directus 9.10.0 → 9.12.0

package/dist/app.js

@@ -36,12 +36,14 @@ const dashboards_1 = __importDefault(require("./controllers/dashboards"));
 const extensions_1 = __importDefault(require("./controllers/extensions"));
 const fields_1 = __importDefault(require("./controllers/fields"));
 const files_1 = __importDefault(require("./controllers/files"));
+const flows_1 = __importDefault(require("./controllers/flows"));
 const folders_1 = __importDefault(require("./controllers/folders"));
 const graphql_1 = __importDefault(require("./controllers/graphql"));
 const items_1 = __importDefault(require("./controllers/items"));
 const not_found_1 = __importDefault(require("./controllers/not-found"));
 const panels_1 = __importDefault(require("./controllers/panels"));
 const notifications_1 = __importDefault(require("./controllers/notifications"));
+const operations_1 = __importDefault(require("./controllers/operations"));
 const permissions_1 = __importDefault(require("./controllers/permissions"));
 const presets_1 = __importDefault(require("./controllers/presets"));
 const relations_1 = __importDefault(require("./controllers/relations"));
@@ -58,6 +60,7 @@ const emitter_1 = __importDefault(require("./emitter"));
 const env_1 = __importDefault(require("./env"));
 const exceptions_1 = require("./exceptions");
 const extensions_2 = require("./extensions");
+const flows_2 = require("./flows");
 const logger_1 = __importStar(require("./logger"));
 const authenticate_1 = __importDefault(require("./middleware/authenticate"));
 const get_permissions_1 = __importDefault(require("./middleware/get-permissions"));
@@ -96,7 +99,9 @@ async function createApp() {
     await (0, cache_2.flushCaches)();
     await (0, auth_2.registerAuthProviders)();
     const extensionManager = (0, extensions_2.getExtensionManager)();
+    const flowManager = (0, flows_2.getFlowManager)();
     await extensionManager.initialize();
+    await flowManager.initialize();
     const app = (0, express_1.default)();
     app.disable('x-powered-by');
     app.set('trust proxy', env_1.default.IP_TRUST_PROXY);
@@ -187,9 +192,11 @@ async function createApp() {
     app.use('/extensions', extensions_1.default);
     app.use('/fields', fields_1.default);
     app.use('/files', files_1.default);
+    app.use('/flows', flows_1.default);
     app.use('/folders', folders_1.default);
     app.use('/items', items_1.default);
     app.use('/notifications', notifications_1.default);
+    app.use('/operations', operations_1.default);
     app.use('/panels', panels_1.default);
     app.use('/permissions', permissions_1.default);
     app.use('/presets', presets_1.default);
@@ -210,7 +217,7 @@ async function createApp() {
     app.use(error_handler_1.default);
     await emitter_1.default.emitInit('routes.after', { app });
     // Register all webhooks
-    await (0, webhooks_2.register)();
+    await (0, webhooks_2.init)();
     (0, track_1.track)('serverStarted');
     await emitter_1.default.emitInit('app.after', { app });
     return app;

package/dist/auth/drivers/oauth2.d.ts

@@ -1,8 +1,8 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
-import { LocalAuthDriver } from './local';
 import { UsersService } from '../../services';
 import { AuthDriverOptions, User } from '../../types';
+import { LocalAuthDriver } from './local';
 export declare class OAuth2AuthDriver extends LocalAuthDriver {
     client: Client;
     redirectUrl: string;

package/dist/auth/drivers/oauth2.js

@@ -5,21 +5,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOAuth2AuthRouter = exports.OAuth2AuthDriver = void 0;
 const express_1 = require("express");
-const openid_client_1 = require("openid-client");
+const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
-const flat_1 = __importDefault(require("flat"));
-const local_1 = require("./local");
+const openid_client_1 = require("openid-client");
 const auth_1 = require("../../auth");
 const env_1 = __importDefault(require("../../env"));
-const services_1 = require("../../services");
 const exceptions_1 = require("../../exceptions");
+const logger_1 = __importDefault(require("../../logger"));
 const respond_1 = require("../../middleware/respond");
+const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
-const url_1 = require("../../utils/url");
-const logger_1 = __importDefault(require("../../logger"));
-const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
 const get_config_from_env_1 = require("../../utils/get-config-from-env");
+const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const parse_json_1 = require("../../utils/parse-json");
+const url_1 = require("../../utils/url");
+const local_1 = require("./local");
 class OAuth2AuthDriver extends local_1.LocalAuthDriver {
     constructor(options, config) {
         super(options, config);
@@ -78,7 +79,6 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         return user === null || user === void 0 ? void 0 : user.id;
     }
     async getUserID(payload) {
-        var _a, _b;
         if (!payload.code || !payload.codeVerifier) {
             logger_1.default.trace('[OAuth2] No code or codeVerifier in payload');
             throw new exceptions_1.InvalidCredentialsException();
@@ -95,9 +95,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, emailKey, identifierKey, allowPublicRegistration } = this.config;
-        const email = userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email'];
+        const email = userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email'] ? String(userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email']) : undefined;
         // Fallback to email if explicit identifier not found
-        const identifier = (_b = ((_a = userInfo[identifierKey]) !== null && _a !== void 0 ? _a : email)) === null || _b === void 0 ? void 0 : _b.toString();
+        const identifier = userInfo[identifierKey] ? String(userInfo[identifierKey]) : email;
         if (!identifier) {
             logger_1.default.warn(`[OAuth2] Failed to find user identifier for provider "${provider}"`);
             throw new exceptions_1.InvalidCredentialsException();
@@ -135,7 +135,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         let authData = user.auth_data;
         if (typeof authData === 'string') {
             try {
-                authData = JSON.parse(authData);
+                authData = (0, parse_json_1.parseJSON)(authData);
             }
             catch {
                 logger_1.default.warn(`[OAuth2] Session data isn't valid JSON: ${authData}`);
@@ -243,6 +243,9 @@ function createOAuth2AuthRouter(providerName) {
                 else if (error instanceof exceptions_1.InvalidTokenException) {
                     reason = 'INVALID_TOKEN';
                 }
+                else if (error instanceof exceptions_1.InvalidProviderException) {
+                    reason = 'INVALID_PROVIDER';
+                }
                 else {
                     logger_1.default.warn(error, `[OAuth2] Unexpected error during OAuth2 login`);
                 }

package/dist/auth/drivers/openid.d.ts

@@ -1,8 +1,8 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
-import { LocalAuthDriver } from './local';
 import { UsersService } from '../../services';
 import { AuthDriverOptions, User } from '../../types';
+import { LocalAuthDriver } from './local';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: Promise<Client>;
     redirectUrl: string;

package/dist/auth/drivers/openid.js

@@ -5,21 +5,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOpenIDAuthRouter = exports.OpenIDAuthDriver = void 0;
 const express_1 = require("express");
-const openid_client_1 = require("openid-client");
+const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
-const flat_1 = __importDefault(require("flat"));
-const local_1 = require("./local");
+const openid_client_1 = require("openid-client");
 const auth_1 = require("../../auth");
 const env_1 = __importDefault(require("../../env"));
-const services_1 = require("../../services");
 const exceptions_1 = require("../../exceptions");
+const logger_1 = __importDefault(require("../../logger"));
 const respond_1 = require("../../middleware/respond");
+const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
-const url_1 = require("../../utils/url");
-const logger_1 = __importDefault(require("../../logger"));
-const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
 const get_config_from_env_1 = require("../../utils/get-config-from-env");
+const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const parse_json_1 = require("../../utils/parse-json");
+const url_1 = require("../../utils/url");
+const local_1 = require("./local");
 class OpenIDAuthDriver extends local_1.LocalAuthDriver {
     constructor(options, config) {
         super(options, config);
@@ -85,7 +86,6 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         return user === null || user === void 0 ? void 0 : user.id;
     }
     async getUserID(payload) {
-        var _a, _b;
         if (!payload.code || !payload.codeVerifier) {
             logger_1.default.trace('[OpenID] No code or codeVerifier in payload');
             throw new exceptions_1.InvalidCredentialsException();
@@ -109,9 +109,9 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail } = this.config;
-        const email = userInfo.email;
+        const email = userInfo.email ? String(userInfo.email) : undefined;
         // Fallback to email if explicit identifier not found
-        const identifier = (_b = (_a = userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub']) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : email;
+        const identifier = userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub'] ? String(userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub']) : email;
         if (!identifier) {
             logger_1.default.warn(`[OpenID] Failed to find user identifier for provider "${provider}"`);
             throw new exceptions_1.InvalidCredentialsException();
@@ -150,7 +150,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         let authData = user.auth_data;
         if (typeof authData === 'string') {
             try {
-                authData = JSON.parse(authData);
+                authData = (0, parse_json_1.parseJSON)(authData);
             }
             catch {
                 logger_1.default.warn(`[OpenID] Session data isn't valid JSON: ${authData}`);
@@ -260,6 +260,9 @@ function createOpenIDAuthRouter(providerName) {
                 else if (error instanceof exceptions_1.InvalidTokenException) {
                     reason = 'INVALID_TOKEN';
                 }
+                else if (error instanceof exceptions_1.InvalidProviderException) {
+                    reason = 'INVALID_PROVIDER';
+                }
                 else {
                     logger_1.default.warn(error, `[OpenID] Unexpected error during OpenID login`);
                 }

package/dist/cli/commands/schema/apply.js

@@ -28,12 +28,13 @@ const fs_1 = require("fs");
 const inquirer_1 = __importDefault(require("inquirer"));
 const js_yaml_1 = require("js-yaml");
 const path_1 = __importDefault(require("path"));
+const cache_1 = require("../../../cache");
 const database_1 = __importStar(require("../../../database"));
 const logger_1 = __importDefault(require("../../../logger"));
+const apply_snapshot_1 = require("../../../utils/apply-snapshot");
 const get_snapshot_1 = require("../../../utils/get-snapshot");
 const get_snapshot_diff_1 = require("../../../utils/get-snapshot-diff");
-const apply_snapshot_1 = require("../../../utils/apply-snapshot");
-const cache_1 = require("../../../cache");
+const parse_json_1 = require("../../../utils/parse-json");
 async function apply(snapshotPath, options) {
     var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
     const filename = path_1.default.resolve(process.cwd(), snapshotPath);
@@ -52,7 +53,7 @@ async function apply(snapshotPath, options) {
             snapshot = (await (0, js_yaml_1.load)(fileContents));
         }
         else {
-            snapshot = JSON.parse(fileContents);
+            snapshot = (0, parse_json_1.parseJSON)(fileContents);
         }
         const currentSnapshot = await (0, get_snapshot_1.getSnapshot)({ database });
         const snapshotDiff = (0, get_snapshot_diff_1.getSnapshotDiff)(currentSnapshot, snapshot);

package/dist/cli/utils/create-env/env-stub.liquid

@@ -1,60 +1,317 @@
 ####################################################################################################
-## General
+# 
+# These values set environment variables which modify core settings of Directus.
+#
+# Values in square brackets are the default values.
+#
+# The following options are not all possible options. For more, see 
+# https://docs.directus.io/configuration/config-options/
+# 
+####################################################################################################
+####################################################################################################
+
+### General
 
+# IP or host the API listens on ["0.0.0.0"]
 HOST="0.0.0.0"
+
+# The port Directus will run on [8055]
 PORT=8055
+
+# The URL where your API can be reached on the web. It is also used for things like OAuth redirects, 
+# forgot-password emails, and logos that needs to be publicly available on the internet. ["/"]
 PUBLIC_URL="/"
+# PUBLIC_URL="http://localhost:8055"
+
+# What level of detail to log. [info]
+# "fatal", "error", "warn", "info", "debug", "trace", "silent"
+# LOG_LEVEL="info"
+
+# Render the logs human readable (pretty) or as JSON (raw), [pretty]
+# "pretty", "raw"
+# LOG_STYLE="pretty"
+
+# Controls the maximum request body size. Accepts number of bytes, or human readable string ["100kb"]
+# MAX_PAYLOAD_SIZE="100kb"
+
+# Where to redirect to when navigating to /. Accepts a relative path, absolute URL, or false to disable ["./admin"]
+# ROOT_REDIRECT="./admin"
+
+# Whether or not to serve the Admin App under /admin. [true]
+# SERVE_APP=true
+
+# Whether or not to enable GraphQL Introspection [true]
+# GRAPHQL_INTROSPECTION=true
 
 ####################################################################################################
-## Database
+### Database
+
+# All DB_* environment variables are passed to the connection configuration of a Knex instance. 
+# Based on your project's needs, you can extend the DB_* environment variables with any config 
+# you need to pass to the database instance.
 
 {{ database }}
 
+
+# These match the databases defined in the docker-compose file in the root of this repo
+
+## Postgres
+# DB_CLIENT="pg"
+# DB_HOST="localhost"
+# DB_PORT=5432
+# DB_DATABASE="directus"
+# DB_USER="postgres"
+# DB_PASSWORD="secret"
+
+## CockroachDB
+# DB_CLIENT="cockroachdb"
+# DB_HOST="localhost"
+# DB_PORT=26257
+# DB_DATABASE="directus"
+# DB_USER="root"
+# DB_PASSWORD=""
+
+## MySQL 8
+# DB_CLIENT="mysql"
+# DB_HOST="localhost"
+# DB_PORT=3306
+# DB_DATABASE="directus"
+# DB_USER="root"
+# DB_PASSWORD="secret"
+
+## MariaDB
+# DB_CLIENT="mysql"
+# DB_HOST="localhost"
+# DB_PORT=3306
+# DB_DATABASE="directus"
+# DB_USER="root"
+# DB_PASSWORD="secret"
+
+## MS SQL
+# DB_CLIENT="mssql"
+# DB_HOST="localhost"
+# DB_PORT=1343
+# DB_DATABASE="directus"
+# DB_USER="sa"
+# DB_PASSWORD="Test@123"
+
+## OracleDB
+# DB_CLIENT="oracledb"
+# DB_CONNECT_STRING="localhost:1521/XE"
+# DB_USER="secretsysuser"
+# DB_PASSWORD="secretpassword"
+
+## SQLite Example
+# DB_CLIENT="sqlite3"
+# DB_FILENAME="./data.db"
+
+## MySQL 5.7
+# DB_CLIENT="mysql"
+# DB_HOST="localhost"
+# DB_PORT=3306
+# DB_DATABASE="directus"
+# DB_USER="root"
+# DB_PASSWORD="secret"
+
 ####################################################################################################
-## Rate Limiting
+### Rate Limiting
 
+# Whether or not to enable rate limiting on the API [false]
 RATE_LIMITER_ENABLED=false
+
+# Where to store the rate limiter counts [memory]
+# memory, redis, memcache
 RATE_LIMITER_STORE=memory
+# RATE_LIMITER_REDIS="redis://@127.0.0.1:5105"
+# RATE_LIMITER_MEMCACHE="localhost:5109"
+
+# The amount of allowed hits per duration [50]
 RATE_LIMITER_POINTS=25
+
+# The time window in seconds in which the hits are counted [1]
 RATE_LIMITER_DURATION=1
 
 ####################################################################################################
-## Cache
+### Caching
 
+# Whether or not caching is enabled. [false]
 CACHE_ENABLED=false
 
+# How long the cache is persisted ["5m"]
+# CACHE_TTL="30m"
+
+# How to scope the cache data ["directus-cache"]
+# CACHE_NAMESPACE="directus-cache"
+
+# Automatically purge the cache on create, update, and delete actions. [false]
+# CACHE_AUTO_PURGE=true
+
+# memory | redis | memcache
+CACHE_STORE=memory
+
+# How long assets will be cached for in the browser. Sets the max-age value of the Cache-Control header ["30m"]
+ASSETS_CACHE_TTL="30m"
+
+# CACHE_REDIS="redis://@127.0.0.1:5105"
+# CACHE_MEMCACHE="localhost:5109"
+
 ####################################################################################################
-## File Storage
+### File Storage
 
+# A CSV of storage locations (eg: local,digitalocean,amazon) to use. You can use any names you'd like for these keys ["local"]
 STORAGE_LOCATIONS="local"
 STORAGE_LOCAL_DRIVER="local"
 STORAGE_LOCAL_ROOT="./uploads"
 
+## S3 Example (location name: DigitalOcean)
+# STORAGE_DIGITALOCEAN_DRIVER="s3"
+# STORAGE_DIGITALOCEAN_KEY="abcdef"
+# STORAGE_DIGITALOCEAN_SECRET="ghijkl"
+# STORAGE_DIGITALOCEAN_ENDPOINT="ams3.digitaloceanspaces.com"
+# STORAGE_DIGITALOCEAN_BUCKET="my-files"
+# STORAGE_DIGITALOCEAN_REGION="ams3"
+
+## Google Cloud Storage Example (location name: Google)
+# STORAGE_GOOGLE_DRIVER="gcs"
+# STORAGE_GOOGLE_KEY_FILENAME="abcdef"
+# STORAGE_GOOGLE_BUCKET="my-files"
+
+
+## A comma-separated list of metadata keys to collect during file upload. Use * for all 
+# Extracting all metadata might cause memory issues when the file has an unusually large set of metadata
+# [ifd0.Make,ifd0.Model,exif.FNumber,exif.ExposureTime,exif.FocalLength,exif.ISO]
+# FILE_METADATA_ALLOW_LIST=
+
 ####################################################################################################
-## Security
+### Security
 
 {{ security }}
 
+# Unique identifier for the project
+# KEY="xxxxxxx-xxxxxx-xxxxxxxx-xxxxxxxxxx"
+
+# Secret string for the project 
+# SECRET="abcdef"
+
+# The duration that the access token is valid ["15m"]
 ACCESS_TOKEN_TTL="15m"
+
+# The duration that the refresh token is valid, and also how long users stay logged-in to the App ["7d"]
 REFRESH_TOKEN_TTL="7d"
+
+# Whether or not to use a secure cookie for the refresh token in cookie mode [false]
 REFRESH_TOKEN_COOKIE_SECURE=false
+
+# Value for sameSite in the refresh token cookie when in cookie mode ["lax"]
 REFRESH_TOKEN_COOKIE_SAME_SITE="lax"
+
+# Name of refresh token cookie ["directus_refresh_token"]
 REFRESH_TOKEN_COOKIE_NAME="directus_refresh_token"
 
+# Which domain to use for the refresh cookie. Useful for development mode.
+# REFRESH_TOKEN_COOKIE_DOMAIN
+
+# Whether or not to enable the CORS headers [false]
+CORS_ENABLED=true
+
+# Value for the Access-Control-Allow-Origin header. Use true to match the Origin header, or provide a domain or a CSV of domains for specific access [false]
+CORS_ORIGIN=true
+
+# Value for the Access-Control-Allow-Methods header [GET,POST,PATCH,DELETE]
+CORS_METHODS=GET,POST,PATCH,DELETE
+
+# Value for the Access-Control-Allow-Headers header [Content-Type,Authorization]
+CORS_ALLOWED_HEADERS=Content-Type,Authorization
+
+# Value for the Access-Control-Expose-Headers header [Content-R
+CORS_EXPOSED_HEADERS=Content-Range
+
+# Whether or not to send the Access-Control-Allow-Credentials header [true]
+CORS_CREDENTIALS=true
+
+# Value for the Access-Control-Max-Age header [18000]
+CORS_MAX_AGE=18000
+
+####################################################################################################
+### Argon2
+
+# How much memory to use when generating hashes, in KiB [4096]
+# HASH_MEMORY_COST=81920
+
+# The length of the hash function output in bytes [32]
+# HASH_HASH_LENGTH=32
+
+# The amount of passes (iterations) used by the hash function. It increases hash strength at the cost of time required to compute [3]
+# HASH_TIME_COST=10
+
+# The amount of threads to compute the hash on. Each thread has a memory pool with HASH_MEMORY_COST size [1]
+# HASH_PARALLELISM=2
+
+# The variant of the hash function (0: argon2d, 1: argon2i, or 2: argon2id) [1]
+# HASH_TYPE=2
+
+An extra and optional non-secret value. The value will be included B64 encoded in the parameters portion of the digest []
+# HASH_ASSOCIATED_DATA=foo
+
 ####################################################################################################
-## Auth Providers
+### Auth Providers
 
+# A comma-separated list of auth providers []
 AUTH_PROVIDERS=""
+# AUTH_PROVIDERS="github"
+
+# AUTH_GITHUB_DRIVER="oauth2"
+# AUTH_GITHUB_CLIENT_ID="73e...4b"
+# AUTH_GITHUB_CLIENT_SECRET="b9...98"
+# AUTH_GITHUB_AUTHORIZE_URL="https://github.com/login/oauth/authorize"
+# AUTH_GITHUB_ACCESS_URL="https://github.com/login/oauth/access_token"
+# AUTH_GITHUB_PROFILE_URL="https://api.github.com/user"
+# AUTH_GITHUB_ALLOW_PUBLIC_REGISTRATION=true
+# AUTH_GITHUB_DEFAULT_ROLE_ID="82424427-c9d4-4289-8bc5-ed1bf8422c90"
+# AUTH_GITHUB_ICON="github"
+# AUTH_GITHUB_EMAIL_KEY="email"
+# AUTH_GITHUB_IDENTIFIER_KEY="login"
 
 ####################################################################################################
-## Extensions
+### Extensions
 
+# Path to your local extensions folder ["./extensions"]
 EXTENSIONS_PATH="./extensions"
 
+# Automatically reload extensions when they have changed [false]
+EXTENSIONS_AUTO_RELOAD=false
+
 ####################################################################################################
-## Email
+### Email
 
+# Email address from which emails are sent ["no-reply@directus.io"]
 EMAIL_FROM="no-reply@directus.io"
+
+# What to use to send emails. One of 
+# sendmail, smtp, mailgun, ses.
 EMAIL_TRANSPORT="sendmail"
 EMAIL_SENDMAIL_NEW_LINE="unix"
 EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
+
+## Email (Sendmail Transport)
+
+# What new line style to use in sendmail ["unix"]
+EMAIL_SENDMAIL_NEW_LINE="unix"
+
+# Path to your sendmail executable ["/usr/sbin/sendmail"]
+EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
+
+## Email (SMTP Transport)
+# EMAIL_SMTP_HOST="localhost"
+
+# Use SMTP pooling
+# EMAIL_SMTP_POOL=true
+# EMAIL_SMTP_PORT=465
+# EMAIL_SMTP_SECURE=false # Use TLS
+# EMAIL_SMTP_IGNORE_TLS=false
+# EMAIL_SMTP_USER="username"
+# EMAIL_SMTP_PASSWORD="password"
+
+## Email (Mailgun Transport)
+# EMAIL_MAILGUN_API_KEY="key-1234123412341234"
+# EMAIL_MAILGUN_DOMAIN="a domain name from https://app.mailgun.com/app/sending/domains"

package/dist/controllers/activity.js

@@ -3,6 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const types_1 = require("@directus/shared/types");
 const express_1 = __importDefault(require("express"));
 const joi_1 = __importDefault(require("joi"));
 const exceptions_1 = require("../exceptions");
@@ -10,7 +11,6 @@ const respond_1 = require("../middleware/respond");
 const use_collection_1 = __importDefault(require("../middleware/use-collection"));
 const validate_batch_1 = require("../middleware/validate-batch");
 const services_1 = require("../services");
-const types_1 = require("../types");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const get_ip_from_req_1 = require("../utils/get-ip-from-req");
 const router = express_1.default.Router();

package/dist/controllers/assets.js

@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = require("express");
+const helmet_1 = __importDefault(require("helmet"));
 const lodash_1 = require("lodash");
 const ms_1 = __importDefault(require("ms"));
 const constants_1 = require("../constants");
@@ -14,9 +15,8 @@ const use_collection_1 = __importDefault(require("../middleware/use-collection")
 const services_1 = require("../services");
 const assets_1 = require("../types/assets");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
-const helmet_1 = __importDefault(require("helmet"));
-const lodash_2 = require("lodash");
 const get_config_from_env_1 = require("../utils/get-config-from-env");
+const parse_json_1 = require("../utils/parse-json");
 const router = (0, express_1.Router)();
 router.use((0, use_collection_1.default)('directus_files'));
 router.get('/:pk', 
@@ -41,7 +41,7 @@ router.get('/:pk',
         let transforms;
         // Try parse the JSON array
         try {
-            transforms = JSON.parse(transformation['transforms']);
+            transforms = (0, parse_json_1.parseJSON)(transformation['transforms']);
         }
         catch {
             throw new exceptions_1.InvalidQueryException(`"transforms" Parameter needs to be a JSON array of allowed transformations.`);
@@ -91,7 +91,7 @@ router.get('/:pk',
             return next();
         throw new exceptions_1.InvalidQueryException(`Dynamic asset generation has been disabled for this project.`);
     }
-}), helmet_1.default.contentSecurityPolicy((0, lodash_2.merge)({
+}), helmet_1.default.contentSecurityPolicy((0, lodash_1.merge)({
     useDefaults: false,
     directives: {
         defaultSrc: ['none'],
@@ -110,11 +110,10 @@ router.get('/:pk',
         : res.locals.transformation;
     let range = undefined;
     if (req.headers.range) {
-        // substring 6 = "bytes="
-        const rangeParts = req.headers.range.substring(6).split('-');
+        const rangeParts = /bytes=([0-9]*)-([0-9]*)/.exec(req.headers.range);
         range = {
-            start: rangeParts[0] ? Number(rangeParts[0]) : 0,
-            end: rangeParts[1] ? Number(rangeParts[1]) : undefined,
+            start: (rangeParts === null || rangeParts === void 0 ? void 0 : rangeParts[1]) ? Number(rangeParts[1]) : undefined,
+            end: (rangeParts === null || rangeParts === void 0 ? void 0 : rangeParts[2]) ? Number(rangeParts[2]) : undefined,
         };
         if (Number.isNaN(range.start) || Number.isNaN(range.end)) {
             throw new exceptions_1.RangeNotSatisfiableException(range);
@@ -134,7 +133,7 @@ router.get('/:pk',
     if (range) {
         res.setHeader('Content-Range', `bytes ${range.start}-${range.end || stat.size - 1}/${stat.size}`);
         res.status(206);
-        res.setHeader('Content-Length', (range.end ? range.end + 1 : stat.size) - range.start);
+        res.setHeader('Content-Length', (range.end ? range.end + 1 : stat.size) - (range.start || 0));
     }
     else {
         res.setHeader('Content-Length', stat.size);

package/dist/controllers/flows.d.ts

@@ -0,0 +1,2 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;