@directus/api 31.0.0 → 32.0.0

package/dist/mcp/tools/operations.d.ts

@@ -28,17 +28,17 @@ export declare const OperationsValidationSchema: z.ZodDiscriminatedUnion<[z.ZodO
         deep: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
         alias: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
         aggregate: z.ZodOptional<z.ZodObject<{
-            count: z.ZodArray<z.ZodString>;
-            sum: z.ZodArray<z.ZodString>;
-            avg: z.ZodArray<z.ZodString>;
-            min: z.ZodArray<z.ZodString>;
-            max: z.ZodArray<z.ZodString>;
+            count: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            sum: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            avg: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            min: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            max: z.ZodOptional<z.ZodArray<z.ZodString>>;
         }, z.core.$strip>>;
         backlink: z.ZodOptional<z.ZodBoolean>;
         version: z.ZodOptional<z.ZodString>;
         versionRaw: z.ZodOptional<z.ZodBoolean>;
         export: z.ZodOptional<z.ZodString>;
-        group: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        groupBy: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
 }, z.core.$strict>, z.ZodObject<{
     action: z.ZodLiteral<"update">;
@@ -60,7 +60,7 @@ export declare const OperationsValidationSchema: z.ZodDiscriminatedUnion<[z.ZodO
 }, z.core.$strict>, z.ZodObject<{
     action: z.ZodLiteral<"delete">;
     key: z.ZodString;
-}, z.core.$strict>]>;
+}, z.core.$strict>], "action">;
 export declare const OperationsInputSchema: z.ZodObject<{
     action: z.ZodEnum<{
         delete: "delete";
@@ -79,17 +79,17 @@ export declare const OperationsInputSchema: z.ZodObject<{
         deep: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
         alias: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
         aggregate: z.ZodOptional<z.ZodObject<{
-            count: z.ZodArray<z.ZodString>;
-            sum: z.ZodArray<z.ZodString>;
-            avg: z.ZodArray<z.ZodString>;
-            min: z.ZodArray<z.ZodString>;
-            max: z.ZodArray<z.ZodString>;
+            count: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            sum: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            avg: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            min: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            max: z.ZodOptional<z.ZodArray<z.ZodString>>;
         }, z.core.$strip>>;
         backlink: z.ZodOptional<z.ZodBoolean>;
         version: z.ZodOptional<z.ZodString>;
         versionRaw: z.ZodOptional<z.ZodBoolean>;
         export: z.ZodOptional<z.ZodString>;
-        group: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        groupBy: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
     data: z.ZodOptional<z.ZodObject<{
         id: z.ZodOptional<z.ZodString>;
@@ -136,17 +136,17 @@ export declare const operations: import("../types.js").ToolConfig<{
         deep?: Record<string, any> | undefined;
         alias?: Record<string, string> | undefined;
         aggregate?: {
-            count: string[];
-            sum: string[];
-            avg: string[];
-            min: string[];
-            max: string[];
+            count?: string[] | undefined;
+            sum?: string[] | undefined;
+            avg?: string[] | undefined;
+            min?: string[] | undefined;
+            max?: string[] | undefined;
         } | undefined;
         backlink?: boolean | undefined;
         version?: string | undefined;
         versionRaw?: boolean | undefined;
         export?: string | undefined;
-        group?: string[] | undefined;
+        groupBy?: string[] | undefined;
     } | undefined;
 } | {
     action: "update";

package/dist/mcp/tools/prompts/items.md

@@ -307,7 +307,7 @@ Date: `year(field)`, `month(field)`, `day(field)`, `hour(field)` Aggregate: `cou
 
 ```json
 {"filter": {"year(date_created)": {"_eq": 2024}}}
-{"aggregate": {"count": "*", "sum": "price"}, "groupBy": ["category"]}
+{"aggregate": {"count": ["*"], "sum": ["price"]}, "groupBy": ["category"]}
 ```
 
 ## Restrictions

package/dist/metrics/lib/create-metrics.js

@@ -18,6 +18,7 @@ export function createMetrics() {
     const env = useEnv();
     const logger = useLogger();
     const services = env['METRICS_SERVICES'] ?? [];
+    const metricNamePrefix = env['METRICS_NAME_PREFIX'] ?? 'directus_';
     const aggregates = new Map();
     /**
      * Listen for PM2 metric data sync messages and add them to the aggregate
@@ -92,10 +93,10 @@ export function createMetrics() {
             return null;
         }
         const client = env['DB_CLIENT'];
-        let metric = register.getSingleMetric(`directus_db_${client}_connection_errors`);
+        let metric = register.getSingleMetric(`${metricNamePrefix}db_${client}_connection_errors`);
         if (!metric) {
             metric = new Counter({
-                name: `directus_db_${client}_connection_errors`,
+                name: `${metricNamePrefix}db_${client}_connection_errors`,
                 help: `${client} Database connection error count`,
             });
         }
@@ -106,10 +107,10 @@ export function createMetrics() {
             return null;
         }
         const client = env['DB_CLIENT'];
-        let metric = register.getSingleMetric(`directus_db_${client}_response_time_ms`);
+        let metric = register.getSingleMetric(`${metricNamePrefix}db_${client}_response_time_ms`);
         if (!metric) {
             metric = new Histogram({
-                name: `directus_db_${client}_response_time_ms`,
+                name: `${metricNamePrefix}db_${client}_response_time_ms`,
                 help: `${client} Database connection response time`,
                 buckets: [1, 10, 20, 40, 60, 80, 100, 200, 500, 750, 1000],
             });
@@ -123,10 +124,10 @@ export function createMetrics() {
         if (env['CACHE_STORE'] === 'redis' && redisConfigAvailable() !== true) {
             return null;
         }
-        let metric = register.getSingleMetric(`directus_cache_${env['CACHE_STORE']}_connection_errors`);
+        let metric = register.getSingleMetric(`${metricNamePrefix}cache_${env['CACHE_STORE']}_connection_errors`);
         if (!metric) {
             metric = new Counter({
-                name: `directus_cache_${env['CACHE_STORE']}_connection_errors`,
+                name: `${metricNamePrefix}cache_${env['CACHE_STORE']}_connection_errors`,
                 help: 'Cache connection error count',
             });
         }
@@ -136,10 +137,10 @@ export function createMetrics() {
         if (services.includes('redis') === false || redisConfigAvailable() !== true) {
             return null;
         }
-        let metric = register.getSingleMetric('directus_redis_connection_errors');
+        let metric = register.getSingleMetric(`${metricNamePrefix}redis_connection_errors`);
         if (!metric) {
             metric = new Counter({
-                name: `directus_redis_connection_errors`,
+                name: `${metricNamePrefix}redis_connection_errors`,
                 help: 'Redis connection error count',
             });
         }
@@ -149,10 +150,10 @@ export function createMetrics() {
         if (services.includes('storage') === false) {
             return null;
         }
-        let metric = register.getSingleMetric(`directus_storage_${location}_connection_errors`);
+        let metric = register.getSingleMetric(`${metricNamePrefix}storage_${location}_connection_errors`);
         if (!metric) {
             metric = new Counter({
-                name: `directus_storage_${location}_connection_errors`,
+                name: `${metricNamePrefix}storage_${location}_connection_errors`,
                 help: `${location} storage connection error count`,
             });
         }
@@ -182,8 +183,8 @@ export function createMetrics() {
             return;
         }
         try {
-            await cache.set(`metrics-${checkId}`, '1', 5);
-            await cache.delete(`metrics-${checkId}`);
+            await cache.set(`directus-metric-${checkId}`, '1', 5);
+            await cache.delete(`directus-metric-${checkId}`);
         }
         catch {
             metric.inc();
@@ -196,8 +197,8 @@ export function createMetrics() {
         }
         const redis = useRedis();
         try {
-            await redis.set(`metrics-${checkId}`, '1');
-            await redis.del(`metrics-${checkId}`);
+            await redis.set(`directus-metric-${checkId}`, '1');
+            await redis.del(`directus-metric-${checkId}`);
         }
         catch {
             metric.inc();
@@ -215,17 +216,7 @@ export function createMetrics() {
                 continue;
             }
             try {
-                await disk.write(`metric-${checkId}`, Readable.from(['check']));
-                const fileStream = await disk.read(`metric-${checkId}`);
-                fileStream.on('data', async () => {
-                    try {
-                        fileStream.destroy();
-                        await disk.delete(`metric-${checkId}`);
-                    }
-                    catch (error) {
-                        logger.error(error);
-                    }
-                });
+                await disk.write('directus-metric-file', Readable.from([checkId]));
             }
             catch {
                 metric.inc();

package/dist/middleware/collection-exists.js

@@ -1,14 +1,14 @@
 /**
  * Check if requested collection exists, and save it to req.collection
  */
-import { ForbiddenError } from '@directus/errors';
 import { systemCollectionRows } from '@directus/system-data';
 import asyncHandler from '../utils/async-handler.js';
+import { createCollectionForbiddenError } from '../permissions/modules/process-ast/utils/validate-path/create-error.js';
 const collectionExists = asyncHandler(async (req, _res, next) => {
     if (!req.params['collection'])
         return next();
     if (req.params['collection'] in req.schema.collections === false) {
-        throw new ForbiddenError();
+        throw createCollectionForbiddenError('', req.params['collection']);
     }
     req.collection = req.params['collection'];
     const systemCollectionRow = systemCollectionRows.find((collection) => {

package/dist/operations/mail/index.js

@@ -2,10 +2,12 @@ import { defineOperationApi } from '@directus/extensions';
 import { MailService } from '../../services/mail/index.js';
 import { md } from '../../utils/md.js';
 import { useLogger } from '../../logger/index.js';
+import { useFlowsEmailRateLimiter } from './rate-limiter.js';
 const logger = useLogger();
 export default defineOperationApi({
     id: 'mail',
-    handler: async ({ body, template, data, to, type, subject, cc, bcc, replyTo }, { accountability, database, getSchema }) => {
+    handler: async ({ body, template, data, to, type, subject, cc, bcc, replyTo }, { accountability, database, getSchema, flow }) => {
+        await useFlowsEmailRateLimiter(flow.id);
         const mailService = new MailService({ schema: await getSchema({ database }), accountability, knex: database });
         const mailObject = { to, subject, cc, bcc, replyTo };
         const safeBody = typeof body !== 'string' ? JSON.stringify(body) : body;

package/dist/operations/mail/rate-limiter.d.ts

@@ -0,0 +1 @@
+export declare function useFlowsEmailRateLimiter(flow_id: string): Promise<void>;

package/dist/operations/mail/rate-limiter.js

@@ -0,0 +1,29 @@
+import { useEnv } from '@directus/env';
+import { RateLimiterMemory, RateLimiterRedis, RateLimiterRes } from 'rate-limiter-flexible';
+import { createRateLimiter } from '../../rate-limiter.js';
+import { toBoolean } from '@directus/utils';
+import { EmailLimitExceededError } from '@directus/errors';
+let emailRateLimiter;
+const env = useEnv();
+if (toBoolean(env['RATE_LIMITER_EMAIL_FLOWS_ENABLED']) === true) {
+    emailRateLimiter = createRateLimiter('RATE_LIMITER_EMAIL_FLOWS');
+}
+export async function useFlowsEmailRateLimiter(flow_id) {
+    if (!emailRateLimiter)
+        return;
+    try {
+        await emailRateLimiter.consume(flow_id, 1);
+    }
+    catch (err) {
+        if (err instanceof RateLimiterRes) {
+            throw new EmailLimitExceededError({
+                points: 'RATE_LIMITER_EMAIL_FLOWS_POINTS' in env ? Number(env['RATE_LIMITER_EMAIL_FLOWS_POINTS']) : undefined,
+                duration: 'RATE_LIMITER_EMAIL_FLOWS_DURATION' in env ? Number(env['RATE_LIMITER_EMAIL_FLOWS_DURATION']) : undefined,
+                message: 'RATE_LIMITER_EMAIL_FLOWS_ERROR_MESSAGE' in env
+                    ? String(env['RATE_LIMITER_EMAIL_FLOWS_ERROR_MESSAGE'])
+                    : undefined,
+            });
+        }
+        throw err;
+    }
+}

package/dist/permissions/modules/process-payload/process-payload.js

@@ -1,4 +1,3 @@
-import { ForbiddenError } from '@directus/errors';
 import { parseFilter, validatePayload } from '@directus/utils';
 import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
 import { assign, difference, uniq } from 'lodash-es';
@@ -8,6 +7,7 @@ import { extractRequiredDynamicVariableContext } from '../../utils/extract-requi
 import { fetchDynamicVariableData } from '../../utils/fetch-dynamic-variable-data.js';
 import { contextHasDynamicVariables } from '../process-ast/utils/context-has-dynamic-variables.js';
 import { isFieldNullable } from './lib/is-field-nullable.js';
+import { createCollectionForbiddenError, createFieldsForbiddenError, } from '../process-ast/utils/validate-path/create-error.js';
 /**
  * @note this only validates the top-level fields. The expectation is that this function is called
  * for each level of nested insert separately
@@ -20,21 +20,14 @@ export async function processPayload(options, context) {
         policies = await fetchPolicies(options.accountability, context);
         permissions = await fetchPermissions({ action: options.action, policies, collections: [options.collection], accountability: options.accountability }, context);
         if (permissions.length === 0) {
-            throw new ForbiddenError({
-                reason: `You don't have permission to "${options.action}" from collection "${options.collection}" or it does not exist.`,
-            });
+            throw createCollectionForbiddenError('', options.collection);
         }
         const fieldsAllowed = uniq(permissions.map(({ fields }) => fields ?? []).flat());
         if (fieldsAllowed.includes('*') === false) {
             const fieldsUsed = Object.keys(options.payload);
             const notAllowed = difference(fieldsUsed, fieldsAllowed);
             if (notAllowed.length > 0) {
-                const fieldStr = notAllowed.map((field) => `"${field}"`).join(', ');
-                throw new ForbiddenError({
-                    reason: notAllowed.length === 1
-                        ? `You don't have permission to access field ${fieldStr} in collection "${options.collection}" or it does not exist.`
-                        : `You don't have permission to access fields ${fieldStr} in collection "${options.collection}" or they do not exist.`,
-                });
+                throw createFieldsForbiddenError('', options.collection, notAllowed);
             }
         }
         permissionValidationRules = permissions.map(({ validation }) => validation);

package/dist/permissions/modules/validate-access/validate-access.js

@@ -1,6 +1,7 @@
 import { ForbiddenError } from '@directus/errors';
 import { validateCollectionAccess } from './lib/validate-collection-access.js';
 import { validateItemAccess } from './lib/validate-item-access.js';
+import { createCollectionForbiddenError } from '../process-ast/utils/validate-path/create-error.js';
 /**
  * Validate if the current user has access to perform action against the given collection and
  * optional primary keys. This is done by reading the item from the database using the access
@@ -9,9 +10,7 @@ import { validateItemAccess } from './lib/validate-item-access.js';
 export async function validateAccess(options, context) {
     // Skip further validation if the collection does not exist
     if (!options.skipCollectionExistsCheck && options.collection in context.schema.collections === false) {
-        throw new ForbiddenError({
-            reason: `You don't have permission to "${options.action}" from collection "${options.collection}" or it does not exist.`,
-        });
+        throw createCollectionForbiddenError('', options.collection);
     }
     if (options.accountability.admin === true) {
         return;

package/dist/schedules/metrics.js

@@ -1,6 +1,6 @@
 import { useEnv } from '@directus/env';
 import { toBoolean } from '@directus/utils';
-import { scheduleJob } from 'node-schedule';
+import { CronJob } from 'cron';
 import { useLogger } from '../logger/index.js';
 import { useMetrics } from '../metrics/index.js';
 import { validateCron } from '../utils/schedule.js';
@@ -39,6 +39,10 @@ export default async function schedule() {
     if (!validateCron(String(env['METRICS_SCHEDULE']))) {
         return false;
     }
-    scheduleJob('metrics', String(env['METRICS_SCHEDULE']), handleMetricsJob);
+    CronJob.from({
+        cronTime: String(env['METRICS_SCHEDULE']),
+        onTick: handleMetricsJob,
+        start: true,
+    });
     return true;
 }

package/dist/schedules/project.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Schedule the project status job
+ */
+export default function schedule(): Promise<void>;

package/dist/schedules/project.js

@@ -0,0 +1,27 @@
+import { random } from 'lodash-es';
+import getDatabase from '../database/index.js';
+import { sendReport } from '../telemetry/index.js';
+import { scheduleSynchronizedJob } from '../utils/schedule.js';
+import { version } from 'directus/version';
+/**
+ * Schedule the project status job
+ */
+export default async function schedule() {
+    const db = getDatabase();
+    // Schedules a job at a random time of the day to avoid overloading the telemetry server
+    scheduleSynchronizedJob('project-status', `${random(59)} ${random(23)} * * *`, async () => {
+        const { project_status, ...ownerInfo } = await db
+            .select('project_status', 'project_owner', 'project_usage', 'org_name', 'product_updates', 'project_id')
+            .from('directus_settings')
+            .first();
+        if (project_status !== 'pending')
+            return;
+        try {
+            await sendReport({ version, ...ownerInfo });
+            await db.update('project_status', '').from('directus_settings');
+        }
+        catch {
+            // Empty catch
+        }
+    });
+}

package/dist/services/collections.d.ts

@@ -1,5 +1,5 @@
 import type { SchemaInspector } from '@directus/schema';
-import type { AbstractServiceOptions, Accountability, MutationOptions, SchemaOverview, RawCollection } from '@directus/types';
+import type { AbstractServiceOptions, Accountability, FieldMutationOptions, MutationOptions, RawCollection, SchemaOverview } from '@directus/types';
 import type Keyv from 'keyv';
 import type { Knex } from 'knex';
 import type { Helpers } from '../database/helpers/index.js';
@@ -16,11 +16,11 @@ export declare class CollectionsService {
     /**
      * Create a single new collection
      */
-    createOne(payload: RawCollection, opts?: MutationOptions): Promise<string>;
+    createOne(payload: RawCollection, opts?: FieldMutationOptions): Promise<string>;
     /**
      * Create multiple new collections
      */
-    createMany(payloads: RawCollection[], opts?: MutationOptions): Promise<string[]>;
+    createMany(payloads: RawCollection[], opts?: FieldMutationOptions): Promise<string[]>;
     /**
      * Read all collections. Currently doesn't support any query.
      */

package/dist/services/collections.js

@@ -62,6 +62,7 @@ export class CollectionsService {
             if (existingCollections.includes(payload.collection)) {
                 throw new InvalidPayloadError({ reason: `Collection "${payload.collection}" already exists` });
             }
+            const attemptConcurrentIndex = Boolean(opts?.attemptConcurrentIndex);
             // Create the collection/fields in a transaction so it'll be reverted in case of errors or
             // permission problems. This might not work reliably in MySQL, as it doesn't support DDL in
             // transactions.
@@ -114,7 +115,9 @@ export class CollectionsService {
                     await trx.schema.createTable(payload.collection, (table) => {
                         for (const field of payload.fields) {
                             if (field.type && ALIAS_TYPES.includes(field.type) === false) {
-                                fieldsService.addColumnToTable(table, payload.collection, field);
+                                fieldsService.addColumnToTable(table, payload.collection, field, {
+                                    attemptConcurrentIndex,
+                                });
                             }
                         }
                     });
@@ -159,6 +162,17 @@ export class CollectionsService {
                 }
                 return payload.collection;
             });
+            // concurrent index creation cannot be done inside the transaction
+            if (attemptConcurrentIndex && payload.schema && Array.isArray(payload.fields)) {
+                const fieldsService = new FieldsService({ schema: this.schema });
+                for (const field of payload.fields) {
+                    if (field.type && ALIAS_TYPES.includes(field.type) === false) {
+                        await fieldsService.addColumnIndex(payload.collection, field, {
+                            attemptConcurrentIndex,
+                        });
+                    }
+                }
+            }
             return payload.collection;
         }
         finally {
@@ -195,6 +209,7 @@ export class CollectionsService {
                         autoPurgeCache: false,
                         autoPurgeSystemCache: false,
                         bypassEmitAction: (params) => nestedActionEvents.push(params),
+                        attemptConcurrentIndex: Boolean(opts?.attemptConcurrentIndex),
                     });
                     collectionNames.push(name);
                 }

package/dist/services/fields.d.ts

@@ -1,10 +1,18 @@
 import type { Column, SchemaInspector } from '@directus/schema';
-import type { AbstractServiceOptions, Accountability, Field, MutationOptions, RawField, SchemaOverview, Type } from '@directus/types';
+import type { AbstractServiceOptions, Accountability, Field, FieldMutationOptions, MutationOptions, RawField, SchemaOverview, Type } from '@directus/types';
 import type Keyv from 'keyv';
 import type { Knex } from 'knex';
+import { z } from 'zod';
 import type { Helpers } from '../database/helpers/index.js';
 import { ItemsService } from './items.js';
 import { PayloadService } from './payload.js';
+export declare const systemFieldUpdateSchema: z.ZodObject<{
+    collection: z.ZodOptional<z.ZodString>;
+    field: z.ZodOptional<z.ZodString>;
+    schema: z.ZodObject<{
+        is_indexed: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strict>;
+}, z.core.$strict>;
 export declare class FieldsService {
     knex: Knex;
     helpers: Helpers;
@@ -25,9 +33,17 @@ export declare class FieldsService {
         field: string;
         type: Type | null;
     }, table?: Knex.CreateTableBuilder, // allows collection creation to
-    opts?: MutationOptions): Promise<void>;
-    updateField(collection: string, field: RawField, opts?: MutationOptions): Promise<string>;
-    updateFields(collection: string, fields: RawField[], opts?: MutationOptions): Promise<string[]>;
+    opts?: FieldMutationOptions): Promise<void>;
+    updateField(collection: string, field: RawField, opts?: FieldMutationOptions): Promise<string>;
+    updateFields(collection: string, fields: RawField[], opts?: FieldMutationOptions): Promise<string[]>;
     deleteField(collection: string, field: string, opts?: MutationOptions): Promise<void>;
-    addColumnToTable(table: Knex.CreateTableBuilder, collection: string, field: RawField | Field, existing?: Column | null): void;
+    addColumnToTable(table: Knex.CreateTableBuilder, collection: string, field: RawField | Field, options?: {
+        attemptConcurrentIndex?: boolean;
+        existing?: Column | null;
+    }): void;
+    addColumnIndex(collection: string, field: Field | RawField, options?: {
+        attemptConcurrentIndex?: boolean;
+        knex?: Knex;
+        existing?: Column | null;
+    }): Promise<void>;
 }