directus 9.17.4 → 9.18.0

package/dist/app.js

@@ -168,7 +168,7 @@ async function createApp() {
         res.send(constants_1.ROBOTSTXT);
     });
     if (env_1.default.SERVE_APP) {
-        const adminPath = require.resolve('@directus/app', require.main ? { paths: [require.main.filename] } : undefined);
+        const adminPath = require.resolve('@directus/app');
         const adminUrl = new url_1.Url(env_1.default.PUBLIC_URL).addPath('admin');
         // Set the App's base path according to the APIs public URL
         const html = await fs_extra_1.default.readFile(adminPath, 'utf8');

package/dist/cli/commands/users/passwd.js

@@ -18,7 +18,11 @@ async function usersPasswd({ email, password }) {
         const passwordHashed = await (0, generate_hash_1.generateHash)(password);
         const schema = await (0, get_schema_1.getSchema)();
         const service = new services_1.UsersService({ schema, knex: database });
-        const user = await service.knex.select('id').from('directus_users').where({ email }).first();
+        const user = await service.knex
+            .select('id')
+            .from('directus_users')
+            .whereRaw('LOWER(??) = ?', ['email', email.toLowerCase()])
+            .first();
         if (user) {
             await service.knex('directus_users').update({ password: passwordHashed }).where({ id: user.id });
             logger_1.default.info(`Password is updated for user ${user.id}`);

package/dist/cli/utils/create-env/env-stub.liquid

@@ -251,7 +251,7 @@ CORS_MAX_AGE=18000
 # The amount of threads to compute the hash on. Each thread has a memory pool with HASH_MEMORY_COST size [1]
 # HASH_PARALLELISM=2
 
-# The variant of the hash function (0: argon2d, 1: argon2i, or 2: argon2id) [1]
+# The variant of the hash function (0: argon2d, 1: argon2i, or 2: argon2id) [2]
 # HASH_TYPE=2
 
 # An extra and optional non-secret value. The value will be included B64 encoded in the parameters portion of the digest []

package/dist/extensions.js

@@ -169,7 +169,7 @@ class ExtensionManager {
         if (!this.watcher) {
             logger_1.default.info('Watching extensions for changes...');
             const localExtensionPaths = (env_1.default.SERVE_APP ? constants_1.EXTENSION_TYPES : constants_1.API_OR_HYBRID_EXTENSION_TYPES).flatMap((type) => {
-                const typeDir = path_1.default.posix.join(path_1.default.relative('.', env_1.default.EXTENSIONS_PATH).split(path_1.default.sep).join(path_1.default.posix.sep), (0, utils_1.pluralize)(type));
+                const typeDir = path_1.default.posix.join((0, node_1.pathToRelativeUrl)(env_1.default.EXTENSIONS_PATH), (0, utils_1.pluralize)(type));
                 return (0, utils_1.isIn)(type, constants_1.HYBRID_EXTENSION_TYPES)
                     ? [path_1.default.posix.join(typeDir, '*', 'app.js'), path_1.default.posix.join(typeDir, '*', 'api.js')]
                     : path_1.default.posix.join(typeDir, '*', 'index.js');
@@ -239,8 +239,7 @@ class ExtensionManager {
         return bundles;
     }
     async getSharedDepsMapping(deps) {
-        var _a;
-        const appDir = await fs_extra_1.default.readdir(path_1.default.join((0, node_1.resolvePackage)('@directus/app', (_a = require.main) === null || _a === void 0 ? void 0 : _a.filename), 'dist', 'assets'));
+        const appDir = await fs_extra_1.default.readdir(path_1.default.join((0, node_1.resolvePackage)('@directus/app', __dirname), 'dist', 'assets'));
         const depsMapping = {};
         for (const dep of deps) {
             const depRegex = new RegExp(`${(0, lodash_1.escapeRegExp)(dep.replace(/\//g, '_'))}\\.[0-9a-f]{8}\\.entry\\.js`);
@@ -286,7 +285,7 @@ class ExtensionManager {
         }
     }
     async registerOperations() {
-        const internalPaths = await (0, globby_1.default)(path_1.default.posix.join(path_1.default.relative('.', __dirname).split(path_1.default.sep).join(path_1.default.posix.sep), 'operations/*/index.(js|ts)'));
+        const internalPaths = await (0, globby_1.default)(path_1.default.posix.join((0, node_1.pathToRelativeUrl)(__dirname), 'operations/*/index.(js|ts)'));
         const internalOperations = internalPaths.map((internalPath) => {
             const dirs = internalPath.split(path_1.default.sep);
             return {

package/dist/middleware/cache.js

@@ -12,7 +12,7 @@ const logger_1 = __importDefault(require("../logger"));
 const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next) => {
     var _a, _b, _c, _d;
     const { cache } = (0, cache_1.getCache)();
-    if (req.method.toLowerCase() !== 'get' && ((_a = req.path) === null || _a === void 0 ? void 0 : _a.startsWith('/graphql')) === false)
+    if (req.method.toLowerCase() !== 'get' && ((_a = req.originalUrl) === null || _a === void 0 ? void 0 : _a.startsWith('/graphql')) === false)
         return next();
     if (env_1.default.CACHE_ENABLED !== true)
         return next();

package/dist/middleware/respond.js

@@ -24,7 +24,7 @@ exports.respond = (0, async_handler_1.default)(async (req, res) => {
         const maxSize = (0, bytes_1.parse)(env_1.default.CACHE_VALUE_MAX_SIZE);
         exceedsMaxSize = valueSize > maxSize;
     }
-    if ((req.method.toLowerCase() === 'get' || ((_a = req.path) === null || _a === void 0 ? void 0 : _a.startsWith('/graphql'))) &&
+    if ((req.method.toLowerCase() === 'get' || ((_a = req.originalUrl) === null || _a === void 0 ? void 0 : _a.startsWith('/graphql'))) &&
         env_1.default.CACHE_ENABLED === true &&
         cache &&
         !req.sanitizedQuery.export &&

package/dist/operations/item-create/index.js

@@ -13,7 +13,7 @@ exports.default = (0, utils_1.defineOperationApi)({
             customAccountability = accountability;
         }
         else if (permissions === '$full') {
-            customAccountability = null;
+            customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)('system', { database, schema, accountability });
         }
         else if (permissions === '$public') {
             customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)(null, { database, schema, accountability });

package/dist/operations/item-delete/index.js

@@ -13,7 +13,7 @@ exports.default = (0, utils_1.defineOperationApi)({
             customAccountability = accountability;
         }
         else if (permissions === '$full') {
-            customAccountability = null;
+            customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)('system', { database, schema, accountability });
         }
         else if (permissions === '$public') {
             customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)(null, { database, schema, accountability });

package/dist/operations/item-read/index.js

@@ -13,7 +13,7 @@ exports.default = (0, utils_1.defineOperationApi)({
             customAccountability = accountability;
         }
         else if (permissions === '$full') {
-            customAccountability = null;
+            customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)('system', { database, schema, accountability });
         }
         else if (permissions === '$public') {
             customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)(null, { database, schema, accountability });

package/dist/operations/item-update/index.js

@@ -14,7 +14,7 @@ exports.default = (0, utils_1.defineOperationApi)({
             customAccountability = accountability;
         }
         else if (permissions === '$full') {
-            customAccountability = null;
+            customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)('system', { database, schema, accountability });
         }
         else if (permissions === '$public') {
             customAccountability = await (0, get_accountability_for_role_1.getAccountabilityForRole)(null, { database, schema, accountability });

package/dist/operations/mail/index.d.ts

@@ -1,6 +1,7 @@
 declare type Options = {
     body: string;
     to: string;
+    type: 'wysiwyg' | 'markdown';
     subject: string;
 };
 declare const _default: import("@directus/shared/types").OperationApiConfig<Options>;

package/dist/operations/mail/index.js

@@ -5,10 +5,10 @@ const services_1 = require("../../services");
 const md_1 = require("../../utils/md");
 exports.default = (0, utils_1.defineOperationApi)({
     id: 'mail',
-    handler: async ({ body, to, subject }, { accountability, database, getSchema }) => {
+    handler: async ({ body, to, type, subject }, { accountability, database, getSchema }) => {
         const mailService = new services_1.MailService({ schema: await getSchema({ database }), accountability, knex: database });
         await mailService.send({
-            html: (0, md_1.md)(body),
+            html: type === 'wysiwyg' ? body : (0, md_1.md)(body),
             to,
             subject,
         });

package/dist/services/assets.js

@@ -139,7 +139,9 @@ class AssetsService {
                 const transformer = (0, sharp_1.default)({
                     limitInputPixels: Math.pow(env_1.default.ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION, 2),
                     sequentialRead: true,
-                }).rotate();
+                });
+                if (transforms.find((transform) => transform[0] === 'rotate') === undefined)
+                    transformer.rotate();
                 transforms.forEach(([method, ...args]) => transformer[method].apply(transformer, args));
                 readStream.on('error', (e) => {
                     logger_1.default.error(e, `Couldn't transform file ${file.id}`);

package/dist/services/graphql/index.js

@@ -284,7 +284,7 @@ class GraphQLService {
                             type = (0, graphql_1.GraphQLNonNull)(type);
                         }
                         if (collection.primary === field.field) {
-                            type = graphql_1.GraphQLID;
+                            type = (0, graphql_1.GraphQLNonNull)(graphql_1.GraphQLID);
                         }
                         acc[field.field] = {
                             type,

package/dist/services/users.js

@@ -292,7 +292,11 @@ class UsersService extends items_1.ItemsService {
         }
         const STALL_TIME = 500;
         const timeStart = perf_hooks_1.performance.now();
-        const user = await this.knex.select('status', 'password').from('directus_users').where({ email }).first();
+        const user = await this.knex
+            .select('status', 'password')
+            .from('directus_users')
+            .whereRaw('LOWER(??) = ?', ['email', email.toLowerCase()])
+            .first();
         if ((user === null || user === void 0 ? void 0 : user.status) !== 'active') {
             await (0, stall_1.stall)(STALL_TIME, timeStart);
             throw new exceptions_2.ForbiddenException();

package/dist/utils/get-accountability-for-role.js

@@ -14,6 +14,15 @@ async function getAccountabilityForRole(role, context) {
         };
         generatedAccountability.permissions = await (0, get_permissions_1.getPermissions)(generatedAccountability, context.schema);
     }
+    else if (role === 'system') {
+        generatedAccountability = {
+            user: null,
+            role: null,
+            admin: true,
+            app: true,
+            permissions: [],
+        };
+    }
     else {
         const roleInfo = await context.database
             .select(['app_access', 'admin_access'])

package/dist/utils/get-cache-key.js

@@ -8,13 +8,14 @@ const url_1 = __importDefault(require("url"));
 const object_hash_1 = __importDefault(require("object-hash"));
 const lodash_1 = require("lodash");
 function getCacheKey(req) {
-    var _a;
+    var _a, _b;
     const path = url_1.default.parse(req.originalUrl).pathname;
     const isGraphQl = path === null || path === void 0 ? void 0 : path.includes('/graphql');
+    const isGet = ((_a = req.method) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === 'get';
     const info = {
-        user: ((_a = req.accountability) === null || _a === void 0 ? void 0 : _a.user) || null,
+        user: ((_b = req.accountability) === null || _b === void 0 ? void 0 : _b.user) || null,
         path,
-        query: isGraphQl ? (0, lodash_1.pick)(req.query, ['query', 'variables']) : req.sanitizedQuery,
+        query: isGraphQl ? (0, lodash_1.pick)(isGet ? req.query : req.body, ['query', 'variables']) : req.sanitizedQuery,
     };
     const key = (0, object_hash_1.default)(info);
     return key;

package/dist/utils/get-cache-key.test.js

@@ -4,32 +4,48 @@ const get_cache_key_1 = require("../../src/utils/get-cache-key");
 const restUrl = 'http://localhost/items/example';
 const graphQlUrl = 'http://localhost/graphql';
 const accountability = { user: '00000000-0000-0000-0000-000000000000' };
+const method = 'GET';
 const requests = [
     {
         name: 'as unauthenticated request',
-        params: { originalUrl: restUrl },
+        params: { method, originalUrl: restUrl },
         key: '17da8272c9a0ec6eea38a37d6d78bddeb7c79045',
     },
     {
         name: 'as authenticated request',
-        params: { originalUrl: restUrl, accountability },
+        params: { method, originalUrl: restUrl, accountability },
         key: '99a6394222a3d7d149ac1662fc2fff506932db58',
     },
     {
         name: 'a request with a fields query',
-        params: { originalUrl: restUrl, sanitizedQuery: { fields: ['id', 'name'] } },
+        params: { method, originalUrl: restUrl, sanitizedQuery: { fields: ['id', 'name'] } },
         key: 'aa6e2d8a78de4dfb4af6eaa230d1cd9b7d31ed19',
     },
     {
         name: 'a request with a filter query',
-        params: { originalUrl: restUrl, sanitizedQuery: { filter: { name: { _eq: 'test' } } } },
+        params: { method, originalUrl: restUrl, sanitizedQuery: { filter: { name: { _eq: 'test' } } } },
         key: 'd7eb8970f0429e1cf85e12eb5bb8669f618b09d3',
     },
     {
-        name: 'a GraphQL query request',
-        params: { originalUrl: graphQlUrl, query: { query: 'query { test { id } }' } },
+        name: 'a GraphQL GET query request',
+        params: { method, originalUrl: graphQlUrl, query: { query: 'query { test { id } }' } },
         key: '201731b75c627c60554512d819b6935b54c73814',
     },
+    {
+        name: 'a GraphQL POST query request',
+        params: { method: 'POST', originalUrl: graphQlUrl, body: { query: 'query { test { name } }' } },
+        key: '64eb0c48ea69d0863ff930398f29b5c7884f88f7',
+    },
+    {
+        name: 'an authenticated GraphQL GET query request',
+        params: { method, originalUrl: graphQlUrl, accountability, query: { query: 'query { test { id } }' } },
+        key: '9bc52c98dcf2de04c64589f52e0ada1e38d53a90',
+    },
+    {
+        name: 'an authenticated GraphQL POST query request',
+        params: { method: 'POST', originalUrl: graphQlUrl, accountability, body: { query: 'query { test { name } }' } },
+        key: '051ea77ce5ba71bbc88bcb567b9ddc602b585c13',
+    },
 ];
 const cases = requests.map(({ name, params, key }) => [name, params, key]);
 describe('get cache key', () => {
@@ -37,7 +53,7 @@ describe('get cache key', () => {
         expect((0, get_cache_key_1.getCacheKey)(params)).toEqual(key);
     });
     test('should create a unique key for each request', () => {
-        const keys = requests.map((r) => r.key);
+        const keys = cases.map(([, params]) => (0, get_cache_key_1.getCacheKey)(params));
         const hasDuplicate = keys.some((key) => keys.indexOf(key) !== keys.lastIndexOf(key));
         expect(hasDuplicate).toBeFalsy();
     });
@@ -46,8 +62,13 @@ describe('get cache key', () => {
         const operationName = 'test';
         const variables1 = JSON.stringify({ name: 'test 1' });
         const variables2 = JSON.stringify({ name: 'test 2' });
-        const req1 = { originalUrl: graphQlUrl, query: { query, operationName, variables: variables1 } };
-        const req2 = { originalUrl: graphQlUrl, query: { query, operationName, variables: variables2 } };
+        const req1 = { method, originalUrl: graphQlUrl, query: { query, operationName, variables: variables1 } };
+        const req2 = { method, originalUrl: graphQlUrl, query: { query, operationName, variables: variables2 } };
+        const postReq1 = { method: 'POST', originalUrl: req1.originalUrl, body: req1.query };
+        const postReq2 = { method: 'POST', originalUrl: req2.originalUrl, body: req2.query };
         expect((0, get_cache_key_1.getCacheKey)(req1)).not.toEqual((0, get_cache_key_1.getCacheKey)(req2));
+        expect((0, get_cache_key_1.getCacheKey)(postReq1)).not.toEqual((0, get_cache_key_1.getCacheKey)(postReq2));
+        expect((0, get_cache_key_1.getCacheKey)(req1)).toEqual((0, get_cache_key_1.getCacheKey)(postReq1));
+        expect((0, get_cache_key_1.getCacheKey)(req2)).toEqual((0, get_cache_key_1.getCacheKey)(postReq2));
     });
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "directus",
-  "version": "9.17.4",
+  "version": "9.18.0",
   "license": "GPL-3.0-only",
   "homepage": "https://github.com/directus/directus#readme",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -66,16 +66,16 @@
   ],
   "dependencies": {
     "@aws-sdk/client-ses": "^3.107.0",
-    "@directus/app": "9.17.4",
-    "@directus/drive": "9.17.4",
-    "@directus/drive-azure": "9.17.4",
-    "@directus/drive-gcs": "9.17.4",
-    "@directus/drive-s3": "9.17.4",
+    "@directus/app": "9.18.0",
+    "@directus/drive": "9.18.0",
+    "@directus/drive-azure": "9.18.0",
+    "@directus/drive-gcs": "9.18.0",
+    "@directus/drive-s3": "9.18.0",
     "@directus/extensions-sdk": "^9.14.1",
     "@directus/format-title": "^9.15.0",
-    "@directus/schema": "9.17.4",
-    "@directus/shared": "9.17.4",
-    "@directus/specs": "9.17.4",
+    "@directus/schema": "9.18.0",
+    "@directus/shared": "9.18.0",
+    "@directus/specs": "9.18.0",
     "@godaddy/terminus": "^4.10.2",
     "@rollup/plugin-alias": "^3.1.9",
     "@rollup/plugin-virtual": "^2.1.0",