@directus/api 22.1.1 → 22.2.0

package/dist/utils/sanitize-schema.d.ts

@@ -16,7 +16,7 @@ export declare function sanitizeCollection(collection: Collection | undefined):
  * @returns sanitized field
  */
 export declare function sanitizeField(field: Field | undefined, sanitizeAllSchema?: boolean): Partial<Field> | undefined;
-export declare function sanitizeColumn(column: Column): Pick<Column, "table" | "name" | "numeric_precision" | "numeric_scale" | "data_type" | "default_value" | "max_length" | "is_nullable" | "is_unique" | "is_primary_key" | "is_generated" | "generation_expression" | "has_auto_increment" | "foreign_key_table" | "foreign_key_column">;
+export declare function sanitizeColumn(column: Column): Pick<Column, "table" | "name" | "numeric_precision" | "data_type" | "default_value" | "max_length" | "numeric_scale" | "is_nullable" | "is_unique" | "is_primary_key" | "is_generated" | "generation_expression" | "has_auto_increment" | "foreign_key_table" | "foreign_key_column">;
 /**
  * Pick certain database vendor specific relation properties that should be compared when performing diff
  *

package/dist/websocket/controllers/base.d.ts

@@ -3,19 +3,17 @@
 /// <reference types="node" resolution-mode="require"/>
 /// <reference types="node/http.js" />
 /// <reference types="pino-http" />
+import type { Accountability } from '@directus/types';
 import type { IncomingMessage, Server as httpServer } from 'http';
 import type { RateLimiterAbstract } from 'rate-limiter-flexible';
 import type internal from 'stream';
 import WebSocket from 'ws';
-import { AuthMode, WebSocketAuthMessage, WebSocketMessage } from '../messages.js';
-import type { AuthenticationState, UpgradeContext, WebSocketClient } from '../types.js';
+import { WebSocketAuthMessage, WebSocketMessage } from '../messages.js';
+import type { AuthenticationState, UpgradeContext, WebSocketAuthentication, WebSocketClient } from '../types.js';
 export default abstract class SocketController {
     server: WebSocket.Server;
     clients: Set<WebSocketClient>;
-    authentication: {
-        mode: AuthMode;
-        timeout: number;
-    };
+    authentication: WebSocketAuthentication;
     endpoint: string;
     maxConnections: number;
     private rateLimiter;
@@ -23,10 +21,7 @@ export default abstract class SocketController {
     constructor(httpServer: httpServer, configPrefix: string);
     protected getEnvironmentConfig(configPrefix: string): {
         endpoint: string;
-        authentication: {
-            mode: AuthMode;
-            timeout: number;
-        };
+        authentication: WebSocketAuthentication;
         maxConnections: number;
     };
     protected getRateLimiter(): RateLimiterAbstract | null;
@@ -39,5 +34,10 @@ export default abstract class SocketController {
     protected handleAuthRequest(client: WebSocketClient, message: WebSocketAuthMessage): Promise<void>;
     setTokenExpireTimer(client: WebSocketClient): void;
     checkClientTokens(): void;
+    meetsAdminRequirement({ socket, client, accountability, }: {
+        socket?: UpgradeContext['socket'];
+        client?: WebSocketClient | WebSocket;
+        accountability: Accountability | null;
+    }): boolean;
     terminate(): void;
 }

package/dist/websocket/controllers/base.js

@@ -1,6 +1,7 @@
 import { useEnv } from '@directus/env';
 import { InvalidProviderConfigError, TokenExpiredError } from '@directus/errors';
 import { parseJSON, toBoolean } from '@directus/utils';
+import cookie from 'cookie';
 import { randomUUID } from 'node:crypto';
 import { parse } from 'url';
 import WebSocket, { WebSocketServer } from 'ws';
@@ -15,8 +16,6 @@ import { AuthMode, WebSocketAuthMessage, WebSocketMessage } from '../messages.js
 import { getExpiresAtForToken } from '../utils/get-expires-at-for-token.js';
 import { getMessageType } from '../utils/message.js';
 import { waitForAnyMessage, waitForMessageType } from '../utils/wait-for-message.js';
-import { registerWebSocketEvents } from './hooks.js';
-import cookie from 'cookie';
 const TOKEN_CHECK_INTERVAL = 15 * 60 * 1000; // 15 minutes
 const logger = useLogger();
 export default class SocketController {
@@ -42,7 +41,6 @@ export default class SocketController {
         this.rateLimiter = this.getRateLimiter();
         httpServer.on('upgrade', this.handleUpgrade.bind(this));
         this.checkClientTokens();
-        registerWebSocketEvents();
     }
     getEnvironmentConfig(configPrefix) {
         const env = useEnv();
@@ -62,6 +60,7 @@ export default class SocketController {
             authentication: {
                 mode: authMode.data,
                 timeout: authTimeout,
+                requireAdmin: false,
             },
         };
     }
@@ -141,6 +140,8 @@ export default class SocketController {
             socket.destroy();
             return;
         }
+        if (!this.meetsAdminRequirement({ socket, accountability }))
+            return;
         this.server.handleUpgrade(request, socket, head, async (ws) => {
             this.catchInvalidMessages(ws);
             const state = { accountability, expires_at };
@@ -155,6 +156,8 @@ export default class SocketController {
                 if (getMessageType(payload) !== 'auth')
                     throw new Error();
                 const state = await authenticateConnection(WebSocketAuthMessage.parse(payload));
+                if (this.meetsAdminRequirement({ client: ws, accountability: state.accountability }))
+                    return;
                 ws.send(authenticationSuccess(payload['uid'], state.refresh_token));
                 this.server.emit('connection', ws, state);
             }
@@ -243,6 +246,8 @@ export default class SocketController {
     async handleAuthRequest(client, message) {
         try {
             const { accountability, expires_at, refresh_token } = await authenticateConnection(message);
+            if (!this.meetsAdminRequirement({ client, accountability }))
+                return;
             client.accountability = accountability;
             client.expires_at = expires_at;
             this.setTokenExpireTimer(client);
@@ -300,6 +305,20 @@ export default class SocketController {
             }
         }, TOKEN_CHECK_INTERVAL);
     }
+    meetsAdminRequirement({ socket, client, accountability, }) {
+        if (!this.authentication.requireAdmin || accountability?.admin)
+            return true;
+        logger.debug('WebSocket connection denied - ' + JSON.stringify(accountability || 'invalid'));
+        if (socket) {
+            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+            socket.destroy();
+        }
+        else if (client) {
+            handleWebSocketError(client, new WebSocketError('auth', 'UNAUTHORIZED', 'Unauthorized.'), 'auth');
+            client.close();
+        }
+        return false;
+    }
     terminate() {
         if (this.authInterval)
             clearInterval(this.authInterval);

package/dist/websocket/controllers/graphql.js

@@ -9,11 +9,13 @@ import { handleWebSocketError } from '../errors.js';
 import { ConnectionParams, WebSocketMessage } from '../messages.js';
 import { getMessageType } from '../utils/message.js';
 import SocketController from './base.js';
+import { registerWebSocketEvents } from './hooks.js';
 const logger = useLogger();
 export class GraphQLSubscriptionController extends SocketController {
     gql;
     constructor(httpServer) {
         super(httpServer, 'WEBSOCKETS_GRAPHQL');
+        registerWebSocketEvents();
         this.server.on('connection', (ws, auth) => {
             this.bindEvents(this.createClient(ws, auth));
         });
@@ -30,7 +32,7 @@ export class GraphQLSubscriptionController extends SocketController {
             },
         });
         bindPubSub();
-        logger.info(`GraphQL Subscriptions started at ws://${getAddress(httpServer)}${this.endpoint}`);
+        logger.info(`GraphQL Subscriptions started at ${getAddress(httpServer)}${this.endpoint}`);
     }
     bindEvents(client) {
         const closedHandler = this.gql.opened({

package/dist/websocket/controllers/index.d.ts

@@ -3,10 +3,14 @@
 /// <reference types="pino-http" />
 import type { Server as httpServer } from 'http';
 import { GraphQLSubscriptionController } from './graphql.js';
+import { LogsController } from './logs.js';
 import { WebSocketController } from './rest.js';
 export declare function createWebSocketController(server: httpServer): void;
 export declare function getWebSocketController(): WebSocketController | undefined;
 export declare function createSubscriptionController(server: httpServer): void;
 export declare function getSubscriptionController(): GraphQLSubscriptionController | undefined;
+export declare function createLogsController(server: httpServer): void;
+export declare function getLogsController(): LogsController | undefined;
 export * from './graphql.js';
+export * from './logs.js';
 export * from './rest.js';

package/dist/websocket/controllers/index.js

@@ -1,9 +1,11 @@
 import { useEnv } from '@directus/env';
 import { toBoolean } from '@directus/utils';
 import { GraphQLSubscriptionController } from './graphql.js';
+import { LogsController } from './logs.js';
 import { WebSocketController } from './rest.js';
 let websocketController;
 let subscriptionController;
+let logsController;
 export function createWebSocketController(server) {
     const env = useEnv();
     if (toBoolean(env['WEBSOCKETS_REST_ENABLED'])) {
@@ -22,5 +24,15 @@ export function createSubscriptionController(server) {
 export function getSubscriptionController() {
     return subscriptionController;
 }
+export function createLogsController(server) {
+    const env = useEnv();
+    if (toBoolean(env['WEBSOCKETS_LOGS_ENABLED'])) {
+        logsController = new LogsController(server);
+    }
+}
+export function getLogsController() {
+    return logsController;
+}
 export * from './graphql.js';
+export * from './logs.js';
 export * from './rest.js';

package/dist/websocket/controllers/logs.d.ts

@@ -0,0 +1,18 @@
+/// <reference types="node" resolution-mode="require"/>
+/// <reference types="node/http.js" />
+/// <reference types="pino-http" />
+import type { Server as httpServer } from 'http';
+import SocketController from './base.js';
+export declare class LogsController extends SocketController {
+    constructor(httpServer: httpServer);
+    getEnvironmentConfig(configPrefix: string): {
+        endpoint: string;
+        maxConnections: number;
+        authentication: {
+            mode: "strict" | "public" | "handshake";
+            timeout: number;
+            requireAdmin: boolean;
+        };
+    };
+    private bindEvents;
+}

package/dist/websocket/controllers/logs.js

@@ -0,0 +1,50 @@
+import { useEnv } from '@directus/env';
+import emitter from '../../emitter.js';
+import { useLogger } from '../../logger/index.js';
+import { handleWebSocketError } from '../errors.js';
+import { AuthMode, WebSocketMessage } from '../messages.js';
+import SocketController from './base.js';
+const logger = useLogger();
+export class LogsController extends SocketController {
+    constructor(httpServer) {
+        super(httpServer, 'WEBSOCKETS_LOGS');
+        const env = useEnv();
+        this.server.on('connection', (ws, auth) => {
+            this.bindEvents(this.createClient(ws, auth));
+        });
+        logger.info(`Logs WebSocket Server started at ws://${env['HOST']}:${env['PORT']}${this.endpoint}`);
+    }
+    getEnvironmentConfig(configPrefix) {
+        const env = useEnv();
+        const endpoint = String(env[`${configPrefix}_PATH`]);
+        const maxConnections = `${configPrefix}_CONN_LIMIT` in env ? Number(env[`${configPrefix}_CONN_LIMIT`]) : Number.POSITIVE_INFINITY;
+        return {
+            endpoint,
+            maxConnections,
+            // require strict auth
+            authentication: {
+                mode: 'strict',
+                timeout: 0,
+                requireAdmin: true,
+            },
+        };
+    }
+    bindEvents(client) {
+        client.on('parsed-message', async (message) => {
+            try {
+                emitter.emitAction('websocket.logs', { message, client });
+            }
+            catch (error) {
+                handleWebSocketError(client, error, 'server');
+                return;
+            }
+        });
+        client.on('error', (event) => {
+            emitter.emitAction('websocket.error', { client, event });
+        });
+        client.on('close', (event) => {
+            emitter.emitAction('websocket.close', { client, event });
+        });
+        emitter.emitAction('websocket.connect', { client });
+    }
+}

package/dist/websocket/controllers/rest.js

@@ -5,14 +5,16 @@ import { getAddress } from '../../utils/get-address.js';
 import { WebSocketError, handleWebSocketError } from '../errors.js';
 import { WebSocketMessage } from '../messages.js';
 import SocketController from './base.js';
+import { registerWebSocketEvents } from './hooks.js';
 const logger = useLogger();
 export class WebSocketController extends SocketController {
     constructor(httpServer) {
         super(httpServer, 'WEBSOCKETS_REST');
+        registerWebSocketEvents();
         this.server.on('connection', (ws, auth) => {
             this.bindEvents(this.createClient(ws, auth));
         });
-        logger.info(`WebSocket Server started at ws://${getAddress(httpServer)}${this.endpoint}`);
+        logger.info(`WebSocket Server started at ${getAddress(httpServer)}${this.endpoint}`);
     }
     bindEvents(client) {
         client.on('parsed-message', async (message) => {

package/dist/websocket/handlers/index.d.ts

@@ -1,4 +1,5 @@
 export declare function startWebSocketHandlers(): void;
 export * from './heartbeat.js';
 export * from './items.js';
+export * from './logs.js';
 export * from './subscribe.js';

package/dist/websocket/handlers/index.js

@@ -1,11 +1,29 @@
+import { useEnv } from '@directus/env';
+import { toBoolean } from '@directus/utils';
 import { HeartbeatHandler } from './heartbeat.js';
 import { ItemsHandler } from './items.js';
+import { LogsHandler } from './logs.js';
 import { SubscribeHandler } from './subscribe.js';
 export function startWebSocketHandlers() {
-    new HeartbeatHandler();
-    new ItemsHandler();
-    new SubscribeHandler();
+    const env = useEnv();
+    const heartbeatEnabled = toBoolean(env['WEBSOCKETS_HEARTBEAT_ENABLED']);
+    const restEnabled = toBoolean(env['WEBSOCKETS_REST_ENABLED']);
+    const graphqlEnabled = toBoolean(env['WEBSOCKETS_GRAPHQL_ENABLED']);
+    const logsEnabled = toBoolean(env['WEBSOCKETS_LOGS_ENABLED']);
+    if (heartbeatEnabled) {
+        new HeartbeatHandler();
+    }
+    if (restEnabled || graphqlEnabled) {
+        new ItemsHandler();
+    }
+    if (restEnabled) {
+        new SubscribeHandler();
+    }
+    if (logsEnabled) {
+        new LogsHandler();
+    }
 }
 export * from './heartbeat.js';
 export * from './items.js';
+export * from './logs.js';
 export * from './subscribe.js';

package/dist/websocket/handlers/logs.d.ts

@@ -0,0 +1,31 @@
+import type { Bus } from '@directus/memory';
+import { LogsController } from '../controllers/index.js';
+import { WebSocketLogsMessage } from '../messages.js';
+import type { LogsSubscription, WebSocketClient } from '../types.js';
+export declare class LogsHandler {
+    controller: LogsController;
+    messenger: Bus;
+    availableLogLevels: string[];
+    logLevelValueMap: Record<string, string>;
+    subscriptions: LogsSubscription;
+    constructor(controller?: LogsController);
+    /**
+     * Hook into websocket client lifecycle events
+     */
+    bindWebSocket(): void;
+    /**
+     * Register a logs subscription
+     * @param logLevel
+     * @param client
+     */
+    subscribe(logLevel: string, client: WebSocketClient): void;
+    /**
+     * Remove a logs subscription
+     * @param client WebSocketClient
+     */
+    unsubscribe(client: WebSocketClient): void;
+    /**
+     * Handle incoming (un)subscribe requests
+     */
+    onMessage(client: WebSocketClient, message: WebSocketLogsMessage): Promise<void>;
+}

package/dist/websocket/handlers/logs.js

@@ -0,0 +1,121 @@
+import { ErrorCode, ServiceUnavailableError } from '@directus/errors';
+import { useBus } from '../../bus/index.js';
+import emitter from '../../emitter.js';
+import { useLogger } from '../../logger/index.js';
+import { getAllowedLogLevels } from '../../utils/get-allowed-log-levels.js';
+import { getLogsController, LogsController } from '../controllers/index.js';
+import { handleWebSocketError, WebSocketError } from '../errors.js';
+import { WebSocketLogsMessage } from '../messages.js';
+import { fmtMessage, getMessageType } from '../utils/message.js';
+const logger = useLogger();
+export class LogsHandler {
+    controller;
+    messenger;
+    availableLogLevels;
+    logLevelValueMap;
+    subscriptions;
+    constructor(controller) {
+        controller = controller ?? getLogsController();
+        if (!controller) {
+            throw new ServiceUnavailableError({ service: 'ws', reason: 'WebSocket server is not initialized' });
+        }
+        this.controller = controller;
+        this.messenger = useBus();
+        this.availableLogLevels = Object.keys(logger.levels.values);
+        this.logLevelValueMap = Object.fromEntries(Object.entries(logger.levels.values).map(([key, value]) => [value, key]));
+        this.subscriptions = this.availableLogLevels.reduce((acc, logLevel) => {
+            acc[logLevel] = new Set();
+            return acc;
+        }, {});
+        this.bindWebSocket();
+        this.messenger.subscribe('logs', (message) => {
+            const { log, nodeId } = JSON.parse(message);
+            const logLevel = this.logLevelValueMap[log['level']];
+            if (logLevel) {
+                this.subscriptions[logLevel]?.forEach((subscription) => subscription.send(fmtMessage('logs', { data: log }, nodeId)));
+            }
+        });
+    }
+    /**
+     * Hook into websocket client lifecycle events
+     */
+    bindWebSocket() {
+        // listen to incoming messages on the connected websockets
+        emitter.onAction('websocket.logs', ({ client, message }) => {
+            if (!['subscribe', 'unsubscribe'].includes(getMessageType(message)))
+                return;
+            try {
+                const parsedMessage = WebSocketLogsMessage.parse(message);
+                this.onMessage(client, parsedMessage).catch((error) => {
+                    // this catch is required because the async onMessage function is not awaited
+                    handleWebSocketError(client, error, 'logs');
+                });
+            }
+            catch (error) {
+                handleWebSocketError(client, error, 'logs');
+            }
+        });
+        // unsubscribe when a connection drops
+        emitter.onAction('websocket.error', ({ client }) => this.unsubscribe(client));
+        emitter.onAction('websocket.close', ({ client }) => this.unsubscribe(client));
+    }
+    /**
+     * Register a logs subscription
+     * @param logLevel
+     * @param client
+     */
+    subscribe(logLevel, client) {
+        let allowedLogLevelNames = [];
+        try {
+            allowedLogLevelNames = Object.keys(getAllowedLogLevels(logLevel));
+        }
+        catch (error) {
+            throw new WebSocketError('logs', ErrorCode.InvalidPayload, error.message);
+        }
+        for (const availableLogLevel of this.availableLogLevels) {
+            if (allowedLogLevelNames.includes(availableLogLevel)) {
+                this.subscriptions[availableLogLevel]?.add(client);
+            }
+            else {
+                this.subscriptions[availableLogLevel]?.delete(client);
+            }
+        }
+    }
+    /**
+     * Remove a logs subscription
+     * @param client WebSocketClient
+     */
+    unsubscribe(client) {
+        for (const availableLogLevel of this.availableLogLevels) {
+            this.subscriptions[availableLogLevel]?.delete(client);
+        }
+    }
+    /**
+     * Handle incoming (un)subscribe requests
+     */
+    async onMessage(client, message) {
+        const accountability = client.accountability;
+        if (!accountability?.admin) {
+            throw new WebSocketError('logs', ErrorCode.Forbidden, `You don't have permission to access this.`);
+        }
+        if (message.type === 'subscribe') {
+            try {
+                const logLevel = message.log_level;
+                this.subscribe(logLevel, client);
+                client.send(fmtMessage('logs', { event: 'subscribe', log_level: logLevel }));
+            }
+            catch (err) {
+                handleWebSocketError(client, err, 'subscribe');
+            }
+        }
+        else if (message.type === 'unsubscribe') {
+            try {
+                this.unsubscribe(client);
+                client.send(fmtMessage('logs', { event: 'unsubscribe' }));
+            }
+            catch (err) {
+                handleWebSocketError(client, err, 'unsubscribe');
+            }
+        }
+    }
+}

package/dist/websocket/messages.d.ts

@@ -186,6 +186,32 @@ export declare const WebSocketSubscribeMessage: z.ZodDiscriminatedUnion<"type",
     type: z.ZodLiteral<"unsubscribe">;
 }>, z.ZodTypeAny, "passthrough">>]>;
 export type WebSocketSubscribeMessage = z.infer<typeof WebSocketSubscribeMessage>;
+export declare const WebSocketLogsMessage: z.ZodUnion<[z.ZodObject<{
+    type: z.ZodLiteral<"subscribe">;
+    log_level: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    type: "subscribe";
+    log_level: string;
+}, {
+    type: "subscribe";
+    log_level: string;
+}>, z.ZodObject<z.objectUtil.extendShape<{
+    type: z.ZodString;
+    uid: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, {
+    type: z.ZodLiteral<"unsubscribe">;
+}>, "passthrough", z.ZodTypeAny, z.objectOutputType<z.objectUtil.extendShape<{
+    type: z.ZodString;
+    uid: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, {
+    type: z.ZodLiteral<"unsubscribe">;
+}>, z.ZodTypeAny, "passthrough">, z.objectInputType<z.objectUtil.extendShape<{
+    type: z.ZodString;
+    uid: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
+}, {
+    type: z.ZodLiteral<"unsubscribe">;
+}>, z.ZodTypeAny, "passthrough">>]>;
+export type WebSocketLogsMessage = z.infer<typeof WebSocketLogsMessage>;
 export declare const WebSocketItemsMessage: z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
     uid: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodNumber]>>;
     type: z.ZodLiteral<"items">;

package/dist/websocket/messages.js

@@ -41,6 +41,15 @@ export const WebSocketSubscribeMessage = z.discriminatedUnion('type', [
         type: z.literal('unsubscribe'),
     }),
 ]);
+export const WebSocketLogsMessage = z.union([
+    z.object({
+        type: z.literal('subscribe'),
+        log_level: z.string(),
+    }),
+    WebSocketMessage.extend({
+        type: z.literal('unsubscribe'),
+    }),
+]);
 const ZodItem = z.custom();
 const PartialItemsMessage = z.object({
     uid: zodStringOrNumber.optional(),

package/dist/websocket/types.d.ts

@@ -7,6 +7,7 @@ import type { Accountability, Query } from '@directus/types';
 import type { IncomingMessage } from 'http';
 import type internal from 'stream';
 import type { WebSocket } from 'ws';
+import type { AuthMode } from './messages.js';
 export type AuthenticationState = {
     accountability: Accountability | null;
     expires_at: number | null;
@@ -17,6 +18,11 @@ export type WebSocketClient = WebSocket & AuthenticationState & {
     auth_timer: NodeJS.Timeout | null;
 };
 export type UpgradeRequest = IncomingMessage & AuthenticationState;
+export type WebSocketAuthentication = {
+    mode: AuthMode;
+    timeout: number;
+    requireAdmin: boolean;
+};
 export type SubscriptionEvent = 'create' | 'update' | 'delete';
 export type Subscription = {
     uid?: string | number;
@@ -34,3 +40,4 @@ export type UpgradeContext = {
 export type GraphQLSocket = {
     client: WebSocketClient;
 };
+export type LogsSubscription = Record<string, Set<WebSocketClient>>;