@directus/api 22.1.1 → 23.0.0

package/dist/database/helpers/schema/utils/preprocess-bindings.d.ts

@@ -1,8 +1,12 @@
+import type { Knex } from 'knex';
 import type { Sql } from '../types.js';
 export type PreprocessBindingsOptions = {
     format(index: number): string;
 };
+/**
+ * Preprocess a SQL query, such that repeated binding values are bound to the same binding index.
+ **/
 export declare function preprocessBindings(queryParams: (Partial<Sql> & Pick<Sql, 'sql'>) | string, options: PreprocessBindingsOptions): {
     sql: string;
-    bindings: import("knex").Knex.Value[];
+    bindings: Knex.Value[];
 };

package/dist/database/helpers/schema/utils/preprocess-bindings.js

@@ -1,30 +1,36 @@
 import { isString } from 'lodash-es';
+/**
+ * Preprocess a SQL query, such that repeated binding values are bound to the same binding index.
+ **/
 export function preprocessBindings(queryParams, options) {
     const query = { bindings: [], ...(isString(queryParams) ? { sql: queryParams } : queryParams) };
-    const bindingIndices = new Array(query.bindings.length);
-    for (let i = 0; i < query.bindings.length; i++) {
-        const binding = query.bindings[i];
-        const prevIndex = query.bindings.findIndex((b, j) => j < i && b === binding);
-        if (prevIndex !== -1) {
-            bindingIndices[i] = prevIndex;
-        }
-        else {
-            bindingIndices[i] = i;
-        }
-    }
+    // bindingIndices[i] is the index of the first occurrence of query.bindings[i]
+    const bindingIndices = new Map();
+    // The new, deduplicated bindings
+    const bindings = [];
     let matchIndex = 0;
-    let currentBindingIndex = 0;
-    const sql = query.sql.replace(/(\\*)(\?)/g, function (_, escapes) {
+    let nextBindingIndex = 0;
+    const sql = query.sql.replace(/(\\*)(\?)/g, (_, escapes) => {
         if (escapes.length % 2) {
             // Return an escaped question mark, so it stays escaped
             return `${'\\'.repeat(escapes.length)}?`;
         }
+        const binding = query.bindings[matchIndex];
+        let bindingIndex;
+        if (bindingIndices.has(binding)) {
+            // This index belongs to a binding that has been encountered before.
+            bindingIndex = bindingIndices.get(binding);
+        }
         else {
-            const bindingIndex = bindingIndices[matchIndex] === matchIndex ? currentBindingIndex++ : bindingIndices[matchIndex];
-            matchIndex++;
-            return options.format(bindingIndex);
+            // The first time the value is encountered, set the index lookup to the current index
+            // Use the nextBindingIndex to get the next unused binding index that is used in the new, deduplicated bindings
+            bindingIndex = nextBindingIndex++;
+            bindingIndices.set(binding, bindingIndex);
+            bindings.push(binding);
         }
+        // Increment the loop counter
+        matchIndex++;
+        return options.format(bindingIndex);
     });
-    const bindings = query.bindings.filter((_, i) => bindingIndices[i] === i);
     return { ...query, sql, bindings };
 }

package/dist/database/migrations/20210518A-add-foreign-key-constraints.js

@@ -43,7 +43,7 @@ export async function up(knex) {
                     .update({ [constraint.many_field]: null })
                     .whereIn(currentPrimaryKeyField, ids);
             }
-            catch (err) {
+            catch {
                 logger.error(`${constraint.many_collection}.${constraint.many_field} contains illegal foreign keys which couldn't be set to NULL. Please fix these references and rerun this migration to complete the upgrade.`);
                 if (ids.length < 25) {
                     logger.error(`Items with illegal foreign keys: ${ids.join(', ')}`);

package/dist/database/migrations/20240806A-permissions-policies.js

@@ -198,7 +198,7 @@ export async function up(knex) {
             table.dropForeign('role', foreignConstraint);
         });
     }
-    catch (err) {
+    catch {
         logger.warn('Failed to drop foreign key constraint on `role` column in `directus_permissions` table');
     }
     await knex('directus_permissions')

package/dist/database/migrations/20240817A-update-icon-fields-length.d.ts

@@ -0,0 +1,3 @@
+import type { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20240817A-update-icon-fields-length.js

@@ -0,0 +1,55 @@
+import { getHelpers } from '../helpers/index.js';
+export async function up(knex) {
+    const helper = getHelpers(knex).schema;
+    await helper.changeToType('directus_collections', 'icon', 'string', {
+        length: 64,
+    });
+    await helper.changeToType('directus_dashboards', 'icon', 'string', {
+        nullable: false,
+        default: 'dashboard',
+        length: 64,
+    });
+    await helper.changeToType('directus_flows', 'icon', 'string', {
+        length: 64,
+    });
+    await helper.changeToType('directus_panels', 'icon', 'string', {
+        default: null,
+        length: 64,
+    });
+    await helper.changeToType('directus_presets', 'icon', 'string', {
+        default: 'bookmark',
+        length: 64,
+    });
+    await helper.changeToType('directus_roles', 'icon', 'string', {
+        nullable: false,
+        default: 'supervised_user_circle',
+        length: 64,
+    });
+}
+export async function down(knex) {
+    const helper = getHelpers(knex).schema;
+    await helper.changeToType('directus_collections', 'icon', 'string', {
+        length: 30,
+    });
+    await helper.changeToType('directus_dashboards', 'icon', 'string', {
+        nullable: false,
+        default: 'dashboard',
+        length: 30,
+    });
+    await helper.changeToType('directus_flows', 'icon', 'string', {
+        length: 30,
+    });
+    await helper.changeToType('directus_panels', 'icon', 'string', {
+        default: null,
+        length: 30,
+    });
+    await helper.changeToType('directus_presets', 'icon', 'string', {
+        default: 'bookmark',
+        length: 30,
+    });
+    await helper.changeToType('directus_roles', 'icon', 'string', {
+        nullable: false,
+        default: 'supervised_user_circle',
+        length: 30,
+    });
+}

package/dist/database/run-ast/lib/get-db-query.js

@@ -86,19 +86,21 @@ export function getDBQuery(schema, knex, table, fieldNodes, o2mNodes, query, cas
                     orderByString += ', ';
                 }
                 const sortAlias = `sort_${generateAlias()}`;
+                let orderByColumn;
                 if (sortRecord.column.includes('.')) {
                     const [alias, field] = sortRecord.column.split('.');
                     const originalCollectionName = getCollectionFromAlias(alias, aliasMap);
                     dbQuery.select(getColumn(knex, alias, field, sortAlias, schema, { originalCollectionName }));
                     orderByString += `?? ${sortRecord.order}`;
-                    orderByFields.push(getColumn(knex, alias, field, false, schema, { originalCollectionName }));
+                    orderByColumn = getColumn(knex, alias, field, false, schema, { originalCollectionName });
                 }
                 else {
                     dbQuery.select(getColumn(knex, table, sortRecord.column, sortAlias, schema));
                     orderByString += `?? ${sortRecord.order}`;
-                    orderByFields.push(getColumn(knex, table, sortRecord.column, false, schema));
+                    orderByColumn = getColumn(knex, table, sortRecord.column, false, schema);
                 }
-                innerQuerySortRecords.push({ alias: sortAlias, order: sortRecord.order });
+                orderByFields.push(orderByColumn);
+                innerQuerySortRecords.push({ alias: sortAlias, order: sortRecord.order, column: orderByColumn });
             });
             if (hasMultiRelationalSort) {
                 dbQuery = helpers.schema.applyMultiRelationalSort(knex, dbQuery, table, primaryKey, orderByString, orderByFields);
@@ -171,11 +173,15 @@ export function getDBQuery(schema, knex, table, fieldNodes, o2mNodes, query, cas
         // based on the case/when of that field.
         dbQuery.select(o2mNodes.map(innerPreprocess).filter((x) => x !== null));
         const groupByFields = [knex.raw('??.??', [table, primaryKey])];
-        if (hasMultiRelationalSort) {
-            // Sort fields that are not directly in the table the primary key is from need to be included in the group
-            // by clause, otherwise this causes problems on some DBs
-            groupByFields.push(...innerQuerySortRecords.map(({ alias }) => knex.raw('??', alias)));
-        }
+        // For some DB vendors sort fields need to be included in the group by clause, otherwise this causes problems those DBs
+        // since sort fields are selected in the inner query, and they expect all selected columns to be in
+        // the group by clause or aggregated over.
+        // For some DBs the field needs to be the actual raw column expression, since aliases are not available in the
+        // group by clause.
+        // Since the fields are expected to be the same for a single primary key it is safe to include them in the
+        // group by without influencing the result.
+        // This inclusion depends on the DB vendor, as such it is handled in a dialect specific helper.
+        helpers.schema.addInnerSortFieldsToGroupBy(groupByFields, innerQuerySortRecords, hasMultiRelationalSort ?? false);
         dbQuery.groupBy(groupByFields);
     }
     const wrapperQuery = knex

package/dist/extensions/lib/sandbox/generate-api-extensions-sandbox-entrypoint.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { ApiExtensionType, HybridExtensionType } from '@directus/extensions';
 import type { Router } from 'express';
 /**

package/dist/extensions/lib/sandbox/register/route.d.ts

@@ -1,9 +1,8 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Router } from 'express';
 import type { Reference } from 'isolated-vm';
 import type { IncomingHttpHeaders } from 'node:http';
 export declare function registerRouteGenerator(endpointName: string, endpointRouter: Router): {
-    register: (path: Reference<string>, method: Reference<'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'>, cb: Reference<(req: {
+    register: (path: Reference<string>, method: Reference<"GET" | "POST" | "PUT" | "PATCH" | "DELETE">, cb: Reference<(req: {
         url: string;
         headers: IncomingHttpHeaders;
         body: string;

package/dist/extensions/manager.js

@@ -156,7 +156,7 @@ export class ExtensionManager {
             }
         }
         if (this.options.watch && !wasWatcherInitialized) {
-            this.updateWatchedExtensions(Array.from(this.localExtensions.values()));
+            this.updateWatchedExtensions([...this.extensions]);
         }
         this.messenger.subscribe(this.reloadChannel, (payload) => {
             // Ignore requests for reloading that were published by the current process
@@ -327,7 +327,7 @@ export class ExtensionManager {
         const extensionDir = path.resolve(getExtensionsPath());
         const registryDir = path.join(extensionDir, '.registry');
         const toPackageExtensionPaths = (extensions) => extensions
-            .filter((extension) => extension.local && extension.path.startsWith(extensionDir) && !extension.path.startsWith(registryDir))
+            .filter((extension) => extension.local && !extension.path.startsWith(registryDir))
             .flatMap((extension) => isTypeIn(extension, HYBRID_EXTENSION_TYPES) || extension.type === 'bundle'
             ? [
                 path.resolve(extension.path, extension.entrypoint.app),

package/dist/logger/index.d.ts

@@ -1,9 +1,14 @@
-/// <reference types="qs" />
 import type { RequestHandler } from 'express';
 import { type Logger } from 'pino';
+import { LogsStream } from './logs-stream.js';
 export declare const _cache: {
     logger: Logger<never> | undefined;
+    logsStream: LogsStream | undefined;
+    httpLogsStream: LogsStream | undefined;
 };
 export declare const useLogger: () => Logger<never>;
-export declare const createLogger: () => Logger<never>;
-export declare const createExpressLogger: () => RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
+export declare const getLogsStream: (pretty: boolean) => LogsStream;
+export declare const getHttpLogsStream: (pretty: boolean) => LogsStream;
+export declare const getLoggerLevelValue: (level: string) => number;
+export declare const createLogger: () => Logger<never, boolean>;
+export declare const createExpressLogger: () => RequestHandler;

package/dist/logger/index.js

@@ -1,12 +1,15 @@
 import { useEnv } from '@directus/env';
-import { REDACTED_TEXT, toArray } from '@directus/utils';
+import { REDACTED_TEXT, toArray, toBoolean } from '@directus/utils';
 import { merge } from 'lodash-es';
 import { URL } from 'node:url';
 import { pino } from 'pino';
 import { pinoHttp, stdSerializers } from 'pino-http';
+import { httpPrintFactory } from 'pino-http-print';
+import { build as pinoPretty } from 'pino-pretty';
 import { getConfigFromEnv } from '../utils/get-config-from-env.js';
+import { LogsStream } from './logs-stream.js';
 import { redactQuery } from './redact-query.js';
-export const _cache = { logger: undefined };
+export const _cache = { logger: undefined, logsStream: undefined, httpLogsStream: undefined };
 export const useLogger = () => {
     if (_cache.logger) {
         return _cache.logger;
@@ -14,6 +17,23 @@ export const useLogger = () => {
     _cache.logger = createLogger();
     return _cache.logger;
 };
+export const getLogsStream = (pretty) => {
+    if (_cache.logsStream) {
+        return _cache.logsStream;
+    }
+    _cache.logsStream = new LogsStream(pretty ? 'basic' : false);
+    return _cache.logsStream;
+};
+export const getHttpLogsStream = (pretty) => {
+    if (_cache.httpLogsStream) {
+        return _cache.httpLogsStream;
+    }
+    _cache.httpLogsStream = new LogsStream(pretty ? 'http' : false);
+    return _cache.httpLogsStream;
+};
+export const getLoggerLevelValue = (level) => {
+    return pino.levels.values[level] || pino.levels.values['info'];
+};
 export const createLogger = () => {
     const env = useEnv();
     const pinoOptions = {
@@ -23,15 +43,6 @@ export const createLogger = () => {
             censor: REDACTED_TEXT,
         },
     };
-    if (env['LOG_STYLE'] !== 'raw') {
-        pinoOptions.transport = {
-            target: 'pino-pretty',
-            options: {
-                ignore: 'hostname,pid',
-                sync: true,
-            },
-        };
-    }
     const loggerEnvConfig = getConfigFromEnv('LOGGER_', 'LOGGER_HTTP');
     // Expose custom log levels into formatter function
     if (loggerEnvConfig['levels']) {
@@ -50,7 +61,33 @@ export const createLogger = () => {
         };
         delete loggerEnvConfig['levels'];
     }
-    return pino(merge(pinoOptions, loggerEnvConfig));
+    const mergedOptions = merge(pinoOptions, loggerEnvConfig);
+    const streams = [];
+    // Console Logs
+    if (env['LOG_STYLE'] !== 'raw') {
+        streams.push({
+            level: mergedOptions.level,
+            stream: pinoPretty({
+                ignore: 'hostname,pid',
+                sync: true,
+            }),
+        });
+    }
+    else {
+        streams.push({ level: mergedOptions.level, stream: process.stdout });
+    }
+    // WebSocket Logs
+    if (toBoolean(env['WEBSOCKETS_LOGS_ENABLED'])) {
+        const wsLevel = env['WEBSOCKETS_LOGS_LEVEL'] || 'info';
+        if (getLoggerLevelValue(wsLevel) < getLoggerLevelValue(mergedOptions.level)) {
+            mergedOptions.level = wsLevel;
+        }
+        streams.push({
+            level: wsLevel,
+            stream: getLogsStream(env['WEBSOCKETS_LOGS_STYLE'] !== 'raw'),
+        });
+    }
+    return pino(mergedOptions, pino.multistream(streams));
 };
 export const createExpressLogger = () => {
     const env = useEnv();
@@ -63,21 +100,7 @@ export const createExpressLogger = () => {
             censor: REDACTED_TEXT,
         },
     };
-    if (env['LOG_STYLE'] !== 'raw') {
-        httpLoggerOptions.transport = {
-            target: 'pino-http-print',
-            options: {
-                all: true,
-                translateTime: 'SYS:HH:MM:ss',
-                relativeUrl: true,
-                prettyOptions: {
-                    ignore: 'hostname,pid',
-                    sync: true,
-                },
-            },
-        };
-    }
-    if (env['LOG_STYLE'] === 'raw') {
+    if (env['LOG_STYLE'] === 'raw' || toBoolean(env['WEBSOCKETS_LOGS_ENABLED'])) {
         httpLoggerOptions.redact = {
             paths: ['req.headers.authorization', 'req.headers.cookie', 'res.headers', 'req.query.access_token'],
             censor: (value, pathParts) => {
@@ -120,8 +143,36 @@ export const createExpressLogger = () => {
             },
         };
     }
+    const mergedHttpOptions = merge(httpLoggerOptions, loggerEnvConfig);
+    const streams = [];
+    if (env['LOG_STYLE'] !== 'raw') {
+        const pinoHttpPretty = httpPrintFactory({
+            all: true,
+            translateTime: 'SYS:HH:MM:ss',
+            relativeUrl: true,
+            prettyOptions: {
+                ignore: 'hostname,pid',
+                sync: true,
+            },
+        });
+        streams.push({ level: mergedHttpOptions.level, stream: pinoHttpPretty(process.stdout) });
+    }
+    else {
+        streams.push({ level: mergedHttpOptions.level, stream: process.stdout });
+    }
+    // WebSocket Logs
+    if (toBoolean(env['WEBSOCKETS_LOGS_ENABLED'])) {
+        const wsLevel = env['WEBSOCKETS_LOGS_LEVEL'] || 'info';
+        if (getLoggerLevelValue(wsLevel) < getLoggerLevelValue(mergedHttpOptions.level)) {
+            mergedHttpOptions.level = wsLevel;
+        }
+        streams.push({
+            level: wsLevel,
+            stream: getHttpLogsStream(env['WEBSOCKETS_LOGS_STYLE'] !== 'raw'),
+        });
+    }
     return pinoHttp({
-        logger: pino(merge(httpLoggerOptions, loggerEnvConfig)),
+        logger: pino(mergedHttpOptions, pino.multistream(streams)),
         ...httpLoggerEnvConfig,
         serializers: {
             req(request) {

package/dist/logger/logs-stream.d.ts

@@ -0,0 +1,10 @@
+import type { Bus } from '@directus/memory';
+import { Writable } from 'stream';
+type PrettyType = 'basic' | 'http' | false;
+export declare class LogsStream extends Writable {
+    messenger: Bus;
+    pretty: PrettyType;
+    constructor(pretty: PrettyType);
+    _write(chunk: string, _encoding: string, callback: (error?: Error | null) => void): void;
+}
+export {};

package/dist/logger/logs-stream.js

@@ -0,0 +1,41 @@
+import { nanoid } from 'nanoid';
+import { Writable } from 'stream';
+import { useBus } from '../bus/index.js';
+const nodeId = nanoid(8);
+export class LogsStream extends Writable {
+    messenger;
+    pretty;
+    constructor(pretty) {
+        super({ objectMode: true });
+        this.messenger = useBus();
+        this.pretty = pretty;
+    }
+    _write(chunk, _encoding, callback) {
+        if (!this.pretty) {
+            // keeping this string interpolation for performance on RAW logs
+            this.messenger.publish('logs', `{"log":${chunk},"nodeId":"${nodeId}"}`);
+            return callback();
+        }
+        const log = JSON.parse(chunk);
+        if (this.pretty === 'http' && log.req?.method && log.req?.url && log.res?.statusCode && log.responseTime) {
+            this.messenger.publish('logs', JSON.stringify({
+                log: {
+                    level: log['level'],
+                    time: log['time'],
+                    msg: `${log.req.method} ${log.req.url} ${log.res.statusCode} ${log.responseTime}ms`,
+                },
+                nodeId: nodeId,
+            }));
+            return callback();
+        }
+        this.messenger.publish('logs', JSON.stringify({
+            log: {
+                level: log['level'],
+                time: log['time'],
+                msg: log['msg'],
+            },
+            nodeId: nodeId,
+        }));
+        callback();
+    }
+}

package/dist/mailer.js

@@ -56,12 +56,6 @@ export default function getMailer() {
             host: env['EMAIL_MAILGUN_HOST'] || 'api.mailgun.net',
         }));
     }
-    else if (transportName === 'sendgrid') {
-        const sg = require('nodemailer-sendgrid');
-        transporter = nodemailer.createTransport(sg({
-            apiKey: env['EMAIL_SENDGRID_API_KEY'],
-        }));
-    }
     else {
         logger.warn('Illegal transport given for email. Check the EMAIL_TRANSPORT env var.');
     }

package/dist/middleware/authenticate.d.ts

@@ -1,9 +1,7 @@
-/// <reference types="qs" />
-/// <reference types="cookie-parser" />
 import type { NextFunction, Request, Response } from 'express';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
 export declare const handler: (req: Request, res: Response, next: NextFunction) => Promise<void>;
-declare const _default: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: Response<any, Record<string, any>>, next: NextFunction) => Promise<void>;
+declare const _default: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 export default _default;

package/dist/middleware/error-handler.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="qs" />
 import type { ErrorRequestHandler } from 'express';
 export declare const errorHandler: (err: any, req: import("express-serve-static-core").Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: import("express-serve-static-core").Response<any, Record<string, any>, number>, next: import("express-serve-static-core").NextFunction) => Promise<ReturnType<ErrorRequestHandler>>;

package/dist/middleware/respond.js

@@ -20,6 +20,7 @@ export const respond = asyncHandler(async (req, res) => {
         exceedsMaxSize = valueSize > maxSize;
     }
     if ((req.method.toLowerCase() === 'get' || req.originalUrl?.startsWith('/graphql')) &&
+        req.originalUrl?.startsWith('/auth') === false &&
         env['CACHE_ENABLED'] === true &&
         cache &&
         !req.sanitizedQuery.export &&

package/dist/middleware/validate-batch.d.ts

@@ -1,4 +1 @@
-/// <reference types="qs" />
-/// <reference types="express" />
-/// <reference types="cookie-parser" />
-export declare const validateBatch: (scope: 'read' | 'update' | 'delete') => (req: import("express").Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: import("express").Response<any, Record<string, any>>, next: import("express").NextFunction) => Promise<void>;
+export declare const validateBatch: (scope: "read" | "update" | "delete") => (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => Promise<void>;

package/dist/permissions/lib/fetch-permissions.d.ts

@@ -7,4 +7,14 @@ export interface FetchPermissionsOptions {
     accountability?: Pick<Accountability, 'user' | 'role' | 'roles' | 'app'>;
     bypassDynamicVariableProcessing?: boolean;
 }
-export declare function fetchPermissions(options: FetchPermissionsOptions, context: Context): Promise<import("@directus/types").Permission[]>;
+export declare function fetchPermissions(options: FetchPermissionsOptions, context: Context): Promise<{
+    permissions: import("@directus/types").Filter | null;
+    validation: import("@directus/types").Filter | null;
+    presets: any;
+    id?: number;
+    policy: string | null;
+    collection: string;
+    action: PermissionsAction;
+    fields: string[] | null;
+    system?: true;
+}[]>;

package/dist/permissions/modules/process-ast/utils/get-info-for-path.d.ts

@@ -1,5 +1,5 @@
 import type { CollectionKey, FieldMap, QueryPath } from '../types.js';
 export declare function getInfoForPath(fieldMap: FieldMap, group: keyof FieldMap, path: QueryPath, collection: CollectionKey): {
-    collection: string;
-    fields: Set<string>;
+    collection: CollectionKey;
+    fields: Set<import("../types.js").FieldKey>;
 };

package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-users.d.ts

@@ -1,5 +1,4 @@
 import { type FetchUserCountOptions } from '../../../utils/fetch-user-count/fetch-user-count.js';
 import type { Context } from '../../types.js';
-export interface ValidateRemainingAdminUsersOptions extends Pick<FetchUserCountOptions, 'excludeAccessRows' | 'excludePolicies' | 'excludeUsers' | 'excludeRoles'> {
-}
+export type ValidateRemainingAdminUsersOptions = Pick<FetchUserCountOptions, 'excludeAccessRows' | 'excludePolicies' | 'excludeUsers' | 'excludeRoles'>;
 export declare function validateRemainingAdminUsers(options: ValidateRemainingAdminUsersOptions, context: Context): Promise<void>;

package/dist/permissions/utils/fetch-dynamic-variable-context.js

@@ -32,13 +32,21 @@ export async function fetchDynamicVariableContext(options, context) {
             });
         });
     }
-    if (options.policies.length > 0 && (permissionContext.$CURRENT_POLICIES?.size ?? 0) > 0) {
-        contextData['$CURRENT_POLICIES'] = await fetchContextData('$CURRENT_POLICIES', permissionContext, { policies: options.policies }, async (fields) => {
-            const policiesService = new PoliciesService(context);
-            return await policiesService.readMany(options.policies, {
-                fields,
+    if (options.policies.length > 0) {
+        if ((permissionContext.$CURRENT_POLICIES?.size ?? 0) > 0) {
+            // Always add the id field
+            permissionContext.$CURRENT_POLICIES.add('id');
+            contextData['$CURRENT_POLICIES'] = await fetchContextData('$CURRENT_POLICIES', permissionContext, { policies: options.policies }, async (fields) => {
+                const policiesService = new PoliciesService(context);
+                return await policiesService.readMany(options.policies, {
+                    fields,
+                });
             });
-        });
+        }
+        else {
+            // Always create entries for the policies with the `id` field present
+            contextData['$CURRENT_POLICIES'] = options.policies.map((id) => ({ id }));
+        }
     }
     return contextData;
 }

package/dist/permissions/utils/process-permissions.d.ts

@@ -4,4 +4,14 @@ export interface ProcessPermissionsOptions {
     accountability: Pick<Accountability, 'user' | 'role' | 'roles'>;
     permissionsContext: Record<string, any>;
 }
-export declare function processPermissions({ permissions, accountability, permissionsContext }: ProcessPermissionsOptions): Permission[];
+export declare function processPermissions({ permissions, accountability, permissionsContext }: ProcessPermissionsOptions): {
+    permissions: import("@directus/types").Filter | null;
+    validation: import("@directus/types").Filter | null;
+    presets: any;
+    id?: number;
+    policy: string | null;
+    collection: string;
+    action: import("@directus/types").PermissionsAction;
+    fields: string[] | null;
+    system?: true;
+}[];

package/dist/permissions/utils/process-permissions.js

@@ -1,9 +1,11 @@
 import { parseFilter, parsePreset } from '@directus/utils';
 export function processPermissions({ permissions, accountability, permissionsContext }) {
     return permissions.map((permission) => {
-        permission.permissions = parseFilter(permission.permissions, accountability, permissionsContext);
-        permission.validation = parseFilter(permission.validation, accountability, permissionsContext);
-        permission.presets = parsePreset(permission.presets, accountability, permissionsContext);
-        return permission;
+        return {
+            ...permission,
+            permissions: parseFilter(permission.permissions, accountability, permissionsContext),
+            validation: parseFilter(permission.validation, accountability, permissionsContext),
+            presets: parsePreset(permission.presets, accountability, permissionsContext),
+        };
     });
 }

package/dist/request/agent-with-ip-validation.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Agent, ClientRequestArgs } from 'node:http';
 /**
  * 'createConnection' is missing in 'Agent' type, but assigned in actual implementation:

package/dist/request/is-denied-ip.js

@@ -1,5 +1,6 @@
 import { useEnv } from '@directus/env';
 import os from 'node:os';
+import { matches } from 'ip-matching';
 import { useLogger } from '../logger/index.js';
 import { ipInNetworks } from '../utils/ip-in-networks.js';
 export function isDeniedIp(ip) {
@@ -24,8 +25,13 @@ export function isDeniedIp(ip) {
             if (!networkInfo)
                 continue;
             for (const info of networkInfo) {
-                if (info.address === ip)
+                if (info.internal && info.cidr) {
+                    if (matches(ip, info.cidr))
+                        return true;
+                }
+                else if (info.address === ip) {
                     return true;
+                }
             }
         }
     }