@directus/api 30.0.0 → 32.0.0

package/dist/app.js

@@ -1,6 +1,7 @@
 import { useEnv } from '@directus/env';
 import { InvalidPayloadError, ServiceUnavailableError } from '@directus/errors';
 import { handlePressure } from '@directus/pressure';
+import { toBoolean } from '@directus/utils';
 import cookieParser from 'cookie-parser';
 import express from 'express';
 import { merge } from 'lodash-es';
@@ -23,6 +24,7 @@ import flowsRouter from './controllers/flows.js';
 import foldersRouter from './controllers/folders.js';
 import graphqlRouter from './controllers/graphql.js';
 import itemsRouter from './controllers/items.js';
+import mcpRouter from './controllers/mcp.js';
 import metricsRouter from './controllers/metrics.js';
 import notFoundHandler from './controllers/not-found.js';
 import notificationsRouter from './controllers/notifications.js';
@@ -62,6 +64,7 @@ import metricsSchedule from './schedules/metrics.js';
 import retentionSchedule from './schedules/retention.js';
 import telemetrySchedule from './schedules/telemetry.js';
 import tusSchedule from './schedules/tus.js';
+import projectSchedule from './schedules/project.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { Url } from './utils/url.js';
 import { validateStorage } from './utils/validate-storage.js';
@@ -225,6 +228,9 @@ export default async function createApp() {
     app.use('/flows', flowsRouter);
     app.use('/folders', foldersRouter);
     app.use('/items', itemsRouter);
+    if (toBoolean(env['MCP_ENABLED']) === true) {
+        app.use('/mcp', mcpRouter);
+    }
     if (env['METRICS_ENABLED'] === true) {
         app.use('/metrics', metricsRouter);
     }
@@ -257,6 +263,7 @@ export default async function createApp() {
     await telemetrySchedule();
     await tusSchedule();
     await metricsSchedule();
+    await projectSchedule();
     await emitter.emitInit('app.after', { app });
     return app;
 }

package/dist/auth/auth.d.ts

@@ -1,10 +1,11 @@
 import type { SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
+import { UsersService } from '../services/users.js';
 import type { AuthDriverOptions, User } from '../types/index.js';
 export declare abstract class AuthDriver {
     knex: Knex;
-    schema: SchemaOverview;
     constructor(options: AuthDriverOptions, _config: Record<string, any>);
+    protected getUsersService(schema: SchemaOverview): UsersService;
     /**
      * Get user id for a given provider payload
      *

package/dist/auth/auth.js

@@ -1,9 +1,14 @@
+import { UsersService } from '../services/users.js';
 export class AuthDriver {
     knex;
-    schema;
     constructor(options, _config) {
         this.knex = options.knex;
-        this.schema = options.schema;
+    }
+    getUsersService(schema) {
+        return new UsersService({
+            knex: this.knex,
+            schema,
+        });
     }
     /**
      * Check with the (external) provider if the user is allowed entry to Directus

package/dist/auth/drivers/ldap.d.ts

@@ -1,11 +1,9 @@
 import { Router } from 'express';
 import type { Client } from 'ldapjs';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import { AuthDriver } from '../auth.js';
 export declare class LDAPAuthDriver extends AuthDriver {
     bindClient: Client;
-    usersService: UsersService;
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     private validateBindClient;

package/dist/auth/drivers/ldap.js

@@ -10,17 +10,16 @@ import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
 import { AuthDriver } from '../auth.js';
+import { getSchema } from '../../utils/get-schema.js';
 // 0x2: ACCOUNTDISABLE
 // 0x10: LOCKOUT
 // 0x800000: PASSWORD_EXPIRED
 const INVALID_ACCOUNT_FLAGS = 0x800012;
 export class LDAPAuthDriver extends AuthDriver {
     bindClient;
-    usersService;
     config;
     constructor(options, config) {
         super(options, config);
@@ -39,7 +38,6 @@ export class LDAPAuthDriver extends AuthDriver {
         this.bindClient.on('error', (err) => {
             logger.warn(err);
         });
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = config;
     }
     async validateBindClient() {
@@ -216,9 +214,11 @@ export class LDAPAuthDriver extends AuthDriver {
                     email: userInfo.email,
                 };
             }
-            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema: this.schema, accountability: null });
+            const schema = await getSchema();
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema, accountability: null });
             // Update user to update properties that might have changed
-            await this.usersService.updateOne(userId, updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.updateOne(userId, updatedUserPayload);
             return userId;
         }
         if (!userInfo) {
@@ -232,11 +232,13 @@ export class LDAPAuthDriver extends AuthDriver {
             external_identifier: userInfo.dn,
             role: userRole?.id ?? defaultRoleId,
         };
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
-        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema: this.schema, accountability: null });
+        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema, accountability: null });
         try {
-            await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.createOne(updatedUserPayload);
         }
         catch (e) {
             if (isDirectusError(e, ErrorCode.RecordNotUnique)) {

package/dist/auth/drivers/oauth2.d.ts

@@ -1,13 +1,11 @@
 import { Router } from 'express';
 import type { Client } from 'openid-client';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OAuth2AuthDriver extends LocalAuthDriver {
     client: Client;
     redirectUrl: string;
-    usersService: UsersService;
     config: Record<string, any>;
     roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);

package/dist/auth/drivers/oauth2.js

@@ -13,7 +13,6 @@ import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
@@ -22,10 +21,10 @@ import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js
 import { verifyJWT } from '../../utils/jwt.js';
 import { Url } from '../../utils/url.js';
 import { LocalAuthDriver } from './local.js';
+import { getSchema } from '../../utils/get-schema.js';
 export class OAuth2AuthDriver extends LocalAuthDriver {
     client;
     redirectUrl;
-    usersService;
     config;
     roleMap;
     constructor(options, config) {
@@ -39,7 +38,6 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         }
         const redirectUrl = new Url(env['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
         this.redirectUrl = redirectUrl.toString();
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
         this.roleMap = {};
         const roleMapping = this.config['roleMapping'];
@@ -177,14 +175,16 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
                     email: userPayload.email,
                 };
             }
+            const schema = await getSchema();
             const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-            }, { database: getDatabase(), schema: this.schema, accountability: null });
+            }, { database: getDatabase(), schema, accountability: null });
             // Update user to update refresh_token and other properties that might have changed
             if (Object.values(updatedUserPayload).some((value) => value !== undefined)) {
-                await this.usersService.updateOne(userId, updatedUserPayload);
+                const usersService = this.getUsersService(schema);
+                await usersService.updateOne(userId, updatedUserPayload);
             }
             return userId;
         }
@@ -193,15 +193,17 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
             logger.warn(`[OAuth2] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new InvalidCredentialsError();
         }
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
         const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, {
             identifier,
             provider: this.config['provider'],
             providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-        }, { database: getDatabase(), schema: this.schema, accountability: null });
+        }, { database: getDatabase(), schema, accountability: null });
         try {
-            await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.createOne(updatedUserPayload);
         }
         catch (e) {
             if (isDirectusError(e, ErrorCode.RecordNotUnique)) {
@@ -231,7 +233,8 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
                 const tokenSet = await this.client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
-                    await this.usersService.updateOne(user.id, {
+                    const usersService = this.getUsersService(await getSchema());
+                    await usersService.updateOne(user.id, {
                         auth_data: JSON.stringify({ refreshToken: tokenSet.refresh_token }),
                     });
                 }
@@ -273,10 +276,11 @@ export function createOAuth2AuthRouter(providerName) {
         const codeVerifier = provider.generateCodeVerifier();
         const prompt = !!req.query['prompt'];
         const redirect = req.query['redirect'];
+        const otp = req.query['otp'];
         if (isLoginRedirectAllowed(redirect, providerName) === false) {
             throw new InvalidPayloadError({ reason: `URL "${redirect}" can't be used to redirect after login` });
         }
-        const token = jwt.sign({ verifier: codeVerifier, redirect, prompt }, getSecret(), {
+        const token = jwt.sign({ verifier: codeVerifier, redirect, prompt, otp }, getSecret(), {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -299,7 +303,8 @@ export function createOAuth2AuthRouter(providerName) {
             logger.warn(e, `[OAuth2] Couldn't verify OAuth2 cookie`);
             throw new InvalidCredentialsError();
         }
-        const { verifier, redirect, prompt } = tokenData;
+        const { verifier, prompt, otp } = tokenData;
+        let { redirect } = tokenData;
         const accountability = createDefaultAccountability({
             ip: getIPFromReq(req),
         });
@@ -321,7 +326,7 @@ export function createOAuth2AuthRouter(providerName) {
                 code: req.query['code'],
                 codeVerifier: verifier,
                 state: req.query['state'],
-            }, { session: authMode === 'session' });
+            }, { session: authMode === 'session', ...(otp ? { otp: String(otp) } : {}) });
         }
         catch (error) {
             // Prompt user for a new refresh_token if invalidated
@@ -342,6 +347,18 @@ export function createOAuth2AuthRouter(providerName) {
             throw error;
         }
         const { accessToken, refreshToken, expires } = authResponse;
+        try {
+            const claims = verifyJWT(accessToken, getSecret());
+            if (claims?.enforce_tfa === true) {
+                const url = new Url(env['PUBLIC_URL']).addPath('admin', 'tfa-setup');
+                if (redirect)
+                    url.setQuery('redirect', redirect);
+                redirect = url.toString();
+            }
+        }
+        catch (e) {
+            logger.warn(e, `[OAuth2] Unexpected error during OAuth2 login`);
+        }
         if (redirect) {
             if (authMode === 'session') {
                 res.cookie(env['SESSION_COOKIE_NAME'], accessToken, SESSION_COOKIE_OPTIONS);

package/dist/auth/drivers/openid.d.ts

@@ -1,13 +1,11 @@
 import { Router } from 'express';
 import type { Client } from 'openid-client';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: null | Client;
     redirectUrl: string;
-    usersService: UsersService;
     config: Record<string, any>;
     roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);

package/dist/auth/drivers/openid.js

@@ -13,7 +13,6 @@ import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
@@ -22,10 +21,10 @@ import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js
 import { verifyJWT } from '../../utils/jwt.js';
 import { Url } from '../../utils/url.js';
 import { LocalAuthDriver } from './local.js';
+import { getSchema } from '../../utils/get-schema.js';
 export class OpenIDAuthDriver extends LocalAuthDriver {
     client;
     redirectUrl;
-    usersService;
     config;
     roleMap;
     constructor(options, config) {
@@ -40,7 +39,6 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         }
         const redirectUrl = new Url(env['PUBLIC_URL']).addPath('auth', 'login', provider, 'callback');
         this.redirectUrl = redirectUrl.toString();
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = config;
         this.roleMap = {};
         const roleMapping = this.config['roleMapping'];
@@ -227,14 +225,16 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
                     email: userPayload.email,
                 };
             }
+            const schema = await getSchema();
             const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-            }, { database: getDatabase(), schema: this.schema, accountability: null });
+            }, { database: getDatabase(), schema, accountability: null });
             // Update user to update refresh_token and other properties that might have changed
             if (Object.values(updatedUserPayload).some((value) => value !== undefined)) {
-                await this.usersService.updateOne(userId, updatedUserPayload);
+                const usersService = this.getUsersService(schema);
+                await usersService.updateOne(userId, updatedUserPayload);
             }
             return userId;
         }
@@ -244,15 +244,17 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             logger.warn(`[OpenID] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new InvalidCredentialsError();
         }
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
         const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, {
             identifier,
             provider: this.config['provider'],
             providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-        }, { database: getDatabase(), schema: this.schema, accountability: null });
+        }, { database: getDatabase(), schema, accountability: null });
         try {
-            await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.createOne(updatedUserPayload);
         }
         catch (e) {
             if (isDirectusError(e, ErrorCode.RecordNotUnique)) {
@@ -283,7 +285,8 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
                 const tokenSet = await client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
-                    await this.usersService.updateOne(user.id, {
+                    const usersService = this.getUsersService(await getSchema());
+                    await usersService.updateOne(user.id, {
                         auth_data: JSON.stringify({ refreshToken: tokenSet.refresh_token }),
                     });
                 }
@@ -325,10 +328,11 @@ export function createOpenIDAuthRouter(providerName) {
         const codeVerifier = provider.generateCodeVerifier();
         const prompt = !!req.query['prompt'];
         const redirect = req.query['redirect'];
+        const otp = req.query['otp'];
         if (isLoginRedirectAllowed(redirect, providerName) === false) {
             throw new InvalidPayloadError({ reason: `URL "${redirect}" can't be used to redirect after login` });
         }
-        const token = jwt.sign({ verifier: codeVerifier, redirect, prompt }, getSecret(), {
+        const token = jwt.sign({ verifier: codeVerifier, redirect, prompt, otp }, getSecret(), {
             expiresIn: (env[`AUTH_${providerName.toUpperCase()}_LOGIN_TIMEOUT`] ?? '5m'),
             issuer: 'directus',
         });
@@ -361,7 +365,8 @@ export function createOpenIDAuthRouter(providerName) {
             const url = new Url(env['PUBLIC_URL']).addPath('admin', 'login');
             return res.redirect(`${url.toString()}?reason=${ErrorCode.InvalidCredentials}`);
         }
-        const { verifier, redirect, prompt } = tokenData;
+        const { verifier, prompt, otp } = tokenData;
+        let { redirect } = tokenData;
         const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
         const userAgent = req.get('user-agent')?.substring(0, 1024);
         if (userAgent)
@@ -382,7 +387,7 @@ export function createOpenIDAuthRouter(providerName) {
                 codeVerifier: verifier,
                 state: req.query['state'],
                 iss: req.query['iss'],
-            }, { session: authMode === 'session' });
+            }, { session: authMode === 'session', ...(otp ? { otp: String(otp) } : {}) });
         }
         catch (error) {
             // Prompt user for a new refresh_token if invalidated
@@ -404,6 +409,18 @@ export function createOpenIDAuthRouter(providerName) {
             throw error;
         }
         const { accessToken, refreshToken, expires } = authResponse;
+        try {
+            const claims = verifyJWT(accessToken, getSecret());
+            if (claims?.enforce_tfa === true) {
+                const url = new Url(env['PUBLIC_URL']).addPath('admin', 'tfa-setup');
+                if (redirect)
+                    url.setQuery('redirect', redirect);
+                redirect = url.toString();
+            }
+        }
+        catch (e) {
+            logger.warn(e, `[OpenID] Unexpected error during OpenID login`);
+        }
         if (redirect) {
             if (authMode === 'session') {
                 res.cookie(env['SESSION_COOKIE_NAME'], accessToken, SESSION_COOKIE_OPTIONS);

package/dist/auth/drivers/saml.d.ts

@@ -1,11 +1,9 @@
 import * as samlify from 'samlify';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import { LocalAuthDriver } from './local.js';
 export declare class SAMLAuthDriver extends LocalAuthDriver {
     sp: samlify.ServiceProviderInstance;
     idp: samlify.IdentityProviderInstance;
-    usersService: UsersService;
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     fetchUserID(identifier: string): Promise<any>;

package/dist/auth/drivers/saml.js

@@ -10,22 +10,20 @@ import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { LocalAuthDriver } from './local.js';
 import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
+import { getSchema } from '../../utils/get-schema.js';
 // Register the samlify schema validator
 samlify.setSchemaValidator(validator);
 export class SAMLAuthDriver extends LocalAuthDriver {
     sp;
     idp;
-    usersService;
     config;
     constructor(options, config) {
         super(options, config);
         this.config = config;
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.sp = samlify.ServiceProvider(getConfigFromEnv(`AUTH_${config['provider'].toUpperCase()}_SP`));
         this.idp = samlify.IdentityProvider(getConfigFromEnv(`AUTH_${config['provider'].toUpperCase()}_IDP`));
     }
@@ -63,11 +61,13 @@ export class SAMLAuthDriver extends LocalAuthDriver {
             external_identifier: identifier.toLowerCase(),
             role: this.config['defaultRoleId'],
         };
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
-        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: identifier.toLowerCase(), provider: this.config['provider'], providerPayload: { ...payload } }, { database: getDatabase(), schema: this.schema, accountability: null });
+        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: identifier.toLowerCase(), provider: this.config['provider'], providerPayload: { ...payload } }, { database: getDatabase(), schema, accountability: null });
         try {
-            return await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            return await usersService.createOne(updatedUserPayload);
         }
         catch (error) {
             if (isDirectusError(error, ErrorCode.RecordNotUnique)) {

package/dist/auth.js

@@ -6,7 +6,6 @@ import { DEFAULT_AUTH_PROVIDER } from './constants.js';
 import getDatabase from './database/index.js';
 import { useLogger } from './logger/index.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
-import { getSchema } from './utils/get-schema.js';
 const providers = new Map();
 export function getAuthProvider(provider) {
     const logger = useLogger();
@@ -19,7 +18,7 @@ export function getAuthProvider(provider) {
 export async function registerAuthProviders() {
     const env = useEnv();
     const logger = useLogger();
-    const options = { knex: getDatabase(), schema: await getSchema() };
+    const options = { knex: getDatabase() };
     const providerNames = toArray(env['AUTH_PROVIDERS']);
     // Register default provider if not disabled
     if (!env['AUTH_DISABLE_DEFAULT']) {

package/dist/cli/commands/bootstrap/index.js

@@ -3,13 +3,10 @@ import getDatabase, { hasDatabaseConnection, isInstalled, validateDatabaseConnec
 import runMigrations from '../../../database/migrations/run.js';
 import installDatabase from '../../../database/seeds/run.js';
 import { useLogger } from '../../../logger/index.js';
-import { AccessService } from '../../../services/access.js';
-import { PoliciesService } from '../../../services/policies.js';
-import { RolesService } from '../../../services/roles.js';
 import { SettingsService } from '../../../services/settings.js';
-import { UsersService } from '../../../services/users.js';
 import { getSchema } from '../../../utils/get-schema.js';
-import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
+import { createAdmin } from '../../../utils/create-admin.js';
+import { email } from 'zod';
 export default async function bootstrap({ skipAdminInit }) {
     const logger = useLogger();
     logger.info('Initializing bootstrap...');
@@ -23,15 +20,23 @@ export default async function bootstrap({ skipAdminInit }) {
         await runMigrations(database, 'latest');
         const schema = await getSchema();
         if (skipAdminInit == null) {
-            await createDefaultAdmin(schema);
+            await createAdmin(schema);
         }
         else {
             logger.info('Skipping creation of default Admin user and role...');
         }
+        const settingsService = new SettingsService({ schema });
         if (env['PROJECT_NAME'] && typeof env['PROJECT_NAME'] === 'string' && env['PROJECT_NAME'].length > 0) {
-            const settingsService = new SettingsService({ schema });
             await settingsService.upsertSingleton({ project_name: env['PROJECT_NAME'] });
         }
+        if (email().safeParse(env['PROJECT_OWNER']).success) {
+            await settingsService.setOwner({
+                project_owner: env['PROJECT_OWNER'],
+                org_name: null,
+                project_usage: null,
+                product_updates: false,
+            });
+        }
     }
     else {
         logger.info('Database already initialized, skipping install');
@@ -55,29 +60,3 @@ async function waitForDatabase(database) {
     await validateDatabaseConnection(database);
     return database;
 }
-async function createDefaultAdmin(schema) {
-    const logger = useLogger();
-    const env = useEnv();
-    const { nanoid } = await import('nanoid');
-    logger.info('Setting up first admin role...');
-    const accessService = new AccessService({ schema });
-    const policiesService = new PoliciesService({ schema });
-    const rolesService = new RolesService({ schema });
-    const role = await rolesService.createOne(defaultAdminRole);
-    const policy = await policiesService.createOne(defaultAdminPolicy);
-    await accessService.createOne({ policy, role });
-    logger.info('Adding first admin user...');
-    const usersService = new UsersService({ schema });
-    let adminEmail = env['ADMIN_EMAIL'];
-    if (!adminEmail) {
-        logger.info('No admin email provided. Defaulting to "admin@example.com"');
-        adminEmail = 'admin@example.com';
-    }
-    let adminPassword = env['ADMIN_PASSWORD'];
-    if (!adminPassword) {
-        adminPassword = nanoid(12);
-        logger.info(`No admin password provided. Defaulting to "${adminPassword}"`);
-    }
-    const token = env['ADMIN_TOKEN'] ?? null;
-    await usersService.createOne({ ...defaultAdminUser, email: adminEmail, password: adminPassword, token, role });
-}

package/dist/cli/commands/init/index.js

@@ -9,7 +9,7 @@ import runSeed from '../../../database/seeds/run.js';
 import { generateHash } from '../../../utils/generate-hash.js';
 import createDBConnection from '../../utils/create-db-connection.js';
 import createEnv from '../../utils/create-env/index.js';
-import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
+import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../../utils/create-admin.js';
 import { drivers, getDriverForClient } from '../../utils/drivers.js';
 import { databaseQuestions } from './questions.js';
 export default async function init() {

package/dist/cli/commands/schema/apply.d.ts

@@ -1,5 +1,9 @@
+import type { SnapshotDiff } from '@directus/types';
+export declare function filterSnapshotDiff(snapshot: SnapshotDiff, filters: string[]): SnapshotDiff;
 export declare function apply(snapshotPath: string, options?: {
     yes: boolean;
     dryRun: boolean;
     ignoreRules: string;
 }): Promise<void>;
+export declare function formatPath(path: any[]): string;
+export declare function formatRelatedCollection(relatedCollection: string | null): string;