directus 9.1.2 → 9.3.0

package/dist/auth/drivers/ldap.js

@@ -87,6 +87,12 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                         }
                     });
                 });
+                res.on('end', (result) => {
+                    if ((result === null || result === void 0 ? void 0 : result.status) === 0) {
+                        // Handle edge case with IBM systems where authenticated bind user could not fetch their DN
+                        reject(new exceptions_1.UnexpectedResponseException('Failed to find bind user record'));
+                    }
+                });
             });
         });
     }
@@ -94,7 +100,10 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         const { userDn, userAttribute, userScope } = this.config;
         return new Promise((resolve, reject) => {
             // Search for the user in LDAP by attribute
-            this.bindClient.search(userDn, { filter: `(${userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn'}=${identifier})`, scope: userScope !== null && userScope !== void 0 ? userScope : 'one' }, (err, res) => {
+            this.bindClient.search(userDn, {
+                filter: new ldapjs_1.EqualityFilter({ attribute: userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn', value: identifier }),
+                scope: userScope !== null && userScope !== void 0 ? userScope : 'one',
+            }, (err, res) => {
                 if (err) {
                     reject(handleError(err));
                     return;
@@ -151,7 +160,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             // Search for the user info in LDAP by group attribute
             this.bindClient.search(groupDn, {
                 attributes: ['cn'],
-                filter: `(${groupAttribute !== null && groupAttribute !== void 0 ? groupAttribute : 'member'}=${userDn})`,
+                filter: new ldapjs_1.EqualityFilter({ attribute: groupAttribute !== null && groupAttribute !== void 0 ? groupAttribute : 'member', value: userDn }),
                 scope: groupScope !== null && groupScope !== void 0 ? groupScope : 'one',
             }, (err, res) => {
                 if (err) {

package/dist/auth/drivers/oauth2.d.ts

@@ -10,7 +10,7 @@ export declare class OAuth2AuthDriver extends LocalAuthDriver {
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     generateCodeVerifier(): string;
-    generateAuthUrl(codeVerifier: string): string;
+    generateAuthUrl(codeVerifier: string, prompt?: boolean): string;
     private fetchUserId;
     getUserID(payload: Record<string, any>): Promise<string>;
     login(user: User): Promise<SessionData>;

package/dist/auth/drivers/oauth2.js

@@ -32,7 +32,8 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
             authorization_endpoint: authorizeUrl,
             token_endpoint: accessUrl,
             userinfo_endpoint: profileUrl,
-            issuer: additionalConfig.provider,
+            // Required for openid providers (openid flow should be preferred!)
+            issuer: additionalConfig.issuerUrl,
         });
         this.client = new issuer.Client({
             client_id: clientId,
@@ -44,17 +45,20 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
     generateCodeVerifier() {
         return openid_client_1.generators.codeVerifier();
     }
-    generateAuthUrl(codeVerifier) {
+    generateAuthUrl(codeVerifier, prompt = false) {
         var _a;
         try {
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
+            const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
             return this.client.authorizationUrl({
                 scope: (_a = this.config.scope) !== null && _a !== void 0 ? _a : 'email',
+                access_type: 'offline',
+                prompt: prompt ? 'consent' : undefined,
+                ...paramsConfig,
                 code_challenge: codeChallenge,
                 code_challenge_method: 'S256',
                 // Some providers require state even with PKCE
                 state: codeChallenge,
-                access_type: 'offline',
             });
         }
         catch (e) {
@@ -72,6 +76,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
     async getUserID(payload) {
         var _a;
         if (!payload.code || !payload.codeVerifier) {
+            logger_1.default.trace('[OAuth2] No code or codeVerifier in payload');
             throw new exceptions_1.InvalidCredentialsException();
         }
         let tokenSet;
@@ -112,6 +117,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         }
         // Is public registration allowed?
         if (!allowPublicRegistration) {
+            logger_1.default.trace(`[OAuth2] User doesn't exist, and public registration not allowed for provider "${this.config.provider}"`);
             throw new exceptions_1.InvalidCredentialsException();
         }
         await this.usersService.createOne({
@@ -136,35 +142,44 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (!(authData === null || authData === void 0 ? void 0 : authData.refreshToken)) {
-            return sessionData;
-        }
-        try {
-            const tokenSet = await this.client.refresh(authData.refreshToken);
-            return { accessToken: tokenSet.access_token };
-        }
-        catch (e) {
-            throw handleError(e);
+        if (authData === null || authData === void 0 ? void 0 : authData.refreshToken) {
+            try {
+                const tokenSet = await this.client.refresh(authData.refreshToken);
+                // Update user refreshToken if provided
+                if (tokenSet.refresh_token) {
+                    await this.usersService.updateOne(user.id, {
+                        auth_data: JSON.stringify({ refreshToken: tokenSet.refresh_token }),
+                    });
+                }
+            }
+            catch (e) {
+                throw handleError(e);
+            }
         }
+        return sessionData;
     }
 }
 exports.OAuth2AuthDriver = OAuth2AuthDriver;
 const handleError = (e) => {
     if (e instanceof openid_client_1.errors.OPError) {
         if (e.error === 'invalid_grant') {
+            logger_1.default.trace(e, `[OAuth2] Invalid grant.`);
             // Invalid token
-            return new exceptions_1.InvalidCredentialsException();
+            return new exceptions_1.InvalidTokenException();
         }
+        logger_1.default.trace(e, `[OAuth2] Unknown OP error.`);
         // Server response error
         return new exceptions_1.ServiceUnavailableException('Service returned unexpected response', {
-            service: 'openid',
+            service: 'oauth2',
             message: e.error_description,
         });
     }
     else if (e instanceof openid_client_1.errors.RPError) {
         // Internal client error
+        logger_1.default.trace(e, `[OAuth2] Unknown RP error.`);
         return new exceptions_1.InvalidCredentialsException();
     }
+    logger_1.default.trace(e, `[OAuth2] Unknown error.`);
     return e;
 };
 function createOAuth2AuthRouter(providerName) {
@@ -172,7 +187,8 @@ function createOAuth2AuthRouter(providerName) {
     router.get('/', (req, res) => {
         const provider = (0, auth_1.getAuthProvider)(providerName);
         const codeVerifier = provider.generateCodeVerifier();
-        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect }, env_1.default.SECRET, {
+        const prompt = !!req.query.prompt;
+        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect, prompt }, env_1.default.SECRET, {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -180,7 +196,7 @@ function createOAuth2AuthRouter(providerName) {
             httpOnly: true,
             sameSite: 'lax',
         });
-        return res.redirect(provider.generateAuthUrl(codeVerifier));
+        return res.redirect(provider.generateAuthUrl(codeVerifier, prompt));
     }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
         var _a;
@@ -189,9 +205,10 @@ function createOAuth2AuthRouter(providerName) {
             tokenData = jsonwebtoken_1.default.verify(req.cookies[`oauth2.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
         }
         catch (e) {
+            logger_1.default.warn(e, `[OAuth2] Couldn't verify OAuth2 cookie`);
             throw new exceptions_1.InvalidCredentialsException();
         }
-        const { verifier, redirect } = tokenData;
+        const { verifier, redirect, prompt } = tokenData;
         const authenticationService = new services_1.AuthenticationService({
             accountability: {
                 ip: req.ip,
@@ -204,7 +221,7 @@ function createOAuth2AuthRouter(providerName) {
         try {
             res.clearCookie(`oauth2.${providerName}`);
             if (!req.query.code || !req.query.state) {
-                logger_1.default.warn(`Couldn't extract OAuth2 code or state from query: ${JSON.stringify(req.query)}`);
+                logger_1.default.warn(`[OAuth2]Couldn't extract OAuth2 code or state from query: ${JSON.stringify(req.query)}`);
             }
             authResponse = await authenticationService.login(providerName, {
                 code: req.query.code,
@@ -213,7 +230,10 @@ function createOAuth2AuthRouter(providerName) {
             });
         }
         catch (error) {
-            logger_1.default.warn(error);
+            // Prompt user for a new refresh_token if invalidated
+            if (error instanceof exceptions_1.InvalidTokenException && !prompt) {
+                return res.redirect(`./?${redirect ? `redirect=${redirect}&` : ''}prompt=true`);
+            }
             if (redirect) {
                 let reason = 'UNKNOWN_EXCEPTION';
                 if (error instanceof exceptions_1.ServiceUnavailableException) {
@@ -222,8 +242,15 @@ function createOAuth2AuthRouter(providerName) {
                 else if (error instanceof exceptions_1.InvalidCredentialsException) {
                     reason = 'INVALID_USER';
                 }
+                else if (error instanceof exceptions_1.InvalidTokenException) {
+                    reason = 'INVALID_TOKEN';
+                }
+                else {
+                    logger_1.default.warn(error, `[OAuth2] Unexpected error during OAuth2 login`);
+                }
                 return res.redirect(`${redirect.split('?')[0]}?reason=${reason}`);
             }
+            logger_1.default.warn(error, `[OAuth2] Unexpected error during OAuth2 login`);
             throw error;
         }
         const { accessToken, refreshToken, expires } = authResponse;

package/dist/auth/drivers/openid.d.ts

@@ -10,7 +10,7 @@ export declare class OpenIDAuthDriver extends LocalAuthDriver {
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     generateCodeVerifier(): string;
-    generateAuthUrl(codeVerifier: string): Promise<string>;
+    generateAuthUrl(codeVerifier: string, prompt?: boolean): Promise<string>;
     private fetchUserId;
     getUserID(payload: Record<string, any>): Promise<string>;
     login(user: User): Promise<SessionData>;

package/dist/auth/drivers/openid.js

@@ -50,18 +50,21 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
     generateCodeVerifier() {
         return openid_client_1.generators.codeVerifier();
     }
-    async generateAuthUrl(codeVerifier) {
+    async generateAuthUrl(codeVerifier, prompt = false) {
         var _a;
         try {
             const client = await this.client;
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
+            const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
             return client.authorizationUrl({
                 scope: (_a = this.config.scope) !== null && _a !== void 0 ? _a : 'openid profile email',
+                access_type: 'offline',
+                prompt: prompt ? 'consent' : undefined,
+                ...paramsConfig,
                 code_challenge: codeChallenge,
                 code_challenge_method: 'S256',
                 // Some providers require state even with PKCE
                 state: codeChallenge,
-                access_type: 'offline',
             });
         }
         catch (e) {
@@ -144,17 +147,22 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (!(authData === null || authData === void 0 ? void 0 : authData.refreshToken)) {
-            return sessionData;
-        }
-        try {
-            const client = await this.client;
-            const tokenSet = await client.refresh(authData.refreshToken);
-            return { accessToken: tokenSet.access_token };
-        }
-        catch (e) {
-            throw handleError(e);
+        if (authData === null || authData === void 0 ? void 0 : authData.refreshToken) {
+            try {
+                const client = await this.client;
+                const tokenSet = await client.refresh(authData.refreshToken);
+                // Update user refreshToken if provided
+                if (tokenSet.refresh_token) {
+                    await this.usersService.updateOne(user.id, {
+                        auth_data: JSON.stringify({ refreshToken: tokenSet.refresh_token }),
+                    });
+                }
+            }
+            catch (e) {
+                throw handleError(e);
+            }
         }
+        return sessionData;
     }
 }
 exports.OpenIDAuthDriver = OpenIDAuthDriver;
@@ -162,7 +170,7 @@ const handleError = (e) => {
     if (e instanceof openid_client_1.errors.OPError) {
         if (e.error === 'invalid_grant') {
             // Invalid token
-            return new exceptions_1.InvalidCredentialsException();
+            return new exceptions_1.InvalidTokenException();
         }
         // Server response error
         return new exceptions_1.ServiceUnavailableException('Service returned unexpected response', {
@@ -181,7 +189,8 @@ function createOpenIDAuthRouter(providerName) {
     router.get('/', (0, async_handler_1.default)(async (req, res) => {
         const provider = (0, auth_1.getAuthProvider)(providerName);
         const codeVerifier = provider.generateCodeVerifier();
-        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect }, env_1.default.SECRET, {
+        const prompt = !!req.query.prompt;
+        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect, prompt }, env_1.default.SECRET, {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -189,7 +198,7 @@ function createOpenIDAuthRouter(providerName) {
             httpOnly: true,
             sameSite: 'lax',
         });
-        return res.redirect(await provider.generateAuthUrl(codeVerifier));
+        return res.redirect(await provider.generateAuthUrl(codeVerifier, prompt));
     }), respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
         var _a;
@@ -198,9 +207,10 @@ function createOpenIDAuthRouter(providerName) {
             tokenData = jsonwebtoken_1.default.verify(req.cookies[`openid.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
         }
         catch (e) {
+            logger_1.default.warn(e, `[OpenID] Couldn't verify OpenID cookie`);
             throw new exceptions_1.InvalidCredentialsException();
         }
-        const { verifier, redirect } = tokenData;
+        const { verifier, redirect, prompt } = tokenData;
         const authenticationService = new services_1.AuthenticationService({
             accountability: {
                 ip: req.ip,
@@ -213,7 +223,7 @@ function createOpenIDAuthRouter(providerName) {
         try {
             res.clearCookie(`openid.${providerName}`);
             if (!req.query.code || !req.query.state) {
-                logger_1.default.warn(`Couldn't extract OpenID code or state from query: ${JSON.stringify(req.query)}`);
+                logger_1.default.warn(`[OpenID] Couldn't extract OpenID code or state from query: ${JSON.stringify(req.query)}`);
             }
             authResponse = await authenticationService.login(providerName, {
                 code: req.query.code,
@@ -222,6 +232,10 @@ function createOpenIDAuthRouter(providerName) {
             });
         }
         catch (error) {
+            // Prompt user for a new refresh_token if invalidated
+            if (error instanceof exceptions_1.InvalidTokenException && !prompt) {
+                return res.redirect(`./?${redirect ? `redirect=${redirect}&` : ''}prompt=true`);
+            }
             logger_1.default.warn(error);
             if (redirect) {
                 let reason = 'UNKNOWN_EXCEPTION';
@@ -231,6 +245,9 @@ function createOpenIDAuthRouter(providerName) {
                 else if (error instanceof exceptions_1.InvalidCredentialsException) {
                     reason = 'INVALID_USER';
                 }
+                else if (error instanceof exceptions_1.InvalidTokenException) {
+                    reason = 'INVALID_TOKEN';
+                }
                 return res.redirect(`${redirect.split('?')[0]}?reason=${reason}`);
             }
             throw error;

package/dist/auth.js

@@ -24,9 +24,11 @@ function getAuthProvider(provider) {
 exports.getAuthProvider = getAuthProvider;
 async function registerAuthProviders() {
     const options = { knex: (0, database_1.default)(), schema: await (0, get_schema_1.getSchema)() };
-    const defaultProvider = getProviderInstance('local', options);
-    // Register default provider
-    providers.set(constants_1.DEFAULT_AUTH_PROVIDER, defaultProvider);
+    // Register default provider if not disabled
+    if (!env_1.default.AUTH_DISABLE_DEFAULT) {
+        const defaultProvider = getProviderInstance('local', options);
+        providers.set(constants_1.DEFAULT_AUTH_PROVIDER, defaultProvider);
+    }
     if (!env_1.default.AUTH_PROVIDERS) {
         return;
     }

package/dist/cli/commands/bootstrap/index.js

@@ -30,6 +30,7 @@ const logger_1 = __importDefault(require("../../../logger"));
 const get_schema_1 = require("../../../utils/get-schema");
 const services_1 = require("../../../services");
 const database_1 = __importStar(require("../../../database"));
+const defaults_1 = require("../../utils/defaults");
 async function bootstrap({ skipAdminInit }) {
     logger_1.default.info('Initializing bootstrap...');
     const database = (0, database_1.default)();
@@ -75,7 +76,7 @@ async function waitForDatabase(database) {
 async function createDefaultAdmin(schema) {
     logger_1.default.info('Setting up first admin role...');
     const rolesService = new services_1.RolesService({ schema });
-    const role = await rolesService.createOne({ name: 'Admin', admin_access: true });
+    const role = await rolesService.createOne(defaults_1.defaultAdminRole);
     logger_1.default.info('Adding first admin user...');
     const usersService = new services_1.UsersService({ schema });
     let adminEmail = env_1.default.ADMIN_EMAIL;
@@ -88,5 +89,5 @@ async function createDefaultAdmin(schema) {
         adminPassword = (0, nanoid_1.nanoid)(12);
         logger_1.default.info(`No admin password provided. Defaulting to "${adminPassword}"`);
     }
-    await usersService.createOne({ email: adminEmail, password: adminPassword, role });
+    await usersService.createOne({ email: adminEmail, password: adminPassword, role, ...defaults_1.defaultAdminUser });
 }

package/dist/cli/commands/database/install.js

@@ -3,15 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const run_1 = __importDefault(require("../../../database/migrations/run"));
-const run_2 = __importDefault(require("../../../database/seeds/run"));
+const run_1 = __importDefault(require("../../../database/seeds/run"));
 const database_1 = __importDefault(require("../../../database"));
 const logger_1 = __importDefault(require("../../../logger"));
 async function start() {
     const database = (0, database_1.default)();
     try {
-        await (0, run_2.default)(database);
-        await (0, run_1.default)(database, 'latest');
+        await (0, run_1.default)(database);
         database.destroy();
         process.exit(0);
     }

package/dist/cli/commands/init/index.js

@@ -15,6 +15,7 @@ const create_env_1 = __importDefault(require("../../utils/create-env"));
 const drivers_1 = require("../../utils/drivers");
 const questions_1 = require("./questions");
 const generate_hash_1 = require("../../../utils/generate-hash");
+const defaults_1 = require("../../utils/defaults");
 async function init() {
     const rootPath = process.cwd();
     const { client } = await inquirer_1.default.prompt([
@@ -79,19 +80,14 @@ async function init() {
     const roleID = (0, uuid_1.v4)();
     await db('directus_roles').insert({
         id: roleID,
-        name: 'Administrator',
-        icon: 'verified',
-        admin_access: true,
-        description: 'Initial administrative role with unrestricted App/API access',
+        ...defaults_1.defaultAdminRole,
     });
     await db('directus_users').insert({
         id: userID,
-        status: 'active',
         email: firstUser.email,
         password: firstUser.password,
-        first_name: 'Admin',
-        last_name: 'User',
         role: roleID,
+        ...defaults_1.defaultAdminUser,
     });
     await db.destroy();
     process.stdout.write(`\nYour project has been created at ${chalk_1.default.green(rootPath)}.\n`);

package/dist/cli/commands/schema/apply.js

@@ -35,7 +35,7 @@ const get_snapshot_diff_1 = require("../../../utils/get-snapshot-diff");
 const apply_snapshot_1 = require("../../../utils/apply-snapshot");
 const cache_1 = require("../../../cache");
 async function apply(snapshotPath, options) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j;
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
     const filename = path_1.default.resolve(process.cwd(), snapshotPath);
     const database = (0, database_1.default)();
     await (0, database_1.validateDatabaseConnection)(database);
@@ -83,12 +83,15 @@ async function apply(snapshotPath, options) {
                     else if (((_c = diff[0]) === null || _c === void 0 ? void 0 : _c.kind) === 'N') {
                         message += `\n  - ${chalk_1.default.green('Create')} ${collection}`;
                     }
+                    else if (((_d = diff[0]) === null || _d === void 0 ? void 0 : _d.kind) === 'A') {
+                        message += `\n  - ${chalk_1.default.blue('Update')} ${collection}`;
+                    }
                 }
             }
             if (snapshotDiff.fields.length > 0) {
                 message += '\n\n' + chalk_1.default.black.underline.bold('Fields:');
                 for (const { collection, field, diff } of snapshotDiff.fields) {
-                    if (((_d = diff[0]) === null || _d === void 0 ? void 0 : _d.kind) === 'E') {
+                    if (((_e = diff[0]) === null || _e === void 0 ? void 0 : _e.kind) === 'E') {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
                         for (const change of diff) {
                             if (change.kind === 'E') {
@@ -97,19 +100,22 @@ async function apply(snapshotPath, options) {
                             }
                         }
                     }
-                    else if (((_e = diff[0]) === null || _e === void 0 ? void 0 : _e.kind) === 'D') {
+                    else if (((_f = diff[0]) === null || _f === void 0 ? void 0 : _f.kind) === 'D') {
                         message += `\n  - ${chalk_1.default.red('Delete')} ${collection}.${field}`;
                     }
-                    else if (((_f = diff[0]) === null || _f === void 0 ? void 0 : _f.kind) === 'N') {
+                    else if (((_g = diff[0]) === null || _g === void 0 ? void 0 : _g.kind) === 'N') {
                         message += `\n  - ${chalk_1.default.green('Create')} ${collection}.${field}`;
                     }
+                    else if (((_h = diff[0]) === null || _h === void 0 ? void 0 : _h.kind) === 'A') {
+                        message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
+                    }
                 }
             }
             if (snapshotDiff.relations.length > 0) {
                 message += '\n\n' + chalk_1.default.black.underline.bold('Relations:');
                 for (const { collection, field, related_collection, diff } of snapshotDiff.relations) {
-                    if (((_g = diff[0]) === null || _g === void 0 ? void 0 : _g.kind) === 'E') {
-                        message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field} -> ${related_collection}`;
+                    if (((_j = diff[0]) === null || _j === void 0 ? void 0 : _j.kind) === 'E') {
+                        message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
                         for (const change of diff) {
                             if (change.kind === 'E') {
                                 const path = change.path.slice(1).join('.');
@@ -117,11 +123,21 @@ async function apply(snapshotPath, options) {
                             }
                         }
                     }
-                    else if (((_h = diff[0]) === null || _h === void 0 ? void 0 : _h.kind) === 'D') {
-                        message += `\n  - ${chalk_1.default.red('Delete')} ${collection}.${field} -> ${related_collection}`;
+                    else if (((_k = diff[0]) === null || _k === void 0 ? void 0 : _k.kind) === 'D') {
+                        message += `\n  - ${chalk_1.default.red('Delete')} ${collection}.${field}`;
+                    }
+                    else if (((_l = diff[0]) === null || _l === void 0 ? void 0 : _l.kind) === 'N') {
+                        message += `\n  - ${chalk_1.default.green('Create')} ${collection}.${field}`;
+                    }
+                    else if (((_m = diff[0]) === null || _m === void 0 ? void 0 : _m.kind) === 'A') {
+                        message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
+                    }
+                    else {
+                        continue;
                     }
-                    else if (((_j = diff[0]) === null || _j === void 0 ? void 0 : _j.kind) === 'N') {
-                        message += `\n  - ${chalk_1.default.green('Create')} ${collection}.${field} -> ${related_collection}`;
+                    // Related collection doesn't exist for m2a relationship types
+                    if (related_collection) {
+                        message += `-> ${related_collection}`;
                     }
                 }
             }

package/dist/cli/utils/defaults.d.ts

@@ -0,0 +1,11 @@
+export declare const defaultAdminRole: {
+    name: string;
+    icon: string;
+    admin_access: boolean;
+    description: string;
+};
+export declare const defaultAdminUser: {
+    status: string;
+    first_name: string;
+    last_name: string;
+};

package/dist/cli/utils/defaults.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.defaultAdminUser = exports.defaultAdminRole = void 0;
+exports.defaultAdminRole = {
+    name: 'Administrator',
+    icon: 'verified',
+    admin_access: true,
+    description: '$t:admin_description',
+};
+exports.defaultAdminUser = {
+    status: 'active',
+    first_name: 'Admin',
+    last_name: 'User',
+};

package/dist/controllers/assets.js

@@ -6,44 +6,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = require("express");
 const lodash_1 = require("lodash");
 const ms_1 = __importDefault(require("ms"));
-const uuid_validate_1 = __importDefault(require("uuid-validate"));
 const constants_1 = require("../constants");
 const database_1 = __importDefault(require("../database"));
 const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
 const use_collection_1 = __importDefault(require("../middleware/use-collection"));
 const services_1 = require("../services");
-const storage_1 = __importDefault(require("../storage"));
 const assets_1 = require("../types/assets");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const router = (0, express_1.Router)();
 router.use((0, use_collection_1.default)('directus_files'));
 router.get('/:pk', 
-// Check if file exists and if you have permission to read it
-(0, async_handler_1.default)(async (req, res, next) => {
-    var _a;
-    /**
-     * We ignore everything in the id after the first 36 characters (uuid length). This allows the
-     * user to add an optional extension, or other identifier for use in external software (#4067)
-     */
-    const id = (_a = req.params.pk) === null || _a === void 0 ? void 0 : _a.substring(0, 36);
-    /**
-     * This is a little annoying. Postgres will error out if you're trying to search in `where`
-     * with a wrong type. In case of directus_files where id is a uuid, we'll have to verify the
-     * validity of the uuid ahead of time.
-     */
-    const isValidUUID = (0, uuid_validate_1.default)(id, 4);
-    if (isValidUUID === false)
-        throw new exceptions_1.ForbiddenException();
-    const database = (0, database_1.default)();
-    const file = await database.select('id', 'storage', 'filename_disk').from('directus_files').where({ id }).first();
-    if (!file)
-        throw new exceptions_1.ForbiddenException();
-    const { exists } = await storage_1.default.disk(file.storage).exists(file.filename_disk);
-    if (!exists)
-        throw new exceptions_1.ForbiddenException();
-    return next();
-}), 
 // Validate query params
 (0, async_handler_1.default)(async (req, res, next) => {
     const payloadService = new services_1.PayloadService('directus_settings', { schema: req.schema });

package/dist/controllers/auth.js

@@ -38,7 +38,9 @@ for (const authProvider of authProviders) {
     }
     router.use(`/login/${authProvider.name}`, authRouter);
 }
-router.use('/login', (0, drivers_1.createLocalAuthRouter)(constants_1.DEFAULT_AUTH_PROVIDER));
+if (!env_1.default.AUTH_DISABLE_DEFAULT) {
+    router.use('/login', (0, drivers_1.createLocalAuthRouter)(constants_1.DEFAULT_AUTH_PROVIDER));
+}
 router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
     var _a;
     const accountability = {
@@ -141,7 +143,10 @@ router.post('/password/reset', (0, async_handler_1.default)(async (req, res, nex
     return next();
 }), respond_1.respond);
 router.get('/', (0, async_handler_1.default)(async (req, res, next) => {
-    res.locals.payload = { data: (0, get_auth_providers_1.getAuthProviders)() };
+    res.locals.payload = {
+        data: (0, get_auth_providers_1.getAuthProviders)(),
+        disableDefault: env_1.default.AUTH_DISABLE_DEFAULT,
+    };
     return next();
 }), respond_1.respond);
 exports.default = router;

package/dist/controllers/extensions.js

@@ -33,7 +33,7 @@ router.get('/:type/index.js', (0, async_handler_1.default)(async (req, res) => {
         throw new exceptions_1.RouteNotFoundException(req.path);
     }
     res.setHeader('Content-Type', 'application/javascript; charset=UTF-8');
-    res.setHeader('Cache-Control', 'no-cache');
+    res.setHeader('Cache-Control', 'no-store');
     res.setHeader('Vary', 'Origin, Cache-Control');
     res.end(extensionSource);
 }));

package/dist/database/{functions/types.d.ts → helpers/date/dialects/mssql.d.ts}

@@ -1,5 +1,6 @@
+import { DateHelper } from '../types';
 import { Knex } from 'knex';
-export interface HelperFn {
+export declare class DateHelperMSSQL extends DateHelper {
     year(table: string, column: string): Knex.Raw;
     month(table: string, column: string): Knex.Raw;
     week(table: string, column: string): Knex.Raw;