
|
+
if (Array.isArray(req.body)) {
|
|
28
|
+
const items = await service.readMany(savedKeys, req.sanitizedQuery);
|
|
29
|
+
res.locals['payload'] = { data: items };
|
|
30
|
+
}
|
|
31
|
+
else {
|
|
32
|
+
const item = await service.readOne(savedKeys[0], req.sanitizedQuery);
|
|
33
|
+
res.locals['payload'] = { data: item };
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
catch (error) {
|
|
37
|
+
if (isDirectusError(error, ErrorCode.Forbidden)) {
|
|
38
|
+
return next();
|
|
39
|
+
}
|
|
40
|
+
throw error;
|
|
41
|
+
}
|
|
42
|
+
return next();
|
|
43
|
+
}), respond);
|
|
44
|
+
const readHandler = asyncHandler(async (req, res, next) => {
|
|
45
|
+
const service = new AccessService({
|
|
46
|
+
accountability: req.accountability,
|
|
47
|
+
schema: req.schema,
|
|
48
|
+
});
|
|
49
|
+
const metaService = new MetaService({
|
|
50
|
+
accountability: req.accountability,
|
|
51
|
+
schema: req.schema,
|
|
52
|
+
});
|
|
53
|
+
let result;
|
|
54
|
+
if (req.body.keys) {
|
|
55
|
+
result = await service.readMany(req.body.keys, req.sanitizedQuery);
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
result = await service.readByQuery(req.sanitizedQuery);
|
|
59
|
+
}
|
|
60
|
+
const meta = await metaService.getMetaForQuery('directus_access', req.sanitizedQuery);
|
|
61
|
+
res.locals['payload'] = { data: result, meta };
|
|
62
|
+
return next();
|
|
63
|
+
});
|
|
64
|
+
router.get('/', validateBatch('read'), readHandler, respond);
|
|
65
|
+
router.search('/', validateBatch('read'), readHandler, respond);
|
|
66
|
+
router.get('/:pk', asyncHandler(async (req, res, next) => {
|
|
67
|
+
if (req.path.endsWith('me'))
|
|
68
|
+
return next();
|
|
69
|
+
const service = new AccessService({
|
|
70
|
+
accountability: req.accountability,
|
|
71
|
+
schema: req.schema,
|
|
72
|
+
});
|
|
73
|
+
const record = await service.readOne(req.params['pk'], req.sanitizedQuery);
|
|
74
|
+
res.locals['payload'] = { data: record };
|
|
75
|
+
return next();
|
|
76
|
+
}), respond);
|
|
77
|
+
router.patch('/', validateBatch('update'), asyncHandler(async (req, res, next) => {
|
|
78
|
+
const service = new AccessService({
|
|
79
|
+
accountability: req.accountability,
|
|
80
|
+
schema: req.schema,
|
|
81
|
+
});
|
|
82
|
+
let keys = [];
|
|
83
|
+
if (Array.isArray(req.body)) {
|
|
84
|
+
keys = await service.updateBatch(req.body);
|
|
85
|
+
}
|
|
86
|
+
else if (req.body.keys) {
|
|
87
|
+
keys = await service.updateMany(req.body.keys, req.body.data);
|
|
88
|
+
}
|
|
89
|
+
else {
|
|
90
|
+
const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
|
|
91
|
+
keys = await service.updateByQuery(sanitizedQuery, req.body.data);
|
|
92
|
+
}
|
|
93
|
+
try {
|
|
94
|
+
const result = await service.readMany(keys, req.sanitizedQuery);
|
|
95
|
+
res.locals['payload'] = { data: result };
|
|
96
|
+
}
|
|
97
|
+
catch (error) {
|
|
98
|
+
if (isDirectusError(error, ErrorCode.Forbidden)) {
|
|
99
|
+
return next();
|
|
100
|
+
}
|
|
101
|
+
throw error;
|
|
102
|
+
}
|
|
103
|
+
return next();
|
|
104
|
+
}), respond);
|
|
105
|
+
router.patch('/:pk', asyncHandler(async (req, res, next) => {
|
|
106
|
+
const service = new AccessService({
|
|
107
|
+
accountability: req.accountability,
|
|
108
|
+
schema: req.schema,
|
|
109
|
+
});
|
|
110
|
+
const primaryKey = await service.updateOne(req.params['pk'], req.body);
|
|
111
|
+
try {
|
|
112
|
+
const item = await service.readOne(primaryKey, req.sanitizedQuery);
|
|
113
|
+
res.locals['payload'] = { data: item || null };
|
|
114
|
+
}
|
|
115
|
+
catch (error) {
|
|
116
|
+
if (isDirectusError(error, ErrorCode.Forbidden)) {
|
|
117
|
+
return next();
|
|
118
|
+
}
|
|
119
|
+
throw error;
|
|
120
|
+
}
|
|
121
|
+
return next();
|
|
122
|
+
}), respond);
|
|
123
|
+
router.delete('/', validateBatch('delete'), asyncHandler(async (req, _res, next) => {
|
|
124
|
+
const service = new AccessService({
|
|
125
|
+
accountability: req.accountability,
|
|
126
|
+
schema: req.schema,
|
|
127
|
+
});
|
|
128
|
+
if (Array.isArray(req.body)) {
|
|
129
|
+
await service.deleteMany(req.body);
|
|
130
|
+
}
|
|
131
|
+
else if (req.body.keys) {
|
|
132
|
+
await service.deleteMany(req.body.keys);
|
|
133
|
+
}
|
|
134
|
+
else {
|
|
135
|
+
const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
|
|
136
|
+
await service.deleteByQuery(sanitizedQuery);
|
|
137
|
+
}
|
|
138
|
+
return next();
|
|
139
|
+
}), respond);
|
|
140
|
+
router.delete('/:pk', asyncHandler(async (req, _res, next) => {
|
|
141
|
+
const service = new AccessService({
|
|
142
|
+
accountability: req.accountability,
|
|
143
|
+
schema: req.schema,
|
|
144
|
+
});
|
|
145
|
+
await service.deleteOne(req.params['pk']);
|
|
146
|
+
return next();
|
|
147
|
+
}), respond);
|
|
148
|
+
export default router;
|
package/dist/controllers/auth.js
CHANGED
|
@@ -5,6 +5,7 @@ import { createLDAPAuthRouter, createLocalAuthRouter, createOAuth2AuthRouter, cr
|
|
|
5
5
|
import { DEFAULT_AUTH_PROVIDER, REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../constants.js';
|
|
6
6
|
import { useLogger } from '../logger.js';
|
|
7
7
|
import { respond } from '../middleware/respond.js';
|
|
8
|
+
import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
|
|
8
9
|
import { AuthenticationService } from '../services/authentication.js';
|
|
9
10
|
import { UsersService } from '../services/users.js';
|
|
10
11
|
import asyncHandler from '../utils/async-handler.js';
|
|
@@ -71,10 +72,7 @@ function getCurrentRefreshToken(req, mode) {
|
|
|
71
72
|
return undefined;
|
|
72
73
|
}
|
|
73
74
|
router.post('/refresh', asyncHandler(async (req, res, next) => {
|
|
74
|
-
const accountability = {
|
|
75
|
-
ip: getIPFromReq(req),
|
|
76
|
-
role: null,
|
|
77
|
-
};
|
|
75
|
+
const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
|
|
78
76
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
79
77
|
if (userAgent)
|
|
80
78
|
accountability.userAgent = userAgent;
|
|
@@ -111,10 +109,7 @@ router.post('/refresh', asyncHandler(async (req, res, next) => {
|
|
|
111
109
|
return next();
|
|
112
110
|
}), respond);
|
|
113
111
|
router.post('/logout', asyncHandler(async (req, res, next) => {
|
|
114
|
-
const accountability = {
|
|
115
|
-
ip: getIPFromReq(req),
|
|
116
|
-
role: null,
|
|
117
|
-
};
|
|
112
|
+
const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
|
|
118
113
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
119
114
|
if (userAgent)
|
|
120
115
|
accountability.userAgent = userAgent;
|
|
@@ -145,10 +140,7 @@ router.post('/password/request', asyncHandler(async (req, _res, next) => {
|
|
|
145
140
|
if (typeof req.body.email !== 'string') {
|
|
146
141
|
throw new InvalidPayloadError({ reason: `"email" field is required` });
|
|
147
142
|
}
|
|
148
|
-
const accountability = {
|
|
149
|
-
ip: getIPFromReq(req),
|
|
150
|
-
role: null,
|
|
151
|
-
};
|
|
143
|
+
const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
|
|
152
144
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
153
145
|
if (userAgent)
|
|
154
146
|
accountability.userAgent = userAgent;
|
|
@@ -177,10 +169,7 @@ router.post('/password/reset', asyncHandler(async (req, _res, next) => {
|
|
|
177
169
|
if (typeof req.body.password !== 'string') {
|
|
178
170
|
throw new InvalidPayloadError({ reason: `"password" field is required` });
|
|
179
171
|
}
|
|
180
|
-
const accountability = {
|
|
181
|
-
ip: getIPFromReq(req),
|
|
182
|
-
role: null,
|
|
183
|
-
};
|
|
172
|
+
const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
|
|
184
173
|
const userAgent = req.get('user-agent')?.substring(0, 1024);
|
|
185
174
|
if (userAgent)
|
|
186
175
|
accountability.userAgent = userAgent;
|
|
@@ -1,10 +1,12 @@
|
|
|
1
|
-
import { ErrorCode, isDirectusError } from '@directus/errors';
|
|
1
|
+
import { ErrorCode, ForbiddenError, isDirectusError } from '@directus/errors';
|
|
2
2
|
import express from 'express';
|
|
3
|
+
import getDatabase from '../database/index.js';
|
|
3
4
|
import { respond } from '../middleware/respond.js';
|
|
4
5
|
import useCollection from '../middleware/use-collection.js';
|
|
5
6
|
import { validateBatch } from '../middleware/validate-batch.js';
|
|
7
|
+
import { fetchAccountabilityCollectionAccess } from '../permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js';
|
|
6
8
|
import { MetaService } from '../services/meta.js';
|
|
7
|
-
import { PermissionsService } from '../services/permissions
|
|
9
|
+
import { PermissionsService } from '../services/permissions.js';
|
|
8
10
|
import asyncHandler from '../utils/async-handler.js';
|
|
9
11
|
import { sanitizeQuery } from '../utils/sanitize-query.js';
|
|
10
12
|
const router = express.Router();
|
|
@@ -69,6 +71,16 @@ const readHandler = asyncHandler(async (req, res, next) => {
|
|
|
69
71
|
});
|
|
70
72
|
router.get('/', validateBatch('read'), readHandler, respond);
|
|
71
73
|
router.search('/', validateBatch('read'), readHandler, respond);
|
|
74
|
+
router.get('/me', asyncHandler(async (req, res, next) => {
|
|
75
|
+
if (!req.accountability?.user && !req.accountability?.role)
|
|
76
|
+
throw new ForbiddenError();
|
|
77
|
+
const result = await fetchAccountabilityCollectionAccess(req.accountability, {
|
|
78
|
+
schema: req.schema,
|
|
79
|
+
knex: getDatabase(),
|
|
80
|
+
});
|
|
81
|
+
res.locals['payload'] = { data: result };
|
|
82
|
+
return next();
|
|
83
|
+
}), respond);
|
|
72
84
|
router.get('/:pk', asyncHandler(async (req, res, next) => {
|
|
73
85
|
if (req.path.endsWith('me'))
|
|
74
86
|
return next();
|