directus 9.12.2 → 9.13.0

package/dist/services/mail/index.js

@@ -23,12 +23,14 @@ class MailService {
         this.accountability = opts.accountability || null;
         this.knex = (opts === null || opts === void 0 ? void 0 : opts.knex) || (0, database_1.default)();
         this.mailer = (0, mailer_1.default)();
-        this.mailer.verify((error) => {
-            if (error) {
-                logger_1.default.warn(`Email connection failed:`);
-                logger_1.default.warn(error);
-            }
-        });
+        if (env_1.default.EMAIL_VERIFY_SETUP) {
+            this.mailer.verify((error) => {
+                if (error) {
+                    logger_1.default.warn(`Email connection failed:`);
+                    logger_1.default.warn(error);
+                }
+            });
+        }
     }
     async send(options) {
         const { template, ...emailOptions } = options;

package/dist/services/operations.d.ts

@@ -6,6 +6,7 @@ export declare class OperationsService extends ItemsService<OperationRaw> {
     createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
     createMany(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     updateOne(key: PrimaryKey, data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateBatch(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
     deleteOne(key: PrimaryKey, opts?: MutationOptions): Promise<PrimaryKey>;
     deleteMany(keys: PrimaryKey[], opts?: MutationOptions): Promise<PrimaryKey[]>;

package/dist/services/operations.js

@@ -25,6 +25,12 @@ class OperationsService extends items_1.ItemsService {
         await flowManager.reload();
         return result;
     }
+    async updateBatch(data, opts) {
+        const flowManager = (0, flows_1.getFlowManager)();
+        const result = await super.updateBatch(data, opts);
+        await flowManager.reload();
+        return result;
+    }
     async updateMany(keys, data, opts) {
         const flowManager = (0, flows_1.getFlowManager)();
         const result = await super.updateMany(keys, data, opts);

package/dist/services/payload.js

@@ -15,7 +15,6 @@ const database_1 = __importDefault(require("../database"));
 const helpers_1 = require("../database/helpers");
 const exceptions_1 = require("../exceptions");
 const generate_hash_1 = require("../utils/generate-hash");
-const parse_json_1 = require("../utils/parse-json");
 const items_1 = require("./items");
 /**
  * Process a given payload for a collection to ensure the special fields (hash, uuid, date etc) are
@@ -56,7 +55,7 @@ class PayloadService {
                 if (action === 'read') {
                     if (typeof value === 'string') {
                         try {
-                            return (0, parse_json_1.parseJSON)(value);
+                            return (0, utils_1.parseJSON)(value);
                         }
                         catch {
                             return value;
@@ -197,7 +196,7 @@ class PayloadService {
     processGeometries(payloads, action) {
         const process = action == 'read'
             ? (value) => (typeof value === 'string' ? (0, wellknown_1.parse)(value) : value)
-            : (value) => this.helpers.st.fromGeoJSON(typeof value == 'string' ? (0, parse_json_1.parseJSON)(value) : value);
+            : (value) => this.helpers.st.fromGeoJSON(typeof value == 'string' ? (0, utils_1.parseJSON)(value) : value);
         const fieldsInCollection = Object.entries(this.schema.collections[this.collection].fields);
         const geometryColumns = fieldsInCollection.filter(([_, field]) => field.type.startsWith('geometry'));
         for (const [name] of geometryColumns) {

package/dist/services/permissions.d.ts

@@ -12,6 +12,7 @@ export declare class PermissionsService extends ItemsService {
     createMany(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     updateByQuery(query: Query, data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
     updateOne(key: PrimaryKey, data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateBatch(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
     upsertOne(payload: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
     upsertMany(payloads: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;

package/dist/services/permissions.js

@@ -70,6 +70,11 @@ class PermissionsService extends items_1.ItemsService {
         await (0, cache_1.clearSystemCache)();
         return res;
     }
+    async updateBatch(data, opts) {
+        const res = await super.updateBatch(data, opts);
+        await (0, cache_1.clearSystemCache)();
+        return res;
+    }
     async updateMany(keys, data, opts) {
         const res = await super.updateMany(keys, data, opts);
         await (0, cache_1.clearSystemCache)();

package/dist/services/relations.js

@@ -1,7 +1,11 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];

package/dist/services/roles.d.ts

@@ -6,6 +6,7 @@ export declare class RolesService extends ItemsService {
     private checkForOtherAdminRoles;
     private checkForOtherAdminUsers;
     updateOne(key: PrimaryKey, data: Record<string, any>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateBatch(data: Record<string, any>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     updateMany(keys: PrimaryKey[], data: Record<string, any>, opts?: MutationOptions): Promise<PrimaryKey[]>;
     deleteOne(key: PrimaryKey): Promise<PrimaryKey>;
     deleteMany(keys: PrimaryKey[]): Promise<PrimaryKey[]>;

package/dist/services/roles.js

@@ -64,6 +64,15 @@ class RolesService extends items_1.ItemsService {
         }
         return super.updateOne(key, data, opts);
     }
+    async updateBatch(data, opts) {
+        const primaryKeyField = this.schema.collections[this.collection].primary;
+        const keys = data.map((item) => item[primaryKeyField]);
+        const setsToNoAdmin = data.some((item) => item.admin_access === false);
+        if (setsToNoAdmin) {
+            await this.checkForOtherAdminRoles(keys);
+        }
+        return super.updateBatch(data, opts);
+    }
     async updateMany(keys, data, opts) {
         if ('admin_access' in data && data.admin_access === false) {
             await this.checkForOtherAdminRoles(keys);

package/dist/services/server.js

@@ -1,7 +1,11 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];

package/dist/services/users.d.ts

@@ -38,6 +38,7 @@ export declare class UsersService extends ItemsService {
      * Update a single user by primary key
      */
     updateOne(key: PrimaryKey, data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateBatch(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     /**
      * Update many users by primary key
      */

package/dist/services/users.js

@@ -153,6 +153,23 @@ class UsersService extends items_1.ItemsService {
         await this.updateMany([key], data, opts);
         return key;
     }
+    async updateBatch(data, opts) {
+        const primaryKeyField = this.schema.collections[this.collection].primary;
+        const keys = [];
+        await this.knex.transaction(async (trx) => {
+            const service = new UsersService({
+                accountability: this.accountability,
+                knex: trx,
+                schema: this.schema,
+            });
+            for (const item of data) {
+                if (!item[primaryKeyField])
+                    throw new exceptions_2.InvalidPayloadException(`User in update misses primary key.`);
+                keys.push(await service.updateOne(item[primaryKeyField], item, opts));
+            }
+        });
+        return keys;
+    }
     /**
      * Update many users by primary key
      */

package/dist/types/index.js

@@ -1,7 +1,11 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];

package/dist/utils/apply-query.js

@@ -211,7 +211,15 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                     const columnName = (0, get_column_path_1.getColumnPath)({ path: filterPath, collection, relations, aliasMap });
                     if (!columnName)
                         continue;
-                    applyFilterToQuery(columnName, filterOperator, filterValue, logical);
+                    if (relation === null || relation === void 0 ? void 0 : relation.related_collection) {
+                        applyFilterToQuery(columnName, filterOperator, filterValue, logical, relation.related_collection); // m2o
+                    }
+                    else if (filterPath[0].includes(':')) {
+                        applyFilterToQuery(columnName, filterOperator, filterValue, logical, filterPath[0].split(':')[1]); // a2o
+                    }
+                    else {
+                        applyFilterToQuery(columnName, filterOperator, filterValue, logical);
+                    }
                 }
                 else {
                     applyFilterToQuery(`${collection}.${filterPath[0]}`, filterOperator, filterValue, logical);
@@ -245,7 +253,7 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                 }
             }
         }
-        function applyFilterToQuery(key, operator, compareValue, logical = 'and') {
+        function applyFilterToQuery(key, operator, compareValue, logical = 'and', originalCollectionName) {
             const [table, column] = key.split('.');
             // Is processed through Knex.Raw, so should be safe to string-inject into these where queries
             const selectionRaw = (0, get_column_1.getColumn)(knex, table, column, false, schema);
@@ -268,6 +276,17 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                     query.where(key, '!=', '');
                 });
             }
+            // The following fields however, require a value to be run. If no value is passed, we
+            // ignore them. This allows easier use in GraphQL, where you wouldn't be able to
+            // conditionally build out your filter structure (#4471)
+            if (compareValue === undefined)
+                return;
+            if (Array.isArray(compareValue)) {
+                // Tip: when using a `[Type]` type in GraphQL, but don't provide the variable, it'll be
+                // reported as [undefined].
+                // We need to remove any undefined values, as they are useless
+                compareValue = compareValue.filter((val) => val !== undefined);
+            }
             // Cast filter value (compareValue) based on function used
             if (column.includes('(') && column.includes(')')) {
                 const functionName = column.split('(')[0];
@@ -278,8 +297,9 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             }
             // Cast filter value (compareValue) based on type of field being filtered against
             const [collection, field] = key.split('.');
-            if (collection in schema.collections && field in schema.collections[collection].fields) {
-                const type = schema.collections[collection].fields[field].type;
+            const mappedCollection = originalCollectionName || collection;
+            if (mappedCollection in schema.collections && field in schema.collections[mappedCollection].fields) {
+                const type = schema.collections[mappedCollection].fields[field].type;
                 if (['date', 'dateTime', 'time', 'timestamp'].includes(type)) {
                     if (Array.isArray(compareValue)) {
                         compareValue = compareValue.map((val) => helpers.date.parse(val));
@@ -297,17 +317,6 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                     }
                 }
             }
-            // The following fields however, require a value to be run. If no value is passed, we
-            // ignore them. This allows easier use in GraphQL, where you wouldn't be able to
-            // conditionally build out your filter structure (#4471)
-            if (compareValue === undefined)
-                return;
-            if (Array.isArray(compareValue)) {
-                // Tip: when using a `[Type]` type in GraphQL, but don't provide the variable, it'll be
-                // reported as [undefined].
-                // We need to remove any undefined values, as they are useless
-                compareValue = compareValue.filter((val) => val !== undefined);
-            }
             if (operator === '_eq') {
                 dbQuery[logical].where(selectionRaw, '=', compareValue);
             }

package/dist/utils/calculate-field-depth.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Calculates the depth of a given JSON structure, not counting any _ prefixed properties
+ *
+ * Used to calculate the field depth in a filter or deep query structure
+ *
+ * @example
+ *
+ * ```js
+ * const deep = {
+ * 	translations: {
+ * 		_filter: {
+ * 			_and: [
+ * 				{
+ * 					language_id: {
+ * 						name: {
+ * 							_eq: 'English'
+ * 						}
+ * 					}
+ * 				},
+ * 				{
+ * 					status: {
+ * 						_eq: 'Published'
+ * 					}
+ * 				}
+ * 			]
+ * 		}
+ * 	}
+ * };
+ *
+ * const result = calculateFieldDepth(deep); // => 3
+ * ```
+ */
+export declare function calculateFieldDepth(obj?: Record<string, any> | null, dotNotationKeys?: string[]): number;

package/dist/utils/calculate-field-depth.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateFieldDepth = void 0;
+const lodash_1 = require("lodash");
+/**
+ * Calculates the depth of a given JSON structure, not counting any _ prefixed properties
+ *
+ * Used to calculate the field depth in a filter or deep query structure
+ *
+ * @example
+ *
+ * ```js
+ * const deep = {
+ * 	translations: {
+ * 		_filter: {
+ * 			_and: [
+ * 				{
+ * 					language_id: {
+ * 						name: {
+ * 							_eq: 'English'
+ * 						}
+ * 					}
+ * 				},
+ * 				{
+ * 					status: {
+ * 						_eq: 'Published'
+ * 					}
+ * 				}
+ * 			]
+ * 		}
+ * 	}
+ * };
+ *
+ * const result = calculateFieldDepth(deep); // => 3
+ * ```
+ */
+function calculateFieldDepth(obj, dotNotationKeys = []) {
+    if (!obj) {
+        return 0;
+    }
+    let depth = 0;
+    const keys = Object.keys(obj);
+    for (const key of keys) {
+        const nestedValue = obj[key];
+        if (dotNotationKeys.includes(key) && nestedValue) {
+            let sortDepth = 0;
+            for (const sortKey of nestedValue) {
+                if (sortKey) {
+                    sortDepth = Math.max(sortKey.split('.').length, sortDepth);
+                }
+            }
+            if (sortDepth > depth) {
+                depth = sortDepth;
+            }
+        }
+        else {
+            if (!(0, lodash_1.isPlainObject)(nestedValue) && !(0, lodash_1.isArray)(nestedValue))
+                continue;
+            let nestedDepth = 0;
+            if (Array.isArray(nestedValue)) {
+                nestedDepth = Math.max(...nestedValue.map((val) => calculateFieldDepth(val, dotNotationKeys)));
+            }
+            else {
+                nestedDepth = calculateFieldDepth(nestedValue, dotNotationKeys);
+            }
+            if (key.startsWith('_') === false)
+                nestedDepth += 1;
+            if (nestedDepth > depth) {
+                depth = nestedDepth;
+            }
+        }
+    }
+    return depth;
+}
+exports.calculateFieldDepth = calculateFieldDepth;

package/dist/utils/get-default-value.js

@@ -3,26 +3,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@directus/shared/utils");
 const env_1 = __importDefault(require("../env"));
 const logger_1 = __importDefault(require("../logger"));
 const get_local_type_1 = __importDefault(require("./get-local-type"));
-const parse_json_1 = require("./parse-json");
 function getDefaultValue(column) {
     var _a;
     const type = (0, get_local_type_1.default)(column);
-    let defaultValue = (_a = column.default_value) !== null && _a !== void 0 ? _a : null;
+    const defaultValue = (_a = column.default_value) !== null && _a !== void 0 ? _a : null;
     if (defaultValue === null)
         return null;
-    if (defaultValue === 'null')
-        return null;
-    if (defaultValue === 'NULL')
-        return null;
-    // Check if the default is wrapped in an extra pair of quotes, this happens in SQLite / MariaDB
-    if (typeof defaultValue === 'string' &&
-        ((defaultValue.startsWith(`'`) && defaultValue.endsWith(`'`)) ||
-            (defaultValue.startsWith(`"`) && defaultValue.endsWith(`"`)))) {
-        defaultValue = defaultValue.slice(1, -1);
-    }
     if (defaultValue === '0000-00-00 00:00:00')
         return null;
     switch (type) {
@@ -60,7 +50,7 @@ function castToObject(value) {
         return value;
     if (typeof value === 'string') {
         try {
-            return (0, parse_json_1.parseJSON)(value);
+            return (0, utils_1.parseJSON)(value);
         }
         catch (err) {
             if (env_1.default.NODE_ENV === 'development') {

package/dist/utils/get-graphql-type.js

@@ -3,7 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getGraphQLType = void 0;
 const graphql_1 = require("graphql");
 const graphql_compose_1 = require("graphql-compose");
-const graphql_2 = require("../services/graphql");
+const date_1 = require("../services/graphql/types/date");
+const geojson_1 = require("../services/graphql/types/geojson");
 function getGraphQLType(localType) {
     switch (localType) {
         case 'boolean':
@@ -20,11 +21,11 @@ function getGraphQLType(localType) {
         case 'json':
             return graphql_compose_1.GraphQLJSON;
         case 'geometry':
-            return graphql_2.GraphQLGeoJSON;
+            return geojson_1.GraphQLGeoJSON;
         case 'timestamp':
         case 'dateTime':
         case 'date':
-            return graphql_2.GraphQLDate;
+            return date_1.GraphQLDate;
         default:
             return graphql_1.GraphQLString;
     }

package/dist/utils/get-local-type.d.ts

@@ -1,6 +1,9 @@
-import { SchemaOverview } from '@directus/schema/dist/types/overview';
-import { Column } from 'knex-schema-inspector/dist/types/column';
 import { FieldMeta, Type } from '@directus/shared/types';
-export default function getLocalType(column?: SchemaOverview[string]['columns'][string] | Column, field?: {
+export default function getLocalType(column?: {
+    data_type: string;
+    numeric_precision?: null | number;
+    numeric_scale?: null | number;
+    max_length?: null | number;
+}, field?: {
     special?: FieldMeta['special'];
 }): Type | 'unknown';

package/dist/utils/get-permissions.js

@@ -15,7 +15,6 @@ const roles_1 = require("../services/roles");
 const users_1 = require("../services/users");
 const merge_permissions_1 = require("../utils/merge-permissions");
 const merge_permissions_for_share_1 = require("./merge-permissions-for-share");
-const parse_json_1 = require("./parse-json");
 async function getPermissions(accountability, schema) {
     const database = (0, database_1.default)();
     const { systemCache, cache } = (0, cache_1.getCache)();
@@ -85,19 +84,19 @@ function parsePermissions(permissions) {
     permissions = permissions.map((permissionRaw) => {
         const permission = (0, lodash_1.cloneDeep)(permissionRaw);
         if (permission.permissions && typeof permission.permissions === 'string') {
-            permission.permissions = (0, parse_json_1.parseJSON)(permission.permissions);
+            permission.permissions = (0, utils_1.parseJSON)(permission.permissions);
         }
         else if (permission.permissions === null) {
             permission.permissions = {};
         }
         if (permission.validation && typeof permission.validation === 'string') {
-            permission.validation = (0, parse_json_1.parseJSON)(permission.validation);
+            permission.validation = (0, utils_1.parseJSON)(permission.validation);
         }
         else if (permission.validation === null) {
             permission.validation = {};
         }
         if (permission.presets && typeof permission.presets === 'string') {
-            permission.presets = (0, parse_json_1.parseJSON)(permission.presets);
+            permission.presets = (0, utils_1.parseJSON)(permission.presets);
         }
         else if (permission.presets === null) {
             permission.presets = {};

package/dist/utils/get-schema.js

@@ -17,7 +17,6 @@ const logger_1 = __importDefault(require("../logger"));
 const services_1 = require("../services");
 const get_default_value_1 = __importDefault(require("./get-default-value"));
 const get_local_type_1 = __importDefault(require("./get-local-type"));
-const parse_json_1 = require("./parse-json");
 async function getSchema(options) {
     const database = (options === null || options === void 0 ? void 0 : options.database) || (0, database_1.default)();
     const schemaInspector = (0, schema_1.default)(database);
@@ -120,7 +119,7 @@ async function getDatabaseSchema(database, schemaInspector) {
         const type = (existing && (0, get_local_type_1.default)(column, { special })) || 'alias';
         let validation = (_a = field.validation) !== null && _a !== void 0 ? _a : null;
         if (validation && typeof validation === 'string')
-            validation = (0, parse_json_1.parseJSON)(validation);
+            validation = (0, utils_1.parseJSON)(validation);
         result.collections[field.collection].fields[field.field] = {
             field: field.field,
             defaultValue: (_b = existing === null || existing === void 0 ? void 0 : existing.defaultValue) !== null && _b !== void 0 ? _b : null,

package/dist/utils/get-string-byte-size.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Returns the byte size for a given input string
+ */
+export declare function stringByteSize(string: string): number;

package/dist/utils/get-string-byte-size.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stringByteSize = void 0;
+/**
+ * Returns the byte size for a given input string
+ */
+function stringByteSize(string) {
+    return Buffer.byteLength(string, 'utf-8');
+}
+exports.stringByteSize = stringByteSize;

package/dist/utils/jwt.js

@@ -1,7 +1,11 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];

package/dist/utils/sanitize-query.js

@@ -8,7 +8,6 @@ const utils_1 = require("@directus/shared/utils");
 const lodash_1 = require("lodash");
 const logger_1 = __importDefault(require("../logger"));
 const types_1 = require("../types");
-const parse_json_1 = require("./parse-json");
 function sanitizeQuery(rawQuery, accountability) {
     const query = {};
     if (rawQuery.limit !== undefined) {
@@ -83,7 +82,7 @@ function sanitizeAggregate(rawAggregate) {
     let aggregate = rawAggregate;
     if (typeof rawAggregate === 'string') {
         try {
-            aggregate = (0, parse_json_1.parseJSON)(rawAggregate);
+            aggregate = (0, utils_1.parseJSON)(rawAggregate);
         }
         catch {
             logger_1.default.warn('Invalid value passed for filter query parameter.');
@@ -101,7 +100,7 @@ function sanitizeFilter(rawFilter, accountability) {
     let filters = rawFilter;
     if (typeof rawFilter === 'string') {
         try {
-            filters = (0, parse_json_1.parseJSON)(rawFilter);
+            filters = (0, utils_1.parseJSON)(rawFilter);
         }
         catch {
             logger_1.default.warn('Invalid value passed for filter query parameter.');
@@ -136,7 +135,7 @@ function sanitizeDeep(deep, accountability) {
     const result = {};
     if (typeof deep === 'string') {
         try {
-            deep = (0, parse_json_1.parseJSON)(deep);
+            deep = (0, utils_1.parseJSON)(deep);
         }
         catch {
             logger_1.default.warn('Invalid value passed for deep query parameter.');
@@ -170,7 +169,7 @@ function sanitizeAlias(rawAlias) {
     let alias = rawAlias;
     if (typeof rawAlias === 'string') {
         try {
-            alias = (0, parse_json_1.parseJSON)(rawAlias);
+            alias = (0, utils_1.parseJSON)(rawAlias);
         }
         catch (err) {
             logger_1.default.warn('Invalid value passed for alias query parameter.');

package/dist/utils/validate-query.js

@@ -8,6 +8,8 @@ const joi_1 = __importDefault(require("joi"));
 const lodash_1 = require("lodash");
 const exceptions_1 = require("../exceptions");
 const wellknown_1 = require("wellknown");
+const calculate_field_depth_1 = require("./calculate-field-depth");
+const env_1 = __importDefault(require("../env"));
 const querySchema = joi_1.default.object({
     fields: joi_1.default.array().items(joi_1.default.string()),
     group: joi_1.default.array().items(joi_1.default.string()),
@@ -31,6 +33,7 @@ function validateQuery(query) {
     if (query.alias) {
         validateAlias(query.alias);
     }
+    validateRelationalDepth(query);
     if (error) {
         throw new exceptions_1.InvalidQueryException(error.message);
     }
@@ -153,3 +156,50 @@ function validateAlias(alias) {
         }
     }
 }
+function validateRelationalDepth(query) {
+    const maxRelationalDepth = Number(env_1.default.MAX_RELATIONAL_DEPTH) > 2 ? Number(env_1.default.MAX_RELATIONAL_DEPTH) : 2;
+    // Process the fields in the same way as api/src/utils/get-ast-from-query.ts
+    let fields = ['*'];
+    if (query.fields) {
+        fields = query.fields;
+    }
+    /**
+     * When using aggregate functions, you can't have any other regular fields
+     * selected. This makes sure you never end up in a non-aggregate fields selection error
+     */
+    if (Object.keys(query.aggregate || {}).length > 0) {
+        fields = [];
+    }
+    /**
+     * Similarly, when grouping on a specific field, you can't have other non-aggregated fields.
+     * The group query will override the fields query
+     */
+    if (query.group) {
+        fields = query.group;
+    }
+    fields = (0, lodash_1.uniq)(fields);
+    for (const field of fields) {
+        if (field.split('.').length > maxRelationalDepth) {
+            throw new exceptions_1.InvalidQueryException('Max relational depth exceeded.');
+        }
+    }
+    if (query.filter) {
+        const filterRelationalDepth = (0, calculate_field_depth_1.calculateFieldDepth)(query.filter);
+        if (filterRelationalDepth > maxRelationalDepth) {
+            throw new exceptions_1.InvalidQueryException('Max relational depth exceeded.');
+        }
+    }
+    if (query.sort) {
+        for (const sort of query.sort) {
+            if (sort.split('.').length > maxRelationalDepth) {
+                throw new exceptions_1.InvalidQueryException('Max relational depth exceeded.');
+            }
+        }
+    }
+    if (query.deep) {
+        const deepRelationalDepth = (0, calculate_field_depth_1.calculateFieldDepth)(query.deep, ['_sort']);
+        if (deepRelationalDepth > maxRelationalDepth) {
+            throw new exceptions_1.InvalidQueryException('Max relational depth exceeded.');
+        }
+    }
+}