directus 9.10.0 → 9.11.0

package/dist/auth/drivers/oauth2.d.ts

@@ -1,8 +1,8 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
-import { LocalAuthDriver } from './local';
 import { UsersService } from '../../services';
 import { AuthDriverOptions, User } from '../../types';
+import { LocalAuthDriver } from './local';
 export declare class OAuth2AuthDriver extends LocalAuthDriver {
     client: Client;
     redirectUrl: string;

package/dist/auth/drivers/oauth2.js

@@ -5,21 +5,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOAuth2AuthRouter = exports.OAuth2AuthDriver = void 0;
 const express_1 = require("express");
-const openid_client_1 = require("openid-client");
+const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
-const flat_1 = __importDefault(require("flat"));
-const local_1 = require("./local");
+const openid_client_1 = require("openid-client");
 const auth_1 = require("../../auth");
 const env_1 = __importDefault(require("../../env"));
-const services_1 = require("../../services");
 const exceptions_1 = require("../../exceptions");
+const logger_1 = __importDefault(require("../../logger"));
 const respond_1 = require("../../middleware/respond");
+const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
-const url_1 = require("../../utils/url");
-const logger_1 = __importDefault(require("../../logger"));
-const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
 const get_config_from_env_1 = require("../../utils/get-config-from-env");
+const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const parse_json_1 = require("../../utils/parse-json");
+const url_1 = require("../../utils/url");
+const local_1 = require("./local");
 class OAuth2AuthDriver extends local_1.LocalAuthDriver {
     constructor(options, config) {
         super(options, config);
@@ -78,7 +79,6 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         return user === null || user === void 0 ? void 0 : user.id;
     }
     async getUserID(payload) {
-        var _a, _b;
         if (!payload.code || !payload.codeVerifier) {
             logger_1.default.trace('[OAuth2] No code or codeVerifier in payload');
             throw new exceptions_1.InvalidCredentialsException();
@@ -95,9 +95,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, emailKey, identifierKey, allowPublicRegistration } = this.config;
-        const email = userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email'];
+        const email = userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email'] ? String(userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email']) : undefined;
         // Fallback to email if explicit identifier not found
-        const identifier = (_b = ((_a = userInfo[identifierKey]) !== null && _a !== void 0 ? _a : email)) === null || _b === void 0 ? void 0 : _b.toString();
+        const identifier = userInfo[identifierKey] ? String(userInfo[identifierKey]) : email;
         if (!identifier) {
             logger_1.default.warn(`[OAuth2] Failed to find user identifier for provider "${provider}"`);
             throw new exceptions_1.InvalidCredentialsException();
@@ -135,7 +135,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         let authData = user.auth_data;
         if (typeof authData === 'string') {
             try {
-                authData = JSON.parse(authData);
+                authData = (0, parse_json_1.parseJSON)(authData);
             }
             catch {
                 logger_1.default.warn(`[OAuth2] Session data isn't valid JSON: ${authData}`);
@@ -243,6 +243,9 @@ function createOAuth2AuthRouter(providerName) {
                 else if (error instanceof exceptions_1.InvalidTokenException) {
                     reason = 'INVALID_TOKEN';
                 }
+                else if (error instanceof exceptions_1.InvalidProviderException) {
+                    reason = 'INVALID_PROVIDER';
+                }
                 else {
                     logger_1.default.warn(error, `[OAuth2] Unexpected error during OAuth2 login`);
                 }

package/dist/auth/drivers/openid.d.ts

@@ -1,8 +1,8 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
-import { LocalAuthDriver } from './local';
 import { UsersService } from '../../services';
 import { AuthDriverOptions, User } from '../../types';
+import { LocalAuthDriver } from './local';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: Promise<Client>;
     redirectUrl: string;

package/dist/auth/drivers/openid.js

@@ -5,21 +5,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOpenIDAuthRouter = exports.OpenIDAuthDriver = void 0;
 const express_1 = require("express");
-const openid_client_1 = require("openid-client");
+const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
-const flat_1 = __importDefault(require("flat"));
-const local_1 = require("./local");
+const openid_client_1 = require("openid-client");
 const auth_1 = require("../../auth");
 const env_1 = __importDefault(require("../../env"));
-const services_1 = require("../../services");
 const exceptions_1 = require("../../exceptions");
+const logger_1 = __importDefault(require("../../logger"));
 const respond_1 = require("../../middleware/respond");
+const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
-const url_1 = require("../../utils/url");
-const logger_1 = __importDefault(require("../../logger"));
-const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
 const get_config_from_env_1 = require("../../utils/get-config-from-env");
+const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const parse_json_1 = require("../../utils/parse-json");
+const url_1 = require("../../utils/url");
+const local_1 = require("./local");
 class OpenIDAuthDriver extends local_1.LocalAuthDriver {
     constructor(options, config) {
         super(options, config);
@@ -85,7 +86,6 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         return user === null || user === void 0 ? void 0 : user.id;
     }
     async getUserID(payload) {
-        var _a, _b;
         if (!payload.code || !payload.codeVerifier) {
             logger_1.default.trace('[OpenID] No code or codeVerifier in payload');
             throw new exceptions_1.InvalidCredentialsException();
@@ -109,9 +109,9 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail } = this.config;
-        const email = userInfo.email;
+        const email = userInfo.email ? String(userInfo.email) : undefined;
         // Fallback to email if explicit identifier not found
-        const identifier = (_b = (_a = userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub']) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : email;
+        const identifier = userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub'] ? String(userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub']) : email;
         if (!identifier) {
             logger_1.default.warn(`[OpenID] Failed to find user identifier for provider "${provider}"`);
             throw new exceptions_1.InvalidCredentialsException();
@@ -150,7 +150,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         let authData = user.auth_data;
         if (typeof authData === 'string') {
             try {
-                authData = JSON.parse(authData);
+                authData = (0, parse_json_1.parseJSON)(authData);
             }
             catch {
                 logger_1.default.warn(`[OpenID] Session data isn't valid JSON: ${authData}`);
@@ -260,6 +260,9 @@ function createOpenIDAuthRouter(providerName) {
                 else if (error instanceof exceptions_1.InvalidTokenException) {
                     reason = 'INVALID_TOKEN';
                 }
+                else if (error instanceof exceptions_1.InvalidProviderException) {
+                    reason = 'INVALID_PROVIDER';
+                }
                 else {
                     logger_1.default.warn(error, `[OpenID] Unexpected error during OpenID login`);
                 }

package/dist/cli/commands/schema/apply.js

@@ -28,12 +28,13 @@ const fs_1 = require("fs");
 const inquirer_1 = __importDefault(require("inquirer"));
 const js_yaml_1 = require("js-yaml");
 const path_1 = __importDefault(require("path"));
+const cache_1 = require("../../../cache");
 const database_1 = __importStar(require("../../../database"));
 const logger_1 = __importDefault(require("../../../logger"));
+const apply_snapshot_1 = require("../../../utils/apply-snapshot");
 const get_snapshot_1 = require("../../../utils/get-snapshot");
 const get_snapshot_diff_1 = require("../../../utils/get-snapshot-diff");
-const apply_snapshot_1 = require("../../../utils/apply-snapshot");
-const cache_1 = require("../../../cache");
+const parse_json_1 = require("../../../utils/parse-json");
 async function apply(snapshotPath, options) {
     var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
     const filename = path_1.default.resolve(process.cwd(), snapshotPath);
@@ -52,7 +53,7 @@ async function apply(snapshotPath, options) {
             snapshot = (await (0, js_yaml_1.load)(fileContents));
         }
         else {
-            snapshot = JSON.parse(fileContents);
+            snapshot = (0, parse_json_1.parseJSON)(fileContents);
         }
         const currentSnapshot = await (0, get_snapshot_1.getSnapshot)({ database });
         const snapshotDiff = (0, get_snapshot_diff_1.getSnapshotDiff)(currentSnapshot, snapshot);

package/dist/controllers/assets.js

@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = require("express");
+const helmet_1 = __importDefault(require("helmet"));
 const lodash_1 = require("lodash");
 const ms_1 = __importDefault(require("ms"));
 const constants_1 = require("../constants");
@@ -14,9 +15,8 @@ const use_collection_1 = __importDefault(require("../middleware/use-collection")
 const services_1 = require("../services");
 const assets_1 = require("../types/assets");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
-const helmet_1 = __importDefault(require("helmet"));
-const lodash_2 = require("lodash");
 const get_config_from_env_1 = require("../utils/get-config-from-env");
+const parse_json_1 = require("../utils/parse-json");
 const router = (0, express_1.Router)();
 router.use((0, use_collection_1.default)('directus_files'));
 router.get('/:pk', 
@@ -41,7 +41,7 @@ router.get('/:pk',
         let transforms;
         // Try parse the JSON array
         try {
-            transforms = JSON.parse(transformation['transforms']);
+            transforms = (0, parse_json_1.parseJSON)(transformation['transforms']);
         }
         catch {
             throw new exceptions_1.InvalidQueryException(`"transforms" Parameter needs to be a JSON array of allowed transformations.`);
@@ -91,7 +91,7 @@ router.get('/:pk',
             return next();
         throw new exceptions_1.InvalidQueryException(`Dynamic asset generation has been disabled for this project.`);
     }
-}), helmet_1.default.contentSecurityPolicy((0, lodash_2.merge)({
+}), helmet_1.default.contentSecurityPolicy((0, lodash_1.merge)({
     useDefaults: false,
     directives: {
         defaultSrc: ['none'],
@@ -110,11 +110,10 @@ router.get('/:pk',
         : res.locals.transformation;
     let range = undefined;
     if (req.headers.range) {
-        // substring 6 = "bytes="
-        const rangeParts = req.headers.range.substring(6).split('-');
+        const rangeParts = /bytes=([0-9]*)-([0-9]*)/.exec(req.headers.range);
         range = {
-            start: rangeParts[0] ? Number(rangeParts[0]) : 0,
-            end: rangeParts[1] ? Number(rangeParts[1]) : undefined,
+            start: (rangeParts === null || rangeParts === void 0 ? void 0 : rangeParts[1]) ? Number(rangeParts[1]) : undefined,
+            end: (rangeParts === null || rangeParts === void 0 ? void 0 : rangeParts[2]) ? Number(rangeParts[2]) : undefined,
         };
         if (Number.isNaN(range.start) || Number.isNaN(range.end)) {
             throw new exceptions_1.RangeNotSatisfiableException(range);
@@ -134,7 +133,7 @@ router.get('/:pk',
     if (range) {
         res.setHeader('Content-Range', `bytes ${range.start}-${range.end || stat.size - 1}/${stat.size}`);
         res.status(206);
-        res.setHeader('Content-Length', (range.end ? range.end + 1 : stat.size) - range.start);
+        res.setHeader('Content-Length', (range.end ? range.end + 1 : stat.size) - (range.start || 0));
     }
     else {
         res.setHeader('Content-Length', stat.size);

package/dist/database/helpers/date/dialects/sqlite.js

@@ -4,8 +4,12 @@ exports.DateHelperSQLite = void 0;
 const types_1 = require("../types");
 class DateHelperSQLite extends types_1.DateHelper {
     parse(date) {
-        const newDate = new Date(date);
-        return (newDate.getTime() - newDate.getTimezoneOffset() * 60 * 1000).toString();
+        // Return the time as string
+        if (date.length <= 8 && date.includes(':')) {
+            return date;
+        }
+        // Return dates in epoch milliseconds
+        return String(new Date(date).getTime());
     }
     fieldFlagForField(fieldType) {
         switch (fieldType) {

package/dist/database/migrations/20210225A-add-relations-sort-field.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.down = exports.up = void 0;
+const parse_json_1 = require("../../utils/parse-json");
 async function up(knex) {
     var _a;
     await knex.schema.alterTable('directus_relations', (table) => {
@@ -11,7 +12,7 @@ async function up(knex) {
         .from('directus_fields')
         .whereIn('interface', ['one-to-many', 'm2a-builder', 'many-to-many']);
     for (const field of fieldsWithSort) {
-        const options = typeof field.options === 'string' ? JSON.parse(field.options) : (_a = field.options) !== null && _a !== void 0 ? _a : {};
+        const options = typeof field.options === 'string' ? (0, parse_json_1.parseJSON)(field.options) : (_a = field.options) !== null && _a !== void 0 ? _a : {};
         if ('sortField' in options) {
             await knex('directus_relations')
                 .update({

package/dist/database/migrations/20210506A-rename-interfaces.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.down = exports.up = void 0;
+const parse_json_1 = require("../../utils/parse-json");
 // [before, after, after-option additions]
 const changes = [
     ['button-links', 'presentation-links'],
@@ -54,7 +55,7 @@ async function up(knex) {
                 .from('directus_fields')
                 .where({ interface: before });
             for (const { id, options: existingOptionsRaw } of fields) {
-                const existingOptions = typeof existingOptionsRaw === 'string' ? JSON.parse(existingOptionsRaw) : existingOptionsRaw;
+                const existingOptions = typeof existingOptionsRaw === 'string' ? (0, parse_json_1.parseJSON)(existingOptionsRaw) : existingOptionsRaw;
                 const newOptions = {
                     ...(existingOptions || {}),
                     ...options,

package/dist/database/migrations/20210802A-replace-groups.js

@@ -5,13 +5,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.down = exports.up = void 0;
 const logger_1 = __importDefault(require("../../logger"));
+const parse_json_1 = require("../../utils/parse-json");
 async function up(knex) {
     const dividerGroups = await knex.select('*').from('directus_fields').where('interface', '=', 'group-divider');
     for (const dividerGroup of dividerGroups) {
         const newOptions = { showHeader: true };
         if (dividerGroup.options) {
             try {
-                const options = typeof dividerGroup.options === 'string' ? JSON.parse(dividerGroup.options) : dividerGroup.options;
+                const options = typeof dividerGroup.options === 'string' ? (0, parse_json_1.parseJSON)(dividerGroup.options) : dividerGroup.options;
                 if (options.icon)
                     newOptions.headerIcon = options.icon;
                 if (options.color)

package/dist/database/migrations/20210805A-update-groups.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.down = exports.up = void 0;
+const parse_json_1 = require("../../utils/parse-json");
 async function up(knex) {
     const groups = await knex.select('*').from('directus_fields').where({ interface: 'group-standard' });
     const raw = [];
     const detail = [];
     for (const group of groups) {
-        const options = typeof group.options === 'string' ? JSON.parse(group.options) : group.options || {};
+        const options = typeof group.options === 'string' ? (0, parse_json_1.parseJSON)(group.options) : group.options || {};
         if (options.showHeader === true) {
             detail.push(group);
         }

package/dist/database/migrations/20210805B-change-image-metadata-structure.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.down = exports.up = void 0;
+const parse_json_1 = require("../../utils/parse-json");
 // Change image metadata structure to match the output from 'exifr'
 async function up(knex) {
     const files = await knex
@@ -10,7 +11,7 @@ async function up(knex) {
     for (const { id, metadata } of files) {
         let prevMetadata;
         try {
-            prevMetadata = JSON.parse(metadata);
+            prevMetadata = (0, parse_json_1.parseJSON)(metadata);
         }
         catch {
             continue;
@@ -54,7 +55,7 @@ async function down(knex) {
         .whereNotNull('metadata')
         .whereNot('metadata', '{}');
     for (const { id, metadata } of files) {
-        const prevMetadata = JSON.parse(metadata);
+        const prevMetadata = (0, parse_json_1.parseJSON)(metadata);
         // Update only required if metadata has keys other than 'icc' and 'iptc'
         if (Object.keys(prevMetadata).filter((key) => key !== 'icc' && key !== 'iptc').length > 0) {
             // Put all data under 'exif' and rename/move keys afterwards

package/dist/database/migrations/20211007A-update-presets.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.down = exports.up = void 0;
 const nanoid_1 = require("nanoid");
+const parse_json_1 = require("../../utils/parse-json");
 async function up(knex) {
     var _a;
     await knex.schema.alterTable('directus_presets', (table) => {
@@ -12,7 +13,7 @@ async function up(knex) {
         .from('directus_presets');
     for (const preset of presets) {
         if (preset.filters) {
-            const oldFilters = (_a = (typeof preset.filters === 'string' ? JSON.parse(preset.filters) : preset.filters)) !== null && _a !== void 0 ? _a : [];
+            const oldFilters = (_a = (typeof preset.filters === 'string' ? (0, parse_json_1.parseJSON)(preset.filters) : preset.filters)) !== null && _a !== void 0 ? _a : [];
             if (oldFilters.length === 0)
                 continue;
             const newFilter = {
@@ -34,7 +35,7 @@ async function up(knex) {
             }
         }
         if (preset.layout_query) {
-            const layoutQuery = typeof preset.layout_query === 'string' ? JSON.parse(preset.layout_query) : preset.layout_query;
+            const layoutQuery = typeof preset.layout_query === 'string' ? (0, parse_json_1.parseJSON)(preset.layout_query) : preset.layout_query;
             for (const [layout, query] of Object.entries(layoutQuery)) {
                 if (query.sort) {
                     query.sort = [query.sort];
@@ -61,7 +62,7 @@ async function down(knex) {
         .from('directus_presets');
     for (const preset of presets) {
         if (preset.filter) {
-            const newFilter = (_a = (typeof preset.filter === 'string' ? JSON.parse(preset.filter) : preset.filter)) !== null && _a !== void 0 ? _a : {};
+            const newFilter = (_a = (typeof preset.filter === 'string' ? (0, parse_json_1.parseJSON)(preset.filter) : preset.filter)) !== null && _a !== void 0 ? _a : {};
             if (Object.keys(newFilter).length === 0)
                 continue;
             const oldFilters = [];
@@ -85,7 +86,7 @@ async function down(knex) {
             }
         }
         if (preset.layout_query) {
-            const layoutQuery = typeof preset.layout_query === 'string' ? JSON.parse(preset.layout_query) : preset.layout_query;
+            const layoutQuery = typeof preset.layout_query === 'string' ? (0, parse_json_1.parseJSON)(preset.layout_query) : preset.layout_query;
             for (const [layout, query] of Object.entries(layoutQuery)) {
                 if (query.sort && Array.isArray(query.sort)) {
                     query.sort = (_l = (_k = query.sort) === null || _k === void 0 ? void 0 : _k[0]) !== null && _l !== void 0 ? _l : null;

package/dist/database/run-ast.js

@@ -93,14 +93,9 @@ async function parseCurrentLevel(schema, collection, children, query) {
     const nestedCollectionNodes = [];
     for (const child of children) {
         if (child.type === 'field') {
-            const fieldKey = (0, strip_function_1.stripFunction)(child.name);
-            if (columnsInCollection.includes(fieldKey) || fieldKey === '*') {
-                columnsToSelectInternal.push(child.name); // maintain original name here (includes functions)
-                if (query.alias) {
-                    columnsToSelectInternal.push(...Object.entries(query.alias)
-                        .filter(([_key, value]) => value === child.name)
-                        .map(([key]) => key));
-                }
+            const fieldName = (0, strip_function_1.stripFunction)(child.name);
+            if (columnsInCollection.includes(fieldName)) {
+                columnsToSelectInternal.push(child.fieldKey);
             }
             continue;
         }
@@ -126,7 +121,7 @@ async function parseCurrentLevel(schema, collection, children, query) {
     const columnsToSelect = [...new Set(columnsToSelectInternal)];
     const fieldNodes = columnsToSelect.map((column) => {
         var _a;
-        return (_a = children.find((childNode) => childNode.type === 'field' && (childNode.fieldKey === column || childNode.name === column))) !== null && _a !== void 0 ? _a : {
+        return (_a = children.find((childNode) => childNode.type === 'field' && childNode.fieldKey === column)) !== null && _a !== void 0 ? _a : {
             type: 'field',
             name: column,
             fieldKey: column,
@@ -137,6 +132,11 @@ async function parseCurrentLevel(schema, collection, children, query) {
 function getColumnPreprocessor(knex, schema, table) {
     const helpers = (0, helpers_1.getHelpers)(knex);
     return function (fieldNode) {
+        var _a;
+        let alias = undefined;
+        if (fieldNode.name !== fieldNode.fieldKey) {
+            alias = fieldNode.fieldKey;
+        }
         let field;
         if (fieldNode.type === 'field') {
             field = schema.collections[table].fields[(0, strip_function_1.stripFunction)(fieldNode.name)];
@@ -144,11 +144,7 @@ function getColumnPreprocessor(knex, schema, table) {
         else {
             field = schema.collections[fieldNode.relation.collection].fields[fieldNode.relation.field];
         }
-        let alias = undefined;
-        if (fieldNode.name !== fieldNode.fieldKey) {
-            alias = fieldNode.fieldKey;
-        }
-        if (field.type.startsWith('geometry')) {
+        if ((_a = field === null || field === void 0 ? void 0 : field.type) === null || _a === void 0 ? void 0 : _a.startsWith('geometry')) {
             return helpers.st.asText(table, field.field);
         }
         return (0, get_column_1.getColumn)(knex, table, fieldNode.name, alias, schema);

package/dist/env.js

@@ -14,6 +14,7 @@ const lodash_1 = require("lodash");
 const path_1 = __importDefault(require("path"));
 const require_yaml_1 = require("./utils/require-yaml");
 const utils_1 = require("@directus/shared/utils");
+const parse_json_1 = require("./utils/parse-json");
 const acceptedEnvTypes = ['string', 'number', 'regex', 'array', 'json'];
 const defaults = {
     CONFIG_PATH: path_1.default.resolve(process.cwd(), '.env'),
@@ -255,7 +256,7 @@ function processValues(env) {
 }
 function tryJSON(value) {
     try {
-        return JSON.parse(value);
+        return (0, parse_json_1.parseJSON)(value);
     }
     catch {
         return value;

package/dist/exceptions/index.d.ts

@@ -7,6 +7,7 @@ export * from './invalid-credentials';
 export * from './invalid-ip';
 export * from './invalid-otp';
 export * from './invalid-payload';
+export * from './invalid-provider';
 export * from './invalid-query';
 export * from './invalid-token';
 export * from './method-not-allowed';

package/dist/exceptions/index.js

@@ -19,6 +19,7 @@ __exportStar(require("./invalid-credentials"), exports);
 __exportStar(require("./invalid-ip"), exports);
 __exportStar(require("./invalid-otp"), exports);
 __exportStar(require("./invalid-payload"), exports);
+__exportStar(require("./invalid-provider"), exports);
 __exportStar(require("./invalid-query"), exports);
 __exportStar(require("./invalid-token"), exports);
 __exportStar(require("./method-not-allowed"), exports);

package/dist/exceptions/invalid-provider.d.ts

@@ -0,0 +1,4 @@
+import { BaseException } from '@directus/shared/exceptions';
+export declare class InvalidProviderException extends BaseException {
+    constructor(message?: string);
+}

package/dist/exceptions/invalid-provider.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InvalidProviderException = void 0;
+const exceptions_1 = require("@directus/shared/exceptions");
+class InvalidProviderException extends exceptions_1.BaseException {
+    constructor(message = 'Invalid provider.') {
+        super(message, 403, 'INVALID_PROVIDER');
+    }
+}
+exports.InvalidProviderException = InvalidProviderException;

package/dist/exceptions/range-not-satisfiable.d.ts

@@ -1,5 +1,5 @@
-import { Range } from '@directus/drive';
 import { BaseException } from '@directus/shared/exceptions';
+import { Range } from '@directus/drive';
 export declare class RangeNotSatisfiableException extends BaseException {
-    constructor(range: Range);
+    constructor(range?: Range);
 }

package/dist/exceptions/range-not-satisfiable.js

@@ -4,7 +4,11 @@ exports.RangeNotSatisfiableException = void 0;
 const exceptions_1 = require("@directus/shared/exceptions");
 class RangeNotSatisfiableException extends exceptions_1.BaseException {
     constructor(range) {
-        super(`Range "${range.start}-${range.end}" is invalid or the file's size doesn't match the requested range.`, 416, 'RANGE_NOT_SATISFIABLE');
+        var _a, _b;
+        const rangeString = range && ((range === null || range === void 0 ? void 0 : range.start) !== undefined || (range === null || range === void 0 ? void 0 : range.end) !== undefined)
+            ? `"${(_a = range.start) !== null && _a !== void 0 ? _a : ''}-${(_b = range.end) !== null && _b !== void 0 ? _b : ''}" `
+            : '';
+        super(`Range ${rangeString}is invalid or the file's size doesn't match the requested range.`, 416, 'RANGE_NOT_SATISFIABLE');
     }
 }
 exports.RangeNotSatisfiableException = RangeNotSatisfiableException;

package/dist/middleware/graphql.js

@@ -7,6 +7,7 @@ exports.parseGraphQL = void 0;
 const graphql_1 = require("graphql");
 const exceptions_1 = require("../exceptions");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
+const parse_json_1 = require("../utils/parse-json");
 exports.parseGraphQL = (0, async_handler_1.default)(async (req, res, next) => {
     if (req.method !== 'GET' && req.method !== 'POST') {
         throw new exceptions_1.MethodNotAllowedException('GraphQL only supports GET and POST requests.', { allow: ['GET', 'POST'] });
@@ -19,7 +20,7 @@ exports.parseGraphQL = (0, async_handler_1.default)(async (req, res, next) => {
         query = req.query.query || null;
         if (req.query.variables) {
             try {
-                variables = JSON.parse(req.query.variables);
+                variables = (0, parse_json_1.parseJSON)(req.query.variables);
             }
             catch {
                 throw new exceptions_1.InvalidQueryException(`Variables are invalid JSON.`);

package/dist/services/assets.js

@@ -70,9 +70,35 @@ class AssetsService {
         if (!exists)
             throw new exceptions_1.ForbiddenException();
         if (range) {
-            if (range.start >= file.filesize || (range.end && range.end >= file.filesize)) {
+            const missingRangeLimits = range.start === undefined && range.end === undefined;
+            const endBeforeStart = range.start !== undefined && range.end !== undefined && range.end <= range.start;
+            const startOverflow = range.start !== undefined && range.start >= file.filesize;
+            const endUnderflow = range.end !== undefined && range.end <= 0;
+            if (missingRangeLimits || endBeforeStart || startOverflow || endUnderflow) {
                 throw new exceptions_1.RangeNotSatisfiableException(range);
             }
+            const lastByte = file.filesize - 1;
+            if (range.end) {
+                if (range.start === undefined) {
+                    // fetch chunk from tail
+                    range.start = file.filesize - range.end;
+                    range.end = lastByte;
+                }
+                if (range.end >= file.filesize) {
+                    // fetch entire file
+                    range.end = lastByte;
+                }
+            }
+            if (range.start) {
+                if (range.end === undefined) {
+                    // fetch entire file
+                    range.end = lastByte;
+                }
+                if (range.start < 0) {
+                    // fetch file from head
+                    range.start = 0;
+                }
+            }
         }
         const type = file.type;
         const transforms = TransformationUtils.resolvePreset(transformation, file);

package/dist/services/authentication.js

@@ -45,7 +45,6 @@ class AuthenticationService {
             .from('directus_users as u')
             .leftJoin('directus_roles as r', 'u.role', 'r.id')
             .where('u.id', await provider.getUserID((0, lodash_1.cloneDeep)(payload)))
-            .andWhere('u.provider', providerName)
             .first();
         const updatedPayload = await emitter_1.default.emitFilter('auth.login', payload, {
             status: 'pending',
@@ -79,6 +78,10 @@ class AuthenticationService {
                 throw new exceptions_1.InvalidCredentialsException();
             }
         }
+        else if (user.provider !== providerName) {
+            await (0, stall_1.stall)(STALL_TIME, timeStart);
+            throw new exceptions_1.InvalidProviderException();
+        }
         const settingsService = new settings_1.SettingsService({
             knex: this.knex,
             schema: this.schema,