@directus/api 32.2.0 → 33.0.0

package/dist/permissions/modules/validate-access/lib/validate-item-access.js

@@ -1,5 +1,9 @@
 import { toBoolean } from '@directus/utils';
 import { fetchPermittedAstRootFields } from '../../../../database/run-ast/modules/fetch-permitted-ast-root-fields.js';
+import { fetchPermissions } from '../../../lib/fetch-permissions.js';
+import { fetchPolicies } from '../../../lib/fetch-policies.js';
+import { fetchAllowedFields } from '../../fetch-allowed-fields/fetch-allowed-fields.js';
+import { injectCases } from '../../process-ast/lib/inject-cases.js';
 import { processAst } from '../../process-ast/process-ast.js';
 export async function validateItemAccess(options, context) {
     const primaryKeyField = context.schema.collections[options.collection]?.primary;
@@ -24,18 +28,62 @@ export async function validateItemAccess(options, context) {
             _in: options.primaryKeys,
         },
     };
+    let hasItemRules;
+    let permissionedFields;
+    // Inject the root fields after the permissions have been processed, as to not require access to all collection fields
+    if (options.returnAllowedRootFields) {
+        const allowedFields = await fetchAllowedFields({ accountability: options.accountability, action: options.action, collection: options.collection }, context);
+        const schemaFields = Object.keys(context.schema.collections[options.collection].fields);
+        const hasWildcard = allowedFields.includes('*');
+        permissionedFields = hasWildcard ? schemaFields : allowedFields;
+        const policies = await fetchPolicies(options.accountability, context);
+        const permissions = await fetchPermissions({ action: options.action, policies, collections: [options.collection], accountability: options.accountability }, context);
+        // Only inject cases if there are item-level permission rules
+        hasItemRules = permissions.some((p) => p.permissions && Object.keys(p.permissions).length > 0);
+        if (hasItemRules) {
+            // Create children only for fields that exist in schema and are allowed by permissions
+            ast.children = permissionedFields.map((field) => ({
+                type: 'field',
+                name: field,
+                fieldKey: field,
+                whenCase: [],
+                alias: false,
+            }));
+            injectCases(ast, permissions);
+        }
+    }
     const items = await fetchPermittedAstRootFields(ast, {
         schema: context.schema,
         accountability: options.accountability,
         knex: context.knex,
         action: options.action,
     });
-    if (items && items.length === options.primaryKeys.length) {
-        const { fields } = options;
-        if (fields) {
-            return items.every((item) => fields.every((field) => toBoolean(item[field])));
+    const hasAccess = items && items.length === options.primaryKeys.length;
+    if (!hasAccess) {
+        if (options.returnAllowedRootFields) {
+            return { accessAllowed: false, allowedRootFields: [] };
+        }
+        return { accessAllowed: false };
+    }
+    let accessAllowed = true;
+    // If specific fields were requested, verify they are all accessible
+    if (options.fields) {
+        accessAllowed = items.every((item) => options.fields.every((field) => toBoolean(item[field])));
+    }
+    // If returnAllowedRootFields, return intersection of allowed fields across all items
+    if (options.returnAllowedRootFields) {
+        // If there are no item-level rules, return the permissioned fields directly
+        if (!hasItemRules) {
+            return {
+                accessAllowed,
+                allowedRootFields: permissionedFields,
+            };
         }
-        return true;
+        const allowedRootFields = items.length > 0 ? Object.keys(items[0]).filter((field) => items.every((item) => item[field] === 1)) : [];
+        return {
+            accessAllowed,
+            allowedRootFields,
+        };
     }
-    return false;
+    return { accessAllowed };
 }

package/dist/permissions/modules/validate-access/validate-access.js

@@ -1,7 +1,7 @@
 import { ForbiddenError } from '@directus/errors';
+import { createCollectionForbiddenError } from '../process-ast/utils/validate-path/create-error.js';
 import { validateCollectionAccess } from './lib/validate-collection-access.js';
 import { validateItemAccess } from './lib/validate-item-access.js';
-import { createCollectionForbiddenError } from '../process-ast/utils/validate-path/create-error.js';
 /**
  * Validate if the current user has access to perform action against the given collection and
  * optional primary keys. This is done by reading the item from the database using the access
@@ -20,7 +20,8 @@ export async function validateAccess(options, context) {
     // from the database. If no keys are passed, we can simply check if the collection+action combo
     // exists within permissions
     if (options.primaryKeys) {
-        access = await validateItemAccess(options, context);
+        const result = await validateItemAccess(options, context);
+        access = result.accessAllowed;
     }
     else {
         access = await validateCollectionAccess(options, context);

package/dist/rate-limiter.js

@@ -1,8 +1,8 @@
+import { createRequire } from 'node:module';
 import { useEnv } from '@directus/env';
 import { merge } from 'lodash-es';
 import { RateLimiterMemory, RateLimiterRedis, RateLimiterRes } from 'rate-limiter-flexible';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
-import { createRequire } from 'node:module';
 const require = createRequire(import.meta.url);
 export function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides) {
     const env = useEnv();

package/dist/request/is-denied-ip.js

@@ -1,7 +1,7 @@
+import os from 'node:os';
 import { useEnv } from '@directus/env';
 import { ipInNetworks } from '@directus/utils/node';
 import { matches } from 'ip-matching';
-import os from 'node:os';
 import { useLogger } from '../logger/index.js';
 export function isDeniedIp(ip) {
     const env = useEnv();

package/dist/schedules/project.js

@@ -1,8 +1,8 @@
+import { version } from 'directus/version';
 import { random } from 'lodash-es';
 import getDatabase from '../database/index.js';
 import { sendReport } from '../telemetry/index.js';
 import { scheduleSynchronizedJob } from '../utils/schedule.js';
-import { version } from 'directus/version';
 /**
  * Schedule the project status job
  */

package/dist/schedules/telemetry.js

@@ -1,8 +1,8 @@
 import { useEnv } from '@directus/env';
 import { toBoolean } from '@directus/utils';
 import { getCache } from '../cache.js';
-import { scheduleSynchronizedJob } from '../utils/schedule.js';
 import { track } from '../telemetry/index.js';
+import { scheduleSynchronizedJob } from '../utils/schedule.js';
 /**
  * Exported to be able to test the anonymous callback function
  */

package/dist/schedules/tus.js

@@ -1,6 +1,6 @@
 import { RESUMABLE_UPLOADS } from '../constants.js';
-import { getSchema } from '../utils/get-schema.js';
 import { createTusServer } from '../services/tus/index.js';
+import { getSchema } from '../utils/get-schema.js';
 import { scheduleSynchronizedJob, validateCron } from '../utils/schedule.js';
 /**
  * Schedule the tus cleanup

package/dist/server.js

@@ -1,19 +1,19 @@
+import * as http from 'http';
+import * as https from 'https';
+import url from 'url';
 import { useEnv } from '@directus/env';
 import { toBoolean } from '@directus/utils';
 import { getNodeEnv } from '@directus/utils/node';
 import { createTerminus } from '@godaddy/terminus';
-import * as http from 'http';
-import * as https from 'https';
 import { once } from 'lodash-es';
 import qs from 'qs';
-import url from 'url';
 import createApp from './app.js';
 import getDatabase from './database/index.js';
 import emitter from './emitter.js';
 import { useLogger } from './logger/index.js';
+import { getAddress } from './utils/get-address.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { getIPFromReq } from './utils/get-ip-from-req.js';
-import { getAddress } from './utils/get-address.js';
 import { createLogsController, createSubscriptionController, createWebSocketController, getLogsController, getSubscriptionController, getWebSocketController, } from './websocket/controllers/index.js';
 import { startWebSocketHandlers } from './websocket/handlers/index.js';
 export let SERVER_ONLINE = true;

package/dist/services/assets.d.ts

@@ -1,7 +1,7 @@
+import type { Readable } from 'node:stream';
 import type { AbstractServiceOptions, Accountability, Range, SchemaOverview, Stat, TransformationSet } from '@directus/types';
 import archiver from 'archiver';
 import type { Knex } from 'knex';
-import type { Readable } from 'node:stream';
 import { FilesService } from './files.js';
 export declare class AssetsService {
     knex: Knex;
@@ -9,6 +9,7 @@ export declare class AssetsService {
     schema: SchemaOverview;
     sudoFilesService: FilesService;
     constructor(options: AbstractServiceOptions);
+    private sanitizeFields;
     private zip;
     zipFiles(files: string[]): Promise<{
         archive: archiver.Archiver;

package/dist/services/assets.js

@@ -1,22 +1,22 @@
+import path from 'path';
 import { useEnv } from '@directus/env';
 import { ForbiddenError, IllegalAssetTransformationError, InvalidPayloadError, InvalidQueryError, RangeNotSatisfiableError, ServiceUnavailableError, } from '@directus/errors';
 import archiver from 'archiver';
 import { clamp } from 'lodash-es';
 import { contentType, extension } from 'mime-types';
 import hash from 'object-hash';
-import path from 'path';
 import sharp from 'sharp';
 import { SUPPORTED_IMAGE_TRANSFORM_FORMATS } from '../constants.js';
 import getDatabase from '../database/index.js';
 import { useLogger } from '../logger/index.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
+import { validateItemAccess } from '../permissions/modules/validate-access/lib/validate-item-access.js';
 import { getStorage } from '../storage/index.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { isValidUuid } from '../utils/is-valid-uuid.js';
 import * as TransformationUtils from '../utils/transformations.js';
 import { NameDeduper } from './assets/name-deduper.js';
-import { FilesService } from './files.js';
 import { getSharpInstance } from './files/lib/get-sharp-instance.js';
+import { FilesService } from './files.js';
 import { FoldersService } from './folders.js';
 const env = useEnv();
 const logger = useLogger();
@@ -31,6 +31,20 @@ export class AssetsService {
         this.schema = options.schema;
         this.sudoFilesService = new FilesService({ ...options, accountability: null });
     }
+    sanitizeFields(file, allowedFields) {
+        if (allowedFields.includes('*')) {
+            return file;
+        }
+        const bypassFields = ['type', 'filesize'];
+        const fieldsToKeep = new Set([...allowedFields, ...bypassFields]);
+        const filteredFile = {};
+        for (const field of fieldsToKeep) {
+            if (field in file) {
+                filteredFile[field] = file[field];
+            }
+        }
+        return filteredFile;
+    }
     zip(options) {
         if (options.files.length === 0) {
             throw new InvalidPayloadError({ reason: 'No files found in the selected folders tree' });
@@ -135,13 +149,22 @@ export class AssetsService {
          */
         if (!isValidUuid(id))
             throw new ForbiddenError();
-        if (systemPublicKeys.includes(id) === false && this.accountability) {
-            await validateAccess({
+        let allowedFields = ['*'];
+        if (!systemPublicKeys.includes(id) && this.accountability && this.accountability.admin !== true) {
+            // Use validateItemAccess to check access and get allowed fields
+            const { allowedRootFields, accessAllowed } = await validateItemAccess({
                 accountability: this.accountability,
                 action: 'read',
                 collection: 'directus_files',
                 primaryKeys: [id],
+                returnAllowedRootFields: true,
             }, { knex: this.knex, schema: this.schema });
+            if (!accessAllowed) {
+                throw new ForbiddenError({
+                    reason: `You don't have permission to perform "read" for collection "directus_files" or it does not exist.`,
+                });
+            }
+            allowedFields = allowedRootFields;
         }
         const file = (await this.sudoFilesService.readOne(id, { limit: 1 }));
         const exists = await storage.location(file.storage).exists(file.filename_disk);
@@ -195,7 +218,7 @@ export class AssetsService {
                 const assetStream = () => storage.location(file.storage).read(assetFilename, { range });
                 return {
                     stream: deferStream ? assetStream : await assetStream(),
-                    file,
+                    file: this.sanitizeFields(file, allowedFields),
                     stat: await storage.location(file.storage).stat(assetFilename),
                 };
             }
@@ -260,13 +283,17 @@ export class AssetsService {
             return {
                 stream: deferStream ? assetStream : await assetStream(),
                 stat: await storage.location(file.storage).stat(assetFilename),
-                file,
+                file: this.sanitizeFields(file, allowedFields),
             };
         }
         else {
             const assetStream = () => storage.location(file.storage).read(file.filename_disk, { range, version });
             const stat = await storage.location(file.storage).stat(file.filename_disk);
-            return { stream: deferStream ? assetStream : await assetStream(), file, stat };
+            return {
+                stream: deferStream ? assetStream : await assetStream(),
+                file: this.sanitizeFields(file, allowedFields),
+                stat,
+            };
         }
     }
 }

package/dist/services/authentication.js

@@ -1,16 +1,16 @@
+import { performance } from 'perf_hooks';
 import { Action } from '@directus/constants';
 import { useEnv } from '@directus/env';
 import { InvalidCredentialsError, InvalidOtpError, ServiceUnavailableError, UserSuspendedError, } from '@directus/errors';
 import jwt from 'jsonwebtoken';
 import { clone, cloneDeep } from 'lodash-es';
-import { performance } from 'perf_hooks';
 import { getAuthProvider } from '../auth.js';
 import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
 import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
-import { RateLimiterRes, createRateLimiter } from '../rate-limiter.js';
+import { createRateLimiter, RateLimiterRes } from '../rate-limiter.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { getSecret } from '../utils/get-secret.js';
 import { stall } from '../utils/stall.js';

package/dist/services/collections.js

@@ -14,10 +14,10 @@ import { validateAccess } from '../permissions/modules/validate-access/validate-
 import { getSchema } from '../utils/get-schema.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { transaction } from '../utils/transaction.js';
-import { FieldsService } from './fields.js';
 import { buildCollectionAndFieldRelations } from './fields/build-collection-and-field-relations.js';
 import { getCollectionMetaUpdates } from './fields/get-collection-meta-updates.js';
 import { getCollectionRelationList } from './fields/get-collection-relation-list.js';
+import { FieldsService } from './fields.js';
 import { ItemsService } from './items.js';
 export class CollectionsService {
     knex;

package/dist/services/extensions.d.ts

@@ -1,4 +1,4 @@
-import type { ApiOutput, ExtensionSettings, ExtensionManager } from '@directus/types';
+import type { ApiOutput, ExtensionManager, ExtensionSettings } from '@directus/types';
 import type { AbstractServiceOptions, Accountability, DeepPartial, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 import { ItemsService } from './items.js';

package/dist/services/files/utils/get-metadata.d.ts

@@ -1,4 +1,4 @@
-import type { File } from '@directus/types';
 import type { Readable } from 'node:stream';
+import type { File } from '@directus/types';
 export type Metadata = Partial<Pick<File, 'height' | 'width' | 'description' | 'title' | 'tags' | 'metadata'>>;
 export declare function getMetadata(stream: Readable, allowList?: string | string[]): Promise<Metadata>;

package/dist/services/files/utils/get-metadata.js

@@ -1,8 +1,8 @@
+import { pipeline } from 'node:stream/promises';
 import { useEnv } from '@directus/env';
 import exif, {} from 'exif-reader';
 import { parse as parseIcc } from 'icc';
 import { pick } from 'lodash-es';
-import { pipeline } from 'node:stream/promises';
 import { useLogger } from '../../../logger/index.js';
 import { getSharpInstance } from '../lib/get-sharp-instance.js';
 import { parseIptc, parseXmp } from './parse-image-metadata.js';

package/dist/services/files.d.ts

@@ -1,5 +1,5 @@
-import type { AbstractServiceOptions, BusboyFileStream, File, MutationOptions, PrimaryKey, Query, QueryOptions } from '@directus/types';
 import type { Readable } from 'node:stream';
+import type { AbstractServiceOptions, BusboyFileStream, File, MutationOptions, PrimaryKey, Query, QueryOptions } from '@directus/types';
 import { ItemsService } from './items.js';
 export declare class FilesService extends ItemsService<File> {
     constructor(options: AbstractServiceOptions);

package/dist/services/files.js

@@ -1,3 +1,7 @@
+import { PassThrough as PassThroughStream, Transform as TransformStream } from 'node:stream';
+import zlib from 'node:zlib';
+import path from 'path';
+import url from 'url';
 import { useEnv } from '@directus/env';
 import { ContentTooLargeError, InvalidPayloadError, ServiceUnavailableError } from '@directus/errors';
 import formatTitle from '@directus/format-title';
@@ -5,10 +9,6 @@ import { toArray } from '@directus/utils';
 import encodeURL from 'encodeurl';
 import { clone, cloneDeep } from 'lodash-es';
 import { extension } from 'mime-types';
-import { PassThrough as PassThroughStream, Transform as TransformStream } from 'node:stream';
-import zlib from 'node:zlib';
-import path from 'path';
-import url from 'url';
 import { RESUMABLE_UPLOADS } from '../constants.js';
 import emitter from '../emitter.js';
 import { useLogger } from '../logger/index.js';

package/dist/services/graphql/index.d.ts

@@ -1,4 +1,4 @@
-import type { AbstractServiceOptions, Accountability, GraphQLParams, GQLScope, Item, Query, SchemaOverview, PrimaryKey } from '@directus/types';
+import type { AbstractServiceOptions, Accountability, GQLScope, GraphQLParams, Item, PrimaryKey, Query, SchemaOverview } from '@directus/types';
 import type { FormattedExecutionResult, GraphQLSchema } from 'graphql';
 import type { Knex } from 'knex';
 export declare class GraphQLService {

package/dist/services/graphql/index.js

@@ -1,5 +1,5 @@
 import { useEnv } from '@directus/env';
-import { NoSchemaIntrospectionCustomRule, execute, specifiedRules, validate } from 'graphql';
+import { execute, NoSchemaIntrospectionCustomRule, specifiedRules, validate } from 'graphql';
 import getDatabase from '../../database/index.js';
 import { getService } from '../../utils/get-service.js';
 import { formatError } from './errors/format.js';

package/dist/services/graphql/resolvers/mutation.js

@@ -1,7 +1,7 @@
 import { getService } from '../../../utils/get-service.js';
 import { formatError } from '../errors/format.js';
-import { replaceFragmentsInSelections } from '../utils/replace-fragments.js';
 import { getQuery } from '../schema/parse-query.js';
+import { replaceFragmentsInSelections } from '../utils/replace-fragments.js';
 export async function resolveMutation(gql, args, info) {
     const action = info.fieldName.split('_')[0];
     let collection = info.fieldName.substring(action.length + 1);

package/dist/services/graphql/schema/get-types.d.ts

@@ -1,6 +1,6 @@
+import type { GQLScope } from '@directus/types';
 import type { SchemaComposer } from 'graphql-compose';
 import { ObjectTypeComposer } from 'graphql-compose';
-import type { GQLScope } from '@directus/types';
 import { type InconsistentFields, type Schema } from './index.js';
 /**
  * Construct an object of types for every collection, using the permitted fields per action type

package/dist/services/graphql/schema/read.js

@@ -9,8 +9,8 @@ import { GraphQLDate } from '../types/date.js';
 import { GraphQLGeoJSON } from '../types/geojson.js';
 import { GraphQLHash } from '../types/hash.js';
 import { GraphQLStringOrFloat } from '../types/string-or-float.js';
-import { SYSTEM_DENY_LIST } from './index.js';
 import { getTypes } from './get-types.js';
+import { SYSTEM_DENY_LIST } from './index.js';
 /**
  * Create readable types and attach resolvers for each. Also prepares full filter argument structures
  */

package/dist/services/graphql/subscription.d.ts

@@ -1,5 +1,5 @@
-import type { GraphQLService } from './index.js';
 import type { GraphQLResolveInfo } from 'graphql';
+import type { GraphQLService } from './index.js';
 export declare function bindPubSub(): void;
 export declare function createSubscriptionGenerator(gql: GraphQLService, event: string): (_x: unknown, _y: unknown, _z: unknown, request: GraphQLResolveInfo) => AsyncGenerator<{
     [event]: {

package/dist/services/graphql/types/date.js

@@ -1,4 +1,4 @@
-import { GraphQLString, GraphQLScalarType } from 'graphql';
+import { GraphQLScalarType, GraphQLString } from 'graphql';
 export const GraphQLDate = new GraphQLScalarType({
     ...GraphQLString,
     name: 'Date',

package/dist/services/graphql/types/hash.js

@@ -1,4 +1,4 @@
-import { GraphQLString, GraphQLScalarType } from 'graphql';
+import { GraphQLScalarType, GraphQLString } from 'graphql';
 export const GraphQLHash = new GraphQLScalarType({
     ...GraphQLString,
     name: 'Hash',

package/dist/services/graphql/utils/add-path-to-validation-error.js

@@ -1,4 +1,4 @@
-import { GraphQLError, Token, locatedError } from 'graphql';
+import { GraphQLError, locatedError, Token } from 'graphql';
 export function addPathToValidationError(validationError) {
     const token = validationError.nodes?.[0]?.loc?.startToken;
     if (!token)

package/dist/services/import-export.d.ts

@@ -1,6 +1,6 @@
+import type { Readable } from 'node:stream';
 import type { AbstractServiceOptions, Accountability, DirectusError, ExportFormat, File, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
-import type { Readable } from 'node:stream';
 import type { FieldNode, FunctionFieldNode, NestedCollectionNode } from '../types/index.js';
 export declare function createErrorTracker(): {
     addCapturedError: (err: any, rowNumber: number) => void;

package/dist/services/import-export.js

@@ -1,3 +1,5 @@
+import { createReadStream, createWriteStream } from 'node:fs';
+import { appendFile } from 'node:fs/promises';
 import { useEnv } from '@directus/env';
 import { createError, ErrorCode, ForbiddenError, InvalidPayloadError, ServiceUnavailableError, UnsupportedMediaTypeError, } from '@directus/errors';
 import { isSystemCollection } from '@directus/system-data';
@@ -9,8 +11,6 @@ import { dump as toYAML } from 'js-yaml';
 import { parse as toXML } from 'js2xmlparser';
 import { Parser as CSVParser, transforms as CSVTransforms } from 'json2csv';
 import { set } from 'lodash-es';
-import { createReadStream, createWriteStream } from 'node:fs';
-import { appendFile } from 'node:fs/promises';
 import Papa from 'papaparse';
 import StreamArray from 'stream-json/streamers/StreamArray.js';
 import { parseFields } from '../database/get-ast-from-query/lib/parse-fields.js';

package/dist/services/index.d.ts

@@ -35,5 +35,4 @@ export * from './translations.js';
 export * from './users.js';
 export * from './utils.js';
 export * from './versions.js';
-export * from './webhooks.js';
 export * from './websocket.js';

package/dist/services/index.js

@@ -35,5 +35,4 @@ export * from './translations.js';
 export * from './users.js';
 export * from './utils.js';
 export * from './versions.js';
-export * from './webhooks.js';
 export * from './websocket.js';

package/dist/services/mail/index.js

@@ -1,10 +1,10 @@
+import path from 'path';
+import { fileURLToPath } from 'url';
 import { useEnv } from '@directus/env';
 import { InvalidPayloadError } from '@directus/errors';
 import { isObject } from '@directus/utils';
 import fse from 'fs-extra';
 import { Liquid } from 'liquidjs';
-import path from 'path';
-import { fileURLToPath } from 'url';
 import getDatabase from '../../database/index.js';
 import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';

package/dist/services/mail/rate-limiter.js

@@ -1,8 +1,8 @@
 import { useEnv } from '@directus/env';
+import { EmailLimitExceededError } from '@directus/errors';
+import { toBoolean } from '@directus/utils';
 import { RateLimiterQueue } from 'rate-limiter-flexible';
 import { createRateLimiter } from '../../rate-limiter.js';
-import { toBoolean } from '@directus/utils';
-import { EmailLimitExceededError } from '@directus/errors';
 let emailRateLimiterQueue;
 const env = useEnv();
 if (toBoolean(env['RATE_LIMITER_EMAIL_ENABLED']) === true) {

package/dist/services/payload.js

@@ -1,3 +1,4 @@
+import { randomUUID } from 'node:crypto';
 import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
 import { UserIntegrityCheckFlag } from '@directus/types';
 import { parseJSON, toArray } from '@directus/utils';
@@ -5,12 +6,11 @@ import { format, isValid, parseISO } from 'date-fns';
 import { unflatten } from 'flat';
 import Joi from 'joi';
 import { clone, cloneDeep, isNil, isObject, isPlainObject, pick } from 'lodash-es';
-import { randomUUID } from 'node:crypto';
 import { parse as wktToGeoJSON } from 'wellknown';
 import { getHelpers } from '../database/helpers/index.js';
 import getDatabase from '../database/index.js';
-import { generateHash } from '../utils/generate-hash.js';
 import { decrypt, encrypt } from '../utils/encrypt.js';
+import { generateHash } from '../utils/generate-hash.js';
 import { getSecret } from '../utils/get-secret.js';
 /**
  * Process a given payload for a collection to ensure the special fields (hash, uuid, date etc) are

package/dist/services/schema.js

@@ -1,5 +1,5 @@
-import getDatabase from '../database/index.js';
 import { ForbiddenError } from '@directus/errors';
+import getDatabase from '../database/index.js';
 import { applyDiff } from '../utils/apply-diff.js';
 import { getSnapshotDiff } from '../utils/get-snapshot-diff.js';
 import { getSnapshot } from '../utils/get-snapshot.js';

package/dist/services/server.js

@@ -1,11 +1,11 @@
+import { Readable } from 'node:stream';
+import { performance } from 'perf_hooks';
 import { useEnv } from '@directus/env';
 import { toArray, toBoolean } from '@directus/utils';
 import { version } from 'directus/version';
 import { merge } from 'lodash-es';
-import { Readable } from 'node:stream';
-import { performance } from 'perf_hooks';
 import { getCache } from '../cache.js';
-import { RESUMABLE_UPLOADS } from '../constants.js';
+import { FILE_UPLOADS, RESUMABLE_UPLOADS } from '../constants.js';
 import getDatabase, { hasDatabaseConnection } from '../database/index.js';
 import { useLogger } from '../logger/index.js';
 import getMailer from '../mailer.js';
@@ -57,9 +57,10 @@ export class ServerService {
             ],
         });
         info['project'] = projectInfo;
-        info['mcp_enabled'] = toBoolean(env['MCP_ENABLED'] ?? true);
         info['setupCompleted'] = setupComplete;
         if (this.accountability?.user) {
+            info['mcp_enabled'] = toBoolean(env['MCP_ENABLED'] ?? true);
+            info['ai_enabled'] = toBoolean(env['AI_ENABLED'] ?? true);
             if (env['RATE_LIMITER_ENABLED']) {
                 info['rateLimit'] = {
                     points: env['RATE_LIMITER_POINTS'],
@@ -112,8 +113,15 @@ export class ServerService {
             else {
                 info['websocket'] = false;
             }
+            if (FILE_UPLOADS.MAX_CONCURRENCY && FILE_UPLOADS.MAX_CONCURRENCY !== Infinity) {
+                info['uploads'] = {
+                    maxConcurrency: FILE_UPLOADS.MAX_CONCURRENCY,
+                };
+            }
             if (RESUMABLE_UPLOADS.ENABLED) {
                 info['uploads'] = {
+                    ...info['uploads'],
+                    tus: true,
                     chunkSize: RESUMABLE_UPLOADS.CHUNK_SIZE,
                 };
             }

package/dist/services/settings.js

@@ -1,6 +1,6 @@
-import { ItemsService } from './items.js';
-import { sendReport } from '../telemetry/index.js';
 import { version } from 'directus/version';
+import { sendReport } from '../telemetry/index.js';
+import { ItemsService } from './items.js';
 export class SettingsService extends ItemsService {
     constructor(options) {
         super('directus_settings', options);

package/dist/services/tfa.js

@@ -1,8 +1,8 @@
 import { InvalidPayloadError } from '@directus/errors';
 import { authenticator } from 'otplib';
+import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import getDatabase from '../database/index.js';
 import { ItemsService } from './items.js';
-import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 export class TFAService {
     knex;
     itemsService;

package/dist/services/translations.js

@@ -1,5 +1,5 @@
-import getDatabase from '../database/index.js';
 import { InvalidPayloadError } from '@directus/errors';
+import getDatabase from '../database/index.js';
 import { ItemsService } from './items.js';
 export class TranslationsService extends ItemsService {
     constructor(options) {