directus 9.2.2 → 9.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app.js +16 -4
- package/dist/auth/auth.d.ts +4 -6
- package/dist/auth/auth.js +5 -9
- package/dist/auth/drivers/ldap.d.ts +3 -3
- package/dist/auth/drivers/ldap.js +2 -3
- package/dist/auth/drivers/local.d.ts +2 -2
- package/dist/auth/drivers/local.js +7 -13
- package/dist/auth/drivers/oauth2.d.ts +3 -3
- package/dist/auth/drivers/oauth2.js +4 -4
- package/dist/auth/drivers/openid.d.ts +3 -3
- package/dist/auth/drivers/openid.js +4 -4
- package/dist/cache.js +1 -3
- package/dist/cli/commands/bootstrap/index.js +3 -2
- package/dist/cli/commands/init/index.js +3 -7
- package/dist/cli/commands/schema/apply.js +1 -1
- package/dist/cli/utils/defaults.d.ts +11 -0
- package/dist/cli/utils/defaults.js +14 -0
- package/dist/constants.d.ts +8 -0
- package/dist/constants.js +16 -2
- package/dist/controllers/activity.js +2 -1
- package/dist/controllers/auth.js +5 -4
- package/dist/controllers/shares.d.ts +2 -0
- package/dist/controllers/shares.js +212 -0
- package/dist/controllers/users.js +21 -9
- package/dist/database/index.js +3 -0
- package/dist/database/migrations/20211211A-add-shares.d.ts +3 -0
- package/dist/database/migrations/20211211A-add-shares.js +38 -0
- package/dist/database/migrations/20211230A-add-project-descriptor.d.ts +3 -0
- package/dist/database/migrations/20211230A-add-project-descriptor.js +15 -0
- package/dist/database/run-ast.js +5 -5
- package/dist/database/system-data/app-access-permissions/app-access-permissions.yaml +0 -15
- package/dist/database/system-data/app-access-permissions/index.d.ts +1 -0
- package/dist/database/system-data/app-access-permissions/index.js +4 -2
- package/dist/database/system-data/app-access-permissions/schema-access-permissions.yaml +17 -0
- package/dist/database/system-data/collections/collections.yaml +3 -0
- package/dist/database/system-data/fields/_defaults.yaml +2 -0
- package/dist/database/system-data/fields/sessions.yaml +1 -1
- package/dist/database/system-data/fields/settings.yaml +20 -1
- package/dist/database/system-data/fields/shares.yaml +77 -0
- package/dist/database/system-data/fields/users.yaml +1 -1
- package/dist/database/system-data/relations/relations.yaml +15 -0
- package/dist/emitter.d.ts +3 -2
- package/dist/emitter.js +13 -6
- package/dist/env.js +3 -1
- package/dist/extensions.d.ts +1 -0
- package/dist/extensions.js +10 -4
- package/dist/middleware/authenticate.js +7 -16
- package/dist/middleware/check-ip.js +9 -6
- package/dist/middleware/rate-limiter.js +2 -1
- package/dist/middleware/respond.js +4 -1
- package/dist/services/activity.d.ts +2 -1
- package/dist/services/activity.js +2 -2
- package/dist/services/authentication.d.ts +2 -7
- package/dist/services/authentication.js +81 -41
- package/dist/services/authorization.js +3 -3
- package/dist/services/collections.d.ts +1 -2
- package/dist/services/collections.js +2 -2
- package/dist/services/files.d.ts +2 -2
- package/dist/services/files.js +14 -8
- package/dist/services/graphql.d.ts +1 -1
- package/dist/services/graphql.js +47 -6
- package/dist/services/index.d.ts +1 -0
- package/dist/services/index.js +1 -0
- package/dist/services/items.d.ts +1 -15
- package/dist/services/notifications.d.ts +2 -2
- package/dist/services/permissions.d.ts +2 -2
- package/dist/services/roles.d.ts +2 -2
- package/dist/services/server.js +1 -0
- package/dist/services/shares.d.ts +17 -0
- package/dist/services/shares.js +135 -0
- package/dist/services/specifications.js +1 -1
- package/dist/services/users.d.ts +2 -2
- package/dist/services/webhooks.d.ts +2 -2
- package/dist/types/ast.d.ts +3 -3
- package/dist/types/auth.d.ts +31 -0
- package/dist/types/extensions.d.ts +2 -0
- package/dist/types/items.d.ts +14 -0
- package/dist/utils/apply-query.d.ts +0 -38
- package/dist/utils/apply-query.js +66 -67
- package/dist/utils/apply-snapshot.js +69 -14
- package/dist/utils/get-ast-from-query.js +3 -3
- package/dist/utils/get-default-value.js +3 -1
- package/dist/utils/get-ip-from-req.d.ts +2 -0
- package/dist/utils/get-ip-from-req.js +24 -0
- package/dist/utils/get-permissions.js +15 -7
- package/dist/utils/get-relation-type.d.ts +1 -1
- package/dist/utils/get-relation-type.js +1 -1
- package/dist/utils/merge-permissions-for-share.d.ts +5 -0
- package/dist/utils/merge-permissions-for-share.js +116 -0
- package/dist/utils/merge-permissions.d.ts +13 -1
- package/dist/utils/merge-permissions.js +27 -19
- package/dist/utils/reduce-schema.d.ts +2 -2
- package/dist/utils/reduce-schema.js +7 -7
- package/dist/utils/user-name.js +3 -0
- package/example.env +1 -1
- package/package.json +15 -14
package/dist/app.js
CHANGED
|
@@ -27,6 +27,7 @@ const express_1 = __importDefault(require("express"));
|
|
|
27
27
|
const fs_extra_1 = __importDefault(require("fs-extra"));
|
|
28
28
|
const path_1 = __importDefault(require("path"));
|
|
29
29
|
const qs_1 = __importDefault(require("qs"));
|
|
30
|
+
const helmet_1 = __importDefault(require("helmet"));
|
|
30
31
|
const activity_1 = __importDefault(require("./controllers/activity"));
|
|
31
32
|
const assets_1 = __importDefault(require("./controllers/assets"));
|
|
32
33
|
const auth_1 = __importDefault(require("./controllers/auth"));
|
|
@@ -51,6 +52,7 @@ const settings_1 = __importDefault(require("./controllers/settings"));
|
|
|
51
52
|
const users_1 = __importDefault(require("./controllers/users"));
|
|
52
53
|
const utils_1 = __importDefault(require("./controllers/utils"));
|
|
53
54
|
const webhooks_1 = __importDefault(require("./controllers/webhooks"));
|
|
55
|
+
const shares_1 = __importDefault(require("./controllers/shares"));
|
|
54
56
|
const database_1 = require("./database");
|
|
55
57
|
const emitter_1 = __importDefault(require("./emitter"));
|
|
56
58
|
const env_1 = __importDefault(require("./env"));
|
|
@@ -74,6 +76,8 @@ const webhooks_2 = require("./webhooks");
|
|
|
74
76
|
const cache_2 = require("./cache");
|
|
75
77
|
const auth_2 = require("./auth");
|
|
76
78
|
const url_1 = require("./utils/url");
|
|
79
|
+
const get_config_from_env_1 = require("./utils/get-config-from-env");
|
|
80
|
+
const lodash_1 = require("lodash");
|
|
77
81
|
async function createApp() {
|
|
78
82
|
(0, validate_env_1.validateEnv)(['KEY', 'SECRET']);
|
|
79
83
|
if (!new url_1.Url(env_1.default.PUBLIC_URL).isAbsolute()) {
|
|
@@ -95,8 +99,15 @@ async function createApp() {
|
|
|
95
99
|
await extensionManager.initialize();
|
|
96
100
|
const app = (0, express_1.default)();
|
|
97
101
|
app.disable('x-powered-by');
|
|
98
|
-
app.set('trust proxy',
|
|
102
|
+
app.set('trust proxy', env_1.default.IP_TRUST_PROXY);
|
|
99
103
|
app.set('query parser', (str) => qs_1.default.parse(str, { depth: 10 }));
|
|
104
|
+
app.use(helmet_1.default.contentSecurityPolicy((0, lodash_1.merge)({
|
|
105
|
+
useDefaults: true,
|
|
106
|
+
directives: {
|
|
107
|
+
// Unsafe-eval is required for vue3 / vue-i18n / app extensions
|
|
108
|
+
scriptSrc: ["'self'", "'unsafe-eval'"],
|
|
109
|
+
},
|
|
110
|
+
}, (0, get_config_from_env_1.getConfigFromEnv)('CONTENT_SECURITY_POLICY_'))));
|
|
100
111
|
await emitter_1.default.emitInit('app.before', { app });
|
|
101
112
|
await emitter_1.default.emitInit('middlewares.before', { app });
|
|
102
113
|
app.use(logger_1.expressLogger);
|
|
@@ -112,14 +123,14 @@ async function createApp() {
|
|
|
112
123
|
});
|
|
113
124
|
app.use((0, cookie_parser_1.default)());
|
|
114
125
|
app.use(extract_token_1.default);
|
|
115
|
-
app.use((
|
|
126
|
+
app.use((_req, res, next) => {
|
|
116
127
|
res.setHeader('X-Powered-By', 'Directus');
|
|
117
128
|
next();
|
|
118
129
|
});
|
|
119
130
|
if (env_1.default.CORS_ENABLED === true) {
|
|
120
131
|
app.use(cors_1.default);
|
|
121
132
|
}
|
|
122
|
-
app.get('/', (
|
|
133
|
+
app.get('/', (_req, res, next) => {
|
|
123
134
|
if (env_1.default.ROOT_REDIRECT) {
|
|
124
135
|
res.redirect(env_1.default.ROOT_REDIRECT);
|
|
125
136
|
}
|
|
@@ -133,7 +144,7 @@ async function createApp() {
|
|
|
133
144
|
// Set the App's base path according to the APIs public URL
|
|
134
145
|
const html = await fs_extra_1.default.readFile(adminPath, 'utf8');
|
|
135
146
|
const htmlWithBase = html.replace(/<base \/>/, `<base href="${adminUrl.toString({ rootRelative: true })}/" />`);
|
|
136
|
-
const noCacheIndexHtmlHandler = (
|
|
147
|
+
const noCacheIndexHtmlHandler = (_req, res) => {
|
|
137
148
|
res.setHeader('Cache-Control', 'no-cache');
|
|
138
149
|
res.send(htmlWithBase);
|
|
139
150
|
};
|
|
@@ -173,6 +184,7 @@ async function createApp() {
|
|
|
173
184
|
app.use('/roles', roles_1.default);
|
|
174
185
|
app.use('/server', server_1.default);
|
|
175
186
|
app.use('/settings', settings_1.default);
|
|
187
|
+
app.use('/shares', shares_1.default);
|
|
176
188
|
app.use('/users', users_1.default);
|
|
177
189
|
app.use('/utils', utils_1.default);
|
|
178
190
|
app.use('/webhooks', webhooks_1.default);
|
package/dist/auth/auth.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Knex } from 'knex';
|
|
2
|
-
import { AuthDriverOptions, SchemaOverview, User
|
|
2
|
+
import { AuthDriverOptions, SchemaOverview, User } from '../types';
|
|
3
3
|
export declare abstract class AuthDriver {
|
|
4
4
|
knex: Knex;
|
|
5
5
|
schema: SchemaOverview;
|
|
@@ -28,20 +28,18 @@ export declare abstract class AuthDriver {
|
|
|
28
28
|
* @throws InvalidCredentialsException
|
|
29
29
|
* @returns Data to be stored with the session
|
|
30
30
|
*/
|
|
31
|
-
login(_user: User, _payload: Record<string, any>): Promise<
|
|
31
|
+
login(_user: User, _payload: Record<string, any>): Promise<void>;
|
|
32
32
|
/**
|
|
33
33
|
* Handle user session refresh
|
|
34
34
|
*
|
|
35
35
|
* @param _user User information
|
|
36
|
-
* @param _sessionData Session data
|
|
37
36
|
* @throws InvalidCredentialsException
|
|
38
37
|
*/
|
|
39
|
-
refresh(_user: User
|
|
38
|
+
refresh(_user: User): Promise<void>;
|
|
40
39
|
/**
|
|
41
40
|
* Handle user session termination
|
|
42
41
|
*
|
|
43
42
|
* @param _user User information
|
|
44
|
-
* @param _sessionData Session data
|
|
45
43
|
*/
|
|
46
|
-
logout(_user: User
|
|
44
|
+
logout(_user: User): Promise<void>;
|
|
47
45
|
}
|
package/dist/auth/auth.js
CHANGED
|
@@ -15,28 +15,24 @@ class AuthDriver {
|
|
|
15
15
|
* @returns Data to be stored with the session
|
|
16
16
|
*/
|
|
17
17
|
async login(_user, _payload) {
|
|
18
|
-
|
|
19
|
-
return null;
|
|
18
|
+
return;
|
|
20
19
|
}
|
|
21
20
|
/**
|
|
22
21
|
* Handle user session refresh
|
|
23
22
|
*
|
|
24
23
|
* @param _user User information
|
|
25
|
-
* @param _sessionData Session data
|
|
26
24
|
* @throws InvalidCredentialsException
|
|
27
25
|
*/
|
|
28
|
-
async refresh(_user
|
|
29
|
-
|
|
30
|
-
return sessionData;
|
|
26
|
+
async refresh(_user) {
|
|
27
|
+
return;
|
|
31
28
|
}
|
|
32
29
|
/**
|
|
33
30
|
* Handle user session termination
|
|
34
31
|
*
|
|
35
32
|
* @param _user User information
|
|
36
|
-
* @param _sessionData Session data
|
|
37
33
|
*/
|
|
38
|
-
async logout(_user
|
|
39
|
-
|
|
34
|
+
async logout(_user) {
|
|
35
|
+
return;
|
|
40
36
|
}
|
|
41
37
|
}
|
|
42
38
|
exports.AuthDriver = AuthDriver;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Router } from 'express';
|
|
2
2
|
import { Client } from 'ldapjs';
|
|
3
3
|
import { AuthDriver } from '../auth';
|
|
4
|
-
import { AuthDriverOptions, User
|
|
4
|
+
import { AuthDriverOptions, User } from '../../types';
|
|
5
5
|
import { UsersService } from '../../services';
|
|
6
6
|
export declare class LDAPAuthDriver extends AuthDriver {
|
|
7
7
|
bindClient: Client;
|
|
@@ -15,7 +15,7 @@ export declare class LDAPAuthDriver extends AuthDriver {
|
|
|
15
15
|
private fetchUserId;
|
|
16
16
|
getUserID(payload: Record<string, any>): Promise<string>;
|
|
17
17
|
verify(user: User, password?: string): Promise<void>;
|
|
18
|
-
login(user: User, payload: Record<string, any>): Promise<
|
|
19
|
-
refresh(user: User): Promise<
|
|
18
|
+
login(user: User, payload: Record<string, any>): Promise<void>;
|
|
19
|
+
refresh(user: User): Promise<void>;
|
|
20
20
|
}
|
|
21
21
|
export declare function createLDAPAuthRouter(provider: string): Router;
|
|
@@ -26,6 +26,7 @@ exports.createLDAPAuthRouter = exports.LDAPAuthDriver = void 0;
|
|
|
26
26
|
const express_1 = require("express");
|
|
27
27
|
const ldapjs_1 = __importStar(require("ldapjs"));
|
|
28
28
|
const ms_1 = __importDefault(require("ms"));
|
|
29
|
+
const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
|
|
29
30
|
const joi_1 = __importDefault(require("joi"));
|
|
30
31
|
const auth_1 = require("../auth");
|
|
31
32
|
const exceptions_1 = require("../../exceptions");
|
|
@@ -260,7 +261,6 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
|
|
|
260
261
|
}
|
|
261
262
|
async login(user, payload) {
|
|
262
263
|
await this.verify(user, payload.password);
|
|
263
|
-
return null;
|
|
264
264
|
}
|
|
265
265
|
async refresh(user) {
|
|
266
266
|
await this.validateBindClient();
|
|
@@ -268,7 +268,6 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
|
|
|
268
268
|
if ((userInfo === null || userInfo === void 0 ? void 0 : userInfo.userAccountControl) && userInfo.userAccountControl & INVALID_ACCOUNT_FLAGS) {
|
|
269
269
|
throw new exceptions_1.InvalidCredentialsException();
|
|
270
270
|
}
|
|
271
|
-
return null;
|
|
272
271
|
}
|
|
273
272
|
}
|
|
274
273
|
exports.LDAPAuthDriver = LDAPAuthDriver;
|
|
@@ -294,7 +293,7 @@ function createLDAPAuthRouter(provider) {
|
|
|
294
293
|
router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
|
|
295
294
|
var _a, _b;
|
|
296
295
|
const accountability = {
|
|
297
|
-
ip: req
|
|
296
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
298
297
|
userAgent: req.get('user-agent'),
|
|
299
298
|
role: null,
|
|
300
299
|
};
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
import { Router } from 'express';
|
|
2
2
|
import { AuthDriver } from '../auth';
|
|
3
|
-
import { User
|
|
3
|
+
import { User } from '../../types';
|
|
4
4
|
export declare class LocalAuthDriver extends AuthDriver {
|
|
5
5
|
getUserID(payload: Record<string, any>): Promise<string>;
|
|
6
6
|
verify(user: User, password?: string): Promise<void>;
|
|
7
|
-
login(user: User, payload: Record<string, any>): Promise<
|
|
7
|
+
login(user: User, payload: Record<string, any>): Promise<void>;
|
|
8
8
|
}
|
|
9
9
|
export declare function createLocalAuthRouter(provider: string): Router;
|
|
@@ -6,7 +6,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.createLocalAuthRouter = exports.LocalAuthDriver = void 0;
|
|
7
7
|
const express_1 = require("express");
|
|
8
8
|
const argon2_1 = __importDefault(require("argon2"));
|
|
9
|
-
const ms_1 = __importDefault(require("ms"));
|
|
10
9
|
const joi_1 = __importDefault(require("joi"));
|
|
11
10
|
const auth_1 = require("../auth");
|
|
12
11
|
const exceptions_1 = require("../../exceptions");
|
|
@@ -14,6 +13,8 @@ const services_1 = require("../../services");
|
|
|
14
13
|
const async_handler_1 = __importDefault(require("../../utils/async-handler"));
|
|
15
14
|
const env_1 = __importDefault(require("../../env"));
|
|
16
15
|
const respond_1 = require("../../middleware/respond");
|
|
16
|
+
const constants_1 = require("../../constants");
|
|
17
|
+
const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
|
|
17
18
|
class LocalAuthDriver extends auth_1.AuthDriver {
|
|
18
19
|
async getUserID(payload) {
|
|
19
20
|
if (!payload.email) {
|
|
@@ -36,22 +37,21 @@ class LocalAuthDriver extends auth_1.AuthDriver {
|
|
|
36
37
|
}
|
|
37
38
|
async login(user, payload) {
|
|
38
39
|
await this.verify(user, payload.password);
|
|
39
|
-
return null;
|
|
40
40
|
}
|
|
41
41
|
}
|
|
42
42
|
exports.LocalAuthDriver = LocalAuthDriver;
|
|
43
43
|
function createLocalAuthRouter(provider) {
|
|
44
44
|
const router = (0, express_1.Router)();
|
|
45
|
-
const
|
|
45
|
+
const userLoginSchema = joi_1.default.object({
|
|
46
46
|
email: joi_1.default.string().email().required(),
|
|
47
47
|
password: joi_1.default.string().required(),
|
|
48
48
|
mode: joi_1.default.string().valid('cookie', 'json'),
|
|
49
49
|
otp: joi_1.default.string(),
|
|
50
50
|
}).unknown();
|
|
51
51
|
router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
|
|
52
|
-
var _a
|
|
52
|
+
var _a;
|
|
53
53
|
const accountability = {
|
|
54
|
-
ip: req
|
|
54
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
55
55
|
userAgent: req.get('user-agent'),
|
|
56
56
|
role: null,
|
|
57
57
|
};
|
|
@@ -59,7 +59,7 @@ function createLocalAuthRouter(provider) {
|
|
|
59
59
|
accountability: accountability,
|
|
60
60
|
schema: req.schema,
|
|
61
61
|
});
|
|
62
|
-
const { error } =
|
|
62
|
+
const { error } = userLoginSchema.validate(req.body);
|
|
63
63
|
if (error) {
|
|
64
64
|
throw new exceptions_1.InvalidPayloadException(error.message);
|
|
65
65
|
}
|
|
@@ -72,13 +72,7 @@ function createLocalAuthRouter(provider) {
|
|
|
72
72
|
payload.data.refresh_token = refreshToken;
|
|
73
73
|
}
|
|
74
74
|
if (mode === 'cookie') {
|
|
75
|
-
res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken,
|
|
76
|
-
httpOnly: true,
|
|
77
|
-
domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
|
|
78
|
-
maxAge: (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL),
|
|
79
|
-
secure: (_b = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _b !== void 0 ? _b : false,
|
|
80
|
-
sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
|
|
81
|
-
});
|
|
75
|
+
res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_1.COOKIE_OPTIONS);
|
|
82
76
|
}
|
|
83
77
|
res.locals.payload = payload;
|
|
84
78
|
return next();
|
|
@@ -2,7 +2,7 @@ import { Router } from 'express';
|
|
|
2
2
|
import { Client } from 'openid-client';
|
|
3
3
|
import { LocalAuthDriver } from './local';
|
|
4
4
|
import { UsersService } from '../../services';
|
|
5
|
-
import { AuthDriverOptions, User
|
|
5
|
+
import { AuthDriverOptions, User } from '../../types';
|
|
6
6
|
export declare class OAuth2AuthDriver extends LocalAuthDriver {
|
|
7
7
|
client: Client;
|
|
8
8
|
redirectUrl: string;
|
|
@@ -13,7 +13,7 @@ export declare class OAuth2AuthDriver extends LocalAuthDriver {
|
|
|
13
13
|
generateAuthUrl(codeVerifier: string, prompt?: boolean): string;
|
|
14
14
|
private fetchUserId;
|
|
15
15
|
getUserID(payload: Record<string, any>): Promise<string>;
|
|
16
|
-
login(user: User): Promise<
|
|
17
|
-
refresh(user: User
|
|
16
|
+
login(user: User): Promise<void>;
|
|
17
|
+
refresh(user: User): Promise<void>;
|
|
18
18
|
}
|
|
19
19
|
export declare function createOAuth2AuthRouter(providerName: string): Router;
|
|
@@ -17,6 +17,7 @@ const respond_1 = require("../../middleware/respond");
|
|
|
17
17
|
const async_handler_1 = __importDefault(require("../../utils/async-handler"));
|
|
18
18
|
const url_1 = require("../../utils/url");
|
|
19
19
|
const logger_1 = __importDefault(require("../../logger"));
|
|
20
|
+
const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
|
|
20
21
|
class OAuth2AuthDriver extends local_1.LocalAuthDriver {
|
|
21
22
|
constructor(options, config) {
|
|
22
23
|
super(options, config);
|
|
@@ -130,9 +131,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
|
|
|
130
131
|
return (await this.fetchUserId(identifier));
|
|
131
132
|
}
|
|
132
133
|
async login(user) {
|
|
133
|
-
return this.refresh(user
|
|
134
|
+
return this.refresh(user);
|
|
134
135
|
}
|
|
135
|
-
async refresh(user
|
|
136
|
+
async refresh(user) {
|
|
136
137
|
let authData = user.auth_data;
|
|
137
138
|
if (typeof authData === 'string') {
|
|
138
139
|
try {
|
|
@@ -156,7 +157,6 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
|
|
|
156
157
|
throw handleError(e);
|
|
157
158
|
}
|
|
158
159
|
}
|
|
159
|
-
return sessionData;
|
|
160
160
|
}
|
|
161
161
|
}
|
|
162
162
|
exports.OAuth2AuthDriver = OAuth2AuthDriver;
|
|
@@ -211,7 +211,7 @@ function createOAuth2AuthRouter(providerName) {
|
|
|
211
211
|
const { verifier, redirect, prompt } = tokenData;
|
|
212
212
|
const authenticationService = new services_1.AuthenticationService({
|
|
213
213
|
accountability: {
|
|
214
|
-
ip: req
|
|
214
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
215
215
|
userAgent: req.get('user-agent'),
|
|
216
216
|
role: null,
|
|
217
217
|
},
|
|
@@ -2,7 +2,7 @@ import { Router } from 'express';
|
|
|
2
2
|
import { Client } from 'openid-client';
|
|
3
3
|
import { LocalAuthDriver } from './local';
|
|
4
4
|
import { UsersService } from '../../services';
|
|
5
|
-
import { AuthDriverOptions, User
|
|
5
|
+
import { AuthDriverOptions, User } from '../../types';
|
|
6
6
|
export declare class OpenIDAuthDriver extends LocalAuthDriver {
|
|
7
7
|
client: Promise<Client>;
|
|
8
8
|
redirectUrl: string;
|
|
@@ -13,7 +13,7 @@ export declare class OpenIDAuthDriver extends LocalAuthDriver {
|
|
|
13
13
|
generateAuthUrl(codeVerifier: string, prompt?: boolean): Promise<string>;
|
|
14
14
|
private fetchUserId;
|
|
15
15
|
getUserID(payload: Record<string, any>): Promise<string>;
|
|
16
|
-
login(user: User): Promise<
|
|
17
|
-
refresh(user: User
|
|
16
|
+
login(user: User): Promise<void>;
|
|
17
|
+
refresh(user: User): Promise<void>;
|
|
18
18
|
}
|
|
19
19
|
export declare function createOpenIDAuthRouter(providerName: string): Router;
|
|
@@ -17,6 +17,7 @@ const respond_1 = require("../../middleware/respond");
|
|
|
17
17
|
const async_handler_1 = __importDefault(require("../../utils/async-handler"));
|
|
18
18
|
const url_1 = require("../../utils/url");
|
|
19
19
|
const logger_1 = __importDefault(require("../../logger"));
|
|
20
|
+
const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
|
|
20
21
|
class OpenIDAuthDriver extends local_1.LocalAuthDriver {
|
|
21
22
|
constructor(options, config) {
|
|
22
23
|
super(options, config);
|
|
@@ -135,9 +136,9 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
|
|
|
135
136
|
return (await this.fetchUserId(identifier));
|
|
136
137
|
}
|
|
137
138
|
async login(user) {
|
|
138
|
-
return this.refresh(user
|
|
139
|
+
return this.refresh(user);
|
|
139
140
|
}
|
|
140
|
-
async refresh(user
|
|
141
|
+
async refresh(user) {
|
|
141
142
|
let authData = user.auth_data;
|
|
142
143
|
if (typeof authData === 'string') {
|
|
143
144
|
try {
|
|
@@ -162,7 +163,6 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
|
|
|
162
163
|
throw handleError(e);
|
|
163
164
|
}
|
|
164
165
|
}
|
|
165
|
-
return sessionData;
|
|
166
166
|
}
|
|
167
167
|
}
|
|
168
168
|
exports.OpenIDAuthDriver = OpenIDAuthDriver;
|
|
@@ -213,7 +213,7 @@ function createOpenIDAuthRouter(providerName) {
|
|
|
213
213
|
const { verifier, redirect, prompt } = tokenData;
|
|
214
214
|
const authenticationService = new services_1.AuthenticationService({
|
|
215
215
|
accountability: {
|
|
216
|
-
ip: req
|
|
216
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
217
217
|
userAgent: req.get('user-agent'),
|
|
218
218
|
role: null,
|
|
219
219
|
},
|
package/dist/cache.js
CHANGED
|
@@ -49,9 +49,7 @@ function getConfig(store = 'memory', ttl, namespaceSuffix = '') {
|
|
|
49
49
|
};
|
|
50
50
|
if (store === 'redis') {
|
|
51
51
|
const KeyvRedis = require('@keyv/redis');
|
|
52
|
-
config.store = new KeyvRedis(env_1.default.CACHE_REDIS || (0, get_config_from_env_1.getConfigFromEnv)('CACHE_REDIS_')
|
|
53
|
-
commandTimeout: 500,
|
|
54
|
-
});
|
|
52
|
+
config.store = new KeyvRedis(env_1.default.CACHE_REDIS || (0, get_config_from_env_1.getConfigFromEnv)('CACHE_REDIS_'));
|
|
55
53
|
}
|
|
56
54
|
if (store === 'memcache') {
|
|
57
55
|
const KeyvMemcache = require('keyv-memcache');
|
|
@@ -30,6 +30,7 @@ const logger_1 = __importDefault(require("../../../logger"));
|
|
|
30
30
|
const get_schema_1 = require("../../../utils/get-schema");
|
|
31
31
|
const services_1 = require("../../../services");
|
|
32
32
|
const database_1 = __importStar(require("../../../database"));
|
|
33
|
+
const defaults_1 = require("../../utils/defaults");
|
|
33
34
|
async function bootstrap({ skipAdminInit }) {
|
|
34
35
|
logger_1.default.info('Initializing bootstrap...');
|
|
35
36
|
const database = (0, database_1.default)();
|
|
@@ -75,7 +76,7 @@ async function waitForDatabase(database) {
|
|
|
75
76
|
async function createDefaultAdmin(schema) {
|
|
76
77
|
logger_1.default.info('Setting up first admin role...');
|
|
77
78
|
const rolesService = new services_1.RolesService({ schema });
|
|
78
|
-
const role = await rolesService.createOne(
|
|
79
|
+
const role = await rolesService.createOne(defaults_1.defaultAdminRole);
|
|
79
80
|
logger_1.default.info('Adding first admin user...');
|
|
80
81
|
const usersService = new services_1.UsersService({ schema });
|
|
81
82
|
let adminEmail = env_1.default.ADMIN_EMAIL;
|
|
@@ -88,5 +89,5 @@ async function createDefaultAdmin(schema) {
|
|
|
88
89
|
adminPassword = (0, nanoid_1.nanoid)(12);
|
|
89
90
|
logger_1.default.info(`No admin password provided. Defaulting to "${adminPassword}"`);
|
|
90
91
|
}
|
|
91
|
-
await usersService.createOne({ email: adminEmail, password: adminPassword, role });
|
|
92
|
+
await usersService.createOne({ email: adminEmail, password: adminPassword, role, ...defaults_1.defaultAdminUser });
|
|
92
93
|
}
|
|
@@ -15,6 +15,7 @@ const create_env_1 = __importDefault(require("../../utils/create-env"));
|
|
|
15
15
|
const drivers_1 = require("../../utils/drivers");
|
|
16
16
|
const questions_1 = require("./questions");
|
|
17
17
|
const generate_hash_1 = require("../../../utils/generate-hash");
|
|
18
|
+
const defaults_1 = require("../../utils/defaults");
|
|
18
19
|
async function init() {
|
|
19
20
|
const rootPath = process.cwd();
|
|
20
21
|
const { client } = await inquirer_1.default.prompt([
|
|
@@ -79,19 +80,14 @@ async function init() {
|
|
|
79
80
|
const roleID = (0, uuid_1.v4)();
|
|
80
81
|
await db('directus_roles').insert({
|
|
81
82
|
id: roleID,
|
|
82
|
-
|
|
83
|
-
icon: 'verified',
|
|
84
|
-
admin_access: true,
|
|
85
|
-
description: 'Initial administrative role with unrestricted App/API access',
|
|
83
|
+
...defaults_1.defaultAdminRole,
|
|
86
84
|
});
|
|
87
85
|
await db('directus_users').insert({
|
|
88
86
|
id: userID,
|
|
89
|
-
status: 'active',
|
|
90
87
|
email: firstUser.email,
|
|
91
88
|
password: firstUser.password,
|
|
92
|
-
first_name: 'Admin',
|
|
93
|
-
last_name: 'User',
|
|
94
89
|
role: roleID,
|
|
90
|
+
...defaults_1.defaultAdminUser,
|
|
95
91
|
});
|
|
96
92
|
await db.destroy();
|
|
97
93
|
process.stdout.write(`\nYour project has been created at ${chalk_1.default.green(rootPath)}.\n`);
|
|
@@ -135,7 +135,7 @@ async function apply(snapshotPath, options) {
|
|
|
135
135
|
else {
|
|
136
136
|
continue;
|
|
137
137
|
}
|
|
138
|
-
// Related collection doesn't exist for
|
|
138
|
+
// Related collection doesn't exist for a2o relationship types
|
|
139
139
|
if (related_collection) {
|
|
140
140
|
message += `-> ${related_collection}`;
|
|
141
141
|
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.defaultAdminUser = exports.defaultAdminRole = void 0;
|
|
4
|
+
exports.defaultAdminRole = {
|
|
5
|
+
name: 'Administrator',
|
|
6
|
+
icon: 'verified',
|
|
7
|
+
admin_access: true,
|
|
8
|
+
description: '$t:admin_description',
|
|
9
|
+
};
|
|
10
|
+
exports.defaultAdminUser = {
|
|
11
|
+
status: 'active',
|
|
12
|
+
first_name: 'Admin',
|
|
13
|
+
last_name: 'User',
|
|
14
|
+
};
|
package/dist/constants.d.ts
CHANGED
|
@@ -5,3 +5,11 @@ export declare const FILTER_VARIABLES: string[];
|
|
|
5
5
|
export declare const ALIAS_TYPES: string[];
|
|
6
6
|
export declare const DEFAULT_AUTH_PROVIDER = "default";
|
|
7
7
|
export declare const COLUMN_TRANSFORMS: string[];
|
|
8
|
+
export declare const UUID_REGEX = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}";
|
|
9
|
+
export declare const COOKIE_OPTIONS: {
|
|
10
|
+
httpOnly: boolean;
|
|
11
|
+
domain: any;
|
|
12
|
+
maxAge: number;
|
|
13
|
+
secure: any;
|
|
14
|
+
sameSite: "lax" | "strict" | "none";
|
|
15
|
+
};
|
package/dist/constants.js
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
var _a;
|
|
2
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.COLUMN_TRANSFORMS = exports.DEFAULT_AUTH_PROVIDER = exports.ALIAS_TYPES = exports.FILTER_VARIABLES = exports.ASSET_TRANSFORM_QUERY_KEYS = exports.SYSTEM_ASSET_ALLOW_LIST = void 0;
|
|
7
|
+
exports.COOKIE_OPTIONS = exports.UUID_REGEX = exports.COLUMN_TRANSFORMS = exports.DEFAULT_AUTH_PROVIDER = exports.ALIAS_TYPES = exports.FILTER_VARIABLES = exports.ASSET_TRANSFORM_QUERY_KEYS = exports.SYSTEM_ASSET_ALLOW_LIST = void 0;
|
|
8
|
+
const env_1 = __importDefault(require("./env"));
|
|
9
|
+
const ms_1 = __importDefault(require("ms"));
|
|
4
10
|
exports.SYSTEM_ASSET_ALLOW_LIST = [
|
|
5
11
|
{
|
|
6
12
|
key: 'system-small-cover',
|
|
@@ -38,6 +44,14 @@ exports.ASSET_TRANSFORM_QUERY_KEYS = [
|
|
|
38
44
|
'withoutEnlargement',
|
|
39
45
|
];
|
|
40
46
|
exports.FILTER_VARIABLES = ['$NOW', '$CURRENT_USER', '$CURRENT_ROLE'];
|
|
41
|
-
exports.ALIAS_TYPES = ['alias', 'o2m', 'm2m', 'm2a', 'files', 'translations'];
|
|
47
|
+
exports.ALIAS_TYPES = ['alias', 'o2m', 'm2m', 'm2a', 'o2a', 'files', 'translations'];
|
|
42
48
|
exports.DEFAULT_AUTH_PROVIDER = 'default';
|
|
43
49
|
exports.COLUMN_TRANSFORMS = ['year', 'month', 'day', 'weekday', 'hour', 'minute', 'second'];
|
|
50
|
+
exports.UUID_REGEX = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}';
|
|
51
|
+
exports.COOKIE_OPTIONS = {
|
|
52
|
+
httpOnly: true,
|
|
53
|
+
domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
|
|
54
|
+
maxAge: (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL),
|
|
55
|
+
secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
|
|
56
|
+
sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
|
|
57
|
+
};
|
|
@@ -12,6 +12,7 @@ const validate_batch_1 = require("../middleware/validate-batch");
|
|
|
12
12
|
const services_1 = require("../services");
|
|
13
13
|
const types_1 = require("../types");
|
|
14
14
|
const async_handler_1 = __importDefault(require("../utils/async-handler"));
|
|
15
|
+
const get_ip_from_req_1 = require("../utils/get-ip-from-req");
|
|
15
16
|
const router = express_1.default.Router();
|
|
16
17
|
router.use((0, use_collection_1.default)('directus_activity'));
|
|
17
18
|
const readHandler = (0, async_handler_1.default)(async (req, res, next) => {
|
|
@@ -72,7 +73,7 @@ router.post('/comment', (0, async_handler_1.default)(async (req, res, next) => {
|
|
|
72
73
|
...req.body,
|
|
73
74
|
action: types_1.Action.COMMENT,
|
|
74
75
|
user: (_a = req.accountability) === null || _a === void 0 ? void 0 : _a.user,
|
|
75
|
-
ip: req
|
|
76
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
76
77
|
user_agent: req.get('user-agent'),
|
|
77
78
|
});
|
|
78
79
|
try {
|
package/dist/controllers/auth.js
CHANGED
|
@@ -14,6 +14,7 @@ const get_auth_providers_1 = require("../utils/get-auth-providers");
|
|
|
14
14
|
const logger_1 = __importDefault(require("../logger"));
|
|
15
15
|
const drivers_1 = require("../auth/drivers");
|
|
16
16
|
const constants_1 = require("../constants");
|
|
17
|
+
const get_ip_from_req_1 = require("../utils/get-ip-from-req");
|
|
17
18
|
const router = (0, express_1.Router)();
|
|
18
19
|
const authProviders = (0, get_auth_providers_1.getAuthProviders)();
|
|
19
20
|
for (const authProvider of authProviders) {
|
|
@@ -44,7 +45,7 @@ if (!env_1.default.AUTH_DISABLE_DEFAULT) {
|
|
|
44
45
|
router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
|
|
45
46
|
var _a;
|
|
46
47
|
const accountability = {
|
|
47
|
-
ip: req
|
|
48
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
48
49
|
userAgent: req.get('user-agent'),
|
|
49
50
|
role: null,
|
|
50
51
|
};
|
|
@@ -79,7 +80,7 @@ router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
|
|
|
79
80
|
router.post('/logout', (0, async_handler_1.default)(async (req, res, next) => {
|
|
80
81
|
var _a;
|
|
81
82
|
const accountability = {
|
|
82
|
-
ip: req
|
|
83
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
83
84
|
userAgent: req.get('user-agent'),
|
|
84
85
|
role: null,
|
|
85
86
|
};
|
|
@@ -107,7 +108,7 @@ router.post('/password/request', (0, async_handler_1.default)(async (req, res, n
|
|
|
107
108
|
throw new exceptions_1.InvalidPayloadException(`"email" field is required.`);
|
|
108
109
|
}
|
|
109
110
|
const accountability = {
|
|
110
|
-
ip: req
|
|
111
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
111
112
|
userAgent: req.get('user-agent'),
|
|
112
113
|
role: null,
|
|
113
114
|
};
|
|
@@ -134,7 +135,7 @@ router.post('/password/reset', (0, async_handler_1.default)(async (req, res, nex
|
|
|
134
135
|
throw new exceptions_1.InvalidPayloadException(`"password" field is required.`);
|
|
135
136
|
}
|
|
136
137
|
const accountability = {
|
|
137
|
-
ip: req
|
|
138
|
+
ip: (0, get_ip_from_req_1.getIPFromReq)(req),
|
|
138
139
|
userAgent: req.get('user-agent'),
|
|
139
140
|
role: null,
|
|
140
141
|
};
|