@directus/api 22.2.0 → 23.0.0

package/dist/auth/drivers/ldap.js

@@ -172,7 +172,7 @@ export class LDAPAuthDriver extends AuthDriver {
         }
         const logger = useLogger();
         await this.validateBindClient();
-        const { userDn, userScope, userAttribute, groupDn, groupScope, groupAttribute, defaultRoleId } = this.config;
+        const { userDn, userScope, userAttribute, groupDn, groupScope, groupAttribute, defaultRoleId, syncUserInfo } = this.config;
         const userInfo = await this.fetchUserInfo(userDn, new ldap.EqualityFilter({
             attribute: userAttribute ?? 'cn',
             value: payload['identifier'],
@@ -201,11 +201,22 @@ export class LDAPAuthDriver extends AuthDriver {
         if (userId) {
             // Run hook so the end user has the chance to augment the
             // user that is about to be updated
-            let updatedUserPayload = await emitter.emitFilter(`auth.update`, {}, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema: this.schema, accountability: null });
+            let emitPayload = {};
             // Only sync roles if the AD groups are configured
             if (groupDn) {
-                updatedUserPayload = { role: userRole?.id ?? defaultRoleId ?? null, ...updatedUserPayload };
+                emitPayload = {
+                    role: userRole?.id ?? defaultRoleId ?? null,
+                };
             }
+            if (syncUserInfo) {
+                emitPayload = {
+                    ...emitPayload,
+                    first_name: userInfo.firstName,
+                    last_name: userInfo.lastName,
+                    email: userInfo.email,
+                };
+            }
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema: this.schema, accountability: null });
             // Update user to update properties that might have changed
             await this.usersService.updateOne(userId, updatedUserPayload);
             return userId;

package/dist/auth/drivers/oauth2.js

@@ -106,7 +106,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         }
         // Flatten response to support dot indexes
         userInfo = flatten(userInfo);
-        const { provider, emailKey, identifierKey, allowPublicRegistration } = this.config;
+        const { provider, emailKey, identifierKey, allowPublicRegistration, syncUserInfo } = this.config;
         const email = userInfo[emailKey ?? 'email'] ? String(userInfo[emailKey ?? 'email']) : undefined;
         // Fallback to email if explicit identifier not found
         const identifier = userInfo[identifierKey] ? String(userInfo[identifierKey]) : email;
@@ -127,7 +127,18 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         if (userId) {
             // Run hook so the end user has the chance to augment the
             // user that is about to be updated
-            const updatedUserPayload = await emitter.emitFilter(`auth.update`, { auth_data: userPayload.auth_data }, {
+            let emitPayload = {
+                auth_data: userPayload.auth_data,
+            };
+            if (syncUserInfo) {
+                emitPayload = {
+                    ...emitPayload,
+                    first_name: userPayload.first_name,
+                    last_name: userPayload.last_name,
+                    email: userPayload.email,
+                };
+            }
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, userInfo },

package/dist/auth/drivers/openid.js

@@ -125,7 +125,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         }
         // Flatten response to support dot indexes
         userInfo = flatten(userInfo);
-        const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail } = this.config;
+        const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail, syncUserInfo } = this.config;
         const email = userInfo['email'] ? String(userInfo['email']) : undefined;
         // Fallback to email if explicit identifier not found
         const identifier = userInfo[identifierKey ?? 'sub'] ? String(userInfo[identifierKey ?? 'sub']) : email;
@@ -146,7 +146,18 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         if (userId) {
             // Run hook so the end user has the chance to augment the
             // user that is about to be updated
-            const updatedUserPayload = await emitter.emitFilter(`auth.update`, { auth_data: userPayload.auth_data }, {
+            let emitPayload = {
+                auth_data: userPayload.auth_data,
+            };
+            if (syncUserInfo) {
+                emitPayload = {
+                    ...emitPayload,
+                    first_name: userPayload.first_name,
+                    last_name: userPayload.last_name,
+                    email: userPayload.email,
+                };
+            }
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, userInfo },

package/dist/cache.js

@@ -1,13 +1,13 @@
 import { useEnv } from '@directus/env';
-import Keyv from 'keyv';
+import Keyv, {} from 'keyv';
 import { useBus } from './bus/index.js';
 import { useLogger } from './logger/index.js';
+import { clearCache as clearPermissionCache } from './permissions/cache.js';
 import { redisConfigAvailable } from './redis/index.js';
 import { compress, decompress } from './utils/compress.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { getMilliseconds } from './utils/get-milliseconds.js';
 import { validateEnv } from './utils/validate-env.js';
-import { clearCache as clearPermissionCache } from './permissions/cache.js';
 import { createRequire } from 'node:module';
 const logger = useLogger();
 const env = useEnv();
@@ -106,10 +106,10 @@ function getKeyvInstance(store, ttl, namespaceSuffix) {
 function getConfig(store = 'memory', ttl, namespaceSuffix = '') {
     const config = {
         namespace: `${env['CACHE_NAMESPACE']}${namespaceSuffix}`,
-        ttl,
+        ...(ttl && { ttl }),
     };
     if (store === 'redis') {
-        const KeyvRedis = require('@keyv/redis');
+        const { default: KeyvRedis } = require('@keyv/redis');
         config.store = new KeyvRedis(env['REDIS'] || getConfigFromEnv('REDIS'), { useRedisSets: false });
     }
     return config;

package/dist/cli/commands/init/questions.d.ts

@@ -4,18 +4,18 @@ export declare const databaseQuestions: {
         filepath: string;
     }) => Record<string, string>)[];
     mysql2: (({ client }: {
-        client: Exclude<Driver, 'sqlite3'>;
+        client: Exclude<Driver, "sqlite3">;
     }) => Record<string, any>)[];
     pg: (({ client }: {
-        client: Exclude<Driver, 'sqlite3'>;
+        client: Exclude<Driver, "sqlite3">;
     }) => Record<string, any>)[];
     cockroachdb: (({ client }: {
-        client: Exclude<Driver, 'sqlite3'>;
+        client: Exclude<Driver, "sqlite3">;
     }) => Record<string, any>)[];
     oracledb: (({ client }: {
-        client: Exclude<Driver, 'sqlite3'>;
+        client: Exclude<Driver, "sqlite3">;
     }) => Record<string, any>)[];
     mssql: (({ client }: {
-        client: Exclude<Driver, 'sqlite3'>;
+        client: Exclude<Driver, "sqlite3">;
     }) => Record<string, any>)[];
 };

package/dist/cli/commands/schema/apply.d.ts

@@ -1,4 +1,5 @@
 export declare function apply(snapshotPath: string, options?: {
     yes: boolean;
     dryRun: boolean;
+    ignoreRules: string;
 }): Promise<void>;

package/dist/cli/commands/schema/apply.js

@@ -11,6 +11,22 @@ import { isNestedMetaUpdate } from '../../../utils/apply-diff.js';
 import { applySnapshot } from '../../../utils/apply-snapshot.js';
 import { getSnapshotDiff } from '../../../utils/get-snapshot-diff.js';
 import { getSnapshot } from '../../../utils/get-snapshot.js';
+function filterSnapshotDiff(snapshot, filters) {
+    const filterSet = new Set(filters);
+    function shouldKeep(item) {
+        if (filterSet.has(item.collection))
+            return false;
+        if (item.field && filterSet.has(`${item.collection}.${item.field}`))
+            return false;
+        return true;
+    }
+    const filteredDiff = {
+        collections: snapshot.collections.filter((item) => shouldKeep(item)),
+        fields: snapshot.fields.filter((item) => shouldKeep(item)),
+        relations: snapshot.relations.filter((item) => shouldKeep(item)),
+    };
+    return filteredDiff;
+}
 export async function apply(snapshotPath, options) {
     const logger = useLogger();
     const filename = path.resolve(process.cwd(), snapshotPath);
@@ -31,7 +47,10 @@ export async function apply(snapshotPath, options) {
             snapshot = parseJSON(fileContents);
         }
         const currentSnapshot = await getSnapshot({ database });
-        const snapshotDiff = getSnapshotDiff(currentSnapshot, snapshot);
+        let snapshotDiff = getSnapshotDiff(currentSnapshot, snapshot);
+        if (options?.ignoreRules) {
+            snapshotDiff = filterSnapshotDiff(snapshotDiff, options.ignoreRules.split(','));
+        }
         if (snapshotDiff.collections.length === 0 &&
             snapshotDiff.fields.length === 0 &&
             snapshotDiff.relations.length === 0) {

package/dist/cli/index.js

@@ -81,6 +81,7 @@ export async function createCli() {
         .description('Apply a snapshot file to the current database')
         .option('-y, --yes', `Assume "yes" as answer to all prompts and run non-interactively`)
         .option('-d, --dry-run', 'Plan and log changes to be applied', false)
+        .option('--ignoreRules <value>', `Comma-separated list of collections and or fields to ignore. Format: "products.title,reviews" this will ignore applying changes to the title field in the products collection and the entire reviews collection`)
         .argument('<path>', 'Path to snapshot file')
         .action(apply);
     await emitter.emitInit('cli.after', { program });

package/dist/cli/utils/create-env/env-stub.liquid

@@ -313,7 +313,7 @@ EXTENSIONS_AUTO_RELOAD=false
 EMAIL_FROM="no-reply@example.com"
 
 # What to use to send emails. One of
-# sendmail, smtp, mailgun, sendgrid, ses.
+# sendmail, smtp, mailgun, ses.
 EMAIL_TRANSPORT="sendmail"
 EMAIL_SENDMAIL_NEW_LINE="unix"
 EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
@@ -340,6 +340,3 @@ EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
 ## Email (Mailgun Transport)
 # EMAIL_MAILGUN_API_KEY="key-1234123412341234"
 # EMAIL_MAILGUN_DOMAIN="a domain name from https://app.mailgun.com/app/sending/domains"
-
-## Email (SendGrid Transport)
-# EMAIL_SENDGRID_API_KEY="key-1234123412341234"

package/dist/database/migrations/20210518A-add-foreign-key-constraints.js

@@ -43,7 +43,7 @@ export async function up(knex) {
                     .update({ [constraint.many_field]: null })
                     .whereIn(currentPrimaryKeyField, ids);
             }
-            catch (err) {
+            catch {
                 logger.error(`${constraint.many_collection}.${constraint.many_field} contains illegal foreign keys which couldn't be set to NULL. Please fix these references and rerun this migration to complete the upgrade.`);
                 if (ids.length < 25) {
                     logger.error(`Items with illegal foreign keys: ${ids.join(', ')}`);

package/dist/database/migrations/20240806A-permissions-policies.js

@@ -198,7 +198,7 @@ export async function up(knex) {
             table.dropForeign('role', foreignConstraint);
         });
     }
-    catch (err) {
+    catch {
         logger.warn('Failed to drop foreign key constraint on `role` column in `directus_permissions` table');
     }
     await knex('directus_permissions')

package/dist/extensions/lib/sandbox/generate-api-extensions-sandbox-entrypoint.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { ApiExtensionType, HybridExtensionType } from '@directus/extensions';
 import type { Router } from 'express';
 /**

package/dist/extensions/lib/sandbox/register/route.d.ts

@@ -1,9 +1,8 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Router } from 'express';
 import type { Reference } from 'isolated-vm';
 import type { IncomingHttpHeaders } from 'node:http';
 export declare function registerRouteGenerator(endpointName: string, endpointRouter: Router): {
-    register: (path: Reference<string>, method: Reference<'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE'>, cb: Reference<(req: {
+    register: (path: Reference<string>, method: Reference<"GET" | "POST" | "PUT" | "PATCH" | "DELETE">, cb: Reference<(req: {
         url: string;
         headers: IncomingHttpHeaders;
         body: string;

package/dist/logger/index.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="qs" />
 import type { RequestHandler } from 'express';
 import { type Logger } from 'pino';
 import { LogsStream } from './logs-stream.js';
@@ -11,5 +10,5 @@ export declare const useLogger: () => Logger<never>;
 export declare const getLogsStream: (pretty: boolean) => LogsStream;
 export declare const getHttpLogsStream: (pretty: boolean) => LogsStream;
 export declare const getLoggerLevelValue: (level: string) => number;
-export declare const createLogger: () => Logger<never>;
-export declare const createExpressLogger: () => RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
+export declare const createLogger: () => Logger<never, boolean>;
+export declare const createExpressLogger: () => RequestHandler;

package/dist/logger/logs-stream.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Bus } from '@directus/memory';
 import { Writable } from 'stream';
 type PrettyType = 'basic' | 'http' | false;

package/dist/mailer.js

@@ -56,12 +56,6 @@ export default function getMailer() {
             host: env['EMAIL_MAILGUN_HOST'] || 'api.mailgun.net',
         }));
     }
-    else if (transportName === 'sendgrid') {
-        const sg = require('nodemailer-sendgrid');
-        transporter = nodemailer.createTransport(sg({
-            apiKey: env['EMAIL_SENDGRID_API_KEY'],
-        }));
-    }
     else {
         logger.warn('Illegal transport given for email. Check the EMAIL_TRANSPORT env var.');
     }

package/dist/middleware/authenticate.d.ts

@@ -1,9 +1,7 @@
-/// <reference types="qs" />
-/// <reference types="cookie-parser" />
 import type { NextFunction, Request, Response } from 'express';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
 export declare const handler: (req: Request, res: Response, next: NextFunction) => Promise<void>;
-declare const _default: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: Response<any, Record<string, any>>, next: NextFunction) => Promise<void>;
+declare const _default: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 export default _default;

package/dist/middleware/error-handler.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="qs" />
 import type { ErrorRequestHandler } from 'express';
 export declare const errorHandler: (err: any, req: import("express-serve-static-core").Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: import("express-serve-static-core").Response<any, Record<string, any>, number>, next: import("express-serve-static-core").NextFunction) => Promise<ReturnType<ErrorRequestHandler>>;

package/dist/middleware/validate-batch.d.ts

@@ -1,4 +1 @@
-/// <reference types="qs" />
-/// <reference types="express" />
-/// <reference types="cookie-parser" />
-export declare const validateBatch: (scope: 'read' | 'update' | 'delete') => (req: import("express").Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, res: import("express").Response<any, Record<string, any>>, next: import("express").NextFunction) => Promise<void>;
+export declare const validateBatch: (scope: "read" | "update" | "delete") => (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => Promise<void>;

package/dist/permissions/lib/fetch-permissions.d.ts

@@ -7,4 +7,14 @@ export interface FetchPermissionsOptions {
     accountability?: Pick<Accountability, 'user' | 'role' | 'roles' | 'app'>;
     bypassDynamicVariableProcessing?: boolean;
 }
-export declare function fetchPermissions(options: FetchPermissionsOptions, context: Context): Promise<import("@directus/types").Permission[]>;
+export declare function fetchPermissions(options: FetchPermissionsOptions, context: Context): Promise<{
+    permissions: import("@directus/types").Filter | null;
+    validation: import("@directus/types").Filter | null;
+    presets: any;
+    id?: number;
+    policy: string | null;
+    collection: string;
+    action: PermissionsAction;
+    fields: string[] | null;
+    system?: true;
+}[]>;

package/dist/permissions/modules/process-ast/utils/get-info-for-path.d.ts

@@ -1,5 +1,5 @@
 import type { CollectionKey, FieldMap, QueryPath } from '../types.js';
 export declare function getInfoForPath(fieldMap: FieldMap, group: keyof FieldMap, path: QueryPath, collection: CollectionKey): {
-    collection: string;
-    fields: Set<string>;
+    collection: CollectionKey;
+    fields: Set<import("../types.js").FieldKey>;
 };

package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-users.d.ts

@@ -1,5 +1,4 @@
 import { type FetchUserCountOptions } from '../../../utils/fetch-user-count/fetch-user-count.js';
 import type { Context } from '../../types.js';
-export interface ValidateRemainingAdminUsersOptions extends Pick<FetchUserCountOptions, 'excludeAccessRows' | 'excludePolicies' | 'excludeUsers' | 'excludeRoles'> {
-}
+export type ValidateRemainingAdminUsersOptions = Pick<FetchUserCountOptions, 'excludeAccessRows' | 'excludePolicies' | 'excludeUsers' | 'excludeRoles'>;
 export declare function validateRemainingAdminUsers(options: ValidateRemainingAdminUsersOptions, context: Context): Promise<void>;

package/dist/permissions/utils/fetch-dynamic-variable-context.js

@@ -32,13 +32,21 @@ export async function fetchDynamicVariableContext(options, context) {
             });
         });
     }
-    if (options.policies.length > 0 && (permissionContext.$CURRENT_POLICIES?.size ?? 0) > 0) {
-        contextData['$CURRENT_POLICIES'] = await fetchContextData('$CURRENT_POLICIES', permissionContext, { policies: options.policies }, async (fields) => {
-            const policiesService = new PoliciesService(context);
-            return await policiesService.readMany(options.policies, {
-                fields,
+    if (options.policies.length > 0) {
+        if ((permissionContext.$CURRENT_POLICIES?.size ?? 0) > 0) {
+            // Always add the id field
+            permissionContext.$CURRENT_POLICIES.add('id');
+            contextData['$CURRENT_POLICIES'] = await fetchContextData('$CURRENT_POLICIES', permissionContext, { policies: options.policies }, async (fields) => {
+                const policiesService = new PoliciesService(context);
+                return await policiesService.readMany(options.policies, {
+                    fields,
+                });
             });
-        });
+        }
+        else {
+            // Always create entries for the policies with the `id` field present
+            contextData['$CURRENT_POLICIES'] = options.policies.map((id) => ({ id }));
+        }
     }
     return contextData;
 }

package/dist/permissions/utils/process-permissions.d.ts

@@ -4,4 +4,14 @@ export interface ProcessPermissionsOptions {
     accountability: Pick<Accountability, 'user' | 'role' | 'roles'>;
     permissionsContext: Record<string, any>;
 }
-export declare function processPermissions({ permissions, accountability, permissionsContext }: ProcessPermissionsOptions): Permission[];
+export declare function processPermissions({ permissions, accountability, permissionsContext }: ProcessPermissionsOptions): {
+    permissions: import("@directus/types").Filter | null;
+    validation: import("@directus/types").Filter | null;
+    presets: any;
+    id?: number;
+    policy: string | null;
+    collection: string;
+    action: import("@directus/types").PermissionsAction;
+    fields: string[] | null;
+    system?: true;
+}[];

package/dist/permissions/utils/process-permissions.js

@@ -1,9 +1,11 @@
 import { parseFilter, parsePreset } from '@directus/utils';
 export function processPermissions({ permissions, accountability, permissionsContext }) {
     return permissions.map((permission) => {
-        permission.permissions = parseFilter(permission.permissions, accountability, permissionsContext);
-        permission.validation = parseFilter(permission.validation, accountability, permissionsContext);
-        permission.presets = parsePreset(permission.presets, accountability, permissionsContext);
-        return permission;
+        return {
+            ...permission,
+            permissions: parseFilter(permission.permissions, accountability, permissionsContext),
+            validation: parseFilter(permission.validation, accountability, permissionsContext),
+            presets: parsePreset(permission.presets, accountability, permissionsContext),
+        };
     });
 }

package/dist/request/agent-with-ip-validation.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Agent, ClientRequestArgs } from 'node:http';
 /**
  * 'createConnection' is missing in 'Agent' type, but assigned in actual implementation:

package/dist/server.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import * as http from 'http';
 export declare let SERVER_ONLINE: boolean;
 export declare function createServer(): Promise<http.Server>;

package/dist/services/assets.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Range, Stat } from '@directus/storage';
 import type { Accountability, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';

package/dist/services/fields.js

@@ -388,12 +388,6 @@ export class FieldsService {
                     if (hookAdjustedField.schema?.is_nullable === true) {
                         throw new InvalidPayloadError({ reason: 'Primary key cannot be null' });
                     }
-                    if (hookAdjustedField.schema?.is_unique === false) {
-                        throw new InvalidPayloadError({ reason: 'Primary key must be unique' });
-                    }
-                    if (hookAdjustedField.schema?.is_indexed === true) {
-                        throw new InvalidPayloadError({ reason: 'Primary key cannot be indexed' });
-                    }
                 }
                 // Sanitize column only when applying snapshot diff as opts is only passed from /utils/apply-diff.ts
                 const columnToCompare = opts?.bypassLimits && opts.autoPurgeSystemCache === false ? sanitizeColumn(existingColumn) : existingColumn;

package/dist/services/files/utils/get-metadata.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { File } from '@directus/types';
 import type { Readable } from 'node:stream';
 export type Metadata = Partial<Pick<File, 'height' | 'width' | 'description' | 'title' | 'tags' | 'metadata'>>;

package/dist/services/files/utils/parse-image-metadata.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="node" resolution-mode="require"/>
 export declare function parseIptc(buffer: Buffer): Record<string, unknown>;
 export declare function parseXmp(buffer: Buffer): Record<string, unknown>;

package/dist/services/files.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { BusboyFileStream, File, PrimaryKey, Query } from '@directus/types';
 import type { Readable } from 'node:stream';
 import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';

package/dist/services/import-export.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { Accountability, File, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 import type { Readable } from 'node:stream';

package/dist/services/tus/data-store.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { TusDriver } from '@directus/storage';
 import type { Accountability, File, SchemaOverview } from '@directus/types';
 import stream from 'node:stream';

package/dist/services/users.js

@@ -373,7 +373,7 @@ export class UsersService extends ItemsService {
             await this.createOne(partialUser);
         }
         // We want to be able to re-send the verification email
-        else if (user.status !== ('unverified')) {
+        else if (user.status !== 'unverified') {
             // To avoid giving attackers infos about registered emails we dont fail for violated unique constraints
             await stall(STALL_TIME, timeStart);
             return;
@@ -415,7 +415,7 @@ export class UsersService extends ItemsService {
         if (scope !== 'pending-registration')
             throw new ForbiddenError();
         const user = await this.getUserByEmail(email);
-        if (user?.status !== ('unverified')) {
+        if (user?.status !== 'unverified') {
             throw new InvalidPayloadError({ reason: 'Invalid verification code' });
         }
         await this.updateOne(user.id, { status: 'active' });

package/dist/types/graphql.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="cookie-parser" />
 import type { Request, Response } from 'express';
 import type { DocumentNode } from 'graphql';
 export interface GraphQLParams {

package/dist/utils/apply-query.d.ts

@@ -1,7 +1,7 @@
 import type { Aggregate, Filter, Permission, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 import type { AliasMap } from './get-column-path.js';
-export declare const generateAlias: (size?: number | undefined) => string;
+export declare const generateAlias: (size?: number) => string;
 type ApplyQueryOptions = {
     aliasMap?: AliasMap;
     isInnerQuery?: boolean;

package/dist/utils/compress.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="node" resolution-mode="require"/>
 export declare function compress(raw: Record<string, any> | Record<string, any>[]): Promise<Buffer>;
 export declare function decompress(compressed: Buffer): Promise<any>;

package/dist/utils/delete-from-require-cache.js

@@ -7,7 +7,7 @@ export function deleteFromRequireCache(modulePath) {
         const moduleCachePath = require.resolve(modulePath);
         delete require.cache[moduleCachePath];
     }
-    catch (error) {
+    catch {
         logger.trace(`Module cache not found for ${modulePath}, skipped cache delete.`);
     }
 }

package/dist/utils/fetch-user-count/fetch-user-count.d.ts

@@ -1,6 +1,5 @@
 import { type FetchAccessLookupOptions } from './fetch-access-lookup.js';
-export interface FetchUserCountOptions extends FetchAccessLookupOptions {
-}
+export type FetchUserCountOptions = FetchAccessLookupOptions;
 export interface UserCount {
     admin: number;
     app: number;

package/dist/utils/generate-hash.js

@@ -3,7 +3,7 @@ import { getConfigFromEnv } from './get-config-from-env.js';
 export function generateHash(stringToHash) {
     const argon2HashConfigOptions = getConfigFromEnv('HASH_', 'HASH_RAW'); // Disallow the HASH_RAW option, see https://github.com/directus/directus/discussions/7670#discussioncomment-1255805
     // associatedData, if specified, must be passed as a Buffer to argon2.hash, see https://github.com/ranisalt/node-argon2/wiki/Options#associateddata
-    'associatedData' in argon2HashConfigOptions &&
-        (argon2HashConfigOptions['associatedData'] = Buffer.from(argon2HashConfigOptions['associatedData']));
+    if ('associatedData' in argon2HashConfigOptions)
+        argon2HashConfigOptions['associatedData'] = Buffer.from(argon2HashConfigOptions['associatedData']);
     return argon2.hash(stringToHash, argon2HashConfigOptions);
 }

package/dist/utils/get-address.d.ts

@@ -1,5 +1,2 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import * as http from 'http';
 export declare function getAddress(server: http.Server): {};

package/dist/utils/get-cache-headers.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 /**
  * Returns the Cache-Control header for the current request

package/dist/utils/get-cache-key.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getCacheKey(req: Request): Promise<string>;

package/dist/utils/get-column.d.ts

@@ -21,5 +21,5 @@ type GetColumnOptions = OriginalCollectionName | (FunctionColumnOptions & Origin
  * @param options Optional parameters
  * @returns Knex raw instance
  */
-export declare function getColumn(knex: Knex, table: string, column: string, alias: string | false | undefined, schema: SchemaOverview, options?: GetColumnOptions): Knex.Raw;
+export declare function getColumn(knex: Knex, table: string, column: string, alias: (string | false) | undefined, schema: SchemaOverview, options?: GetColumnOptions): Knex.Raw;
 export {};

package/dist/utils/get-graphql-query-and-variables.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getGraphqlQueryAndVariables(req: Request): Pick<any, "query" | "variables">;

package/dist/utils/get-ip-from-req.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getIPFromReq(req: Request): string | null;

package/dist/utils/get-snapshot.js

@@ -49,7 +49,7 @@ function sortDeep(raw) {
         return fromPairs(sorted);
     }
     if (isArray(raw)) {
-        return sortBy(raw);
+        return raw.map((raw) => sortDeep(raw));
     }
     return raw;
 }

package/dist/utils/sanitize-query.js

@@ -192,7 +192,7 @@ function sanitizeAlias(rawAlias) {
         try {
             alias = parseJSON(rawAlias);
         }
-        catch (err) {
+        catch {
             logger.warn('Invalid value passed for alias query parameter.');
         }
     }

package/dist/utils/should-skip-cache.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 /**
  * Whether to skip caching for the current request

package/dist/websocket/authenticate.js

@@ -28,7 +28,7 @@ export async function authenticateConnection(message) {
         const expires_at = getExpiresAtForToken(access_token);
         return { accountability, expires_at, refresh_token };
     }
-    catch (error) {
+    catch {
         throw new WebSocketError('auth', 'AUTH_FAILED', 'Authentication failed.', message['uid']);
     }
 }

package/dist/websocket/controllers/base.d.ts

@@ -1,8 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Accountability } from '@directus/types';
 import type { IncomingMessage, Server as httpServer } from 'http';
 import type { RateLimiterAbstract } from 'rate-limiter-flexible';
@@ -32,12 +27,8 @@ export default abstract class SocketController {
     createClient(ws: WebSocket, { accountability, expires_at }: AuthenticationState): WebSocketClient;
     protected parseMessage(data: string): WebSocketMessage;
     protected handleAuthRequest(client: WebSocketClient, message: WebSocketAuthMessage): Promise<void>;
+    protected checkUserRequirements(_accountability: Accountability | null): void;
     setTokenExpireTimer(client: WebSocketClient): void;
     checkClientTokens(): void;
-    meetsAdminRequirement({ socket, client, accountability, }: {
-        socket?: UpgradeContext['socket'];
-        client?: WebSocketClient | WebSocket;
-        accountability: Accountability | null;
-    }): boolean;
     terminate(): void;
 }

package/dist/websocket/controllers/base.js

@@ -60,7 +60,6 @@ export default class SocketController {
             authentication: {
                 mode: authMode.data,
                 timeout: authTimeout,
-                requireAdmin: false,
             },
         };
     }
@@ -140,8 +139,15 @@ export default class SocketController {
             socket.destroy();
             return;
         }
-        if (!this.meetsAdminRequirement({ socket, accountability }))
+        try {
+            this.checkUserRequirements(accountability);
+        }
+        catch {
+            logger.debug('WebSocket upgrade denied - ' + JSON.stringify(accountability || 'invalid'));
+            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+            socket.destroy();
             return;
+        }
         this.server.handleUpgrade(request, socket, head, async (ws) => {
             this.catchInvalidMessages(ws);
             const state = { accountability, expires_at };
@@ -156,8 +162,7 @@ export default class SocketController {
                 if (getMessageType(payload) !== 'auth')
                     throw new Error();
                 const state = await authenticateConnection(WebSocketAuthMessage.parse(payload));
-                if (this.meetsAdminRequirement({ client: ws, accountability: state.accountability }))
-                    return;
+                this.checkUserRequirements(state.accountability);
                 ws.send(authenticationSuccess(payload['uid'], state.refresh_token));
                 this.server.emit('connection', ws, state);
             }
@@ -238,7 +243,7 @@ export default class SocketController {
         try {
             message = WebSocketMessage.parse(parseJSON(data));
         }
-        catch (err) {
+        catch {
             throw new WebSocketError('server', 'INVALID_PAYLOAD', 'Unable to parse the incoming message.');
         }
         return message;
@@ -246,8 +251,7 @@ export default class SocketController {
     async handleAuthRequest(client, message) {
         try {
             const { accountability, expires_at, refresh_token } = await authenticateConnection(message);
-            if (!this.meetsAdminRequirement({ client, accountability }))
-                return;
+            this.checkUserRequirements(accountability);
             client.accountability = accountability;
             client.expires_at = expires_at;
             this.setTokenExpireTimer(client);
@@ -269,6 +273,10 @@ export default class SocketController {
             }
         }
     }
+    checkUserRequirements(_accountability) {
+        // there are no requirements in the abstract class
+        return;
+    }
     setTokenExpireTimer(client) {
         if (client.auth_timer !== null) {
             // clear up old timeouts if needed
@@ -305,20 +313,6 @@ export default class SocketController {
             }
         }, TOKEN_CHECK_INTERVAL);
     }
-    meetsAdminRequirement({ socket, client, accountability, }) {
-        if (!this.authentication.requireAdmin || accountability?.admin)
-            return true;
-        logger.debug('WebSocket connection denied - ' + JSON.stringify(accountability || 'invalid'));
-        if (socket) {
-            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
-            socket.destroy();
-        }
-        else if (client) {
-            handleWebSocketError(client, new WebSocketError('auth', 'UNAUTHORIZED', 'Unauthorized.'), 'auth');
-            client.close();
-        }
-        return false;
-    }
     terminate() {
         if (this.authInterval)
             clearInterval(this.authInterval);

package/dist/websocket/controllers/graphql.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Server } from 'graphql-ws';
 import type { Server as httpServer } from 'http';
 import type { GraphQLSocket, UpgradeContext, WebSocketClient } from '../types.js';

package/dist/websocket/controllers/index.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Server as httpServer } from 'http';
 import { GraphQLSubscriptionController } from './graphql.js';
 import { LogsController } from './logs.js';

package/dist/websocket/controllers/logs.d.ts

@@ -1,18 +1,17 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Server as httpServer } from 'http';
+import { AuthMode } from '../messages.js';
 import SocketController from './base.js';
+import type { Accountability } from '@directus/types';
 export declare class LogsController extends SocketController {
     constructor(httpServer: httpServer);
     getEnvironmentConfig(configPrefix: string): {
         endpoint: string;
         maxConnections: number;
         authentication: {
-            mode: "strict" | "public" | "handshake";
+            mode: AuthMode;
             timeout: number;
-            requireAdmin: boolean;
         };
     };
     private bindEvents;
+    protected checkUserRequirements(accountability: Accountability | null): void;
 }

package/dist/websocket/controllers/logs.js

@@ -1,7 +1,7 @@
 import { useEnv } from '@directus/env';
 import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';
-import { handleWebSocketError } from '../errors.js';
+import { handleWebSocketError, WebSocketError } from '../errors.js';
 import { AuthMode, WebSocketMessage } from '../messages.js';
 import SocketController from './base.js';
 const logger = useLogger();
@@ -21,11 +21,9 @@ export class LogsController extends SocketController {
         return {
             endpoint,
             maxConnections,
-            // require strict auth
             authentication: {
                 mode: 'strict',
                 timeout: 0,
-                requireAdmin: true,
             },
         };
     }
@@ -47,4 +45,10 @@ export class LogsController extends SocketController {
         });
         emitter.emitAction('websocket.connect', { client });
     }
+    checkUserRequirements(accountability) {
+        // enforce admin only access for the logs streaming websocket
+        if (!accountability?.admin) {
+            throw new WebSocketError('auth', 'AUTH_FAILED', 'Unauthorized access.');
+        }
+    }
 }

package/dist/websocket/controllers/rest.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Server as httpServer } from 'http';
 import { WebSocketMessage } from '../messages.js';
 import SocketController from './base.js';

package/dist/websocket/controllers/rest.js

@@ -40,7 +40,7 @@ export class WebSocketController extends SocketController {
         try {
             message = parseJSON(data);
         }
-        catch (err) {
+        catch {
             throw new WebSocketError('server', 'INVALID_PAYLOAD', 'Unable to parse the incoming message.');
         }
         return message;

package/dist/websocket/types.d.ts

@@ -1,8 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Accountability, Query } from '@directus/types';
 import type { IncomingMessage } from 'http';
 import type internal from 'stream';
@@ -21,7 +16,6 @@ export type UpgradeRequest = IncomingMessage & AuthenticationState;
 export type WebSocketAuthentication = {
     mode: AuthMode;
     timeout: number;
-    requireAdmin: boolean;
 };
 export type SubscriptionEvent = 'create' | 'update' | 'delete';
 export type Subscription = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@directus/api",
-  "version": "22.2.0",
+  "version": "23.0.0",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -68,9 +68,9 @@
     "@tus/server": "1.6.0",
     "@tus/utils": "0.2.0",
     "@types/cookie": "0.6.0",
-    "argon2": "0.40.3",
+    "argon2": "0.41.1",
     "async": "3.2.5",
-    "axios": "1.7.3",
+    "axios": "1.7.7",
     "busboy": "1.6.0",
     "bytes": "3.1.2",
     "camelcase": "8.0.0",
@@ -82,7 +82,7 @@
     "cookie-parser": "1.4.6",
     "cors": "2.8.5",
     "cron-parser": "4.9.0",
-    "date-fns": "3.6.0",
+    "date-fns": "4.1.0",
     "deep-diff": "1.0.2",
     "destroy": "1.2.0",
     "dotenv": "16.4.5",
@@ -102,18 +102,18 @@
     "inquirer": "9.3.6",
     "ioredis": "5.4.1",
     "ip-matching": "2.1.2",
-    "isolated-vm": "4.7.2",
+    "isolated-vm": "5.0.1",
     "joi": "17.13.3",
     "js-yaml": "4.1.0",
     "js2xmlparser": "5.0.0",
     "json2csv": "5.0.7",
     "jsonwebtoken": "9.0.2",
-    "keyv": "4.5.4",
+    "keyv": "5.1.0",
     "knex": "3.1.0",
     "ldapjs": "2.3.3",
     "liquidjs": "10.15.0",
     "lodash-es": "4.17.21",
-    "marked": "12.0.2",
+    "marked": "14.1.2",
     "micromustache": "8.0.3",
     "mime-types": "2.1.35",
     "minimatch": "9.0.5",
@@ -124,17 +124,17 @@
     "node-schedule": "2.1.1",
     "nodemailer": "6.9.14",
     "object-hash": "3.0.0",
-    "openapi3-ts": "4.3.3",
+    "openapi3-ts": "4.4.0",
     "openid-client": "5.6.5",
     "ora": "8.0.1",
     "otplib": "12.0.1",
-    "p-limit": "5.0.0",
+    "p-limit": "6.1.0",
     "p-queue": "8.0.1",
     "papaparse": "5.4.1",
-    "pino": "9.2.0",
-    "pino-http": "9.0.0",
+    "pino": "9.4.0",
+    "pino-http": "10.3.0",
     "pino-http-print": "3.1.0",
-    "pino-pretty": "11.2.1",
+    "pino-pretty": "11.2.2",
     "qs": "6.13.0",
     "rate-limiter-flexible": "5.0.3",
     "rollup": "4.17.2",
@@ -148,30 +148,30 @@
     "wellknown": "0.5.0",
     "ws": "8.18.0",
     "zod": "3.23.8",
-    "zod-validation-error": "3.3.1",
-    "@directus/constants": "12.0.0",
-    "@directus/env": "3.1.0",
-    "@directus/app": "13.2.0",
+    "zod-validation-error": "3.4.0",
+    "@directus/app": "13.2.1",
+    "@directus/env": "3.1.1",
     "@directus/errors": "1.0.0",
-    "@directus/extensions": "2.0.1",
-    "@directus/extensions-registry": "2.0.1",
-    "@directus/memory": "2.0.1",
-    "@directus/extensions-sdk": "12.0.2",
+    "@directus/extensions": "2.0.2",
+    "@directus/extensions-sdk": "12.1.0",
+    "@directus/extensions-registry": "2.0.2",
     "@directus/format-title": "11.0.0",
-    "@directus/pressure": "2.0.0",
-    "@directus/schema": "12.1.0",
+    "@directus/memory": "2.0.2",
+    "@directus/schema": "12.1.1",
     "@directus/storage": "11.0.0",
+    "@directus/pressure": "2.0.1",
+    "@directus/storage-driver-azure": "11.0.1",
     "@directus/specs": "11.0.1",
-    "@directus/storage-driver-azure": "11.0.0",
-    "@directus/storage-driver-cloudinary": "11.0.1",
-    "@directus/storage-driver-gcs": "11.0.0",
+    "@directus/constants": "12.0.0",
+    "@directus/storage-driver-gcs": "11.0.1",
     "@directus/storage-driver-local": "11.0.0",
-    "@directus/storage-driver-s3": "11.0.0",
+    "@directus/storage-driver-cloudinary": "11.0.2",
+    "@directus/storage-driver-s3": "11.0.1",
+    "@directus/storage-driver-supabase": "2.0.1",
     "@directus/system-data": "2.0.0",
-    "@directus/storage-driver-supabase": "2.0.0",
-    "@directus/validation": "1.0.0",
-    "@directus/utils": "12.0.0",
-    "directus": "11.1.0"
+    "@directus/validation": "1.0.1",
+    "directus": "11.1.1",
+    "@directus/utils": "12.0.1"
   },
   "devDependencies": {
     "@ngneat/falso": "7.2.0",
@@ -196,36 +196,35 @@
     "@types/lodash-es": "4.17.12",
     "@types/mime-types": "2.1.4",
     "@types/ms": "0.7.34",
-    "@types/node": "18.19.45",
+    "@types/node": "18.19.50",
     "@types/node-schedule": "2.1.7",
     "@types/nodemailer": "6.4.15",
     "@types/object-hash": "3.0.6",
     "@types/papaparse": "5.3.14",
     "@types/qs": "6.9.15",
-    "@types/sanitize-html": "2.11.0",
+    "@types/sanitize-html": "2.13.0",
     "@types/stream-json": "1.7.7",
     "@types/wellknown": "0.5.8",
     "@types/ws": "8.5.12",
-    "@vitest/coverage-v8": "1.5.3",
+    "@vitest/coverage-v8": "2.1.2",
     "copyfiles": "2.4.1",
     "form-data": "4.0.0",
     "get-port": "7.1.0",
-    "knex-mock-client": "2.0.1",
-    "typescript": "5.4.5",
-    "vitest": "1.5.3",
+    "knex-mock-client": "3.0.2",
+    "typescript": "5.6.2",
+    "vitest": "2.1.2",
     "@directus/random": "1.0.0",
-    "@directus/tsconfig": "2.0.0",
-    "@directus/types": "12.0.1"
+    "@directus/types": "12.1.0",
+    "@directus/tsconfig": "2.0.0"
   },
   "optionalDependencies": {
-    "@keyv/redis": "2.8.5",
-    "mysql2": "3.11.0",
+    "@keyv/redis": "3.0.1",
+    "mysql2": "3.11.2",
     "nodemailer-mailgun-transport": "2.1.5",
-    "nodemailer-sendgrid": "1.0.3",
     "oracledb": "6.6.0",
     "pg": "8.12.0",
     "sqlite3": "5.1.7",
-    "tedious": "18.2.0"
+    "tedious": "18.6.1"
   },
   "engines": {
     "node": ">=18.17.0"