@directus/api 23.2.1 → 23.3.0

package/dist/auth/drivers/oauth2.js

@@ -141,7 +141,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
             const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
-                providerPayload: { accessToken: tokenSet.access_token, userInfo },
+                providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
             }, { database: getDatabase(), schema: this.schema, accountability: null });
             // Update user to update refresh_token and other properties that might have changed
             if (Object.values(updatedUserPayload).some((value) => value !== undefined)) {
@@ -159,7 +159,7 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, {
             identifier,
             provider: this.config['provider'],
-            providerPayload: { accessToken: tokenSet.access_token, userInfo },
+            providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
         }, { database: getDatabase(), schema: this.schema, accountability: null });
         try {
             await this.usersService.createOne(updatedUserPayload);

package/dist/auth/drivers/openid.d.ts

@@ -2,12 +2,14 @@ import { Router } from 'express';
 import type { Client } from 'openid-client';
 import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
+import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: Promise<Client>;
     redirectUrl: string;
     usersService: UsersService;
     config: Record<string, any>;
+    roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     generateCodeVerifier(): string;
     generateAuthUrl(codeVerifier: string, prompt?: boolean): Promise<string>;

package/dist/auth/drivers/openid.js

@@ -26,6 +26,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
     redirectUrl;
     usersService;
     config;
+    roleMap;
     constructor(options, config) {
         super(options, config);
         const env = useEnv();
@@ -40,6 +41,17 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         this.redirectUrl = redirectUrl.toString();
         this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
+        this.roleMap = {};
+        const roleMapping = this.config['roleMapping'];
+        if (roleMapping) {
+            this.roleMap = roleMapping;
+        }
+        // role mapping will fail on login if AUTH_<provider>_ROLE_MAPPING is an array instead of an object.
+        // This happens if the 'json:' prefix is missing from the variable declaration. To save the user from exhaustive debugging, we'll try to fail early here.
+        if (roleMapping instanceof Array) {
+            logger.error("[OpenID] Expected a JSON-Object as role mapping, got an Array instead. Make sure you declare the variable with 'json:' prefix.");
+            throw new InvalidProviderError();
+        }
         this.client = new Promise((resolve, reject) => {
             Issuer.discover(issuerUrl)
                 .then((issuer) => {
@@ -123,6 +135,21 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         catch (e) {
             throw handleError(e);
         }
+        let role = this.config['defaultRoleId'];
+        const groupClaimName = this.config['groupClaimName'] ?? 'groups';
+        const groups = userInfo[groupClaimName];
+        if (Array.isArray(groups)) {
+            for (const key in this.roleMap) {
+                if (groups.includes(key)) {
+                    // Overwrite default role if user is member of a group specified in roleMap
+                    role = this.roleMap[key];
+                    break;
+                }
+            }
+        }
+        else {
+            logger.debug(`[OpenID] Configured group claim with name "${groupClaimName}" does not exist or is empty.`);
+        }
         // Flatten response to support dot indexes
         userInfo = flatten(userInfo);
         const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail, syncUserInfo } = this.config;
@@ -139,7 +166,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             last_name: userInfo['family_name'],
             email: email,
             external_identifier: identifier,
-            role: this.config['defaultRoleId'],
+            role: role,
             auth_data: tokenSet.refresh_token && JSON.stringify({ refreshToken: tokenSet.refresh_token }),
         };
         const userId = await this.fetchUserId(identifier);
@@ -148,6 +175,8 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             // user that is about to be updated
             let emitPayload = {
                 auth_data: userPayload.auth_data,
+                // Make sure a user's role gets updated if his openid group or role mapping changes
+                role: role,
             };
             if (syncUserInfo) {
                 emitPayload = {
@@ -160,7 +189,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
-                providerPayload: { accessToken: tokenSet.access_token, userInfo },
+                providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
             }, { database: getDatabase(), schema: this.schema, accountability: null });
             // Update user to update refresh_token and other properties that might have changed
             if (Object.values(updatedUserPayload).some((value) => value !== undefined)) {
@@ -179,7 +208,7 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, {
             identifier,
             provider: this.config['provider'],
-            providerPayload: { accessToken: tokenSet.access_token, userInfo },
+            providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
         }, { database: getDatabase(), schema: this.schema, accountability: null });
         try {
             await this.usersService.createOne(updatedUserPayload);

package/dist/cli/commands/roles/create.d.ts

@@ -1,4 +1,5 @@
-export default function rolesCreate({ role: name, admin }: {
+export default function rolesCreate({ role: name, admin, app, }: {
     role: string;
     admin: boolean;
+    app: boolean;
 }): Promise<void>;

package/dist/cli/commands/roles/create.js

@@ -1,8 +1,10 @@
 import { getSchema } from '../../../utils/get-schema.js';
 import { RolesService } from '../../../services/roles.js';
+import { PoliciesService } from '../../../services/index.js';
+import { AccessService } from '../../../services/index.js';
 import getDatabase from '../../../database/index.js';
 import { useLogger } from '../../../logger/index.js';
-export default async function rolesCreate({ role: name, admin }) {
+export default async function rolesCreate({ role: name, admin, app, }) {
     const database = getDatabase();
     const logger = useLogger();
     if (!name) {
@@ -11,9 +13,21 @@ export default async function rolesCreate({ role: name, admin }) {
     }
     try {
         const schema = await getSchema();
-        const service = new RolesService({ schema: schema, knex: database });
-        const id = await service.createOne(admin ? { name, admin_access: admin } : { name });
-        process.stdout.write(`${String(id)}\n`);
+        const rolesService = new RolesService({ schema: schema, knex: database });
+        const policiesService = new PoliciesService({ schema: schema, knex: database });
+        const accessService = new AccessService({ schema: schema, knex: database });
+        const adminPolicyId = await policiesService.createOne({
+            name: `Policy for ${name}`,
+            admin_access: admin,
+            app_access: app,
+            icon: 'supervised_user_circle',
+        });
+        const roleId = await rolesService.createOne({ name });
+        await accessService.createOne({
+            role: roleId,
+            policy: adminPolicyId,
+        });
+        process.stdout.write(`${String(roleId)}\n`);
         database.destroy();
         process.exit(0);
     }

package/dist/cli/index.js

@@ -61,6 +61,7 @@ export async function createCli() {
         .description('Create a new role')
         .option('--role <value>', `name for the role`)
         .option('--admin', `whether or not the role has admin access`)
+        .option('--app', `whether or not the role has app access`)
         .action(rolesCreate);
     program.command('count <collection>').description('Count the amount of items in a given collection').action(count);
     program

package/dist/database/helpers/date/dialects/oracle.d.ts

@@ -1,4 +1,5 @@
 import { DateHelper } from '../types.js';
 export declare class DateHelperOracle extends DateHelper {
+    parse(date: string | Date): string;
     fieldFlagForField(fieldType: string): string;
 }

package/dist/database/helpers/date/dialects/oracle.js

@@ -1,5 +1,19 @@
 import { DateHelper } from '../types.js';
 export class DateHelperOracle extends DateHelper {
+    // Required to handle timezoned offset
+    parse(date) {
+        if (!date) {
+            return date;
+        }
+        if (date instanceof Date) {
+            return String(date.toISOString());
+        }
+        // Return YY-MM-DD as is for date support
+        if (date.length <= 10 && date.includes('-')) {
+            return date;
+        }
+        return String(new Date(date).toISOString());
+    }
     fieldFlagForField(fieldType) {
         switch (fieldType) {
             case 'dateTime':

package/dist/database/index.js

@@ -106,6 +106,16 @@ export function getDatabase() {
             callback(null, conn);
         };
     }
+    if (client === 'oracledb') {
+        poolConfig.afterCreate = async (conn, callback) => {
+            logger.trace('Setting OracleDB NLS_DATE_FORMAT and NLS_TIMESTAMP_FORMAT');
+            // enforce proper ISO standard 2024-12-10T10:54:00.123Z for datetime/timestamp
+            await conn.executeAsync('ALTER SESSION SET NLS_TIMESTAMP_FORMAT = \'YYYY-MM-DD"T"HH24:MI:SS.FF3"Z"\'');
+            // enforce 2024-12-10 date formet
+            await conn.executeAsync("ALTER SESSION SET NLS_DATE_FORMAT = 'YYYY-MM-DD'");
+            callback(null, conn);
+        };
+    }
     if (client === 'mysql') {
         // Remove the conflicting `filename` option, defined by default in the Docker Image
         if (isObject(knexConfig.connection))

package/dist/database/migrations/20240924A-migrate-legacy-comments.js

@@ -12,6 +12,8 @@ export async function up(knex) {
     }
     const rowsLimit = 50;
     let hasMore = true;
+    const existingUsers = new Set();
+    const missingUsers = new Set();
     while (hasMore) {
         const legacyComments = await knex
             .select('*')
@@ -28,12 +30,32 @@ export async function up(knex) {
                 // Migrate legacy comment
                 if (legacyComment['action'] === Action.COMMENT) {
                     primaryKey = randomUUID();
+                    let legacyCommentUserId = legacyComment.user;
+                    if (legacyCommentUserId) {
+                        if (missingUsers.has(legacyCommentUserId)) {
+                            legacyCommentUserId = null;
+                        }
+                        else if (!existingUsers.has(legacyCommentUserId)) {
+                            const userExists = await trx
+                                .select('id')
+                                .from('directus_users')
+                                .where('id', '=', legacyCommentUserId)
+                                .first();
+                            if (userExists) {
+                                existingUsers.add(legacyCommentUserId);
+                            }
+                            else {
+                                missingUsers.add(legacyCommentUserId);
+                                legacyCommentUserId = null;
+                            }
+                        }
+                    }
                     await trx('directus_comments').insert({
                         id: primaryKey,
                         collection: legacyComment.collection,
                         item: legacyComment.item,
                         comment: legacyComment.comment,
-                        user_created: legacyComment.user,
+                        user_created: legacyCommentUserId,
                         date_created: legacyComment.timestamp,
                     });
                     await trx('directus_activity')

package/dist/database/run-ast/utils/apply-parent-filters.js

@@ -33,10 +33,6 @@ export function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
             const foreignField = nestedNode.relation.field;
             const foreignIds = uniq(parentItems.map((res) => res[nestedNode.parentKey])).filter((id) => !isNil(id));
             merge(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
-            if (nestedNode.relation.meta?.junction_field) {
-                const junctionField = nestedNode.relation.meta.junction_field;
-                merge(nestedNode, { query: { filter: { [junctionField]: { _nnull: true } } } });
-            }
         }
         else if (nestedNode.type === 'a2o') {
             const keysPerCollection = {};

package/dist/database/run-ast/utils/merge-with-parent-items.js

@@ -6,32 +6,59 @@ export function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode,
     const nestedItems = toArray(nestedItem);
     const parentItems = clone(toArray(parentItem));
     if (nestedNode.type === 'm2o') {
-        for (const parentItem of parentItems) {
-            const itemChild = nestedItems.find((nestedItem) => {
-                return (nestedItem[schema.collections[nestedNode.relation.related_collection].primary] ==
-                    parentItem[nestedNode.relation.field]);
-            });
-            parentItem[nestedNode.fieldKey] = itemChild || null;
+        const parentsByForeignKey = new Map();
+        parentItems.forEach((parentItem) => {
+            const relationKey = parentItem[nestedNode.relation.field];
+            if (!parentsByForeignKey.has(relationKey)) {
+                parentsByForeignKey.set(relationKey, []);
+            }
+            parentItem[nestedNode.fieldKey] = null;
+            parentsByForeignKey.get(relationKey).push(parentItem);
+        });
+        const nestPrimaryKeyField = schema.collections[nestedNode.relation.related_collection].primary;
+        for (const nestedItem of nestedItems) {
+            const nestedPK = nestedItem[nestPrimaryKeyField];
+            for (const parentItem of parentsByForeignKey.get(nestedPK)) {
+                parentItem[nestedNode.fieldKey] = nestedItem;
+            }
         }
     }
     else if (nestedNode.type === 'o2m') {
+        const parentCollectionName = nestedNode.relation.related_collection;
+        const parentPrimaryKeyField = schema.collections[parentCollectionName].primary;
+        const parentRelationField = nestedNode.fieldKey;
+        const nestedParentKeyField = nestedNode.relation.field;
+        const parentsByPrimaryKey = new Map();
+        parentItems.forEach((parentItem) => {
+            if (!parentItem[parentRelationField])
+                parentItem[parentRelationField] = [];
+            const parentPrimaryKey = parentItem[parentPrimaryKeyField];
+            if (parentsByPrimaryKey.has(parentPrimaryKey)) {
+                throw new Error(`Duplicate parent primary key '${parentPrimaryKey}' of '${parentCollectionName}' when merging o2m nested items`);
+            }
+            parentsByPrimaryKey.set(parentPrimaryKey, parentItem);
+        });
+        const toAddToAllParents = [];
+        nestedItems.forEach((nestedItem) => {
+            if (nestedItem === null)
+                return;
+            if (Array.isArray(nestedItem[nestedParentKeyField])) {
+                toAddToAllParents.push(nestedItem); // TODO explain this odd case
+                return; // Avoids adding the nestedItem twice
+            }
+            const parentPrimaryKey = nestedItem[nestedParentKeyField]?.[parentPrimaryKeyField] ?? nestedItem[nestedParentKeyField];
+            const parentItem = parentsByPrimaryKey.get(parentPrimaryKey);
+            if (!parentItem) {
+                throw new Error(`Missing parentItem '${nestedItem[nestedParentKeyField]}' of '${parentCollectionName}' when merging o2m nested items`);
+            }
+            parentItem[parentRelationField].push(nestedItem);
+        });
         for (const [index, parentItem] of parentItems.entries()) {
             if (fieldAllowed === false || (isArray(fieldAllowed) && !fieldAllowed[index])) {
                 parentItem[nestedNode.fieldKey] = null;
                 continue;
             }
-            if (!parentItem[nestedNode.fieldKey])
-                parentItem[nestedNode.fieldKey] = [];
-            const itemChildren = nestedItems.filter((nestedItem) => {
-                if (nestedItem === null)
-                    return false;
-                if (Array.isArray(nestedItem[nestedNode.relation.field]))
-                    return true;
-                return (nestedItem[nestedNode.relation.field] ==
-                    parentItem[schema.collections[nestedNode.relation.related_collection].primary] ||
-                    nestedItem[nestedNode.relation.field]?.[schema.collections[nestedNode.relation.related_collection].primary] == parentItem[schema.collections[nestedNode.relation.related_collection].primary]);
-            });
-            parentItem[nestedNode.fieldKey].push(...itemChildren);
+            parentItem[parentRelationField].push(...toAddToAllParents);
             const limit = nestedNode.query.limit ?? Number(env['QUERY_LIMIT_DEFAULT']);
             if (nestedNode.query.page && nestedNode.query.page > 1) {
                 parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(limit * (nestedNode.query.page - 1));

package/dist/permissions/utils/fetch-dynamic-variable-context.js

@@ -18,8 +18,8 @@ export async function fetchDynamicVariableContext(options, context) {
     }
     if (options.accountability.role && (permissionContext.$CURRENT_ROLE?.size ?? 0) > 0) {
         contextData['$CURRENT_ROLE'] = await fetchContextData('$CURRENT_ROLE', permissionContext, { role: options.accountability.role }, async (fields) => {
-            const usersService = new RolesService(context);
-            return await usersService.readOne(options.accountability.role, {
+            const rolesService = new RolesService(context);
+            return await rolesService.readOne(options.accountability.role, {
                 fields,
             });
         });

package/dist/schedules/retention.js

@@ -1,6 +1,7 @@
 import { Action } from '@directus/constants';
 import { useEnv } from '@directus/env';
 import { toBoolean } from '@directus/utils';
+import { getHelpers } from '../database/helpers/index.js';
 import getDatabase from '../database/index.js';
 import { useLock } from '../lock/index.js';
 import { useLogger } from '../logger/index.js';
@@ -31,6 +32,7 @@ export async function handleRetentionJob() {
     const batch = Number(env['RETENTION_BATCH']);
     const lockTime = await lock.get(retentionLockKey);
     const now = Date.now();
+    const helpers = getHelpers(database);
     if (lockTime && Number(lockTime) > now - retentionLockTimeout) {
         // ensure only one connected process
         return;
@@ -47,7 +49,7 @@ export async function handleRetentionJob() {
                 .queryBuilder()
                 .select(`${task.collection}.id`)
                 .from(task.collection)
-                .where('timestamp', '<', Date.now() - task.timeframe)
+                .where('timestamp', '<', helpers.date.parse(new Date(Date.now() - task.timeframe)))
                 .limit(batch);
             if (task.where) {
                 subquery.where(...task.where);
@@ -56,7 +58,19 @@ export async function handleRetentionJob() {
                 subquery.join(...task.join);
             }
             try {
-                count = await database(task.collection).where('id', 'in', subquery).delete();
+                let records = [];
+                const isMySQL = helpers.schema.isOneOfClients(['mysql']);
+                // mysql/maria does not allow limit within a subquery
+                // https://dev.mysql.com/doc/refman/8.4/en/subquery-restrictions.html
+                if (isMySQL) {
+                    records = await subquery.then((r) => r.map((r) => r.id));
+                    if (records.length === 0) {
+                        break;
+                    }
+                }
+                count = await database(task.collection)
+                    .whereIn('id', isMySQL ? records : subquery)
+                    .delete();
             }
             catch (error) {
                 logger.error(error, `Retention failed for Collection ${task.collection}`);

package/dist/services/collections.js

@@ -132,12 +132,12 @@ export class CollectionsService {
                     });
                 }
                 if (payload.meta) {
-                    const collectionItemsService = new ItemsService('directus_collections', {
+                    const collectionsItemsService = new ItemsService('directus_collections', {
                         knex: trx,
                         accountability: this.accountability,
                         schema: this.schema,
                     });
-                    await collectionItemsService.createOne({
+                    await collectionsItemsService.createOne({
                         ...payload.meta,
                         collection: payload.collection,
                     }, {
@@ -210,13 +210,13 @@ export class CollectionsService {
      */
     async readByQuery() {
         const env = useEnv();
-        const collectionItemsService = new ItemsService('directus_collections', {
+        const collectionsItemsService = new ItemsService('directus_collections', {
             knex: this.knex,
             schema: this.schema,
             accountability: this.accountability,
         });
         let tablesInDatabase = await this.schemaInspector.tableInfo();
-        let meta = (await collectionItemsService.readByQuery({
+        let meta = (await collectionsItemsService.readByQuery({
             limit: -1,
         }));
         meta.push(...systemCollectionRows);
@@ -306,7 +306,7 @@ export class CollectionsService {
         }
         const nestedActionEvents = [];
         try {
-            const collectionItemsService = new ItemsService('directus_collections', {
+            const collectionsItemsService = new ItemsService('directus_collections', {
                 knex: this.knex,
                 accountability: this.accountability,
                 schema: this.schema,
@@ -321,13 +321,13 @@ export class CollectionsService {
                 .where({ collection: collectionKey })
                 .first());
             if (exists) {
-                await collectionItemsService.updateOne(collectionKey, payload.meta, {
+                await collectionsItemsService.updateOne(collectionKey, payload.meta, {
                     ...opts,
                     bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                 });
             }
             else {
-                await collectionItemsService.createOne({ ...payload.meta, collection: collectionKey }, {
+                await collectionsItemsService.createOne({ ...payload.meta, collection: collectionKey }, {
                     ...opts,
                     bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                 });
@@ -463,12 +463,12 @@ export class CollectionsService {
                 // Make sure this collection isn't used as a group in any other collections
                 await trx('directus_collections').update({ group: null }).where({ group: collectionKey });
                 if (collectionToBeDeleted.meta) {
-                    const collectionItemsService = new ItemsService('directus_collections', {
+                    const collectionsItemsService = new ItemsService('directus_collections', {
                         knex: trx,
                         accountability: this.accountability,
                         schema: this.schema,
                     });
-                    await collectionItemsService.deleteOne(collectionKey, {
+                    await collectionsItemsService.deleteOne(collectionKey, {
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                     });
                 }

package/dist/services/files.js

@@ -133,11 +133,11 @@ export class FilesService extends ItemsService {
         payload.uploaded_on = new Date().toISOString();
         // We do this in a service without accountability. Even if you don't have update permissions to the file,
         // we still want to be able to set the extracted values from the file on create
-        const sudoService = new ItemsService('directus_files', {
+        const sudoFilesItemsService = new ItemsService('directus_files', {
             knex: this.knex,
             schema: this.schema,
         });
-        await sudoService.updateOne(primaryKey, { ...payload, ...metadata }, { emitEvents: false });
+        await sudoFilesItemsService.updateOne(primaryKey, { ...payload, ...metadata }, { emitEvents: false });
         if (opts?.emitEvents !== false) {
             emitter.emitAction('files.upload', {
                 payload,

package/dist/services/payload.js

@@ -144,13 +144,13 @@ export class PayloadService {
                 return fieldsInPayload.includes(name);
             });
         }
-        await Promise.all(processedPayload.map(async (record) => {
-            await Promise.all(specialFields.map(async ([name, field]) => {
+        for (const record of processedPayload) {
+            for (const [name, field] of specialFields) {
                 const newValue = await this.processField(field, record, action, this.accountability);
                 if (newValue !== undefined)
                     record[name] = newValue;
-            }));
-        }));
+            }
+        }
         this.processGeometries(processedPayload, action);
         this.processDates(processedPayload, action);
         if (['create', 'update'].includes(action)) {

package/dist/services/roles.js

@@ -39,7 +39,7 @@ export class RolesService extends ItemsService {
                 accountability: this.accountability,
                 schema: this.schema,
             };
-            const itemsService = new ItemsService('directus_roles', options);
+            const rolesItemsService = new ItemsService('directus_roles', options);
             const rolesService = new RolesService(options);
             const accessService = new AccessService(options);
             const presetsService = new PresetsService(options);
@@ -62,7 +62,7 @@ export class RolesService extends ItemsService {
             await rolesService.updateByQuery({
                 filter: { parent: { _in: keys } },
             }, { parent: null });
-            await itemsService.deleteMany(keys, opts);
+            await rolesItemsService.deleteMany(keys, opts);
         });
         // Since nested roles could be updated, clear caches
         await this.clearCaches();

package/dist/services/tus/data-store.js

@@ -29,7 +29,7 @@ export class TusDataStore extends DataStore {
     async create(upload) {
         const logger = useLogger();
         const knex = getDatabase();
-        const itemsService = new ItemsService('directus_files', {
+        const filesItemsService = new ItemsService('directus_files', {
             accountability: this.accountability,
             schema: this.schema,
             knex,
@@ -78,7 +78,7 @@ export class TusDataStore extends DataStore {
             }
         }
         // If this is a new file upload, we need to generate a new primary key and DB record
-        const primaryKey = await itemsService.createOne(fileData, { emitEvents: false });
+        const primaryKey = await filesItemsService.createOne(fileData, { emitEvents: false });
         // Set the file id, so it is available to be sent as a header on upload creation / resume
         if (!upload.metadata['id']) {
             upload.metadata['id'] = primaryKey;
@@ -92,17 +92,17 @@ export class TusDataStore extends DataStore {
             // If this is a replacement, we'll write the file to a temp location first to ensure we don't overwrite the existing file if something goes wrong
             upload = (await this.storageDriver.createChunkedUpload(fileData.filename_disk, upload));
             fileData.tus_data = upload;
-            await itemsService.updateOne(primaryKey, fileData, { emitEvents: false });
+            await filesItemsService.updateOne(primaryKey, fileData, { emitEvents: false });
             return upload;
         }
         catch (err) {
             logger.warn(`Couldn't create chunked upload for ${fileData.filename_disk}`);
             logger.warn(err);
             if (isReplacement) {
-                await itemsService.updateOne(primaryKey, { tus_id: null, tus_data: null }, { emitEvents: false });
+                await filesItemsService.updateOne(primaryKey, { tus_id: null, tus_data: null }, { emitEvents: false });
             }
             else {
-                await itemsService.deleteOne(primaryKey, { emitEvents: false });
+                await filesItemsService.deleteOne(primaryKey, { emitEvents: false });
             }
             throw ERRORS.UNKNOWN_ERROR;
         }
@@ -111,12 +111,12 @@ export class TusDataStore extends DataStore {
         const logger = useLogger();
         const fileData = await this.getFileById(tus_id);
         const filePath = fileData.filename_disk;
-        const sudoService = new ItemsService('directus_files', {
+        const sudoFilesItemsService = new ItemsService('directus_files', {
             schema: this.schema,
         });
         try {
             const newOffset = await this.storageDriver.writeChunk(filePath, readable, offset, fileData.tus_data);
-            await sudoService.updateOne(fileData.id, {
+            await sudoFilesItemsService.updateOne(fileData.id, {
                 tus_data: {
                     ...fileData.tus_data,
                     offset: newOffset,
@@ -134,7 +134,7 @@ export class TusDataStore extends DataStore {
                 // If the file is a replacement, delete the old files, and upgrade the temp file
                 if (isReplacement === true) {
                     const replaceId = fileData.tus_data['metadata']['replace_id'];
-                    const replaceData = await sudoService.readOne(replaceId, { fields: ['filename_disk'] });
+                    const replaceData = await sudoFilesItemsService.readOne(replaceId, { fields: ['filename_disk'] });
                     // delete the previously saved file and thumbnails to ensure they're generated fresh
                     for await (const partPath of this.storageDriver.list(replaceId)) {
                         await this.storageDriver.delete(partPath);
@@ -154,20 +154,20 @@ export class TusDataStore extends DataStore {
         }
     }
     async remove(tus_id) {
-        const sudoService = new ItemsService('directus_files', {
+        const sudoFilesItemsService = new ItemsService('directus_files', {
             schema: this.schema,
         });
         const fileData = await this.getFileById(tus_id);
         await this.storageDriver.deleteChunkedUpload(fileData.filename_disk, fileData.tus_data);
-        await sudoService.deleteOne(fileData.id);
+        await sudoFilesItemsService.deleteOne(fileData.id);
     }
     async deleteExpired() {
-        const sudoService = new ItemsService('directus_files', {
+        const sudoFilesItemsService = new ItemsService('directus_files', {
             schema: this.schema,
         });
         const now = new Date();
         const toDelete = [];
-        const uploadFiles = await sudoService.readByQuery({
+        const uploadFiles = await sudoFilesItemsService.readByQuery({
             fields: ['modified_on', 'tus_id', 'tus_data'],
             filter: { tus_id: { _nnull: true } },
         });
@@ -197,10 +197,10 @@ export class TusDataStore extends DataStore {
         return new Upload(fileData.tus_data);
     }
     async getFileById(tus_id) {
-        const itemsService = new ItemsService('directus_files', {
+        const sudoFilesItemsService = new ItemsService('directus_files', {
             schema: this.schema,
         });
-        const results = await itemsService.readByQuery({
+        const results = await sudoFilesItemsService.readByQuery({
             filter: {
                 tus_id: { _eq: tus_id },
                 storage: { _eq: this.location },

package/dist/types/rolemap.d.ts

@@ -0,0 +1,3 @@
+export type RoleMap = {
+    [key: string]: string;
+};

package/dist/types/rolemap.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/apply-snapshot.js

@@ -1,15 +1,14 @@
-import { getCache } from '../cache.js';
+import { flushCaches } from '../cache.js';
 import getDatabase from '../database/index.js';
 import { applyDiff } from './apply-diff.js';
 import { getSchema } from './get-schema.js';
-import { getSnapshot } from './get-snapshot.js';
 import { getSnapshotDiff } from './get-snapshot-diff.js';
+import { getSnapshot } from './get-snapshot.js';
 export async function applySnapshot(snapshot, options) {
     const database = options?.database ?? getDatabase();
     const schema = options?.schema ?? (await getSchema({ database, bypassCache: true }));
-    const { systemCache } = getCache();
     const current = options?.current ?? (await getSnapshot({ database, schema }));
     const snapshotDiff = options?.diff ?? getSnapshotDiff(current, snapshot);
     await applyDiff(current, snapshotDiff, { database, schema });
-    await systemCache?.clear();
+    await flushCaches();
 }

package/dist/websocket/handlers/index.js

@@ -10,7 +10,7 @@ export function startWebSocketHandlers() {
     const restEnabled = toBoolean(env['WEBSOCKETS_REST_ENABLED']);
     const graphqlEnabled = toBoolean(env['WEBSOCKETS_GRAPHQL_ENABLED']);
     const logsEnabled = toBoolean(env['WEBSOCKETS_LOGS_ENABLED']);
-    if (heartbeatEnabled) {
+    if (restEnabled && heartbeatEnabled) {
         new HeartbeatHandler();
     }
     if (restEnabled || graphqlEnabled) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@directus/api",
-  "version": "23.2.1",
+  "version": "23.3.0",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -149,29 +149,29 @@
     "ws": "8.18.0",
     "zod": "3.23.8",
     "zod-validation-error": "3.4.0",
-    "@directus/app": "13.3.5",
+    "@directus/app": "13.3.7",
     "@directus/constants": "12.0.1",
-    "@directus/errors": "1.0.1",
     "@directus/env": "4.1.0",
-    "@directus/extensions": "2.0.6",
-    "@directus/format-title": "11.0.0",
     "@directus/extensions-registry": "2.0.6",
+    "@directus/errors": "1.0.1",
     "@directus/extensions-sdk": "12.1.4",
+    "@directus/format-title": "11.0.0",
     "@directus/memory": "2.0.6",
+    "@directus/extensions": "2.0.6",
     "@directus/pressure": "2.0.5",
     "@directus/schema": "12.1.1",
     "@directus/specs": "11.1.0",
     "@directus/storage": "11.0.1",
     "@directus/storage-driver-azure": "11.1.2",
-    "@directus/storage-driver-cloudinary": "11.1.2",
     "@directus/storage-driver-gcs": "11.1.2",
-    "@directus/storage-driver-supabase": "2.1.2",
+    "@directus/storage-driver-cloudinary": "11.1.2",
     "@directus/storage-driver-local": "11.0.1",
-    "@directus/system-data": "2.1.2",
+    "@directus/storage-driver-supabase": "2.1.2",
     "@directus/storage-driver-s3": "11.0.5",
+    "@directus/system-data": "2.1.2",
     "@directus/utils": "12.0.5",
     "@directus/validation": "1.0.5",
-    "directus": "11.3.1"
+    "directus": "11.3.3"
   },
   "devDependencies": {
     "@ngneat/falso": "7.2.0",
@@ -213,9 +213,9 @@
     "knex-mock-client": "3.0.2",
     "typescript": "5.6.3",
     "vitest": "2.1.2",
-    "@directus/tsconfig": "2.0.0",
     "@directus/random": "1.0.0",
-    "@directus/types": "12.2.2"
+    "@directus/types": "12.2.2",
+    "@directus/tsconfig": "2.0.0"
   },
   "optionalDependencies": {
     "@keyv/redis": "3.0.1",