@directus/api 22.2.0 → 23.1.0

package/dist/services/payload.js

@@ -3,7 +3,7 @@ import { parseJSON, toArray } from '@directus/utils';
 import { format, isValid, parseISO } from 'date-fns';
 import { unflatten } from 'flat';
 import Joi from 'joi';
-import { clone, cloneDeep, isNil, isObject, isPlainObject, omit, pick } from 'lodash-es';
+import { clone, cloneDeep, isNil, isObject, isPlainObject, pick } from 'lodash-es';
 import { randomUUID } from 'node:crypto';
 import { parse as wktToGeoJSON } from 'wellknown';
 import { getHelpers } from '../database/helpers/index.js';
@@ -347,22 +347,22 @@ export class PayloadService {
                 knex: this.knex,
                 schema: this.schema,
             });
-            const relatedPrimary = this.schema.collections[relatedCollection].primary;
+            const relatedPrimaryKeyField = this.schema.collections[relatedCollection].primary;
             const relatedRecord = payload[relation.field];
             if (['string', 'number'].includes(typeof relatedRecord))
                 continue;
-            const hasPrimaryKey = relatedPrimary in relatedRecord;
-            let relatedPrimaryKey = relatedRecord[relatedPrimary];
+            const hasPrimaryKey = relatedPrimaryKeyField in relatedRecord;
+            let relatedPrimaryKey = relatedRecord[relatedPrimaryKeyField];
             const exists = hasPrimaryKey &&
                 !!(await this.knex
-                    .select(relatedPrimary)
+                    .select(relatedPrimaryKeyField)
                     .from(relatedCollection)
-                    .where({ [relatedPrimary]: relatedPrimaryKey })
+                    .where({ [relatedPrimaryKeyField]: relatedPrimaryKey })
                     .first());
             if (exists) {
-                const fieldsToUpdate = omit(relatedRecord, relatedPrimary);
-                if (Object.keys(fieldsToUpdate).length > 0) {
-                    await service.updateOne(relatedPrimaryKey, relatedRecord, {
+                const { [relatedPrimaryKeyField]: _, ...record } = relatedRecord;
+                if (Object.keys(record).length > 0) {
+                    await service.updateOne(relatedPrimaryKey, record, {
                         onRevisionCreate: (pk) => revisions.push(pk),
                         onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
@@ -425,9 +425,9 @@ export class PayloadService {
                     .where({ [relatedPrimaryKeyField]: relatedPrimaryKey })
                     .first());
             if (exists) {
-                const fieldsToUpdate = omit(relatedRecord, relatedPrimaryKeyField);
-                if (Object.keys(fieldsToUpdate).length > 0) {
-                    await service.updateOne(relatedPrimaryKey, relatedRecord, {
+                const { [relatedPrimaryKeyField]: _, ...record } = relatedRecord;
+                if (Object.keys(record).length > 0) {
+                    await service.updateOne(relatedPrimaryKey, record, {
                         onRevisionCreate: (pk) => revisions.push(pk),
                         onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
@@ -610,8 +610,9 @@ export class PayloadService {
                 if (alterations.update) {
                     const primaryKeyField = this.schema.collections[relation.collection].primary;
                     for (const item of alterations.update) {
-                        await service.updateOne(item[primaryKeyField], {
-                            ...item,
+                        const { [primaryKeyField]: key, ...record } = item;
+                        await service.updateOne(key, {
+                            ...record,
                             [relation.field]: parent || payload[currentPrimaryKeyField],
                         }, {
                             onRevisionCreate: (pk) => revisions.push(pk),

package/dist/services/tus/data-store.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
 import type { TusDriver } from '@directus/storage';
 import type { Accountability, File, SchemaOverview } from '@directus/types';
 import stream from 'node:stream';

package/dist/services/users.js

@@ -260,6 +260,7 @@ export class UsersService extends ItemsService {
             }
         }
         // Manual constraint, see https://github.com/directus/directus/pull/19912
+        await this.knex('directus_comments').update({ user_updated: null }).whereIn('user_updated', keys);
         await this.knex('directus_notifications').update({ sender: null }).whereIn('sender', keys);
         await this.knex('directus_versions').update({ user_updated: null }).whereIn('user_updated', keys);
         await super.deleteMany(keys, opts);
@@ -373,7 +374,7 @@ export class UsersService extends ItemsService {
             await this.createOne(partialUser);
         }
         // We want to be able to re-send the verification email
-        else if (user.status !== ('unverified')) {
+        else if (user.status !== 'unverified') {
             // To avoid giving attackers infos about registered emails we dont fail for violated unique constraints
             await stall(STALL_TIME, timeStart);
             return;
@@ -415,7 +416,7 @@ export class UsersService extends ItemsService {
         if (scope !== 'pending-registration')
             throw new ForbiddenError();
         const user = await this.getUserByEmail(email);
-        if (user?.status !== ('unverified')) {
+        if (user?.status !== 'unverified') {
             throw new InvalidPayloadError({ reason: 'Invalid verification code' });
         }
         await this.updateOne(user.id, { status: 'active' });

package/dist/services/versions.js

@@ -1,10 +1,9 @@
 import { Action } from '@directus/constants';
-import { InvalidPayloadError, UnprocessableContentError } from '@directus/errors';
+import { ForbiddenError, InvalidPayloadError, UnprocessableContentError } from '@directus/errors';
 import Joi from 'joi';
 import { assign, pick } from 'lodash-es';
 import objectHash from 'object-hash';
 import { getCache } from '../cache.js';
-import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
@@ -17,19 +16,36 @@ export class VersionsService extends ItemsService {
         super('directus_versions', options);
     }
     async validateCreateData(data) {
-        if (!data['key'])
-            throw new InvalidPayloadError({ reason: `"key" is required` });
+        const versionCreateSchema = Joi.object({
+            key: Joi.string().required(),
+            name: Joi.string().allow(null),
+            collection: Joi.string().required(),
+            item: Joi.string().required(),
+        });
+        const { error } = versionCreateSchema.validate(data);
+        if (error)
+            throw new InvalidPayloadError({ reason: error.message });
         // Reserves the "main" version key for the version query parameter
         if (data['key'] === 'main')
             throw new InvalidPayloadError({ reason: `"main" is a reserved version key` });
-        if (!data['collection']) {
-            throw new InvalidPayloadError({ reason: `"collection" is required` });
+        if (this.accountability) {
+            try {
+                await validateAccess({
+                    accountability: this.accountability,
+                    action: 'read',
+                    collection: data['collection'],
+                    primaryKeys: [data['item']],
+                }, {
+                    schema: this.schema,
+                    knex: this.knex,
+                });
+            }
+            catch {
+                throw new ForbiddenError();
+            }
         }
-        if (!data['item'])
-            throw new InvalidPayloadError({ reason: `"item" is required` });
         const { CollectionsService } = await import('./collections.js');
         const collectionsService = new CollectionsService({
-            accountability: null,
             knex: this.knex,
             schema: this.schema,
         });
@@ -39,7 +55,11 @@ export class VersionsService extends ItemsService {
                 reason: `Content Versioning is not enabled for collection "${data['collection']}"`,
             });
         }
-        const existingVersions = await super.readByQuery({
+        const sudoService = new VersionsService({
+            knex: this.knex,
+            schema: this.schema,
+        });
+        const existingVersions = await sudoService.readByQuery({
             aggregate: { count: ['*'] },
             filter: { key: { _eq: data['key'] }, collection: { _eq: data['collection'] }, item: { _eq: data['item'] } },
         });
@@ -48,32 +68,8 @@ export class VersionsService extends ItemsService {
                 reason: `Version "${data['key']}" already exists for item "${data['item']}" in collection "${data['collection']}"`,
             });
         }
-        // will throw an error if the accountability does not have permission to read the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection: data['collection'],
-                primaryKeys: [data['item']],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
     }
     async getMainItem(collection, item, query) {
-        // will throw an error if the accountability does not have permission to read the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection,
-                primaryKeys: [item],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
         const itemsService = new ItemsService(collection, {
             knex: this.knex,
             accountability: this.accountability,
@@ -96,6 +92,7 @@ export class VersionsService extends ItemsService {
         });
         return result.map((revision) => revision['delta']);
     }
+    // TODO: Remove legacy need to return a version array in subsequent release
     async getVersionSaves(key, collection, item) {
         const filter = {
             key: { _eq: key },
@@ -107,6 +104,9 @@ export class VersionsService extends ItemsService {
         const versions = await this.readByQuery({ filter });
         if (!versions?.[0])
             return null;
+        if (versions[0]['delta']) {
+            return [versions[0]['delta']];
+        }
         const saves = await this.getVersionSavesById(versions[0]['id']);
         return saves;
     }
@@ -122,7 +122,6 @@ export class VersionsService extends ItemsService {
         }
         const keyCombos = new Set();
         for (const item of data) {
-            await this.validateCreateData(item);
             const keyCombo = `${item['key']}-${item['collection']}-${item['item']}`;
             if (keyCombos.has(keyCombo)) {
                 throw new UnprocessableContentError({
@@ -130,8 +129,6 @@ export class VersionsService extends ItemsService {
                 });
             }
             keyCombos.add(keyCombo);
-            const mainItem = await this.getMainItem(item['collection'], item['item']);
-            item['hash'] = objectHash(mainItem);
         }
         return super.createMany(data, opts);
     }
@@ -139,7 +136,7 @@ export class VersionsService extends ItemsService {
         // Only allow updates on "key" and "name" fields
         const versionUpdateSchema = Joi.object({
             key: Joi.string(),
-            name: Joi.string().allow(null).optional(),
+            name: Joi.string().allow(null),
         });
         const { error } = versionUpdateSchema.validate(data);
         if (error)
@@ -205,14 +202,25 @@ export class VersionsService extends ItemsService {
             data: revisionDelta,
             delta: revisionDelta,
         });
+        let existingDelta = version['delta'];
+        if (!existingDelta) {
+            const saves = await this.getVersionSavesById(key);
+            existingDelta = assign({}, ...saves);
+        }
+        const finalVersionDelta = assign({}, existingDelta, revisionDelta ? JSON.parse(revisionDelta) : null);
+        const sudoService = new ItemsService(this.collection, {
+            knex: this.knex,
+            schema: this.schema,
+        });
+        await sudoService.updateOne(key, { delta: finalVersionDelta });
         const { cache } = getCache();
         if (shouldClearCache(cache, undefined, collection)) {
             cache.clear();
         }
-        return data;
+        return finalVersionDelta;
     }
     async promote(version, mainHash, fields) {
-        const { id, collection, item } = (await this.readOne(version));
+        const { id, collection, item, delta } = (await this.readOne(version));
         // will throw an error if the accountability does not have permission to update the item
         if (this.accountability) {
             await validateAccess({
@@ -231,11 +239,18 @@ export class VersionsService extends ItemsService {
                 reason: `Main item has changed since this version was last updated`,
             });
         }
-        const saves = await this.getVersionSavesById(id);
-        const versionResult = assign({}, ...saves);
+        let versionResult;
+        if (delta) {
+            versionResult = delta;
+        }
+        else {
+            const saves = await this.getVersionSavesById(id);
+            versionResult = assign({}, ...saves);
+        }
         const payloadToUpdate = fields ? pick(versionResult, fields) : versionResult;
         const itemsService = new ItemsService(collection, {
             accountability: this.accountability,
+            knex: this.knex,
             schema: this.schema,
         });
         const payloadAfterHooks = await emitter.emitFilter(['items.promote', `${collection}.items.promote`], payloadToUpdate, {
@@ -243,7 +258,7 @@ export class VersionsService extends ItemsService {
             item,
             version,
         }, {
-            database: getDatabase(),
+            database: this.knex,
             schema: this.schema,
             accountability: this.accountability,
         });
@@ -254,7 +269,7 @@ export class VersionsService extends ItemsService {
             item: updatedItemKey,
             version,
         }, {
-            database: getDatabase(),
+            database: this.knex,
             schema: this.schema,
             accountability: this.accountability,
         });

package/dist/types/graphql.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="cookie-parser" />
 import type { Request, Response } from 'express';
 import type { DocumentNode } from 'graphql';
 export interface GraphQLParams {

package/dist/utils/apply-diff.js

@@ -26,7 +26,6 @@ export async function applyDiff(currentSnapshot, snapshotDiff, options) {
     await transaction(database, async (trx) => {
         const collectionsService = new CollectionsService({ knex: trx, schema });
         const getNestedCollectionsToCreate = (currentLevelCollection) => snapshotDiff.collections.filter(({ diff }) => diff[0].rhs?.meta?.group === currentLevelCollection);
-        const getNestedCollectionsToDelete = (currentLevelCollection) => snapshotDiff.collections.filter(({ diff }) => diff[0].lhs?.meta?.group === currentLevelCollection);
         const createCollections = async (collections) => {
             for (const { collection, diff } of collections) {
                 if (diff?.[0]?.kind === DiffKind.NEW && diff[0].rhs) {
@@ -82,7 +81,6 @@ export async function applyDiff(currentSnapshot, snapshotDiff, options) {
                         // clean up deleted relations from existing schema
                         schema.relations = schema.relations.filter((r) => r.related_collection !== collection && r.collection !== collection);
                     }
-                    await deleteCollections(getNestedCollectionsToDelete(collection));
                     try {
                         await collectionsService.deleteOne(collection, mutationOptions);
                     }
@@ -122,13 +120,14 @@ export async function applyDiff(currentSnapshot, snapshotDiff, options) {
         // Create top level collections (no group, or highest level in existing group) first,
         // then continue with nested collections recursively
         await createCollections(snapshotDiff.collections.filter(filterCollectionsForCreation));
-        // delete top level collections (no group) first, then continue with nested collections recursively
-        await deleteCollections(snapshotDiff.collections.filter(({ diff }) => {
+        const collectionsToDelete = snapshotDiff.collections.filter(({ diff }) => {
             if (diff.length === 0 || diff[0] === undefined)
                 return false;
             const collectionDiff = diff[0];
-            return collectionDiff.kind === DiffKind.DELETE && collectionDiff.lhs?.meta?.group === null;
-        }));
+            return collectionDiff.kind === DiffKind.DELETE;
+        });
+        if (collectionsToDelete.length > 0)
+            await deleteCollections(collectionsToDelete);
         for (const { collection, diff } of snapshotDiff.collections) {
             if (diff?.[0]?.kind === DiffKind.EDIT || diff?.[0]?.kind === DiffKind.ARRAY) {
                 const currentCollection = currentSnapshot.collections.find((field) => {

package/dist/utils/apply-query.d.ts

@@ -1,7 +1,7 @@
 import type { Aggregate, Filter, Permission, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 import type { AliasMap } from './get-column-path.js';
-export declare const generateAlias: (size?: number | undefined) => string;
+export declare const generateAlias: (size?: number) => string;
 type ApplyQueryOptions = {
     aliasMap?: AliasMap;
     isInnerQuery?: boolean;

package/dist/utils/compress.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="node" resolution-mode="require"/>
 export declare function compress(raw: Record<string, any> | Record<string, any>[]): Promise<Buffer>;
 export declare function decompress(compressed: Buffer): Promise<any>;

package/dist/utils/delete-from-require-cache.js

@@ -7,7 +7,7 @@ export function deleteFromRequireCache(modulePath) {
         const moduleCachePath = require.resolve(modulePath);
         delete require.cache[moduleCachePath];
     }
-    catch (error) {
+    catch {
         logger.trace(`Module cache not found for ${modulePath}, skipped cache delete.`);
     }
 }

package/dist/utils/fetch-user-count/fetch-user-count.d.ts

@@ -1,6 +1,5 @@
 import { type FetchAccessLookupOptions } from './fetch-access-lookup.js';
-export interface FetchUserCountOptions extends FetchAccessLookupOptions {
-}
+export type FetchUserCountOptions = FetchAccessLookupOptions;
 export interface UserCount {
     admin: number;
     app: number;

package/dist/utils/generate-hash.js

@@ -3,7 +3,7 @@ import { getConfigFromEnv } from './get-config-from-env.js';
 export function generateHash(stringToHash) {
     const argon2HashConfigOptions = getConfigFromEnv('HASH_', 'HASH_RAW'); // Disallow the HASH_RAW option, see https://github.com/directus/directus/discussions/7670#discussioncomment-1255805
     // associatedData, if specified, must be passed as a Buffer to argon2.hash, see https://github.com/ranisalt/node-argon2/wiki/Options#associateddata
-    'associatedData' in argon2HashConfigOptions &&
-        (argon2HashConfigOptions['associatedData'] = Buffer.from(argon2HashConfigOptions['associatedData']));
+    if ('associatedData' in argon2HashConfigOptions)
+        argon2HashConfigOptions['associatedData'] = Buffer.from(argon2HashConfigOptions['associatedData']);
     return argon2.hash(stringToHash, argon2HashConfigOptions);
 }

package/dist/utils/get-address.d.ts

@@ -1,5 +1,2 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import * as http from 'http';
 export declare function getAddress(server: http.Server): {};

package/dist/utils/get-cache-headers.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 /**
  * Returns the Cache-Control header for the current request

package/dist/utils/get-cache-key.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getCacheKey(req: Request): Promise<string>;

package/dist/utils/get-column.d.ts

@@ -21,5 +21,5 @@ type GetColumnOptions = OriginalCollectionName | (FunctionColumnOptions & Origin
  * @param options Optional parameters
  * @returns Knex raw instance
  */
-export declare function getColumn(knex: Knex, table: string, column: string, alias: string | false | undefined, schema: SchemaOverview, options?: GetColumnOptions): Knex.Raw;
+export declare function getColumn(knex: Knex, table: string, column: string, alias: (string | false) | undefined, schema: SchemaOverview, options?: GetColumnOptions): Knex.Raw;
 export {};

package/dist/utils/get-graphql-query-and-variables.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getGraphqlQueryAndVariables(req: Request): Pick<any, "query" | "variables">;

package/dist/utils/get-ip-from-req.d.ts

@@ -1,3 +1,2 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 export declare function getIPFromReq(req: Request): string | null;

package/dist/utils/get-service.js

@@ -1,5 +1,5 @@
 import { ForbiddenError } from '@directus/errors';
-import { AccessService, ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PoliciesService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
+import { AccessService, ActivityService, CommentsService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PoliciesService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
 /**
  * Select the correct service for the given collection. This allows the individual services to run
  * their custom checks (f.e. it allows `UsersService` to prevent updating TFA secret from outside).
@@ -10,6 +10,8 @@ export function getService(collection, opts) {
             return new AccessService(opts);
         case 'directus_activity':
             return new ActivityService(opts);
+        case 'directus_comments':
+            return new CommentsService({ ...opts, serviceOrigin: 'comments' });
         case 'directus_dashboards':
             return new DashboardsService(opts);
         case 'directus_files':

package/dist/utils/get-snapshot.js

@@ -49,7 +49,7 @@ function sortDeep(raw) {
         return fromPairs(sorted);
     }
     if (isArray(raw)) {
-        return sortBy(raw);
+        return raw.map((raw) => sortDeep(raw));
     }
     return raw;
 }

package/dist/utils/sanitize-query.js

@@ -192,7 +192,7 @@ function sanitizeAlias(rawAlias) {
         try {
             alias = parseJSON(rawAlias);
         }
-        catch (err) {
+        catch {
             logger.warn('Invalid value passed for alias query parameter.');
         }
     }

package/dist/utils/sanitize-schema.d.ts

@@ -16,7 +16,7 @@ export declare function sanitizeCollection(collection: Collection | undefined):
  * @returns sanitized field
  */
 export declare function sanitizeField(field: Field | undefined, sanitizeAllSchema?: boolean): Partial<Field> | undefined;
-export declare function sanitizeColumn(column: Column): Pick<Column, "table" | "name" | "numeric_precision" | "data_type" | "default_value" | "max_length" | "numeric_scale" | "is_nullable" | "is_unique" | "is_primary_key" | "is_generated" | "generation_expression" | "has_auto_increment" | "foreign_key_table" | "foreign_key_column">;
+export declare function sanitizeColumn(column: Column): Pick<Column, "table" | "name" | "numeric_precision" | "data_type" | "default_value" | "max_length" | "numeric_scale" | "is_nullable" | "is_unique" | "is_indexed" | "is_primary_key" | "is_generated" | "generation_expression" | "has_auto_increment" | "foreign_key_table" | "foreign_key_column">;
 /**
  * Pick certain database vendor specific relation properties that should be compared when performing diff
  *

package/dist/utils/sanitize-schema.js

@@ -34,6 +34,7 @@ export function sanitizeField(field, sanitizeAllSchema = false) {
             'schema.numeric_scale',
             'schema.is_nullable',
             'schema.is_unique',
+            'schema.is_indexed',
             'schema.is_primary_key',
             'schema.is_generated',
             'schema.generation_expression',
@@ -54,6 +55,7 @@ export function sanitizeColumn(column) {
         'numeric_scale',
         'is_nullable',
         'is_unique',
+        'is_indexed',
         'is_primary_key',
         'is_generated',
         'generation_expression',

package/dist/utils/should-skip-cache.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="cookie-parser" />
 import type { Request } from 'express';
 /**
  * Whether to skip caching for the current request

package/dist/websocket/authenticate.js

@@ -28,7 +28,7 @@ export async function authenticateConnection(message) {
         const expires_at = getExpiresAtForToken(access_token);
         return { accountability, expires_at, refresh_token };
     }
-    catch (error) {
+    catch {
         throw new WebSocketError('auth', 'AUTH_FAILED', 'Authentication failed.', message['uid']);
     }
 }

package/dist/websocket/controllers/base.d.ts

@@ -1,8 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Accountability } from '@directus/types';
 import type { IncomingMessage, Server as httpServer } from 'http';
 import type { RateLimiterAbstract } from 'rate-limiter-flexible';
@@ -32,12 +27,8 @@ export default abstract class SocketController {
     createClient(ws: WebSocket, { accountability, expires_at }: AuthenticationState): WebSocketClient;
     protected parseMessage(data: string): WebSocketMessage;
     protected handleAuthRequest(client: WebSocketClient, message: WebSocketAuthMessage): Promise<void>;
+    protected checkUserRequirements(_accountability: Accountability | null): void;
     setTokenExpireTimer(client: WebSocketClient): void;
     checkClientTokens(): void;
-    meetsAdminRequirement({ socket, client, accountability, }: {
-        socket?: UpgradeContext['socket'];
-        client?: WebSocketClient | WebSocket;
-        accountability: Accountability | null;
-    }): boolean;
     terminate(): void;
 }

package/dist/websocket/controllers/base.js

@@ -60,7 +60,6 @@ export default class SocketController {
             authentication: {
                 mode: authMode.data,
                 timeout: authTimeout,
-                requireAdmin: false,
             },
         };
     }
@@ -140,8 +139,15 @@ export default class SocketController {
             socket.destroy();
             return;
         }
-        if (!this.meetsAdminRequirement({ socket, accountability }))
+        try {
+            this.checkUserRequirements(accountability);
+        }
+        catch {
+            logger.debug('WebSocket upgrade denied - ' + JSON.stringify(accountability || 'invalid'));
+            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+            socket.destroy();
             return;
+        }
         this.server.handleUpgrade(request, socket, head, async (ws) => {
             this.catchInvalidMessages(ws);
             const state = { accountability, expires_at };
@@ -156,8 +162,7 @@ export default class SocketController {
                 if (getMessageType(payload) !== 'auth')
                     throw new Error();
                 const state = await authenticateConnection(WebSocketAuthMessage.parse(payload));
-                if (this.meetsAdminRequirement({ client: ws, accountability: state.accountability }))
-                    return;
+                this.checkUserRequirements(state.accountability);
                 ws.send(authenticationSuccess(payload['uid'], state.refresh_token));
                 this.server.emit('connection', ws, state);
             }
@@ -238,7 +243,7 @@ export default class SocketController {
         try {
             message = WebSocketMessage.parse(parseJSON(data));
         }
-        catch (err) {
+        catch {
             throw new WebSocketError('server', 'INVALID_PAYLOAD', 'Unable to parse the incoming message.');
         }
         return message;
@@ -246,8 +251,7 @@ export default class SocketController {
     async handleAuthRequest(client, message) {
         try {
             const { accountability, expires_at, refresh_token } = await authenticateConnection(message);
-            if (!this.meetsAdminRequirement({ client, accountability }))
-                return;
+            this.checkUserRequirements(accountability);
             client.accountability = accountability;
             client.expires_at = expires_at;
             this.setTokenExpireTimer(client);
@@ -269,6 +273,10 @@ export default class SocketController {
             }
         }
     }
+    checkUserRequirements(_accountability) {
+        // there are no requirements in the abstract class
+        return;
+    }
     setTokenExpireTimer(client) {
         if (client.auth_timer !== null) {
             // clear up old timeouts if needed
@@ -305,20 +313,6 @@ export default class SocketController {
             }
         }, TOKEN_CHECK_INTERVAL);
     }
-    meetsAdminRequirement({ socket, client, accountability, }) {
-        if (!this.authentication.requireAdmin || accountability?.admin)
-            return true;
-        logger.debug('WebSocket connection denied - ' + JSON.stringify(accountability || 'invalid'));
-        if (socket) {
-            socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
-            socket.destroy();
-        }
-        else if (client) {
-            handleWebSocketError(client, new WebSocketError('auth', 'UNAUTHORIZED', 'Unauthorized.'), 'auth');
-            client.close();
-        }
-        return false;
-    }
     terminate() {
         if (this.authInterval)
             clearInterval(this.authInterval);

package/dist/websocket/controllers/graphql.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Server } from 'graphql-ws';
 import type { Server as httpServer } from 'http';
 import type { GraphQLSocket, UpgradeContext, WebSocketClient } from '../types.js';

package/dist/websocket/controllers/index.d.ts

@@ -1,6 +1,3 @@
-/// <reference types="node" resolution-mode="require"/>
-/// <reference types="node/http.js" />
-/// <reference types="pino-http" />
 import type { Server as httpServer } from 'http';
 import { GraphQLSubscriptionController } from './graphql.js';
 import { LogsController } from './logs.js';