directus 9.15.1 → 9.17.0

package/dist/app.js

@@ -135,6 +135,13 @@ async function createApp() {
     await emitter_1.default.emitInit('app.before', { app });
     await emitter_1.default.emitInit('middlewares.before', { app });
     app.use(logger_1.expressLogger);
+    app.use((_req, res, next) => {
+        res.setHeader('X-Powered-By', 'Directus');
+        next();
+    });
+    if (env_1.default.CORS_ENABLED === true) {
+        app.use(cors_1.default);
+    }
     app.use((req, res, next) => {
         express_1.default.json({
             limit: env_1.default.MAX_PAYLOAD_SIZE,
@@ -147,13 +154,6 @@ async function createApp() {
     });
     app.use((0, cookie_parser_1.default)());
     app.use(extract_token_1.default);
-    app.use((_req, res, next) => {
-        res.setHeader('X-Powered-By', 'Directus');
-        next();
-    });
-    if (env_1.default.CORS_ENABLED === true) {
-        app.use(cors_1.default);
-    }
     app.get('/', (_req, res, next) => {
         if (env_1.default.ROOT_REDIRECT) {
             res.redirect(env_1.default.ROOT_REDIRECT);
@@ -190,6 +190,7 @@ async function createApp() {
     if (env_1.default.RATE_LIMITER_ENABLED === true) {
         app.use(rate_limiter_1.default);
     }
+    app.get('/server/ping', (req, res) => res.send('pong'));
     app.use(authenticate_1.default);
     app.use(check_ip_1.checkIP);
     app.use(sanitize_query_1.default);

package/dist/auth/drivers/ldap.js

@@ -302,6 +302,7 @@ function createLDAPAuthRouter(provider) {
         const accountability = {
             ip: (0, get_ip_from_req_1.getIPFromReq)(req),
             userAgent: req.get('user-agent'),
+            origin: req.get('origin'),
             role: null,
         };
         const authenticationService = new services_1.AuthenticationService({

package/dist/auth/drivers/local.js

@@ -15,6 +15,8 @@ const env_1 = __importDefault(require("../../env"));
 const respond_1 = require("../../middleware/respond");
 const constants_1 = require("../../constants");
 const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const perf_hooks_1 = require("perf_hooks");
+const stall_1 = require("../../utils/stall");
 class LocalAuthDriver extends auth_1.AuthDriver {
     async getUserID(payload) {
         if (!payload.email) {
@@ -50,9 +52,12 @@ function createLocalAuthRouter(provider) {
     }).unknown();
     router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
         var _a;
+        const STALL_TIME = env_1.default.LOGIN_STALL_TIME;
+        const timeStart = perf_hooks_1.performance.now();
         const accountability = {
             ip: (0, get_ip_from_req_1.getIPFromReq)(req),
             userAgent: req.get('user-agent'),
+            origin: req.get('origin'),
             role: null,
         };
         const authenticationService = new services_1.AuthenticationService({
@@ -61,6 +66,7 @@ function createLocalAuthRouter(provider) {
         });
         const { error } = userLoginSchema.validate(req.body);
         if (error) {
+            await (0, stall_1.stall)(STALL_TIME, timeStart);
             throw new exceptions_1.InvalidPayloadException(error.message);
         }
         const mode = req.body.mode || 'json';

package/dist/auth/drivers/oauth2.js

@@ -222,6 +222,7 @@ function createOAuth2AuthRouter(providerName) {
             accountability: {
                 ip: (0, get_ip_from_req_1.getIPFromReq)(req),
                 userAgent: req.get('user-agent'),
+                origin: req.get('origin'),
                 role: null,
             },
             schema: req.schema,

package/dist/auth/drivers/openid.js

@@ -241,6 +241,7 @@ function createOpenIDAuthRouter(providerName) {
             accountability: {
                 ip: (0, get_ip_from_req_1.getIPFromReq)(req),
                 userAgent: req.get('user-agent'),
+                origin: req.get('origin'),
                 role: null,
             },
             schema: req.schema,

package/dist/cli/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/cli/index.test.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const index_1 = require("./index");
+jest.mock('../../src/env', () => ({
+    ...jest.requireActual('../../src/env').default,
+    EXTENSIONS_PATH: '',
+    SERVE_APP: false,
+    DB_CLIENT: 'pg',
+    DB_HOST: 'localhost',
+    DB_PORT: 5432,
+    DB_DATABASE: 'directus',
+    DB_USER: 'postgres',
+    DB_PASSWORD: 'psql1234',
+}));
+jest.mock('@directus/shared/utils/node/get-extensions', () => ({
+    getPackageExtensions: jest.fn(() => Promise.resolve([])),
+    getLocalExtensions: jest.fn(() => Promise.resolve([customCliExtension])),
+}));
+jest.mock(`/hooks/custom-cli/index.js`, () => customCliHook, { virtual: true });
+const customCliExtension = {
+    path: `/hooks/custom-cli`,
+    name: 'custom-cli',
+    type: 'hook',
+    entrypoint: 'index.js',
+    local: true,
+};
+const beforeHook = jest.fn();
+const afterAction = jest.fn();
+const afterHook = jest.fn(({ program }) => {
+    program.command('custom').action(afterAction);
+});
+const customCliHook = ({ init }) => {
+    init('cli.before', beforeHook);
+    init('cli.after', afterHook);
+};
+const writeOut = jest.fn();
+const writeErr = jest.fn();
+const setup = async () => {
+    const program = await (0, index_1.createCli)();
+    program.exitOverride();
+    program.configureOutput({ writeOut, writeErr });
+    return program;
+};
+beforeEach(jest.clearAllMocks);
+describe('cli hooks', () => {
+    test('should call hooks before and after creating the cli', async () => {
+        const program = await setup();
+        expect(beforeHook).toHaveBeenCalledTimes(1);
+        expect(beforeHook).toHaveBeenCalledWith({ event: 'cli.before', program });
+        expect(afterHook).toHaveBeenCalledTimes(1);
+        expect(afterHook).toHaveBeenCalledWith({ event: 'cli.after', program });
+    });
+    test('should be able to add a custom cli command', async () => {
+        const program = await setup();
+        program.parseAsync(['custom'], { from: 'user' });
+        expect(afterAction).toHaveBeenCalledTimes(1);
+    });
+});

package/dist/cli/utils/create-env/env-stub.liquid

@@ -211,6 +211,10 @@ REFRESH_TOKEN_COOKIE_NAME="directus_refresh_token"
 # Which domain to use for the refresh cookie. Useful for development mode.
 # REFRESH_TOKEN_COOKIE_DOMAIN
 
+# The duration in milliseconds that a login request will be stalled for,
+# and it should be greater than the time taken for a login request with an invalid password [500]
+# LOGIN_STALL_TIME=500
+
 # Whether or not to enable the CORS headers [false]
 CORS_ENABLED=true
 
@@ -296,10 +300,10 @@ EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
 ## Email (Sendmail Transport)
 
 # What new line style to use in sendmail ["unix"]
-EMAIL_SENDMAIL_NEW_LINE="unix"
+# EMAIL_SENDMAIL_NEW_LINE="unix"
 
 # Path to your sendmail executable ["/usr/sbin/sendmail"]
-EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
+# EMAIL_SENDMAIL_PATH="/usr/sbin/sendmail"
 
 ## Email (SMTP Transport)
 # EMAIL_SMTP_HOST="localhost"

package/dist/controllers/activity.js

@@ -75,6 +75,7 @@ router.post('/comment', (0, async_handler_1.default)(async (req, res, next) => {
         user: (_a = req.accountability) === null || _a === void 0 ? void 0 : _a.user,
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
         user_agent: req.get('user-agent'),
+        origin: req.get('origin'),
     });
     try {
         const record = await service.readOne(primaryKey, req.sanitizedQuery);

package/dist/controllers/assets.js

@@ -148,27 +148,31 @@ router.get('/:pk/:filename?',
         res.setHeader('Content-Length', stat.size);
         return res.end();
     }
-    stream.on('data', (chunk) => res.write(chunk));
+    let isDataSent = false;
+    stream.on('data', (chunk) => {
+        isDataSent = true;
+        res.write(chunk);
+    });
     stream.on('end', () => {
-        res.status(200).send();
+        res.end();
     });
     stream.on('error', (e) => {
         logger_1.default.error(e, `Couldn't stream file ${file.id} to the client`);
-        stream.unpipe(res);
-        res.removeHeader('Content-Disposition');
-        res.removeHeader('Content-Type');
-        res.removeHeader('Content-Disposition');
-        res.removeHeader('Cache-Control');
-        res.status(500).json({
-            errors: [
-                {
-                    message: 'An unexpected error occurred.',
-                    extensions: {
-                        code: 'INTERNAL_SERVER_ERROR',
+        if (!isDataSent) {
+            res.removeHeader('Content-Type');
+            res.removeHeader('Content-Disposition');
+            res.removeHeader('Cache-Control');
+            res.status(500).json({
+                errors: [
+                    {
+                        message: 'An unexpected error occurred.',
+                        extensions: {
+                            code: 'INTERNAL_SERVER_ERROR',
+                        },
                     },
-                },
-            ],
-        });
+                ],
+            });
+        }
     });
 }));
 exports.default = router;

package/dist/controllers/auth.js

@@ -4,7 +4,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = require("express");
-const ms_1 = __importDefault(require("ms"));
 const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
 const respond_1 = require("../middleware/respond");
@@ -15,6 +14,7 @@ const logger_1 = __importDefault(require("../logger"));
 const drivers_1 = require("../auth/drivers");
 const constants_1 = require("../constants");
 const get_ip_from_req_1 = require("../utils/get-ip-from-req");
+const constants_2 = require("../constants");
 const router = (0, express_1.Router)();
 const authProviders = (0, get_auth_providers_1.getAuthProviders)();
 for (const authProvider of authProviders) {
@@ -43,10 +43,10 @@ if (!env_1.default.AUTH_DISABLE_DEFAULT) {
     router.use('/login', (0, drivers_1.createLocalAuthRouter)(constants_1.DEFAULT_AUTH_PROVIDER));
 }
 router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
-    var _a;
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
         userAgent: req.get('user-agent'),
+        origin: req.get('origin'),
         role: null,
     };
     const authenticationService = new services_1.AuthenticationService({
@@ -66,13 +66,7 @@ router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
         payload.data.refresh_token = refreshToken;
     }
     if (mode === 'cookie') {
-        res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
-            httpOnly: true,
-            domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-            maxAge: (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL),
-            secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
-            sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
-        });
+        res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_2.COOKIE_OPTIONS);
     }
     res.locals.payload = payload;
     return next();
@@ -82,6 +76,7 @@ router.post('/logout', (0, async_handler_1.default)(async (req, res, next) => {
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
         userAgent: req.get('user-agent'),
+        origin: req.get('origin'),
         role: null,
     };
     const authenticationService = new services_1.AuthenticationService({
@@ -110,6 +105,7 @@ router.post('/password/request', (0, async_handler_1.default)(async (req, res, n
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
         userAgent: req.get('user-agent'),
+        origin: req.get('origin'),
         role: null,
     };
     const service = new services_1.UsersService({ accountability, schema: req.schema });
@@ -137,6 +133,7 @@ router.post('/password/reset', (0, async_handler_1.default)(async (req, res, nex
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
         userAgent: req.get('user-agent'),
+        origin: req.get('origin'),
         role: null,
     };
     const service = new services_1.UsersService({ accountability, schema: req.schema });

package/dist/controllers/files.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/controllers/files.test.js

@@ -0,0 +1,49 @@
+"use strict";
+// @ts-nocheck
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+jest.mock('../../src/cache');
+jest.mock('../../src/database');
+jest.mock('../../src/utils/validate-env');
+const files_1 = require("./files");
+const invalid_payload_1 = require("../exceptions/invalid-payload");
+const stream_1 = require("stream");
+const form_data_1 = __importDefault(require("form-data"));
+describe('multipartHandler', () => {
+    it(`Errors out if request doesn't contain any files to upload`, () => {
+        const fakeForm = new form_data_1.default();
+        fakeForm.append('field', 'test');
+        const req = {
+            headers: fakeForm.getHeaders(),
+            is: jest.fn().mockReturnValue(true),
+            body: fakeForm.getBuffer(),
+            params: {},
+            pipe: (input) => stream.pipe(input),
+        };
+        const stream = new stream_1.PassThrough();
+        stream.push(fakeForm.getBuffer());
+        (0, files_1.multipartHandler)(req, {}, (err) => {
+            expect(err.message).toBe('No files where included in the body');
+            expect(err).toBeInstanceOf(invalid_payload_1.InvalidPayloadException);
+        });
+    });
+    it(`Errors out if uploaded file doesn't include the filename`, () => {
+        const fakeForm = new form_data_1.default();
+        fakeForm.append('file', Buffer.from('<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 243 266" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:1.41421;"><g id="Calligraphy"><path d="M67.097,135.868c0,3.151 0.598,14.121 -11.586,14.121c-17.076,0 -15.95,-12.947 -15.95,-12.947c0,-2.521 4.597,-5.638 4.597,-7.318c0,-0.63 0.041,-3.519 -2.27,-3.519c-5.671,0 -5.671,10.083 -5.671,10.083c0,0 0.419,15.336 19.116,15.336c20.205,0 30.04,-23.712 30.04,-30.88c0,-18.197 -51.112,-27.701 -51.112,-57.949c0,1.575 -2.205,-13.864 14.18,-13.864c28.358,0 44.426,42.536 44.426,71.524c0,28.988 -16.699,55.455 -16.699,55.455c0,0 33.4,-25.837 33.4,-76.25c0,-70.264 -46.003,-69.634 -46.003,-69.634c-4.792,0 -7.602,-0.241 -28.398,20.555c-20.797,20.797 -17.646,29.83 -17.646,29.83c0,31.93 49.576,32.35 49.576,55.457Z" style="fill-rule:nonzero;"/><path d="M241.886,174.861c-1.602,-9.142 -15.448,-9.916 -22.675,-9.682c-0.7,-0.003 -1.172,0.02 -1.327,0.03c-8.804,0.01 -19.314,4.179 -33.072,13.115c-3.554,2.308 -7.19,4.847 -10.902,7.562c-6.979,-31.39 -13.852,-63.521 -28.033,-63.521c20.415,-20.119 22.19,-16.272 22.19,-39.054c0,-11.244 14.498,-21.35 14.498,-21.35l-0.296,-2.024c-19.193,5.304 -37.307,-8.577 -42.2,-12.755c5.375,-9.663 9.584,-12.565 9.584,-12.565c1.891,-20.377 15.965,-27.31 15.965,-27.31c1.681,-4.201 6.092,-7.142 6.092,-7.142c-70.162,22.267 -54.247,189.298 -54.247,189.298c-0.475,-55.91 5.238,-92.242 11.977,-115.55c9.094,8.248 24.425,11.765 24.425,11.765c-7.396,3.55 -5.324,12.13 -5.324,19.527c0,7.397 -3.848,10.651 -3.848,10.651l-21.893,22.782c17.043,0.294 23.638,31.657 30.689,63.056c-2.548,2.042 -5.125,4.12 -7.728,6.219c-16.396,13.223 -33.351,26.897 -50.266,37.354c-19.086,11.797 -35.151,17.533 -49.116,17.533c-25.25,0 -44.118,-24.368 -44.118,-46.154c0,-9.838 3.227,-17.831 5.935,-22.805c2.935,-5.39 5.911,-8.503 5.967,-8.561c0.001,0 0.001,0 0.001,-0.001l-0.013,-0.012c1.803,-1.885 4.841,-5.181 10.423,-5.181c20.715,0 27.475,40.776 55.603,40.776c24.857,0 31.834,-20.497 37.286,-31.399c0,0 -8.94,11.12 -21.587,11.12c-27.038,0 -35.323,-40.557 -55.166,-40.557c-13.41,0 -22.743,15.506 -31.029,27.281c0,0 0.018,-0.001 0.048,-0.003c-1.02,1.415 -2.214,3.233 -3.41,5.425c-2.847,5.21 -6.239,13.587 -6.239,23.917c0,22.816 19.801,48.334 46.299,48.334c14.381,0 30.822,-5.84 50.262,-17.858c17.033,-10.529 34.04,-24.246 50.489,-37.511c2.309,-1.862 4.607,-3.715 6.891,-5.549c6.952,30.814 14.606,60.912 33.278,60.912c14.794,0 26.923,-25.445 26.923,-25.445c-7.987,7.101 -13.313,5.621 -13.313,5.621c-13.139,0.379 -19.937,-27.594 -26.48,-56.931c16.455,-12.099 31.46,-20.829 43.488,-20.829l0.072,-0.003c0.082,-0.005 5.246,-0.305 9.957,1.471c-2.95,1.636 -4.947,4.782 -4.947,8.394c0,5.299 4.296,9.594 9.594,9.594c5.298,0 9.594,-4.295 9.594,-9.594c0,-0.826 -0.104,-1.627 -0.301,-2.391Z" style="fill-rule:nonzero;"/></g></svg>'));
+        const req = {
+            headers: fakeForm.getHeaders(),
+            is: jest.fn().mockReturnValue(true),
+            body: fakeForm.getBuffer(),
+            params: {},
+            pipe: (input) => stream.pipe(input),
+        };
+        const stream = new stream_1.PassThrough();
+        stream.push(fakeForm.getBuffer());
+        (0, files_1.multipartHandler)(req, {}, (err) => {
+            expect(err.message).toBe('File is missing filename');
+            expect(err).toBeInstanceOf(invalid_payload_1.InvalidPayloadException);
+        });
+    });
+});

package/dist/controllers/server.js

@@ -36,7 +36,6 @@ router.get('/specs/graphql/:scope?', (0, async_handler_1.default)(async (req, re
     res.attachment(filename);
     res.send(result);
 }));
-router.get('/ping', (req, res) => res.send('pong'));
 router.get('/info', (0, async_handler_1.default)(async (req, res, next) => {
     const service = new services_1.ServerService({
         accountability: req.accountability,

package/dist/database/migrations/20220826A-add-origin-to-accountability.d.ts

@@ -0,0 +1,3 @@
+import { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20220826A-add-origin-to-accountability.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.down = exports.up = void 0;
+async function up(knex) {
+    await knex.schema.alterTable('directus_activity', (table) => {
+        table.string('origin').nullable();
+    });
+    await knex.schema.alterTable('directus_sessions', (table) => {
+        table.string('origin').nullable();
+    });
+}
+exports.up = up;
+async function down(knex) {
+    await knex.schema.alterTable('directus_activity', (table) => {
+        table.dropColumn('origin');
+    });
+    await knex.schema.alterTable('directus_sessions', (table) => {
+        table.dropColumn('origin');
+    });
+}
+exports.down = down;

package/dist/database/migrations/run.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/database/migrations/run.test.js

@@ -0,0 +1,92 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const knex_1 = __importDefault(require("knex"));
+const knex_mock_client_1 = require("knex-mock-client");
+const run_1 = __importDefault(require("./run"));
+describe('run', () => {
+    let db;
+    let tracker;
+    beforeAll(() => {
+        db = (0, knex_1.default)({ client: knex_mock_client_1.MockClient });
+        tracker = (0, knex_mock_client_1.getTracker)();
+    });
+    afterEach(() => {
+        tracker.reset();
+    });
+    describe('when passed the argument up', () => {
+        it('returns "Nothing To Upgrade" if no directus_migrations', async () => {
+            tracker.on.select('directus_migrations').response(['Empty']);
+            await (0, run_1.default)(db, 'up').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe('Nothing to upgrade');
+            });
+        });
+        it('returns "Method implemented in the dialect driver" if no directus_migrations', async () => {
+            tracker.on.select('directus_migrations').response([]);
+            await (0, run_1.default)(db, 'up').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe('Method implemented in the dialect driver');
+            });
+        });
+        it('returns undefined if the migration is successful', async () => {
+            tracker.on.select('directus_migrations').response([
+                {
+                    version: '20201028A',
+                    name: 'Remove Collection Foreign Keys',
+                    timestamp: '2021-11-27 11:36:56.471595-05',
+                },
+            ]);
+            tracker.on.delete('directus_relations').response([]);
+            tracker.on.insert('directus_migrations').response(['Remove System Relations', '20201029A']);
+            expect(await (0, run_1.default)(db, 'up')).toBe(undefined);
+        });
+    });
+    describe('when passed the argument down', () => {
+        it('returns "Nothing To downgrade" if no valid directus_migrations', async () => {
+            tracker.on.select('directus_migrations').response(['Empty']);
+            await (0, run_1.default)(db, 'down').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe(`Couldn't find migration`);
+            });
+        });
+        it('returns "Method implemented in the dialect driver" if no directus_migrations', async () => {
+            tracker.on.select('directus_migrations').response([]);
+            await (0, run_1.default)(db, 'down').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe('Nothing to downgrade');
+            });
+        });
+        it(`returns "Couldn't find migration" if an invalid migration object is supplied`, async () => {
+            tracker.on.select('directus_migrations').response([
+                {
+                    version: '202018129A',
+                    name: 'Fake Migration',
+                    timestamp: '2020-00-32 11:36:56.471595-05',
+                },
+            ]);
+            await (0, run_1.default)(db, 'down').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe(`Couldn't find migration`);
+            });
+        });
+    });
+    describe('when passed the argument latest', () => {
+        it('returns "Nothing To downgrade" if no valid directus_migrations', async () => {
+            tracker.on.select('directus_migrations').response(['Empty']);
+            await (0, run_1.default)(db, 'latest').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe(`Method implemented in the dialect driver`);
+            });
+        });
+        it('returns "Method implemented in the dialect driver" if no directus_migrations', async () => {
+            tracker.on.select('directus_migrations').response([]);
+            await (0, run_1.default)(db, 'latest').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe('Method implemented in the dialect driver');
+            });
+        });
+    });
+});

package/dist/database/system-data/fields/activity.yaml

@@ -60,6 +60,12 @@ fields:
       font: monospace
     width: half
 
+  - field: origin
+    display: formatted-value
+    display_options:
+      font: monospace
+    width: half
+
   - field: ip
     display: formatted-value
     display_options:

package/dist/database/system-data/fields/sessions.yaml

@@ -11,4 +11,6 @@ fields:
     width: half
   - field: user_agent
     width: half
+  - field: origin
+    width: half
   - field: share

package/dist/env.js

@@ -42,6 +42,7 @@ const allowedEnvironmentVars = [
     'REFRESH_TOKEN_COOKIE_SECURE',
     'REFRESH_TOKEN_COOKIE_SAME_SITE',
     'REFRESH_TOKEN_COOKIE_NAME',
+    'LOGIN_STALL_TIME',
     'PASSWORD_RESET_URL_ALLOW_LIST',
     'USER_INVITE_URL_ALLOW_LIST',
     'IP_TRUST_PROXY',
@@ -79,6 +80,7 @@ const allowedEnvironmentVars = [
     'CACHE_REDIS_PASSWORD',
     'CACHE_MEMCACHE',
     'CACHE_VALUE_MAX_SIZE',
+    'CACHE_HEALTHCHECK_THRESHOLD',
     // storage
     'STORAGE_LOCATIONS',
     'STORAGE_.+_DRIVER',
@@ -95,6 +97,7 @@ const allowedEnvironmentVars = [
     'STORAGE_.+_ENDPOINT',
     'STORAGE_.+_KEY_FILENAME',
     'STORAGE_.+_BUCKET',
+    'STORAGE_.+_HEALTHCHECK_THRESHOLD',
     // metadata
     'FILE_METADATA_ALLOW_LIST',
     // assets
@@ -138,12 +141,20 @@ const allowedEnvironmentVars = [
     // extensions
     'EXTENSIONS_PATH',
     'EXTENSIONS_AUTO_RELOAD',
+    // messenger
+    'MESSENGER_STORE',
+    'MESSENGER_NAMESPACE',
+    'MESSENGER_REDIS',
+    'MESSENGER_REDIS_HOST',
+    'MESSENGER_REDIS_PORT',
+    'MESSENGER_REDIS_PASSWORD',
     // emails
     'EMAIL_FROM',
     'EMAIL_TRANSPORT',
     'EMAIL_VERIFY_SETUP',
     'EMAIL_SENDMAIL_NEW_LINE',
     'EMAIL_SENDMAIL_PATH',
+    'EMAIL_SMTP_NAME',
     'EMAIL_SMTP_HOST',
     'EMAIL_SMTP_PORT',
     'EMAIL_SMTP_USER',
@@ -165,6 +176,8 @@ const allowedEnvironmentVars = [
     // limits & optimization
     'RELATIONAL_BATCH_SIZE',
     'EXPORT_BATCH_SIZE',
+    // flows
+    'FLOWS_EXEC_ALLOWED_MODULES',
 ].map((name) => new RegExp(`^${name}$`));
 const acceptedEnvTypes = ['string', 'number', 'regex', 'array', 'json'];
 const defaults = {
@@ -187,6 +200,7 @@ const defaults = {
     REFRESH_TOKEN_COOKIE_SECURE: false,
     REFRESH_TOKEN_COOKIE_SAME_SITE: 'lax',
     REFRESH_TOKEN_COOKIE_NAME: 'directus_refresh_token',
+    LOGIN_STALL_TIME: 500,
     ROOT_REDIRECT: './admin',
     CORS_ENABLED: false,
     CORS_ORIGIN: false,
@@ -226,6 +240,7 @@ const defaults = {
     EXPORT_BATCH_SIZE: 5000,
     FILE_METADATA_ALLOW_LIST: 'ifd0.Make,ifd0.Model,exif.FNumber,exif.ExposureTime,exif.FocalLength,exif.ISO',
     GRAPHQL_INTROSPECTION: true,
+    FLOWS_EXEC_ALLOWED_MODULES: false,
 };
 // Allows us to force certain environment variable into a type, instead of relying
 // on the auto-parsed type in processValues. ref #3705

package/dist/env.test.d.ts

@@ -0,0 +1,8 @@
+declare const testEnv: {
+    NUMBER: string;
+    NUMBER_CAST_AS_STRING: string;
+    REGEX: string;
+    CSV: string;
+    CSV_CAST_AS_STRING: string;
+    MULTIPLE: string;
+};

package/dist/env.test.js

@@ -0,0 +1,39 @@
+"use strict";
+const testEnv = {
+    NUMBER: '1234',
+    NUMBER_CAST_AS_STRING: 'string:1234',
+    REGEX: 'regex:\\.example\\.com$',
+    CSV: 'one,two,three,four',
+    CSV_CAST_AS_STRING: 'string:one,two,three,four',
+    MULTIPLE: 'array:string:https://example.com,regex:\\.example2\\.com$',
+};
+describe('env processed values', () => {
+    const originalEnv = process.env;
+    let env;
+    beforeEach(() => {
+        jest.resetModules();
+        process.env = { ...testEnv };
+        env = jest.requireActual('../src/env').default;
+    });
+    afterEach(() => {
+        process.env = originalEnv;
+    });
+    test('Number value should be a number', () => {
+        expect(env.NUMBER).toStrictEqual(1234);
+    });
+    test('Number value casted as string should be a string', () => {
+        expect(env.NUMBER_CAST_AS_STRING).toStrictEqual('1234');
+    });
+    test('Value casted as regex', () => {
+        expect(env.REGEX).toBeInstanceOf(RegExp);
+    });
+    test('CSV value should be an array', () => {
+        expect(env.CSV).toStrictEqual(['one', 'two', 'three', 'four']);
+    });
+    test('CSV value casted as string should be a string', () => {
+        expect(env.CSV_CAST_AS_STRING).toStrictEqual('one,two,three,four');
+    });
+    test('Multiple type cast', () => {
+        expect(env.MULTIPLE).toStrictEqual(['https://example.com', /\.example2\.com$/]);
+    });
+});

package/dist/extensions.d.ts

@@ -24,6 +24,7 @@ declare class ExtensionManager {
     private load;
     private unload;
     private initializeWatcher;
+    private closeWatcher;
     private updateWatchedExtensions;
     private getExtensions;
     private generateExtensionBundles;