@directus/api 33.3.1 → 34.0.0

package/dist/database/run-ast/lib/apply-query/filter/operator.js

@@ -1,6 +1,21 @@
+import { InvalidQueryError } from '@directus/errors';
 import { getOutputTypeForFunction } from '@directus/utils';
 import { getHelpers } from '../../../../helpers/index.js';
 import { getColumn } from '../../../utils/get-column.js';
+function castToNumber(value) {
+    if (Array.isArray(value)) {
+        return value.map((val) => {
+            const num = Number(val);
+            if (Number.isNaN(num))
+                throw new InvalidQueryError({ reason: `Invalid numeric value` });
+            return num;
+        });
+    }
+    const num = Number(value);
+    if (Number.isNaN(num))
+        throw new InvalidQueryError({ reason: `Invalid numeric value` });
+    return num;
+}
 export function applyOperator(knex, dbQuery, schema, key, operator, compareValue, logical = 'and', originalCollectionName) {
     const helpers = getHelpers(knex);
     const [table, column] = key.split('.');
@@ -47,7 +62,7 @@ export function applyOperator(knex, dbQuery, schema, key, operator, compareValue
         const functionName = column.split('(')[0];
         const type = getOutputTypeForFunction(functionName);
         if (['integer', 'float', 'decimal'].includes(type)) {
-            compareValue = Array.isArray(compareValue) ? compareValue.map(Number) : Number(compareValue);
+            compareValue = castToNumber(compareValue);
         }
     }
     // Cast filter value (compareValue) based on type of field being filtered against
@@ -64,12 +79,7 @@ export function applyOperator(knex, dbQuery, schema, key, operator, compareValue
             }
         }
         if (['integer', 'float', 'decimal'].includes(type)) {
-            if (Array.isArray(compareValue)) {
-                compareValue = compareValue.map((val) => Number(val));
-            }
-            else {
-                compareValue = Number(compareValue);
-            }
+            compareValue = castToNumber(compareValue);
         }
     }
     if (operator === '_eq') {

package/dist/database/run-ast/lib/parse-current-level.js

@@ -1,4 +1,5 @@
 import { parseFilterKey } from '../../../utils/parse-filter-key.js';
+import { parseJsonFunction } from '../../helpers/fn/json/parse-function.js';
 export async function parseCurrentLevel(schema, collection, children, query) {
     const primaryKeyField = schema.collections[collection].primary;
     const columnsInCollection = Object.keys(schema.collections[collection].fields);
@@ -6,7 +7,13 @@ export async function parseCurrentLevel(schema, collection, children, query) {
     const nestedCollectionNodes = [];
     for (const child of children) {
         if (child.type === 'field' || child.type === 'functionField') {
-            const { fieldName } = parseFilterKey(child.name);
+            let fieldName;
+            if (child.type == 'functionField' && child.name.startsWith('json')) {
+                fieldName = parseJsonFunction(child.name).field;
+            }
+            else {
+                fieldName = parseFilterKey(child.name).fieldName;
+            }
             if (columnsInCollection.includes(fieldName)) {
                 columnsToSelectInternal.push(child.fieldKey);
             }

package/dist/database/run-ast/run-ast.js

@@ -6,6 +6,7 @@ import { PayloadService } from '../../services/payload.js';
 import getDatabase from '../index.js';
 import { getDBQuery } from './lib/get-db-query.js';
 import { parseCurrentLevel } from './lib/parse-current-level.js';
+import { applyFunctionToColumnName } from './utils/apply-function-to-column-name.js';
 import { applyParentFilters } from './utils/apply-parent-filters.js';
 import { mergeWithParentItems } from './utils/merge-with-parent-items.js';
 import { removeTemporaryFields } from './utils/remove-temporary-fields.js';
@@ -49,7 +50,16 @@ export async function runAst(originalAST, schema, accountability, options) {
             return null;
         // Run the items through the special transforms
         const payloadService = new PayloadService(collection, { accountability, knex, schema });
-        let items = await payloadService.processValues('read', rawItems, query.alias ?? {}, query.aggregate ?? {});
+        // Build alias map that includes auto-generated json function field mappings
+        // so processJsonFunctionResults can detect and parse stringified JSON values
+        const aliasMap = { ...query.alias };
+        for (const child of children) {
+            if (child.type === 'functionField' && child.name.startsWith('json(')) {
+                const alias = applyFunctionToColumnName(child.fieldKey);
+                aliasMap[alias] = child.name;
+            }
+        }
+        let items = await payloadService.processValues('read', rawItems, aliasMap, query.aggregate ?? {});
         if (!items || (Array.isArray(items) && items.length === 0))
             return items;
         // Apply the `_in` filters to the nested collection batches

package/dist/database/run-ast/utils/apply-function-to-column-name.js

@@ -14,7 +14,13 @@ export function applyFunctionToColumnName(column) {
     if (column.includes('(') && column.includes(')')) {
         const functionName = column.split('(')[0];
         const columnName = column.match(REGEX_BETWEEN_PARENS)[1];
-        return `${columnName}_${functionName}`;
+        if (functionName === 'json') {
+            const slug = columnName?.replace(/[.[\],\s]+/g, '_');
+            return `${slug}${slug?.endsWith('_') ? '' : '_'}${functionName}`;
+        }
+        else {
+            return `${columnName}_${functionName}`;
+        }
     }
     else {
         return column;

package/dist/database/run-ast/utils/get-column.js

@@ -1,6 +1,7 @@
 import { REGEX_BETWEEN_PARENS } from '@directus/constants';
 import { InvalidQueryError } from '@directus/errors';
 import { getFunctionsForType } from '@directus/utils';
+import { parseJsonFunction } from '../../helpers/fn/json/parse-function.js';
 import { getFunctions } from '../../helpers/index.js';
 import { applyFunctionToColumnName } from './apply-function-to-column-name.js';
 /**
@@ -22,12 +23,21 @@ export function getColumn(knex, table, column, alias = applyFunctionToColumnName
         const columnName = column.match(REGEX_BETWEEN_PARENS)[1];
         if (functionName in fn) {
             const collectionName = options?.originalCollectionName || table;
-            const type = schema?.collections[collectionName]?.fields?.[columnName]?.type ?? 'unknown';
+            let fieldName = columnName;
+            let jsonPath;
+            // For json function, extract the base field name from the arguments
+            // json(metadata, color) -> metadata
+            if (functionName === 'json') {
+                const result = parseJsonFunction(column);
+                fieldName = result.field;
+                jsonPath = result.path;
+            }
+            const type = schema?.collections[collectionName]?.fields?.[fieldName]?.type ?? 'unknown';
             const allowedFunctions = getFunctionsForType(type);
             if (allowedFunctions.includes(functionName) === false) {
                 throw new InvalidQueryError({ reason: `Invalid function specified "${functionName}"` });
             }
-            const result = fn[functionName](table, columnName, {
+            const result = fn[functionName](table, fieldName, {
                 type,
                 relationalCountOptions: isFunctionColumnOptions(options)
                     ? {
@@ -37,6 +47,7 @@ export function getColumn(knex, table, column, alias = applyFunctionToColumnName
                     }
                     : undefined,
                 originalCollectionName: options?.originalCollectionName,
+                jsonPath,
             });
             if (alias) {
                 return knex.raw(result + ' AS ??', [alias]);

package/dist/deployment/deployment.d.ts

@@ -1,4 +1,4 @@
-import type { Credentials, Deployment, Details, Log, Options, Project, TriggerResult } from '@directus/types';
+import type { Credentials, Deployment, DeploymentWebhookEvent, Details, Log, Options, Project, Status, TriggerResult, WebhookRegistrationResult } from '@directus/types';
 import type { AxiosRequestConfig, AxiosResponse } from 'axios';
 export type DeploymentRequestOptions = Pick<AxiosRequestConfig<string>, 'method' | 'headers'> & {
     body?: string | null;
@@ -77,7 +77,7 @@ export declare abstract class DeploymentDriver<TCredentials extends Credentials
      * @throws {HitRateLimitError} When rate limit is exceeded
      * @throws {ServiceUnavailableError} When provider API fails
      */
-    abstract cancelDeployment(deploymentId: string): Promise<void>;
+    abstract cancelDeployment(deploymentId: string): Promise<Status>;
     /**
      * Get deployment build logs
      *
@@ -91,4 +91,27 @@ export declare abstract class DeploymentDriver<TCredentials extends Credentials
     abstract getDeploymentLogs(deploymentId: string, options?: {
         since?: Date;
     }): Promise<Log[]>;
+    /**
+     * Register a webhook with the provider
+     *
+     * @param webhookUrl The public URL that will receive webhook events
+     * @param projectIds External project IDs to scope the webhook
+     * @returns Webhook ID and secret for signature verification
+     */
+    abstract registerWebhook(webhookUrl: string, projectIds: string[]): Promise<WebhookRegistrationResult>;
+    /**
+     * Unregister webhooks from the provider
+     *
+     * @param webhookIds The webhook IDs returned from registerWebhook
+     */
+    abstract unregisterWebhook(webhookIds: string[]): Promise<void>;
+    /**
+     * Verify webhook signature and parse the event payload
+     *
+     * @param rawBody Raw request body buffer (before JSON parsing)
+     * @param headers Request headers
+     * @param webhookSecret Secret used for signature verification
+     * @returns Parsed event or null if signature is invalid
+     */
+    abstract verifyAndParseWebhook(rawBody: Buffer, headers: Record<string, string | string[] | undefined>, webhookSecret: string): DeploymentWebhookEvent | null;
 }

package/dist/deployment/drivers/netlify.d.ts

@@ -1,4 +1,4 @@
-import type { Credentials, Deployment, Details, Log, Options, Project, TriggerResult } from '@directus/types';
+import type { Credentials, Deployment, DeploymentWebhookEvent, Details, Log, Options, Project, Status, TriggerResult, WebhookRegistrationResult } from '@directus/types';
 import { DeploymentDriver } from '../deployment.js';
 export interface NetlifyCredentials extends Credentials {
     access_token: string;
@@ -22,11 +22,15 @@ export declare class NetlifyDriver extends DeploymentDriver<NetlifyCredentials,
         preview?: boolean;
         clearCache?: boolean;
     }): Promise<TriggerResult>;
-    cancelDeployment(deploymentId: string): Promise<void>;
+    cancelDeployment(deploymentId: string): Promise<Status>;
     private closeWsConnection;
     private setupWsIdleTimeout;
     private setupWsConnectionTimeout;
     private getWsConnection;
+    registerWebhook(webhookUrl: string, projectIds: string[]): Promise<WebhookRegistrationResult>;
+    private cleanupStaleHooks;
+    unregisterWebhook(webhookIds: string[]): Promise<void>;
+    verifyAndParseWebhook(rawBody: Buffer, headers: Record<string, string | string[] | undefined>, webhookSecret: string): DeploymentWebhookEvent | null;
     getDeploymentLogs(deploymentId: string, options?: {
         since?: Date;
     }): Promise<Log[]>;

package/dist/deployment/drivers/netlify.js

@@ -1,6 +1,8 @@
+import { randomBytes, timingSafeEqual } from 'node:crypto';
 import { InvalidCredentialsError, ServiceUnavailableError } from '@directus/errors';
 import { NetlifyAPI } from '@netlify/api';
 import { isNumber } from 'lodash-es';
+import { useLogger } from '../../logger/index.js';
 import { DeploymentDriver } from '../deployment.js';
 const WS_CONNECTIONS = new Map();
 const WS_IDLE_TIMEOUT = 60_000; // 60 seconds
@@ -8,6 +10,13 @@ const WS_CONNECTION_TIMEOUT = 10_000; // 10 seconds
 // eslint-disable-next-line no-control-regex
 const ANSI_REGEX = /[\x1b]\[[0-9;]*m/g;
 const WS_URL = 'wss://socketeer.services.netlify.com/build/logs';
+const NETLIFY_WEBHOOK_EVENTS = ['deploy_created', 'deploy_building', 'deploy_failed', 'deploy_succeeded'];
+// Map Netlify deploy state to our normalized types
+const STATE_TO_EVENT = {
+    building: { type: 'deployment.created', status: 'building' },
+    ready: { type: 'deployment.succeeded', status: 'ready' },
+    error: { type: 'deployment.error', status: 'error' },
+};
 export class NetlifyDriver extends DeploymentDriver {
     api;
     constructor(credentials, options = {}) {
@@ -63,16 +72,23 @@ export class NetlifyDriver extends DeploymentDriver {
         return result;
     }
     async listProjects() {
-        const params = { per_page: '100' };
-        const response = await this.handleApiError((api) => {
-            return this.options.account_slug
-                ? api.listSitesForAccount({
-                    account_slug: this.options.account_slug,
-                    ...params,
-                })
-                : api.listSites(params);
-        });
-        return response.map((site) => this.mapSiteBase(site));
+        const allSites = [];
+        const perPage = 100;
+        let hasMore = true;
+        for (let page = 1; hasMore; page++) {
+            const params = { per_page: String(perPage), page: String(page) };
+            const response = await this.handleApiError((api) => {
+                return this.options.account_slug
+                    ? api.listSitesForAccount({
+                        account_slug: this.options.account_slug,
+                        ...params,
+                    })
+                    : api.listSites(params);
+            });
+            allSites.push(...response);
+            hasMore = response.length >= perPage;
+        }
+        return allSites.map((site) => this.mapSiteBase(site));
     }
     async getProject(projectId) {
         const site = await this.handleApiError((api) => api.getSite({ siteId: projectId }));
@@ -149,12 +165,27 @@ export class NetlifyDriver extends DeploymentDriver {
         const triggerResult = {
             deployment_id: buildResponse.deploy_id,
             status: this.mapStatus(deployState.state),
+            created_at: new Date(deployState.created_at),
         };
         return triggerResult;
     }
     async cancelDeployment(deploymentId) {
-        await this.handleApiError((api) => api.cancelSiteDeploy({ deployId: deploymentId }));
-        this.closeWsConnection(deploymentId);
+        try {
+            await this.handleApiError((api) => api.cancelSiteDeploy({ deployId: deploymentId }));
+            this.closeWsConnection(deploymentId);
+            return 'canceled';
+        }
+        catch {
+            const details = await this.getDeployment(deploymentId);
+            if (details.status !== 'building') {
+                this.closeWsConnection(deploymentId);
+                return details.status;
+            }
+            throw new ServiceUnavailableError({
+                service: 'netlify',
+                reason: `Could not cancel the deployment: ${deploymentId}`,
+            });
+        }
     }
     closeWsConnection(deploymentId, remove = true) {
         const connection = WS_CONNECTIONS.get(deploymentId);
@@ -245,6 +276,77 @@ export class NetlifyDriver extends DeploymentDriver {
             });
         });
     }
+    async registerWebhook(webhookUrl, projectIds) {
+        const logger = useLogger();
+        const secret = randomBytes(32).toString('hex');
+        const hookIds = [];
+        // Netlify API doesn't support JWS signing for API-created hooks,
+        // so we inject a token for verification instead
+        const signedUrl = `${webhookUrl}?token=${secret}`;
+        for (const siteId of projectIds) {
+            await this.cleanupStaleHooks(siteId, webhookUrl);
+        }
+        for (const siteId of projectIds) {
+            for (const event of NETLIFY_WEBHOOK_EVENTS) {
+                const hook = await this.handleApiError((api) => api.createHookBySiteId({
+                    site_id: siteId,
+                    body: { type: 'url', event, data: { url: signedUrl } },
+                }));
+                logger.debug(`[webhook:netlify] Created hook ${hook.id} for event ${event}`);
+                hookIds.push(hook.id);
+            }
+        }
+        return { webhook_ids: hookIds, webhook_secret: secret };
+    }
+    async cleanupStaleHooks(siteId, webhookUrl) {
+        const logger = useLogger();
+        const hooks = await this.handleApiError((api) => api.listHooksBySiteId({ site_id: siteId }));
+        const staleHooks = hooks.filter((h) => h.data?.url?.startsWith(webhookUrl));
+        if (staleHooks.length > 0) {
+            logger.debug(`[webhook:netlify] Cleaning up ${staleHooks.length} stale hook(s) for site ${siteId}`);
+            await Promise.allSettled(staleHooks.map((h) => this.api.deleteHook({ hook_id: h.id })));
+        }
+    }
+    async unregisterWebhook(webhookIds) {
+        await Promise.allSettled(webhookIds.map((id) => this.api.deleteHook({ hook_id: id })));
+    }
+    verifyAndParseWebhook(rawBody, headers, webhookSecret) {
+        const logger = useLogger();
+        // URL token verification — Netlify API doesn't support JWS signing for API-created hooks,
+        // so we embed a secret token in the webhook URL and verify it here.
+        // The token is passed via the 'x-webhook-token'
+        const token = headers['x-webhook-token'];
+        if (!token || typeof token !== 'string') {
+            logger.warn(`[webhook:netlify] Missing webhook token`);
+            return null;
+        }
+        const tokenBuf = Buffer.from(token);
+        const secretBuf = Buffer.from(webhookSecret);
+        if (tokenBuf.length !== secretBuf.length || !timingSafeEqual(tokenBuf, secretBuf)) {
+            logger.warn(`[webhook:netlify] Token mismatch`);
+            return null;
+        }
+        // Parse deploy object from body
+        const deploy = JSON.parse(rawBody.toString('utf-8'));
+        const state = this.mapStatus(deploy.state);
+        const mapping = STATE_TO_EVENT[state];
+        if (!mapping) {
+            return null;
+        }
+        const url = deploy.ssl_url || deploy.deploy_ssl_url || deploy.url;
+        const timestamp = deploy.published_at || deploy.updated_at || deploy.created_at;
+        return {
+            type: mapping.type,
+            provider: 'netlify',
+            project_external_id: deploy.site_id,
+            deployment_external_id: deploy.id,
+            status: mapping.status,
+            ...(url ? { url } : {}),
+            ...(deploy.context ? { target: deploy.context } : {}),
+            timestamp: new Date(timestamp),
+            raw: deploy,
+        };
+    }
     async getDeploymentLogs(deploymentId, options) {
         const deploy = await this.handleApiError((api) => api.getDeploy({ deployId: deploymentId }));
         const connection = await this.getWsConnection(deploymentId);

package/dist/deployment/drivers/vercel.d.ts

@@ -1,4 +1,4 @@
-import type { Credentials, Deployment, Details, Log, Options, Project, TriggerResult } from '@directus/types';
+import type { Credentials, Deployment, DeploymentWebhookEvent, Details, Log, Options, Project, Status, TriggerResult, WebhookRegistrationResult } from '@directus/types';
 import { DeploymentDriver } from '../deployment.js';
 export interface VercelCredentials extends Credentials {
     access_token: string;
@@ -25,8 +25,11 @@ export declare class VercelDriver extends DeploymentDriver<VercelCredentials, Ve
         preview?: boolean;
         clearCache?: boolean;
     }): Promise<TriggerResult>;
-    cancelDeployment(deploymentId: string): Promise<void>;
+    cancelDeployment(deploymentId: string): Promise<Status>;
     getDeploymentLogs(deploymentId: string, options?: {
         since?: Date;
     }): Promise<Log[]>;
+    registerWebhook(webhookUrl: string, projectIds: string[]): Promise<WebhookRegistrationResult>;
+    unregisterWebhook(webhookIds: string[]): Promise<void>;
+    verifyAndParseWebhook(rawBody: Buffer, headers: Record<string, string | string[] | undefined>, webhookSecret: string): DeploymentWebhookEvent | null;
 }

package/dist/deployment/drivers/vercel.js

@@ -1,6 +1,13 @@
+import { createHmac, timingSafeEqual } from 'node:crypto';
 import { HitRateLimitError, InvalidCredentialsError, ServiceUnavailableError } from '@directus/errors';
 import pLimit from 'p-limit';
 import { DeploymentDriver } from '../deployment.js';
+const VERCEL_WEBHOOK_EVENTS = [
+    'deployment.created',
+    'deployment.succeeded',
+    'deployment.error',
+    'deployment.canceled',
+];
 export class VercelDriver extends DeploymentDriver {
     static API_URL = 'https://api.vercel.com';
     requestLimit = pLimit(5);
@@ -83,8 +90,14 @@ export class VercelDriver extends DeploymentDriver {
         return result;
     }
     async listProjects() {
-        const response = await this.request('/v9/projects');
-        return response.projects.map((project) => this.mapProjectBase(project));
+        const allProjects = [];
+        let until;
+        do {
+            const response = await this.request('/v9/projects', { params: { limit: '100', ...(until ? { until } : {}) } });
+            allProjects.push(...response.projects.map((project) => this.mapProjectBase(project)));
+            until = response.pagination?.next ? String(response.pagination.next) : undefined;
+        } while (until);
+        return allProjects;
     }
     async getProject(projectId) {
         const project = await this.request(`/v9/projects/${projectId}`);
@@ -171,6 +184,7 @@ export class VercelDriver extends DeploymentDriver {
         const triggerResult = {
             deployment_id: response.id,
             status: this.mapStatus(response.status),
+            created_at: new Date(response.createdAt),
         };
         if (response.url) {
             triggerResult.url = `https://${response.url}`;
@@ -178,9 +192,22 @@ export class VercelDriver extends DeploymentDriver {
         return triggerResult;
     }
     async cancelDeployment(deploymentId) {
-        await this.request(`/v12/deployments/${encodeURIComponent(deploymentId)}/cancel`, {
-            method: 'PATCH',
-        });
+        try {
+            await this.request(`/v12/deployments/${encodeURIComponent(deploymentId)}/cancel`, {
+                method: 'PATCH',
+            });
+            return 'canceled';
+        }
+        catch {
+            const details = await this.getDeployment(deploymentId);
+            if (details.status !== 'building') {
+                return details.status;
+            }
+            throw new ServiceUnavailableError({
+                service: 'vercel',
+                reason: `Could not cancel the deployment: ${deploymentId}`,
+            });
+        }
     }
     async getDeploymentLogs(deploymentId, options) {
         let url = `/v3/deployments/${encodeURIComponent(deploymentId)}/events`;
@@ -205,4 +232,56 @@ export class VercelDriver extends DeploymentDriver {
             message: event.text || event.payload?.text || '',
         }));
     }
+    async registerWebhook(webhookUrl, projectIds) {
+        const response = await this.request('/v1/webhooks', {
+            method: 'POST',
+            body: JSON.stringify({
+                url: webhookUrl,
+                events: VERCEL_WEBHOOK_EVENTS,
+                projectIds,
+            }),
+        });
+        return {
+            webhook_ids: [response.id],
+            webhook_secret: response.secret,
+        };
+    }
+    async unregisterWebhook(webhookIds) {
+        for (const id of webhookIds) {
+            await this.request(`/v1/webhooks/${encodeURIComponent(id)}`, {
+                method: 'DELETE',
+            });
+        }
+    }
+    verifyAndParseWebhook(rawBody, headers, webhookSecret) {
+        const signature = headers['x-vercel-signature'];
+        if (!signature || typeof signature !== 'string') {
+            return null;
+        }
+        const expected = createHmac('sha1', webhookSecret).update(rawBody).digest('hex');
+        if (signature.length !== expected.length || !timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
+            return null;
+        }
+        const body = JSON.parse(rawBody.toString('utf-8'));
+        if (!VERCEL_WEBHOOK_EVENTS.includes(body.type)) {
+            return null;
+        }
+        const eventTypeToStatus = {
+            'deployment.created': 'building',
+            'deployment.succeeded': 'ready',
+            'deployment.error': 'error',
+            'deployment.canceled': 'canceled',
+        };
+        return {
+            type: body.type,
+            provider: 'vercel',
+            project_external_id: body.payload.project.id,
+            deployment_external_id: body.payload.deployment.id,
+            status: eventTypeToStatus[body.type] ?? 'building',
+            ...(body.payload.deployment.url ? { url: `https://${body.payload.deployment.url}` } : {}),
+            ...(body.payload.target ? { target: body.payload.target } : {}),
+            timestamp: new Date(body.createdAt),
+            raw: body,
+        };
+    }
 }

package/dist/deployment.d.ts

@@ -22,3 +22,8 @@ export declare function isValidProviderType(provider: string): provider is Provi
  * Get list of supported provider types
  */
 export declare function getSupportedProviderTypes(): ProviderType[];
+/**
+ * Sync webhooks for existing deployment configs that don't have one yet.
+ * Called at startup to handle configs created before webhook support was added.
+ */
+export declare function ensureDeploymentWebhooks(): Promise<void>;

package/dist/deployment.js

@@ -1,4 +1,8 @@
+import getDatabase from './database/index.js';
 import { NetlifyDriver, VercelDriver } from './deployment/drivers/index.js';
+import { useLogger } from './logger/index.js';
+import { DeploymentService } from './services/deployment.js';
+import { getSchema } from './utils/get-schema.js';
 /**
  * Registry of deployment driver constructors
  */
@@ -38,3 +42,33 @@ export function isValidProviderType(provider) {
 export function getSupportedProviderTypes() {
     return Array.from(drivers.keys());
 }
+/**
+ * Sync webhooks for existing deployment configs that don't have one yet.
+ * Called at startup to handle configs created before webhook support was added.
+ */
+export async function ensureDeploymentWebhooks() {
+    const logger = useLogger();
+    const knex = getDatabase();
+    const schema = await getSchema();
+    const service = new DeploymentService({
+        knex,
+        schema,
+        accountability: null,
+    });
+    const configs = await service.readByQuery({
+        limit: -1,
+    });
+    if (!configs || configs.length === 0) {
+        logger.debug('[webhook] No deployment configs found');
+        return;
+    }
+    logger.debug(`[webhook] Syncing webhooks for ${configs.length} config(s)...`);
+    for (const config of configs) {
+        try {
+            await service.syncWebhook(config.provider);
+        }
+        catch (err) {
+            logger.error(`[webhook] Failed to sync webhook for ${config.provider}: ${err}`);
+        }
+    }
+}

package/dist/permissions/utils/get-unaliased-field-key.js

@@ -1,3 +1,4 @@
+import { parseJsonFunction } from '../../database/helpers/fn/json/parse-function.js';
 import { parseFilterKey } from '../../utils/parse-filter-key.js';
 /**
  * Derive the unaliased field key from the given AST node.
@@ -10,8 +11,15 @@ export function getUnaliasedFieldKey(node) {
         case 'm2o':
             return node.relation.field;
         case 'field':
-        case 'functionField':
             // The field name might still include a function, so process that here as well
             return parseFilterKey(node.name).fieldName;
+        case 'functionField':
+            if (node.name.startsWith('json')) {
+                return parseJsonFunction(node.name).field;
+            }
+            else {
+                // The field name might still include a function, so process that here as well
+                return parseFilterKey(node.name).fieldName;
+            }
     }
 }

package/dist/request/is-denied-ip.js

@@ -1,7 +1,5 @@
-import os from 'node:os';
 import { useEnv } from '@directus/env';
-import { ipInNetworks } from '@directus/utils/node';
-import { matches } from 'ip-matching';
+import { IpBlocklist } from '@directus/utils/node';
 import { useLogger } from '../logger/index.js';
 export function isDeniedIp(ip) {
     const env = useEnv();
@@ -9,31 +7,34 @@ export function isDeniedIp(ip) {
     const ipDenyList = env['IMPORT_IP_DENY_LIST'];
     if (ipDenyList.length === 0)
         return false;
+    const blockList = new IpBlocklist();
+    let blockNetworkInterfaces = false;
     try {
-        const denied = ipInNetworks(ip, ipDenyList);
-        if (denied)
-            return true;
+        for (const blockNetworkRaw of ipDenyList) {
+            const blockNetwork = blockNetworkRaw.trim();
+            if (blockNetwork === '0.0.0.0') {
+                blockNetworkInterfaces = true;
+                continue;
+            }
+            if (blockNetwork.includes('-')) {
+                blockList.parseRange(blockNetwork);
+                continue;
+            }
+            if (blockNetwork.includes('/')) {
+                blockList.parseSubnet(blockNetwork);
+                continue;
+            }
+            blockList.parseAddress(blockNetwork);
+        }
+        if (blockNetworkInterfaces) {
+            blockList.addLocalNetworkInterfaces();
+        }
     }
     catch (error) {
+        // error adding blocked ranges to the blocklist
         logger.warn(`Cannot verify IP address due to invalid "IMPORT_IP_DENY_LIST" config`);
         logger.warn(error);
         return true;
     }
-    if (ipDenyList.includes('0.0.0.0')) {
-        const networkInterfaces = os.networkInterfaces();
-        for (const networkInfo of Object.values(networkInterfaces)) {
-            if (!networkInfo)
-                continue;
-            for (const info of networkInfo) {
-                if (info.internal && info.cidr) {
-                    if (matches(ip, info.cidr))
-                        return true;
-                }
-                else if (info.address === ip) {
-                    return true;
-                }
-            }
-        }
-    }
-    return false;
+    return blockList.checkAddress(ip);
 }