@directus/api 35.2.0 → 36.0.0-rc.1

package/dist/services/versions.js

@@ -1,3 +1,4 @@
+import "../packages/types/dist/index.js";
 import { getCache } from "../cache.js";
 import { getHelpers } from "../database/helpers/index.js";
 import emitter_default from "../emitter.js";
@@ -8,10 +9,10 @@ import { splitRecursive } from "../utils/versioning/split-recursive.js";
 import { ItemsService } from "./items.js";
 import { ActivityService } from "./activity.js";
 import { RevisionsService } from "./revisions.js";
-import { ForbiddenError, InvalidPayloadError, UnprocessableContentError } from "@directus/errors";
+import { ForbiddenError, InvalidPayloadError, UnprocessableContentError, VersionHashMismatchError } from "@directus/errors";
 import { deepMapWithSchema } from "@directus/utils";
-import { assign, get, isEqual, isPlainObject, pick } from "lodash-es";
-import { Action } from "@directus/constants";
+import { assign, get, isEqual, isNil, isPlainObject, pick } from "lodash-es";
+import { Action, VERSION_KEY_DRAFT, isPublishedVersionKey } from "@directus/constants";
 import hash from "object-hash";
 import Joi from "joi";
 
@@ -21,16 +22,23 @@ var VersionsService = class VersionsService extends ItemsService {
 		super("directus_versions", options);
 	}
 	async validateCreateData(data) {
-		const { error } = Joi.object({
+		const versionCreateSchema = Joi.object({
 			key: Joi.string().required(),
 			name: Joi.string().allow(null),
 			collection: Joi.string().required(),
-			item: Joi.string().required()
-		}).validate(data);
+			item: Joi.string().allow(null)
+		});
+		const itemLess = isNil(data["item"]);
+		const { error } = versionCreateSchema.validate(data);
 		if (error) throw new InvalidPayloadError({ reason: error.message });
-		if (data["key"] === "main") throw new InvalidPayloadError({ reason: `"main" is a reserved version key` });
+		if (isPublishedVersionKey(data["key"])) throw new InvalidPayloadError({ reason: `"${data["key"]}" is a reserved version key` });
+		if (itemLess && data["key"] !== VERSION_KEY_DRAFT) throw new InvalidPayloadError({ reason: `"key" must be "${VERSION_KEY_DRAFT}" for versions not linked to an item` });
 		if (this.accountability) try {
-			await validateAccess({
+			await validateAccess(itemLess ? {
+				accountability: this.accountability,
+				action: "read",
+				collection: data["collection"]
+			} : {
 				accountability: this.accountability,
 				action: "read",
 				collection: data["collection"],
@@ -47,6 +55,9 @@ var VersionsService = class VersionsService extends ItemsService {
 			knex: this.knex,
 			schema: this.schema
 		}).readOne(data["collection"])).meta?.versioning) throw new UnprocessableContentError({ reason: `Content Versioning is not enabled for collection "${data["collection"]}"` });
+		const isSingleton = !!this.schema.collections[data["collection"]]?.singleton;
+		if (itemLess) if (isSingleton) await this.assertSingletonEmpty(data["collection"]);
+		else return;
 		if ((await new VersionsService({
 			knex: this.knex,
 			schema: this.schema
@@ -55,9 +66,9 @@ var VersionsService = class VersionsService extends ItemsService {
 			filter: {
 				key: { _eq: data["key"] },
 				collection: { _eq: data["collection"] },
-				item: { _eq: data["item"] }
+				item: itemLess ? { _null: true } : { _eq: data["item"] }
 			}
-		}))[0]["count"] > 0) throw new UnprocessableContentError({ reason: `Version "${data["key"]}" already exists for item "${data["item"]}" in collection "${data["collection"]}"` });
+		}))[0]["count"] > 0) throw new UnprocessableContentError({ reason: itemLess ? `Singleton collection "${data["collection"]}" already has an item-less version` : `Version "${data["key"]}" already exists for item "${data["item"]}" in collection "${data["collection"]}"` });
 	}
 	async getMainItem(collection, item, query) {
 		return await new ItemsService(collection, {
@@ -73,18 +84,27 @@ var VersionsService = class VersionsService extends ItemsService {
 			mainHash
 		};
 	}
-	async getVersionSave(key, collection, item, mapDelta = true) {
-		const version = (await this.readByQuery({ filter: {
-			key: { _eq: key },
-			collection: { _eq: collection },
-			item: { _eq: item }
-		} }))[0];
-		if (mapDelta && version?.delta) version.delta = this.mapDelta(version);
-		return version;
+	async getVersionSaves(key, collection, item, mapDelta = true) {
+		let itemFilter = {};
+		if (item) itemFilter = { item: { _eq: item } };
+		let versions = await this.readByQuery({
+			filter: {
+				key: { _eq: key },
+				collection: { _eq: collection },
+				...itemFilter
+			},
+			limit: -1
+		});
+		if (mapDelta) versions = versions.map((version) => {
+			if (version.delta) version.delta = this.mapDelta(version);
+			return version;
+		});
+		return versions;
 	}
 	async createOne(data, opts) {
 		await this.validateCreateData(data);
-		data["hash"] = hash(await this.getMainItem(data["collection"], data["item"]));
+		if (data["item"]) data["hash"] = hash(await this.getMainItem(data["collection"], data["item"]));
+		else data["hash"] = null;
 		return super.createOne(data, opts);
 	}
 	async readOne(key, query = {}, opts) {
@@ -96,6 +116,7 @@ var VersionsService = class VersionsService extends ItemsService {
 		if (!Array.isArray(data)) throw new InvalidPayloadError({ reason: "Input should be an array of items" });
 		const keyCombos = /* @__PURE__ */ new Set();
 		for (const item of data) {
+			if (isNil(item["item"])) continue;
 			const keyCombo = `${item["key"]}-${item["collection"]}-${item["item"]}`;
 			if (keyCombos.has(keyCombo)) throw new UnprocessableContentError({ reason: `Cannot create multiple versions on "${item["item"]}" in collection "${item["collection"]}" with the same key "${item["key"]}"` });
 			keyCombos.add(keyCombo);
@@ -105,31 +126,52 @@ var VersionsService = class VersionsService extends ItemsService {
 	async updateMany(keys, data, opts) {
 		const { error } = Joi.object({
 			key: Joi.string(),
-			name: Joi.string().allow(null)
+			name: Joi.string().allow(null),
+			item: Joi.string().allow(null)
 		}).validate(data);
 		if (error) throw new InvalidPayloadError({ reason: error.message });
-		if ("key" in data) {
-			if (data["key"] === "main") throw new InvalidPayloadError({ reason: `"main" is a reserved version key` });
-			const keyCombos = /* @__PURE__ */ new Set();
-			for (const pk of keys) {
-				const { collection, item } = await this.readOne(pk, { fields: ["collection", "item"] });
-				const keyCombo = `${data["key"]}-${collection}-${item}`;
-				if (keyCombos.has(keyCombo)) throw new UnprocessableContentError({ reason: `Cannot update multiple versions on "${item}" in collection "${collection}" to the same key "${data["key"]}"` });
-				keyCombos.add(keyCombo);
-				if ((await super.readByQuery({
-					aggregate: { count: ["*"] },
-					filter: {
-						id: { _neq: pk },
-						key: { _eq: data["key"] },
-						collection: { _eq: collection },
-						item: { _eq: item }
-					}
-				}))[0]["count"] > 0) throw new UnprocessableContentError({ reason: `Version "${data["key"]}" already exists for item "${item}" in collection "${collection}"` });
+		if (isPublishedVersionKey(data["key"])) throw new InvalidPayloadError({ reason: `"${data["key"]}" is a reserved version key` });
+		const keyCombos = /* @__PURE__ */ new Set();
+		for (const pk of keys) {
+			const existingVersion = await this.readOne(pk, { fields: [
+				"collection",
+				"item",
+				"key"
+			] });
+			const collection = existingVersion.collection;
+			const item = "item" in data ? data["item"] : existingVersion.item;
+			const key = "key" in data ? data["key"] : existingVersion.key;
+			if (key !== VERSION_KEY_DRAFT && item === null) throw new InvalidPayloadError({ reason: `"key" must be "${VERSION_KEY_DRAFT}" for versions not linked to an item` });
+			if (item === null) {
+				if (this.schema.collections[collection]?.singleton) {
+					await this.assertSingletonEmpty(collection);
+					if ((await super.readByQuery({
+						aggregate: { count: ["*"] },
+						filter: {
+							id: { _neq: pk },
+							collection: { _eq: collection },
+							item: { _null: true }
+						}
+					}))[0]["count"] > 0) throw new UnprocessableContentError({ reason: `Singleton collection "${collection}" already has an item-less version` });
+				}
+				continue;
 			}
+			const keyCombo = `${key}-${collection}-${item}`;
+			if (keyCombos.has(keyCombo)) throw new UnprocessableContentError({ reason: `Cannot update multiple versions on "${item}" in collection "${collection}" to the same key "${key}"` });
+			keyCombos.add(keyCombo);
+			if ((await super.readByQuery({
+				aggregate: { count: ["*"] },
+				filter: {
+					id: { _neq: pk },
+					key: { _eq: key },
+					collection: { _eq: collection },
+					item: { _eq: item }
+				}
+			}))[0]["count"] > 0) throw new UnprocessableContentError({ reason: `Version "${key}" already exists for item "${item}" in collection "${collection}"` });
 		}
 		return super.updateMany(keys, data, opts);
 	}
-	async save(key, delta) {
+	async save(key, delta, opts) {
 		const version = await super.readOne(key);
 		const payloadService = new PayloadService(this.collection, {
 			accountability: this.accountability,
@@ -137,35 +179,65 @@ var VersionsService = class VersionsService extends ItemsService {
 			schema: this.schema
 		});
 		const { item, collection, delta: existingDelta } = version;
-		const helpers = getHelpers(this.knex);
 		let revisionDelta = await payloadService.prepareDelta(delta);
-		const trackingAccountability = this.schema.collections[collection]?.accountability ?? null;
-		if (trackingAccountability !== null) {
-			const activity = await new ActivityService({
-				knex: this.knex,
-				schema: this.schema
-			}).createOne({
-				action: Action.VERSION_SAVE,
-				user: this.accountability?.user ?? null,
-				collection,
-				ip: this.accountability?.ip ?? null,
-				user_agent: this.accountability?.userAgent ?? null,
-				origin: this.accountability?.origin ?? null,
-				item
-			});
-			if (trackingAccountability === "all") await new RevisionsService({
-				knex: this.knex,
-				schema: this.schema
-			}).createOne({
-				activity,
-				version: key,
-				collection,
-				item,
-				data: revisionDelta,
-				delta: revisionDelta
-			});
+		if (item) {
+			const trackingAccountability = this.schema.collections[collection]?.accountability ?? null;
+			if (trackingAccountability !== null) {
+				const revisionsService = new RevisionsService({
+					knex: this.knex,
+					schema: this.schema
+				});
+				let patchedExistingRevision = false;
+				if (opts?.patchRevision && trackingAccountability === "all") {
+					const [latestRevision] = await revisionsService.readByQuery({
+						filter: { version: { _eq: key } },
+						sort: ["-activity.timestamp"],
+						limit: 1,
+						fields: [
+							"id",
+							"data",
+							"delta",
+							"activity.user"
+						]
+					});
+					const currentUser = this.accountability?.user ?? null;
+					const latestRevisionUser = (latestRevision?.["activity"])?.user ?? null;
+					if (latestRevision && latestRevisionUser === currentUser) {
+						const mergedRevisionData = assign({}, latestRevision["data"], revisionDelta);
+						const mergedRevisionDelta = assign({}, latestRevision["delta"], revisionDelta);
+						await revisionsService.updateOne(latestRevision["id"], {
+							data: mergedRevisionData,
+							delta: mergedRevisionDelta
+						});
+						patchedExistingRevision = true;
+					}
+				}
+				if (!patchedExistingRevision) {
+					const activity = await new ActivityService({
+						knex: this.knex,
+						schema: this.schema
+					}).createOne({
+						action: Action.VERSION_SAVE,
+						user: this.accountability?.user ?? null,
+						collection,
+						ip: this.accountability?.ip ?? null,
+						user_agent: this.accountability?.userAgent ?? null,
+						origin: this.accountability?.origin ?? null,
+						item
+					});
+					if (trackingAccountability === "all") await revisionsService.createOne({
+						activity,
+						version: key,
+						collection,
+						item,
+						data: revisionDelta,
+						delta: revisionDelta
+					});
+				}
+			}
 		}
 		revisionDelta = revisionDelta ? revisionDelta : null;
+		const helpers = getHelpers(this.knex);
 		const date = new Date(helpers.date.writeTimestamp((/* @__PURE__ */ new Date()).toISOString()));
 		deepMapObjects(revisionDelta, (object, path) => {
 			const existing = get(existingDelta, path);
@@ -186,22 +258,29 @@ var VersionsService = class VersionsService extends ItemsService {
 		if (shouldClearCache(cache, void 0, collection)) cache.clear();
 		return finalVersionDelta;
 	}
-	async promote(version, mainHash, fields) {
+	async promote(version, opts) {
 		const { collection, item, delta } = await super.readOne(version);
-		if (this.accountability) await validateAccess({
+		if (item && typeof opts?.mainHash !== "string") throw new InvalidPayloadError({ reason: `"mainHash" field is required` });
+		if (this.accountability) await validateAccess(item ? {
 			accountability: this.accountability,
 			action: "update",
 			collection,
 			primaryKeys: [item]
+		} : {
+			accountability: this.accountability,
+			action: "create",
+			collection
 		}, {
 			schema: this.schema,
 			knex: this.knex
 		});
 		if (!delta) throw new UnprocessableContentError({ reason: `No changes to promote` });
-		const { outdated } = await this.verifyHash(collection, item, mainHash);
-		if (outdated) throw new UnprocessableContentError({ reason: `Main item has changed since this version was last updated` });
+		if (item) {
+			const { outdated, mainHash } = await this.verifyHash(collection, item, opts?.mainHash);
+			if (outdated) throw new VersionHashMismatchError({ mainHash });
+		}
 		const { rawDelta, defaultOverwrites } = splitRecursive(delta);
-		const payloadToUpdate = fields ? pick(rawDelta, fields) : rawDelta;
+		const payloadToUpdate = opts?.fields ? pick(rawDelta, opts.fields) : rawDelta;
 		const itemsService = new ItemsService(collection, {
 			accountability: this.accountability,
 			knex: this.knex,
@@ -216,7 +295,13 @@ var VersionsService = class VersionsService extends ItemsService {
 			schema: this.schema,
 			accountability: this.accountability
 		});
-		const updatedItemKey = await itemsService.updateOne(item, payloadAfterHooks, { overwriteDefaults: defaultOverwrites });
+		let updatedItemKey;
+		if (item) updatedItemKey = await itemsService.updateOne(item, payloadAfterHooks, { overwriteDefaults: defaultOverwrites });
+		else {
+			await this.assertSingletonEmpty(collection);
+			updatedItemKey = await itemsService.createOne(payloadAfterHooks, { overwriteDefaults: defaultOverwrites });
+			await this.updateOne(version, { item: String(updatedItemKey) });
+		}
 		emitter_default.emitAction(["items.promote", `${collection}.items.promote`], {
 			payload: payloadAfterHooks,
 			collection,
@@ -229,6 +314,11 @@ var VersionsService = class VersionsService extends ItemsService {
 		});
 		return updatedItemKey;
 	}
+	async assertSingletonEmpty(collection) {
+		const collectionMeta = this.schema.collections[collection];
+		if (!collectionMeta?.singleton) return;
+		if (await this.knex(collection).first(collectionMeta.primary)) throw new UnprocessableContentError({ reason: `Singleton collection "${collection}" already contains an item` });
+	}
 	mapDelta(version) {
 		const delta = version.delta ?? {};
 		delta[this.schema.collections[version.collection].primary] = version.item;

package/dist/utils/calculate-field-depth.js

@@ -39,6 +39,7 @@ function calculateFieldDepth(obj, dotNotationKeys = []) {
 	const keys = Object.keys(obj);
 	for (const key of keys) {
 		const nestedValue = obj[key];
+		if (key === "_json") continue;
 		if (dotNotationKeys.includes(key) && nestedValue) {
 			let sortDepth = 0;
 			for (const sortKey of nestedValue) if (sortKey) sortDepth = Math.max(sortKey.split(".").length, sortDepth);

package/dist/utils/create-admin.js

@@ -27,6 +27,9 @@ const defaultAdminPolicy = {
 async function createAdmin(schema, admin) {
 	const logger = useLogger();
 	const env = useEnv();
+	const adminEmail = admin?.email ?? env["ADMIN_EMAIL"];
+	const adminPassword = admin?.password ?? env["ADMIN_PASSWORD"];
+	if (!adminEmail || !adminPassword) return;
 	logger.info("Setting up first admin role...");
 	const accessService = new AccessService({ schema });
 	const policiesService = new PoliciesService({ schema });
@@ -37,9 +40,6 @@ async function createAdmin(schema, admin) {
 		role
 	});
 	const usersService = new UsersService({ schema });
-	const adminEmail = admin?.email ?? env["ADMIN_EMAIL"];
-	const adminPassword = admin?.password ?? env["ADMIN_PASSWORD"];
-	if (!adminEmail || !adminPassword) return;
 	const token = env["ADMIN_TOKEN"] ?? null;
 	logger.info("Adding first admin user...");
 	await usersService.createOne({

package/dist/utils/deep-freeze.js

@@ -0,0 +1,24 @@
+import { isPlainObject } from "lodash-es";
+
+//#region src/utils/deep-freeze.ts
+/**
+* Recursively freezes arrays and plain objects so the entire structure is immutable.
+*
+* @example
+* const frozen = deepFreeze({ a: { b: 1 } });
+* frozen.a.b = 2; // throws in strict mode
+*/
+function deepFreeze(value) {
+	if (Array.isArray(value)) {
+		for (const item of value) deepFreeze(item);
+		return Object.freeze(value);
+	}
+	if (isPlainObject(value)) {
+		for (const item of Object.values(value)) deepFreeze(item);
+		return Object.freeze(value);
+	}
+	return value;
+}
+
+//#endregion
+export { deepFreeze };

package/dist/utils/extract-function-name.js

@@ -0,0 +1,13 @@
+//#region src/utils/extract-function-name.ts
+/**
+* Extracts the function name from a function call string, e.g. `year(date_created)` → `'year'`.
+* Returns null if the string is not a recognized function call.
+*/
+function extractFunctionName(str) {
+	const trimmed = str.trim();
+	if (!trimmed.includes("(") || !trimmed.endsWith(")")) return null;
+	return trimmed.split("(")[0] ?? null;
+}
+
+//#endregion
+export { extractFunctionName };

package/dist/utils/generate-translations.js

@@ -10,7 +10,7 @@ import { cloneFields, validateFieldsEligibility } from "./translations-shared.js
 import { dbSafeIdentifierSchema } from "./translations-validation.js";
 import { InvalidPayloadError } from "@directus/errors";
 import { fromZodError } from "zod-validation-error";
-import { z } from "zod";
+import { z as z$1 } from "zod";
 
 //#region src/utils/generate-translations.ts
 const logger = useLogger();
@@ -31,15 +31,15 @@ function buildTranslationsAliasField(languagesFields) {
 		}
 	};
 }
-const GenerateTranslationsInput = z.object({
+const GenerateTranslationsInput = z$1.object({
 	collection: dbSafeIdentifierSchema,
-	fields: z.array(dbSafeIdentifierSchema).min(1),
+	fields: z$1.array(dbSafeIdentifierSchema).min(1),
 	translationsCollection: dbSafeIdentifierSchema.optional(),
 	languagesCollection: dbSafeIdentifierSchema.optional(),
 	parentFkField: dbSafeIdentifierSchema.optional(),
 	languageFkField: dbSafeIdentifierSchema.optional(),
-	createLanguagesCollection: z.boolean().optional().default(true),
-	seedLanguages: z.boolean().optional().default(true)
+	createLanguagesCollection: z$1.boolean().optional().default(true),
+	seedLanguages: z$1.boolean().optional().default(true)
 });
 async function generateTranslations(input, options) {
 	const parseResult = GenerateTranslationsInput.safeParse(input);

package/dist/utils/get-accountability-for-token.js

@@ -5,6 +5,7 @@ import { getSecret } from "./get-secret.js";
 import { createDefaultAccountability } from "../permissions/utils/create-default-accountability.js";
 import { verifyAccessJWT } from "./jwt.js";
 import isDirectusJWT from "./is-directus-jwt.js";
+import { parseOAuthScope } from "./parse-oauth-scope.js";
 import { verifySessionJWT } from "./verify-session-jwt.js";
 import { InvalidCredentialsError } from "@directus/errors";
 
@@ -15,8 +16,19 @@ async function getAccountabilityForToken(token, accountability) {
 	if (token) if (isDirectusJWT(token)) {
 		const payload = verifyAccessJWT(token, getSecret());
 		if ("session" in payload) {
-			await verifySessionJWT(payload);
+			const { oauth_client } = await verifySessionJWT(payload);
 			accountability.session = payload.session;
+			if (oauth_client !== null) {
+				let aud;
+				if (Array.isArray(payload.aud)) aud = payload.aud;
+				else if (payload.aud) aud = [String(payload.aud)];
+				else aud = [];
+				accountability.oauth = {
+					client: oauth_client,
+					scopes: parseOAuthScope(payload.scope),
+					aud
+				};
+			}
 		}
 		if (payload.share) accountability.share = payload.share;
 		if (payload.id) accountability.user = payload.id;

package/dist/utils/get-cache-key.js

@@ -1,7 +1,7 @@
 import database_default from "../database/index.js";
+import { getFlowManager } from "../flows.js";
 import { fetchPoliciesIpAccess } from "../permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.js";
 import { getGraphqlQueryAndVariables } from "./get-graphql-query-and-variables.js";
-import { getFlowManager } from "../flows.js";
 import { toArray } from "@directus/utils";
 import { isEmpty, pick } from "lodash-es";
 import { ipInNetworks } from "@directus/utils/node";

package/dist/utils/get-history-filter-query.js

@@ -0,0 +1,22 @@
+import { getEntitlementManager } from "../license/entitlements/manager.js";
+import "../license/index.js";
+import { mergeFilters } from "@directus/utils";
+
+//#region src/utils/get-history-filter-query.ts
+function getHistoryFilterQuery(query, entitlement, buildFilter) {
+	const limit = getEntitlementManager().getEntitlementLimit(entitlement);
+	if (limit === null || !Number.isFinite(limit) || limit < 0) return query;
+	if (limit === 0) return {
+		...query,
+		limit: 0
+	};
+	const filter = mergeFilters(buildFilter(/* @__PURE__ */ new Date(Date.now() - limit * 1e3)), query.filter ?? null, "and");
+	if (!filter) return query;
+	return {
+		...query,
+		filter
+	};
+}
+
+//#endregion
+export { getHistoryFilterQuery };

package/dist/utils/get-schema.js

@@ -12,7 +12,7 @@ import getDefaultValue from "./get-default-value.js";
 import { getSystemFieldRowsWithAuthProviders } from "./get-field-system-rows.js";
 import { useEnv } from "@directus/env";
 import { parseJSON, toArray, toBoolean } from "@directus/utils";
-import { mapValues } from "lodash-es";
+import { mapValues, pick } from "lodash-es";
 import { createInspector } from "@directus/schema";
 import { systemCollectionRows } from "@directus/system-data";
 
@@ -74,7 +74,7 @@ async function getDatabaseSchema(database, schemaInspector) {
 	};
 	const systemFieldRows$1 = getSystemFieldRowsWithAuthProviders();
 	const schemaOverview = await schemaInspector.overview();
-	const collections = [...await database.select("collection", "singleton", "note", "sort_field", "accountability").from("directus_collections"), ...systemCollectionRows];
+	const collections = [...(await database.select("*").from("directus_collections")).filter((c) => !("status" in c) || c["status"] === "active").map((c) => pick(c, "collection", "singleton", "note", "sort_field", "accountability")), ...systemCollectionRows];
 	for (const [collection, info] of Object.entries(schemaOverview)) {
 		if (toArray(env["DB_EXCLUDE_TABLES"]).includes(collection)) {
 			logger.trace(`Collection "${collection}" is configured to be excluded and will be ignored`);

package/dist/utils/get-service.js

@@ -1,12 +1,13 @@
 import { ItemsService } from "../services/items.js";
 import { FilesService } from "../services/files.js";
 import { FoldersService } from "../services/folders.js";
-import { ActivityService } from "../services/activity.js";
 import { AccessService } from "../services/access.js";
+import { ActivityService } from "../services/activity.js";
+import { FlowsService } from "../services/flows.js";
+import { RevisionsService } from "../services/revisions.js";
 import { SettingsService } from "../services/settings.js";
 import { UsersService } from "../services/users.js";
 import { NotificationsService } from "../services/notifications.js";
-import { RevisionsService } from "../services/revisions.js";
 import { CommentsService } from "../services/comments.js";
 import { DashboardsService } from "../services/dashboards.js";
 import { DeploymentProjectsService } from "../services/deployment-projects.js";
@@ -22,7 +23,6 @@ import { SharesService } from "../services/shares.js";
 import { TranslationsService } from "../services/translations.js";
 import { VersionsService } from "../services/versions.js";
 import "../services/index.js";
-import { FlowsService } from "../services/flows.js";
 import { ForbiddenError } from "@directus/errors";
 
 //#region src/utils/get-service.ts

package/dist/utils/is-admin.js

@@ -0,0 +1,9 @@
+//#region src/utils/is-admin.ts
+function isAdmin(accountability) {
+	if (accountability === null) return true;
+	if (accountability?.admin === true) return true;
+	return false;
+}
+
+//#endregion
+export { isAdmin };

package/dist/utils/is-unauthenticated.js

@@ -0,0 +1,15 @@
+//#region src/utils/is-unauthenticated.ts
+/**
+* Checks if the given accountability is unauthenticated
+*
+* @param accountability
+* @returns True if the user is unauthenticated, false otherwise.
+*/
+function isUnauthenticated(accountability) {
+	if (accountability === null) return false;
+	if (accountability === void 0) return true;
+	return accountability?.role === null && accountability?.user === null;
+}
+
+//#endregion
+export { isUnauthenticated };

package/dist/utils/parse-oauth-scope.js

@@ -0,0 +1,12 @@
+//#region src/utils/parse-oauth-scope.ts
+/**
+* Parse an OAuth scope string into a deduplicated array of scope tokens.
+* Per RFC 6749 Section 3.3, scope is a space-separated list of case-sensitive strings.
+*/
+function parseOAuthScope(scope) {
+	if (typeof scope !== "string" || scope.trim() === "") return [];
+	return [...new Set(scope.trim().split(/\s+/))];
+}
+
+//#endregion
+export { parseOAuthScope };

package/dist/utils/sanitize-query.js

@@ -61,7 +61,7 @@ function sanitizeFields(rawFields) {
 }
 function sanitizeSort(rawSort) {
 	let fields = [];
-	if (typeof rawSort === "string") fields = rawSort.split(",");
+	if (typeof rawSort === "string") fields = splitFields(rawSort);
 	else if (Array.isArray(rawSort)) fields = rawSort;
 	fields = fields.map((field) => field.trim());
 	return fields;
@@ -143,7 +143,7 @@ async function sanitizeDeep(deep, schema, accountability) {
 		for (const [key, value] of Object.entries(level)) {
 			if (!key) break;
 			if (key.startsWith("_")) subQuery[key.substring(1)] = value;
-			else if (isPlainObject(value)) parse(value, [...path, key]);
+			else if (isPlainObject(value)) await parse(value, [...path, key]);
 		}
 		if (Object.keys(subQuery).length > 0) {
 			const parsedSubQuery = await sanitizeQuery(subQuery, schema, accountability);

package/dist/utils/split-field-path.js

@@ -0,0 +1,29 @@
+//#region src/utils/split-field-path.ts
+/**
+* Splits a field path on dots that are outside parentheses.
+*
+* A plain `.split('.')` breaks when a path segment contains a function call
+* whose arguments include dots (e.g. `category_id.json(metadata, settings.theme)`).
+* This helper only splits on dots at paren-depth 0.
+*
+* @example
+* splitFieldPath('a.b.c')                              // ['a', 'b', 'c']
+* splitFieldPath('category_id.json(metadata, color)')  // ['category_id', 'json(metadata, color)']
+* splitFieldPath('a.json(meta, x.y.z)')                // ['a', 'json(meta, x.y.z)']
+*/
+function splitFieldPath(path) {
+	const parts = [];
+	let depth = 0;
+	let start = 0;
+	for (let i = 0; i < path.length; i++) if (path[i] === "(") depth++;
+	else if (path[i] === ")") depth--;
+	else if (path[i] === "." && depth === 0) {
+		parts.push(path.slice(start, i));
+		start = i + 1;
+	}
+	parts.push(path.slice(start));
+	return parts;
+}
+
+//#endregion
+export { splitFieldPath };

package/dist/utils/store.js

@@ -13,7 +13,7 @@ function useStore(namespace, options) {
 		namespace,
 		redis: useRedis()
 	};
-	if (config.type === "redis" && options?.ttl) config.ttl = options?.ttl;
+	if (options?.ttl) config.ttl = options?.ttl;
 	const store = createCache(config);
 	return (callback) => store.usingLock(`lock`, async () => {
 		return await callback({