directus 9.2.0 → 9.4.0

package/dist/services/graphql.js

@@ -34,6 +34,7 @@ const revisions_1 = require("./revisions");
 const roles_1 = require("./roles");
 const server_1 = require("./server");
 const settings_1 = require("./settings");
+const shares_1 = require("./shares");
 const specifications_1 = require("./specifications");
 const tfa_1 = require("./tfa");
 const users_1 = require("./users");
@@ -112,15 +113,23 @@ class GraphQLService {
         return formattedResult;
     }
     getSchema(type = 'schema') {
-        var _a, _b, _c, _d;
+        var _a, _b, _c, _d, _e, _f, _g, _h;
         // eslint-disable-next-line @typescript-eslint/no-this-alias
         const self = this;
         const schemaComposer = new graphql_compose_1.SchemaComposer();
         const schema = {
-            read: ((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['read']),
-            create: ((_b = this.accountability) === null || _b === void 0 ? void 0 : _b.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['create']),
-            update: ((_c = this.accountability) === null || _c === void 0 ? void 0 : _c.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['update']),
-            delete: ((_d = this.accountability) === null || _d === void 0 ? void 0 : _d.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['delete']),
+            read: ((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_b = this.accountability) === null || _b === void 0 ? void 0 : _b.permissions) || null, ['read']),
+            create: ((_c = this.accountability) === null || _c === void 0 ? void 0 : _c.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_d = this.accountability) === null || _d === void 0 ? void 0 : _d.permissions) || null, ['create']),
+            update: ((_e = this.accountability) === null || _e === void 0 ? void 0 : _e.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_f = this.accountability) === null || _f === void 0 ? void 0 : _f.permissions) || null, ['update']),
+            delete: ((_g = this.accountability) === null || _g === void 0 ? void 0 : _g.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_h = this.accountability) === null || _h === void 0 ? void 0 : _h.permissions) || null, ['delete']),
         };
         const { ReadCollectionTypes } = getReadableTypes();
         const { CreateCollectionTypes, UpdateCollectionTypes, DeleteCollectionTypes } = getWritableTypes();
@@ -1268,6 +1277,8 @@ class GraphQLService {
                 return new users_1.UsersService(opts);
             case 'directus_webhooks':
                 return new webhooks_1.WebhooksService(opts);
+            case 'directus_shares':
+                return new shares_1.SharesService(opts);
             default:
                 return new items_1.ItemsService(collection, opts);
         }

package/dist/services/index.d.ts

@@ -26,3 +26,4 @@ export * from './tfa';
 export * from './users';
 export * from './utils';
 export * from './webhooks';
+export * from './shares';

package/dist/services/index.js

@@ -39,3 +39,4 @@ __exportStar(require("./tfa"), exports);
 __exportStar(require("./users"), exports);
 __exportStar(require("./utils"), exports);
 __exportStar(require("./webhooks"), exports);
+__exportStar(require("./shares"), exports);

package/dist/services/items.d.ts

@@ -1,25 +1,11 @@
 import { Knex } from 'knex';
 import Keyv from 'keyv';
 import { Accountability, Query, PermissionsAction } from '@directus/shared/types';
-import { AbstractService, AbstractServiceOptions, Item as AnyItem, PrimaryKey, SchemaOverview } from '../types';
+import { AbstractService, AbstractServiceOptions, Item as AnyItem, PrimaryKey, SchemaOverview, MutationOptions } from '../types';
 export declare type QueryOptions = {
     stripNonRequested?: boolean;
     permissionsAction?: PermissionsAction;
 };
-export declare type MutationOptions = {
-    /**
-     * Callback function that's fired whenever a revision is made in the mutation
-     */
-    onRevisionCreate?: (pk: PrimaryKey) => void;
-    /**
-     * Flag to disable the auto purging of the cache. Is ignored when CACHE_AUTO_PURGE isn't enabled.
-     */
-    autoPurgeCache?: false;
-    /**
-     * Allow disabling the emitting of hooks. Useful if a custom hook is fired (like files.upload)
-     */
-    emitEvents?: boolean;
-};
 export declare class ItemsService<Item extends AnyItem = AnyItem> implements AbstractService {
     collection: string;
     knex: Knex;

package/dist/services/notifications.d.ts

@@ -1,6 +1,6 @@
 import { UsersService, MailService } from '.';
-import { AbstractServiceOptions, PrimaryKey } from '../types';
-import { ItemsService, MutationOptions } from './items';
+import { AbstractServiceOptions, PrimaryKey, MutationOptions } from '../types';
+import { ItemsService } from './items';
 import { Notification } from '@directus/shared/types';
 export declare class NotificationsService extends ItemsService {
     usersService: UsersService;

package/dist/services/permissions.d.ts

@@ -1,5 +1,5 @@
-import { ItemsService, QueryOptions, MutationOptions } from '../services/items';
-import { AbstractServiceOptions, Item, PrimaryKey } from '../types';
+import { ItemsService, QueryOptions } from '../services/items';
+import { AbstractServiceOptions, Item, PrimaryKey, MutationOptions } from '../types';
 import { Query, PermissionsAction } from '@directus/shared/types';
 import Keyv from 'keyv';
 export declare class PermissionsService extends ItemsService {

package/dist/services/roles.d.ts

@@ -1,6 +1,6 @@
-import { AbstractServiceOptions, PrimaryKey } from '../types';
+import { AbstractServiceOptions, MutationOptions, PrimaryKey } from '../types';
 import { Query } from '@directus/shared/types';
-import { ItemsService, MutationOptions } from './items';
+import { ItemsService } from './items';
 export declare class RolesService extends ItemsService {
     constructor(options: AbstractServiceOptions);
     private checkForOtherAdminRoles;

package/dist/services/shares.d.ts

@@ -0,0 +1,17 @@
+import { AbstractServiceOptions, LoginResult, Item, PrimaryKey, MutationOptions } from '../types';
+import { ItemsService } from './items';
+import { AuthorizationService } from './authorization';
+export declare class SharesService extends ItemsService {
+    authorizationService: AuthorizationService;
+    constructor(options: AbstractServiceOptions);
+    createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    login(payload: Record<string, any>): Promise<LoginResult>;
+    /**
+     * Send a link to the given share ID to the given email(s). Note: you can only send a link to a share
+     * if you have read access to that particular share
+     */
+    invite(payload: {
+        emails: string[];
+        share: PrimaryKey;
+    }): Promise<void>;
+}

package/dist/services/shares.js

@@ -0,0 +1,135 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SharesService = void 0;
+const items_1 = require("./items");
+const argon2_1 = __importDefault(require("argon2"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const ms_1 = __importDefault(require("ms"));
+const exceptions_1 = require("../exceptions");
+const env_1 = __importDefault(require("../env"));
+const nanoid_1 = require("nanoid");
+const authorization_1 = require("./authorization");
+const users_1 = require("./users");
+const mail_1 = require("./mail");
+const user_name_1 = require("../utils/user-name");
+const md_1 = require("../utils/md");
+class SharesService extends items_1.ItemsService {
+    constructor(options) {
+        super('directus_shares', options);
+        this.authorizationService = new authorization_1.AuthorizationService({
+            accountability: this.accountability,
+            knex: this.knex,
+            schema: this.schema,
+        });
+    }
+    async createOne(data, opts) {
+        await this.authorizationService.checkAccess('share', data.collection, data.item);
+        return super.createOne(data, opts);
+    }
+    async login(payload) {
+        var _a, _b;
+        const record = await this.knex
+            .select({
+            share_id: 'id',
+            share_role: 'role',
+            share_item: 'item',
+            share_collection: 'collection',
+            share_start: 'date_start',
+            share_end: 'date_end',
+            share_times_used: 'times_used',
+            share_max_uses: 'max_uses',
+            share_password: 'password',
+        })
+            .from('directus_shares')
+            .where('id', payload.share)
+            .andWhere((subQuery) => {
+            subQuery.whereNull('date_end').orWhere('date_end', '>=', this.knex.fn.now());
+        })
+            .andWhere((subQuery) => {
+            subQuery.whereNull('date_start').orWhere('date_start', '<=', this.knex.fn.now());
+        })
+            .andWhere((subQuery) => {
+            subQuery.whereNull('max_uses').orWhere('max_uses', '>=', this.knex.ref('times_used'));
+        })
+            .first();
+        if (!record) {
+            throw new exceptions_1.InvalidCredentialsException();
+        }
+        if (record.share_password && !(await argon2_1.default.verify(record.share_password, payload.password))) {
+            throw new exceptions_1.InvalidCredentialsException();
+        }
+        await this.knex('directus_shares')
+            .update({ times_used: record.share_times_used + 1 })
+            .where('id', record.share_id);
+        const tokenPayload = {
+            app_access: false,
+            admin_access: false,
+            role: record.share_role,
+            share: record.share_id,
+            share_scope: {
+                item: record.share_item,
+                collection: record.share_collection,
+            },
+        };
+        const accessToken = jsonwebtoken_1.default.sign(tokenPayload, env_1.default.SECRET, {
+            expiresIn: env_1.default.ACCESS_TOKEN_TTL,
+            issuer: 'directus',
+        });
+        const refreshToken = (0, nanoid_1.nanoid)(64);
+        const refreshTokenExpiration = new Date(Date.now() + (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL));
+        await this.knex('directus_sessions').insert({
+            token: refreshToken,
+            expires: refreshTokenExpiration,
+            ip: (_a = this.accountability) === null || _a === void 0 ? void 0 : _a.ip,
+            user_agent: (_b = this.accountability) === null || _b === void 0 ? void 0 : _b.userAgent,
+            share: record.share_id,
+        });
+        await this.knex('directus_sessions').delete().where('expires', '<', new Date());
+        return {
+            accessToken,
+            refreshToken,
+            expires: (0, ms_1.default)(env_1.default.ACCESS_TOKEN_TTL),
+        };
+    }
+    /**
+     * Send a link to the given share ID to the given email(s). Note: you can only send a link to a share
+     * if you have read access to that particular share
+     */
+    async invite(payload) {
+        var _a;
+        if (!((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.user))
+            throw new exceptions_1.ForbiddenException();
+        const share = await this.readOne(payload.share, { fields: ['collection'] });
+        const usersService = new users_1.UsersService({
+            knex: this.knex,
+            schema: this.schema,
+        });
+        const mailService = new mail_1.MailService({ schema: this.schema, accountability: this.accountability });
+        const userInfo = await usersService.readOne(this.accountability.user, {
+            fields: ['first_name', 'last_name', 'email', 'id'],
+        });
+        const message = `
+Hello!
+
+${(0, user_name_1.userName)(userInfo)} has invited you to view an item in ${share.collection}.
+
+[Open](${env_1.default.PUBLIC_URL}/admin/shared/${payload.share})
+`;
+        for (const email of payload.emails) {
+            await mailService.send({
+                template: {
+                    name: 'base',
+                    data: {
+                        html: (0, md_1.md)(message),
+                    },
+                },
+                to: email,
+                subject: `${(0, user_name_1.userName)(userInfo)} has shared an item with you`,
+            });
+        }
+    }
+}
+exports.SharesService = SharesService;

package/dist/services/specifications.js

@@ -442,7 +442,7 @@ class OASSpecsService {
                     ],
                 };
             }
-            else if (relationType === 'm2a') {
+            else if (relationType === 'a2o') {
                 const relatedTags = tags.filter((tag) => relation.meta.one_allowed_collections.includes(tag['x-collection']));
                 propertyObject.type = 'array';
                 propertyObject.items = {

package/dist/services/users.d.ts

@@ -1,8 +1,8 @@
 import { Knex } from 'knex';
-import { AbstractServiceOptions, Item, PrimaryKey, SchemaOverview } from '../types';
+import { AbstractServiceOptions, Item, PrimaryKey, SchemaOverview, MutationOptions } from '../types';
 import { Query } from '@directus/shared/types';
 import { Accountability } from '@directus/shared/types';
-import { ItemsService, MutationOptions } from './items';
+import { ItemsService } from './items';
 export declare class UsersService extends ItemsService {
     knex: Knex;
     accountability: Accountability | null;

package/dist/services/users.js

@@ -19,6 +19,7 @@ const mail_1 = require("./mail");
 const settings_1 = require("./settings");
 const stall_1 = require("../utils/stall");
 const perf_hooks_1 = require("perf_hooks");
+const utils_2 = require("@directus/shared/utils");
 class UsersService extends items_1.ItemsService {
     constructor(options) {
         super('directus_users', options);
@@ -251,7 +252,7 @@ class UsersService extends items_1.ItemsService {
         }
         const STALL_TIME = 500;
         const timeStart = perf_hooks_1.performance.now();
-        const user = await this.knex.select('status').from('directus_users').where({ email }).first();
+        const user = await this.knex.select('status', 'password').from('directus_users').where({ email }).first();
         if ((user === null || user === void 0 ? void 0 : user.status) !== 'active') {
             await (0, stall_1.stall)(STALL_TIME, timeStart);
             throw new exceptions_2.ForbiddenException();
@@ -261,7 +262,7 @@ class UsersService extends items_1.ItemsService {
             knex: this.knex,
             accountability: this.accountability,
         });
-        const payload = { email, scope: 'password-reset' };
+        const payload = { email, scope: 'password-reset', hash: (0, utils_2.getSimpleHash)('' + user.password) };
         const token = jsonwebtoken_1.default.sign(payload, env_1.default.SECRET, { expiresIn: '1d', issuer: 'directus' });
         const acceptURL = url ? `${url}?token=${token}` : `${env_1.default.PUBLIC_URL}/admin/reset-password?token=${token}`;
         const subjectLine = subject ? subject : 'Password Reset Request';
@@ -279,11 +280,12 @@ class UsersService extends items_1.ItemsService {
         await (0, stall_1.stall)(STALL_TIME, timeStart);
     }
     async resetPassword(token, password) {
-        const { email, scope } = jsonwebtoken_1.default.verify(token, env_1.default.SECRET, { issuer: 'directus' });
-        if (scope !== 'password-reset')
+        const { email, scope, hash } = jsonwebtoken_1.default.verify(token, env_1.default.SECRET, { issuer: 'directus' });
+        if (scope !== 'password-reset' || !hash)
             throw new exceptions_2.ForbiddenException();
-        const user = await this.knex.select('id', 'status').from('directus_users').where({ email }).first();
-        if ((user === null || user === void 0 ? void 0 : user.status) !== 'active') {
+        await this.checkPasswordPolicy([password]);
+        const user = await this.knex.select('id', 'status', 'password').from('directus_users').where({ email }).first();
+        if ((user === null || user === void 0 ? void 0 : user.status) !== 'active' || hash !== (0, utils_2.getSimpleHash)('' + user.password)) {
             throw new exceptions_2.ForbiddenException();
         }
         // Allow unauthenticated update

package/dist/services/webhooks.d.ts

@@ -1,5 +1,5 @@
-import { AbstractServiceOptions, Item, PrimaryKey, Webhook } from '../types';
-import { ItemsService, MutationOptions } from './items';
+import { AbstractServiceOptions, Item, PrimaryKey, Webhook, MutationOptions } from '../types';
+import { ItemsService } from './items';
 export declare class WebhooksService extends ItemsService<Webhook> {
     constructor(options: AbstractServiceOptions);
     createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;

package/dist/tests/database/migrations/run.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tests/database/migrations/run.test.js

@@ -0,0 +1,29 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const knex_1 = __importDefault(require("knex"));
+const knex_mock_client_1 = require("knex-mock-client");
+const run_1 = __importDefault(require("../../../database/migrations/run"));
+describe('run', () => {
+    let db;
+    let tracker;
+    beforeAll(() => {
+        db = (0, knex_1.default)({ client: knex_mock_client_1.MockClient });
+        tracker = (0, knex_mock_client_1.getTracker)();
+    });
+    afterEach(() => {
+        tracker.reset();
+    });
+    describe('when passed the argument up', () => {
+        it('returns "Nothing To Updage" if no directus_migrations', async () => {
+            // note the difference between an empty array and ['Empty']
+            tracker.on.select('directus_migrations').response(['Empty']);
+            await (0, run_1.default)(db, 'up').catch((e) => {
+                expect(e).toBeInstanceOf(Error);
+                expect(e.message).toBe('Nothing to upgrade');
+            });
+        });
+    });
+});

package/dist/types/ast.d.ts

@@ -10,8 +10,8 @@ export declare type M2ONode = {
     parentKey: string;
     relatedKey: string;
 };
-export declare type M2ANode = {
-    type: 'm2a';
+export declare type A2MNode = {
+    type: 'a2o';
     names: string[];
     children: {
         [collection: string]: (NestedCollectionNode | FieldNode)[];
@@ -36,7 +36,7 @@ export declare type O2MNode = {
     parentKey: string;
     relatedKey: string;
 };
-export declare type NestedCollectionNode = M2ONode | O2MNode | M2ANode;
+export declare type NestedCollectionNode = M2ONode | O2MNode | A2MNode;
 export declare type FieldNode = {
     type: 'field';
     name: string;

package/dist/types/auth.d.ts

@@ -15,11 +15,42 @@ export interface User {
     provider: string;
     external_identifier: string | null;
     auth_data: string | Record<string, unknown> | null;
+    app_access: boolean;
+    admin_access: boolean;
 }
 export declare type AuthData = Record<string, any> | null;
 export interface Session {
     token: string;
     expires: Date;
     data: string | Record<string, unknown> | null;
+    share: string;
 }
 export declare type SessionData = Record<string, any> | null;
+export declare type DirectusTokenPayload = {
+    id?: string;
+    role: string | null;
+    app_access: boolean | number;
+    admin_access: boolean | number;
+    share?: string;
+    share_scope?: {
+        collection: string;
+        item: string;
+    };
+};
+export declare type ShareData = {
+    share_id: string;
+    share_role: string;
+    share_item: string;
+    share_collection: string;
+    share_start: Date;
+    share_end: Date;
+    share_times_used: number;
+    share_max_uses?: number;
+    share_password?: string;
+};
+export declare type LoginResult = {
+    accessToken: any;
+    refreshToken: any;
+    expires: any;
+    id?: any;
+};

package/dist/types/extensions.d.ts

@@ -5,6 +5,7 @@ import { Logger } from 'pino';
 import env from '../env';
 import * as exceptions from '../exceptions';
 import * as services from '../services';
+import { Emitter } from '../emitter';
 import { getSchema } from '../utils/get-schema';
 import { SchemaOverview } from './schema';
 export declare type ExtensionContext = {
@@ -12,6 +13,7 @@ export declare type ExtensionContext = {
     exceptions: typeof exceptions;
     database: Knex;
     env: typeof env;
+    emitter: Emitter;
     logger: Logger;
     getSchema: typeof getSchema;
 };

package/dist/types/items.d.ts

@@ -13,3 +13,17 @@ export declare type Alterations = {
     }[];
     delete: (number | string)[];
 };
+export declare type MutationOptions = {
+    /**
+     * Callback function that's fired whenever a revision is made in the mutation
+     */
+    onRevisionCreate?: (pk: PrimaryKey) => void;
+    /**
+     * Flag to disable the auto purging of the cache. Is ignored when CACHE_AUTO_PURGE isn't enabled.
+     */
+    autoPurgeCache?: false;
+    /**
+     * Allow disabling the emitting of hooks. Useful if a custom hook is fired (like files.upload)
+     */
+    emitEvents?: boolean;
+};

package/dist/utils/apply-query.d.ts

@@ -5,44 +5,6 @@ import { Aggregate, Filter, Query } from '@directus/shared/types';
  * Apply the Query to a given Knex query builder instance
  */
 export default function applyQuery(knex: Knex, collection: string, dbQuery: Knex.QueryBuilder, query: Query, schema: SchemaOverview, subQuery?: boolean): Knex.QueryBuilder;
-/**
- * Apply a given filter object to the Knex QueryBuilder instance.
- *
- * Relational nested filters, like the following example:
- *
- * ```json
- * // Fetch pages that have articles written by Rijk
- *
- * {
- *   "articles": {
- *     "author": {
- *       "name": {
- *         "_eq": "Rijk"
- *       }
- *     }
- *   }
- * }
- * ```
- *
- * are handled by joining the nested tables, and using a where statement on the top level on the
- * nested field through the join. This allows us to filter the top level items based on nested data.
- * The where on the root is done with a subquery to prevent duplicates, any nested joins are done
- * with aliases to prevent naming conflicts.
- *
- * The output SQL for the above would look something like:
- *
- * ```sql
- * SELECT *
- * FROM pages
- * WHERE
- *   pages.id in (
- *     SELECT articles.page_id AS page_id
- *     FROM articles
- *     LEFT JOIN authors AS xviqp ON articles.author = xviqp.id
- *     WHERE xviqp.name = 'Rijk'
- *   )
- * ```
- */
 export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, subQuery?: boolean): Knex.QueryBuilder<any, any>;
 export declare function applySearch(schema: SchemaOverview, dbQuery: Knex.QueryBuilder, searchQuery: string, collection: string): Promise<void>;
 export declare function applyAggregate(dbQuery: Knex.QueryBuilder, aggregate: Aggregate, collection: string): void;