directus 9.22.1 → 9.22.4

package/dist/controllers/extensions.js

@@ -7,16 +7,16 @@ const express_1 = require("express");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const exceptions_1 = require("../exceptions");
 const extensions_1 = require("../extensions");
-const respond_1 = require("../middleware/respond");
-const utils_1 = require("@directus/shared/utils");
-const constants_1 = require("@directus/shared/constants");
 const ms_1 = __importDefault(require("ms"));
 const env_1 = __importDefault(require("../env"));
 const get_cache_headers_1 = require("../utils/get-cache-headers");
+const respond_1 = require("../middleware/respond");
+const utils_1 = require("@directus/shared/utils");
+const constants_1 = require("@directus/shared/constants");
 const router = (0, express_1.Router)();
 router.get('/:type', (0, async_handler_1.default)(async (req, res, next) => {
     const type = (0, utils_1.depluralize)(req.params.type);
-    if (!(0, utils_1.isIn)(type, constants_1.APP_OR_HYBRID_EXTENSION_TYPES)) {
+    if (!(0, utils_1.isIn)(type, constants_1.EXTENSION_TYPES)) {
         throw new exceptions_1.RouteNotFoundException(req.path);
     }
     const extensionManager = (0, extensions_1.getExtensionManager)();

package/dist/controllers/utils.js

@@ -14,6 +14,7 @@ const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const busboy_1 = __importDefault(require("busboy"));
 const cache_1 = require("../cache");
 const generate_hash_1 = require("../utils/generate-hash");
+const sanitize_query_1 = require("../utils/sanitize-query");
 const router = (0, express_1.Router)();
 router.get('/random/string', (0, async_handler_1.default)(async (req, res) => {
     var _a;
@@ -96,6 +97,7 @@ router.post('/import/:collection', collection_exists_1.default, (0, async_handle
     req.pipe(busboy);
 }));
 router.post('/export/:collection', collection_exists_1.default, (0, async_handler_1.default)(async (req, res, next) => {
+    var _a;
     if (!req.body.query) {
         throw new exceptions_1.InvalidPayloadException(`"query" is required.`);
     }
@@ -106,8 +108,9 @@ router.post('/export/:collection', collection_exists_1.default, (0, async_handle
         accountability: req.accountability,
         schema: req.schema,
     });
+    const sanitizedQuery = (0, sanitize_query_1.sanitizeQuery)(req.body.query, (_a = req.accountability) !== null && _a !== void 0 ? _a : null);
     // We're not awaiting this, as it's supposed to run async in the background
-    service.exportToFile(req.params.collection, req.body.query, req.body.format, {
+    service.exportToFile(req.params.collection, sanitizedQuery, req.body.format, {
         file: req.body.file,
     });
     return next();

package/dist/database/helpers/fn/dialects/mysql.d.ts

@@ -1,13 +1,13 @@
 import { FnHelper, FnHelperOptions } from '../types';
 import { Knex } from 'knex';
 export declare class FnHelperMySQL extends FnHelper {
-    year(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    month(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    week(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    day(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    weekday(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    hour(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    minute(table: string, column: string, options: FnHelperOptions): Knex.Raw;
-    second(table: string, column: string, options: FnHelperOptions): Knex.Raw;
+    year(table: string, column: string): Knex.Raw;
+    month(table: string, column: string): Knex.Raw;
+    week(table: string, column: string): Knex.Raw;
+    day(table: string, column: string): Knex.Raw;
+    weekday(table: string, column: string): Knex.Raw;
+    hour(table: string, column: string): Knex.Raw;
+    minute(table: string, column: string): Knex.Raw;
+    second(table: string, column: string): Knex.Raw;
     count(table: string, column: string, options?: FnHelperOptions): Knex.Raw;
 }

package/dist/database/helpers/fn/dialects/mysql.js

@@ -2,36 +2,30 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.FnHelperMySQL = void 0;
 const types_1 = require("../types");
-const parseLocaltime = (columnType) => {
-    if (columnType === 'timestamp') {
-        return `CONVERT_TZ(??.??, @@GLOBAL.time_zone, '+00:00')`;
-    }
-    return '??.??';
-};
 class FnHelperMySQL extends types_1.FnHelper {
-    year(table, column, options) {
-        return this.knex.raw(`YEAR(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    year(table, column) {
+        return this.knex.raw('YEAR(??.??)', [table, column]);
     }
-    month(table, column, options) {
-        return this.knex.raw(`MONTH(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    month(table, column) {
+        return this.knex.raw('MONTH(??.??)', [table, column]);
     }
-    week(table, column, options) {
-        return this.knex.raw(`WEEK(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    week(table, column) {
+        return this.knex.raw('WEEK(??.??)', [table, column]);
     }
-    day(table, column, options) {
-        return this.knex.raw(`DAYOFMONTH(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    day(table, column) {
+        return this.knex.raw('DAYOFMONTH(??.??)', [table, column]);
     }
-    weekday(table, column, options) {
-        return this.knex.raw(`DAYOFWEEK(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    weekday(table, column) {
+        return this.knex.raw('DAYOFWEEK(??.??)', [table, column]);
     }
-    hour(table, column, options) {
-        return this.knex.raw(`HOUR(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    hour(table, column) {
+        return this.knex.raw('HOUR(??.??)', [table, column]);
     }
-    minute(table, column, options) {
-        return this.knex.raw(`MINUTE(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    minute(table, column) {
+        return this.knex.raw('MINUTE(??.??)', [table, column]);
     }
-    second(table, column, options) {
-        return this.knex.raw(`SECOND(${parseLocaltime(options === null || options === void 0 ? void 0 : options.type)})`, [table, column]);
+    second(table, column) {
+        return this.knex.raw('SECOND(??.??)', [table, column]);
     }
     count(table, column, options) {
         var _a, _b, _c, _d, _e;

package/dist/database/helpers/schema/dialects/mssql.d.ts

@@ -1,6 +1,7 @@
 import { Knex } from 'knex';
 import { SchemaHelper } from '../types';
 export declare class SchemaHelperMSSQL extends SchemaHelper {
+    applyLimit(rootQuery: Knex.QueryBuilder, limit: number): void;
     applyOffset(rootQuery: Knex.QueryBuilder, offset: number): void;
     formatUUID(uuid: string): string;
 }

package/dist/database/helpers/schema/dialects/mssql.js

@@ -3,6 +3,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SchemaHelperMSSQL = void 0;
 const types_1 = require("../types");
 class SchemaHelperMSSQL extends types_1.SchemaHelper {
+    applyLimit(rootQuery, limit) {
+        // The ORDER BY clause is invalid in views, inline functions, derived tables, subqueries,
+        // and common table expressions, unless TOP, OFFSET or FOR XML is also specified.
+        if (limit === -1) {
+            rootQuery.limit(Number.MAX_SAFE_INTEGER);
+        }
+        else {
+            rootQuery.limit(limit);
+        }
+    }
     applyOffset(rootQuery, offset) {
         rootQuery.offset(offset);
         rootQuery.orderBy(1);

package/dist/database/helpers/schema/dialects/mysql.js

@@ -7,7 +7,7 @@ class SchemaHelperMySQL extends types_1.SchemaHelper {
     applyMultiRelationalSort(knex, dbQuery, table, primaryKey, orderByString, orderByFields) {
         var _a;
         if ((_a = (0, database_1.getDatabaseVersion)()) === null || _a === void 0 ? void 0 : _a.startsWith('5.7')) {
-            dbQuery.orderByRaw(`?? asc, ${orderByString.slice(9)}`, [`${table}.${primaryKey}`, ...orderByFields]);
+            dbQuery.orderByRaw(`?? asc, ${orderByString}`, [`${table}.${primaryKey}`, ...orderByFields]);
             dbQuery = knex
                 .select(knex.raw(`??, ( @rank := IF ( @cur_id = deep.${primaryKey}, @rank + 1, 1 ) ) AS directus_row_number, ( @cur_id := deep.${primaryKey} ) AS current_id`, 'deep.*'))
                 .from(knex.raw('? as ??, (SELECT @rank := 0,  @cur_id := null) vars', [dbQuery, 'deep']));

package/dist/database/helpers/schema/types.d.ts

@@ -15,6 +15,7 @@ export declare abstract class SchemaHelper extends DatabaseHelper {
     preColumnChange(): Promise<boolean>;
     postColumnChange(): Promise<void>;
     constraintName(existingName: string): string;
+    applyLimit(rootQuery: Knex.QueryBuilder, limit: number): void;
     applyOffset(rootQuery: Knex.QueryBuilder, offset: number): void;
     castA2oPrimaryKey(): string;
     applyMultiRelationalSort(knex: Knex, dbQuery: Knex.QueryBuilder, table: string, primaryKey: string, orderByString: string, orderByFields: Knex.Raw[]): Knex.QueryBuilder;

package/dist/database/helpers/schema/types.js

@@ -67,6 +67,11 @@ class SchemaHelper extends types_1.DatabaseHelper {
         // reference issue #14873
         return existingName;
     }
+    applyLimit(rootQuery, limit) {
+        if (limit !== -1) {
+            rootQuery.limit(limit);
+        }
+    }
     applyOffset(rootQuery, offset) {
         rootQuery.offset(offset);
     }
@@ -74,7 +79,7 @@ class SchemaHelper extends types_1.DatabaseHelper {
         return 'CAST(?? AS CHAR(255))';
     }
     applyMultiRelationalSort(knex, dbQuery, table, primaryKey, orderByString, orderByFields) {
-        dbQuery.rowNumber(knex.ref('directus_row_number').toQuery(), knex.raw(`partition by ??${orderByString}`, [`${table}.${primaryKey}`, ...orderByFields]));
+        dbQuery.rowNumber(knex.ref('directus_row_number').toQuery(), knex.raw(`partition by ?? order by ${orderByString}`, [`${table}.${primaryKey}`, ...orderByFields]));
         return dbQuery;
     }
     formatUUID(uuid) {

package/dist/database/run-ast.js

@@ -218,41 +218,29 @@ async function getDBQuery(schema, knex, table, fieldNodes, query) {
     }
     if (sortRecords) {
         if (needsInnerQuery) {
+            let orderByString = '';
+            const orderByFields = [];
             sortRecords.map((sortRecord) => {
+                if (orderByString.length !== 0) {
+                    orderByString += ', ';
+                }
                 const sortAlias = `sort_${(0, apply_query_1.generateAlias)()}`;
                 if (sortRecord.column.includes('.')) {
                     const [alias, field] = sortRecord.column.split('.');
-                    dbQuery.select((0, get_column_1.getColumn)(knex, alias, field, sortAlias, schema, {
-                        originalCollectionName: (0, get_collection_from_alias_1.getCollectionFromAlias)(alias, aliasMap),
-                    }));
+                    const originalCollectionName = (0, get_collection_from_alias_1.getCollectionFromAlias)(alias, aliasMap);
+                    dbQuery.select((0, get_column_1.getColumn)(knex, alias, field, sortAlias, schema, { originalCollectionName }));
+                    orderByString += `?? ${sortRecord.order}`;
+                    orderByFields.push((0, get_column_1.getColumn)(knex, alias, field, false, schema, { originalCollectionName }));
                 }
                 else {
                     dbQuery.select((0, get_column_1.getColumn)(knex, table, sortRecord.column, sortAlias, schema));
+                    orderByString += `?? ${sortRecord.order}`;
+                    orderByFields.push((0, get_column_1.getColumn)(knex, table, sortRecord.column, false, schema));
                 }
                 innerQuerySortRecords.push({ alias: sortAlias, order: sortRecord.order });
             });
+            dbQuery.orderByRaw(orderByString, orderByFields);
             if (hasMultiRelationalSort) {
-                let orderByString = '';
-                const orderByFields = [];
-                sortRecords.map((sortRecord) => {
-                    if (orderByString.length === 0) {
-                        orderByString += ' order by';
-                    }
-                    else {
-                        orderByString += ',';
-                    }
-                    if (sortRecord.column.includes('.')) {
-                        orderByString += ` ?? ${sortRecord.order}`;
-                        const [alias, field] = sortRecord.column.split('.');
-                        orderByFields.push((0, get_column_1.getColumn)(knex, alias, field, false, schema, {
-                            originalCollectionName: (0, get_collection_from_alias_1.getCollectionFromAlias)(alias, aliasMap),
-                        }));
-                    }
-                    else {
-                        orderByString += ` ?? ${sortRecord.order}`;
-                        orderByFields.push((0, get_column_1.getColumn)(knex, table, sortRecord.column, false, schema));
-                    }
-                });
                 dbQuery = helpers.schema.applyMultiRelationalSort(knex, dbQuery, table, primaryKey, orderByString, orderByFields);
             }
         }
@@ -285,7 +273,7 @@ async function getDBQuery(schema, knex, table, fieldNodes, query) {
         });
         if (hasMultiRelationalSort) {
             wrapperQuery.where('inner.directus_row_number', '=', 1);
-            (0, apply_query_1.applyLimit)(wrapperQuery, queryCopy.limit);
+            (0, apply_query_1.applyLimit)(knex, wrapperQuery, queryCopy.limit);
         }
     }
     return wrapperQuery;
@@ -452,7 +440,9 @@ function removeTemporaryFields(schema, rawItem, ast, primaryKeyField, parentItem
             for (const nestedNode of nestedCollectionNodes[relatedCollection]) {
                 item[nestedNode.fieldKey] = removeTemporaryFields(schema, item[nestedNode.fieldKey], nestedNode, schema.collections[nestedNode.relation.collection].primary, item);
             }
-            item = fields[relatedCollection].length > 0 ? (0, lodash_1.pick)(rawItem, fields[relatedCollection]) : rawItem[primaryKeyField];
+            const fieldsWithFunctionsApplied = fields[relatedCollection].map((field) => (0, apply_function_to_column_name_1.applyFunctionToColumnName)(field));
+            item =
+                fields[relatedCollection].length > 0 ? (0, lodash_1.pick)(rawItem, fieldsWithFunctionsApplied) : rawItem[primaryKeyField];
             items.push(item);
         }
     }

package/dist/env.js

@@ -183,6 +183,7 @@ const allowedEnvironmentVars = [
     'EXPORT_BATCH_SIZE',
     // flows
     'FLOWS_EXEC_ALLOWED_MODULES',
+    'FLOWS_ENV_ALLOW_LIST',
 ].map((name) => new RegExp(`^${name}$`));
 const acceptedEnvTypes = ['string', 'number', 'regex', 'array', 'json'];
 const defaults = {
@@ -247,6 +248,7 @@ const defaults = {
     FILE_METADATA_ALLOW_LIST: 'ifd0.Make,ifd0.Model,exif.FNumber,exif.ExposureTime,exif.FocalLength,exif.ISO',
     GRAPHQL_INTROSPECTION: true,
     FLOWS_EXEC_ALLOWED_MODULES: false,
+    FLOWS_ENV_ALLOW_LIST: false,
 };
 // Allows us to force certain environment variable into a type, instead of relying
 // on the auto-parsed type in processValues. ref #3705

package/dist/extensions.d.ts

@@ -1,4 +1,4 @@
-import { ExtensionType } from '@directus/shared/types';
+import { Extension, ExtensionInfo, ExtensionType } from '@directus/shared/types';
 import { Router } from 'express';
 export declare function getExtensionManager(): ExtensionManager;
 type Options = {
@@ -21,7 +21,8 @@ declare class ExtensionManager {
     constructor();
     initialize(options?: Partial<Options>): Promise<void>;
     reload(): void;
-    getExtensionsList(type?: ExtensionType): string[];
+    getExtensionsList(type?: ExtensionType): ExtensionInfo[];
+    getExtension(name: string): Extension | undefined;
     getAppExtensions(): string | null;
     getEndpointRouter(): Router;
     getEmbeds(): {

package/dist/extensions.js

@@ -97,7 +97,7 @@ class ExtensionManager {
             await this.load();
             const loadedExtensions = this.getExtensionsList();
             if (loadedExtensions.length > 0) {
-                logger_1.default.info(`Loaded extensions: ${loadedExtensions.join(', ')}`);
+                logger_1.default.info(`Loaded extensions: ${loadedExtensions.map((ext) => ext.name).join(', ')}`);
             }
         }
         if (!prevOptions.watch && this.options.watch) {
@@ -130,12 +130,36 @@ class ExtensionManager {
     }
     getExtensionsList(type) {
         if (type === undefined) {
-            return this.extensions.map((extension) => extension.name);
+            return this.extensions.map(mapInfo);
         }
         else {
-            return this.extensions.filter((extension) => extension.type === type).map((extension) => extension.name);
+            return this.extensions.map(mapInfo).filter((extension) => extension.type === type);
+        }
+        function mapInfo(extension) {
+            const extensionInfo = {
+                name: extension.name,
+                type: extension.type,
+                local: extension.local,
+                host: extension.host,
+                version: extension.version,
+            };
+            if (extension.type === 'bundle') {
+                return {
+                    ...extensionInfo,
+                    entries: extension.entries.map((entry) => ({
+                        name: entry.name,
+                        type: entry.type,
+                    })),
+                };
+            }
+            else {
+                return extensionInfo;
+            }
         }
     }
+    getExtension(name) {
+        return this.extensions.find((extension) => extension.name === name);
+    }
     getAppExtensions() {
         return this.appExtensions;
     }
@@ -155,7 +179,7 @@ class ExtensionManager {
     }
     async load() {
         try {
-            await (0, node_1.ensureExtensionDirs)(env_1.default.EXTENSIONS_PATH, env_1.default.SERVE_APP ? constants_1.EXTENSION_TYPES : constants_1.API_OR_HYBRID_EXTENSION_TYPES);
+            await (0, node_1.ensureExtensionDirs)(env_1.default.EXTENSIONS_PATH, constants_1.NESTED_EXTENSION_TYPES);
             this.extensions = await this.getExtensions();
         }
         catch (err) {
@@ -182,11 +206,14 @@ class ExtensionManager {
     initializeWatcher() {
         if (!this.watcher) {
             logger_1.default.info('Watching extensions for changes...');
-            const localExtensionPaths = (env_1.default.SERVE_APP ? constants_1.EXTENSION_TYPES : constants_1.API_OR_HYBRID_EXTENSION_TYPES).flatMap((type) => {
+            const localExtensionPaths = constants_1.NESTED_EXTENSION_TYPES.flatMap((type) => {
                 const typeDir = path_1.default.posix.join((0, node_1.pathToRelativeUrl)(env_1.default.EXTENSIONS_PATH), (0, utils_1.pluralize)(type));
-                return (0, utils_1.isIn)(type, constants_1.HYBRID_EXTENSION_TYPES)
-                    ? [path_1.default.posix.join(typeDir, '*', 'app.js'), path_1.default.posix.join(typeDir, '*', 'api.js')]
-                    : path_1.default.posix.join(typeDir, '*', 'index.js');
+                if ((0, utils_1.isIn)(type, constants_1.HYBRID_EXTENSION_TYPES)) {
+                    return [path_1.default.posix.join(typeDir, '*', 'app.js'), path_1.default.posix.join(typeDir, '*', 'api.js')];
+                }
+                else {
+                    return path_1.default.posix.join(typeDir, '*', 'index.js');
+                }
             });
             this.watcher = chokidar_1.default.watch([path_1.default.resolve('package.json'), ...localExtensionPaths], {
                 ignoreInitial: true,
@@ -206,14 +233,12 @@ class ExtensionManager {
         if (this.watcher) {
             const toPackageExtensionPaths = (extensions) => extensions
                 .filter((extension) => !extension.local)
-                .flatMap((extension) => extension.type === 'pack'
-                ? path_1.default.resolve(extension.path, 'package.json')
-                : (0, utils_1.isTypeIn)(extension, constants_1.HYBRID_EXTENSION_TYPES) || extension.type === 'bundle'
-                    ? [
-                        path_1.default.resolve(extension.path, extension.entrypoint.app),
-                        path_1.default.resolve(extension.path, extension.entrypoint.api),
-                    ]
-                    : path_1.default.resolve(extension.path, extension.entrypoint));
+                .flatMap((extension) => (0, utils_1.isTypeIn)(extension, constants_1.HYBRID_EXTENSION_TYPES) || extension.type === 'bundle'
+                ? [
+                    path_1.default.resolve(extension.path, extension.entrypoint.app),
+                    path_1.default.resolve(extension.path, extension.entrypoint.api),
+                ]
+                : path_1.default.resolve(extension.path, extension.entrypoint));
             const addedPackageExtensionPaths = toPackageExtensionPaths(added);
             const removedPackageExtensionPaths = toPackageExtensionPaths(removed);
             this.watcher.add(addedPackageExtensionPaths);
@@ -221,9 +246,10 @@ class ExtensionManager {
         }
     }
     async getExtensions() {
-        const packageExtensions = await (0, node_1.getPackageExtensions)('.', env_1.default.SERVE_APP ? constants_1.EXTENSION_PACKAGE_TYPES : constants_1.API_OR_HYBRID_EXTENSION_PACKAGE_TYPES);
-        const localExtensions = await (0, node_1.getLocalExtensions)(env_1.default.EXTENSIONS_PATH, env_1.default.SERVE_APP ? constants_1.EXTENSION_TYPES : constants_1.API_OR_HYBRID_EXTENSION_TYPES);
-        return [...packageExtensions, ...localExtensions];
+        const packageExtensions = await (0, node_1.getPackageExtensions)('.');
+        const localPackageExtensions = await (0, node_1.resolvePackageExtensions)(env_1.default.EXTENSIONS_PATH);
+        const localExtensions = await (0, node_1.getLocalExtensions)(env_1.default.EXTENSIONS_PATH);
+        return [...packageExtensions, ...localPackageExtensions, ...localExtensions].filter((extension) => env_1.default.SERVE_APP || constants_1.APP_EXTENSION_TYPES.includes(extension.type) === false);
     }
     async generateExtensionBundle() {
         const sharedDepsMapping = await this.getSharedDepsMapping(constants_1.APP_SHARED_DEPS);

package/dist/flows.js

@@ -64,6 +64,7 @@ exports.getFlowManager = getFlowManager;
 const TRIGGER_KEY = '$trigger';
 const ACCOUNTABILITY_KEY = '$accountability';
 const LAST_KEY = '$last';
+const ENV_KEY = '$env';
 class FlowManager {
     constructor() {
         this.isLoaded = false;
@@ -265,6 +266,7 @@ class FlowManager {
             [TRIGGER_KEY]: data,
             [LAST_KEY]: data,
             [ACCOUNTABILITY_KEY]: (_c = context === null || context === void 0 ? void 0 : context.accountability) !== null && _c !== void 0 ? _c : null,
+            [ENV_KEY]: (0, lodash_1.pick)(env_1.default, env_1.default.FLOWS_ENV_ALLOW_LIST ? (0, utils_1.toArray)(env_1.default.FLOWS_ENV_ALLOW_LIST) : []),
         };
         let nextOperation = flow.operation;
         let lastOperationStatus = 'unknown';

package/dist/operations/exec/index.js

@@ -5,10 +5,13 @@ const vm2_1 = require("vm2");
 exports.default = (0, utils_1.defineOperationApi)({
     id: 'exec',
     handler: async ({ code }, { data, env }) => {
+        var _a;
         const allowedModules = env.FLOWS_EXEC_ALLOWED_MODULES ? (0, utils_1.toArray)(env.FLOWS_EXEC_ALLOWED_MODULES) : [];
+        const allowedEnv = (_a = data.$env) !== null && _a !== void 0 ? _a : {};
         const opts = {
             eval: false,
             wasm: false,
+            env: allowedEnv,
         };
         if (allowedModules.length > 0) {
             opts.require = {

package/dist/operations/item-create/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/item-delete/index.js

@@ -30,7 +30,7 @@ exports.default = (0, utils_1.defineOperationApi)({
         const sanitizedQueryObject = (0, sanitize_query_1.sanitizeQuery)(queryObject, customAccountability);
         let result;
         if (!key || (Array.isArray(key) && key.length === 0)) {
-            result = await itemsService.deleteByQuery(sanitizedQueryObject);
+            result = await itemsService.deleteByQuery(sanitizedQueryObject, { emitEvents: !!emitEvents });
         }
         else {
             const keys = (0, utils_1.toArray)(key);

package/dist/operations/item-delete/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/item-read/index.js

@@ -30,7 +30,7 @@ exports.default = (0, utils_1.defineOperationApi)({
         const sanitizedQueryObject = (0, sanitize_query_1.sanitizeQuery)(queryObject, customAccountability);
         let result;
         if (!key || (Array.isArray(key) && key.length === 0)) {
-            result = await itemsService.readByQuery(sanitizedQueryObject);
+            result = await itemsService.readByQuery(sanitizedQueryObject, { emitEvents: !!emitEvents });
         }
         else {
             const keys = (0, utils_1.toArray)(key);

package/dist/operations/item-read/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/item-update/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/log/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/mail/index.js

@@ -7,8 +7,11 @@ exports.default = (0, utils_1.defineOperationApi)({
     id: 'mail',
     handler: async ({ body, to, type, subject }, { accountability, database, getSchema }) => {
         const mailService = new services_1.MailService({ schema: await getSchema({ database }), accountability, knex: database });
+        // If 'body' is of type object/undefined (happens when body consists solely of a placeholder)
+        // convert it to JSON string
+        const safeBody = typeof body !== 'string' ? JSON.stringify(body) : body;
         await mailService.send({
-            html: type === 'wysiwyg' ? body : (0, md_1.md)(body),
+            html: type === 'wysiwyg' ? safeBody : (0, md_1.md)(safeBody),
             to,
             subject,
         });

package/dist/operations/notification/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/request/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/sleep/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/transform/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/operations/trigger/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/services/import-export.js

@@ -265,6 +265,8 @@ class ExportService {
             return string;
         }
         if (format === 'csv') {
+            if (input.length === 0)
+                return '';
             const parser = new json2csv_1.Parser({
                 transforms: [json2csv_1.transforms.flatten({ separator: '.' })],
                 header: (options === null || options === void 0 ? void 0 : options.includeHeader) !== false,

package/dist/services/roles.js

@@ -35,7 +35,7 @@ class RolesService extends items_1.ItemsService {
             userKeys = users.update.map((user) => user.id).filter((id) => id);
         }
         const usersThatWereInRoleBefore = (await this.knex.select('id').from('directus_users').where('role', '=', key)).map((user) => user.id);
-        const usersThatAreRemoved = usersThatWereInRoleBefore.filter((id) => userKeys.includes(id) === false);
+        const usersThatAreRemoved = usersThatWereInRoleBefore.filter((id) => Array.isArray(users) ? userKeys.includes(id) === false : users.delete.includes(id) === true);
         const usersThatAreAdded = Array.isArray(users) ? users : users.create;
         // If the role the users are moved to is an admin-role, and there's at least 1 (new) admin
         // user, we don't have to check for other admin

package/dist/services/server.js

@@ -264,8 +264,11 @@ class ServerService {
                 const startTime = perf_hooks_1.performance.now();
                 try {
                     await disk.write(`health-${checkID}`, node_stream_1.Readable.from(['check']));
-                    await disk.read(`health-${checkID}`);
-                    await disk.delete(`health-${checkID}`);
+                    const fileStream = await disk.read(`health-${checkID}`);
+                    fileStream.on('data', async () => {
+                        fileStream.destroy();
+                        await disk.delete(`health-${checkID}`);
+                    });
                 }
                 catch (err) {
                     checks[`storage:${location}:responseTime`][0].status = 'error';

package/dist/utils/apply-function-to-column-name.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/apply-query.d.ts

@@ -1,7 +1,7 @@
 import { Aggregate, Filter, Query, SchemaOverview } from '@directus/shared/types';
 import { Knex } from 'knex';
 import { AliasMap } from './get-column-path';
-export declare const generateAlias: () => string;
+export declare const generateAlias: (size?: number | undefined) => string;
 /**
  * Apply the Query to a given Knex query builder instance
  */
@@ -24,7 +24,7 @@ export declare function applySort(knex: Knex, schema: SchemaOverview, rootQuery:
     }[];
     hasMultiRelationalSort: boolean;
 } | undefined;
-export declare function applyLimit(rootQuery: Knex.QueryBuilder, limit: any): void;
+export declare function applyLimit(knex: Knex, rootQuery: Knex.QueryBuilder, limit: any): void;
 export declare function applyOffset(knex: Knex, rootQuery: Knex.QueryBuilder, offset: any): void;
 export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, aliasMap: AliasMap): {
     query: Knex.QueryBuilder<any, any>;

package/dist/utils/apply-query.js

@@ -26,9 +26,7 @@ function applyQuery(knex, collection, dbQuery, query, schema, options) {
     if (query.sort && !(options === null || options === void 0 ? void 0 : options.isInnerQuery) && !(options === null || options === void 0 ? void 0 : options.hasMultiRelationalSort)) {
         applySort(knex, schema, dbQuery, query.sort, collection, aliasMap);
     }
-    if (!(options === null || options === void 0 ? void 0 : options.hasMultiRelationalSort)) {
-        applyLimit(dbQuery, query.limit);
-    }
+    applyLimit(knex, dbQuery, query.limit);
     if (query.offset) {
         applyOffset(knex, dbQuery, query.offset);
     }
@@ -175,9 +173,9 @@ function applySort(knex, schema, rootQuery, rootSort, collection, aliasMap, retu
     rootQuery.orderBy(sortRecords);
 }
 exports.applySort = applySort;
-function applyLimit(rootQuery, limit) {
-    if (typeof limit === 'number' && limit !== -1) {
-        rootQuery.limit(limit);
+function applyLimit(knex, rootQuery, limit) {
+    if (typeof limit === 'number') {
+        (0, helpers_1.getHelpers)(knex).schema.applyLimit(rootQuery, limit);
     }
 }
 exports.applyLimit = applyLimit;

package/dist/utils/get-cache-key.js

@@ -4,18 +4,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCacheKey = void 0;
-const url_1 = __importDefault(require("url"));
 const object_hash_1 = __importDefault(require("object-hash"));
-const lodash_1 = require("lodash");
+const url_1 = __importDefault(require("url"));
+const get_graphql_query_and_variables_1 = require("./get-graphql-query-and-variables");
 function getCacheKey(req) {
-    var _a, _b;
+    var _a;
     const path = url_1.default.parse(req.originalUrl).pathname;
-    const isGraphQl = path === null || path === void 0 ? void 0 : path.includes('/graphql');
-    const isGet = ((_a = req.method) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === 'get';
+    const isGraphQl = path === null || path === void 0 ? void 0 : path.startsWith('/graphql');
     const info = {
-        user: ((_b = req.accountability) === null || _b === void 0 ? void 0 : _b.user) || null,
+        user: ((_a = req.accountability) === null || _a === void 0 ? void 0 : _a.user) || null,
         path,
-        query: isGraphQl ? (0, lodash_1.pick)(isGet ? req.query : req.body, ['query', 'variables']) : req.sanitizedQuery,
+        query: isGraphQl ? (0, get_graphql_query_and_variables_1.getGraphqlQueryAndVariables)(req) : req.sanitizedQuery,
     };
     const key = (0, object_hash_1.default)(info);
     return key;

package/dist/utils/get-date-formatted.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/get-graphql-query-and-variables.d.ts

@@ -0,0 +1,2 @@
+import { Request } from 'express';
+export declare function getGraphqlQueryAndVariables(req: Request): Pick<any, "query" | "variables">;

package/dist/utils/get-graphql-query-and-variables.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGraphqlQueryAndVariables = void 0;
+const lodash_1 = require("lodash");
+function getGraphqlQueryAndVariables(req) {
+    var _a;
+    const isGet = ((_a = req.method) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === 'get';
+    return (0, lodash_1.pick)(isGet ? req.query : req.body, ['query', 'variables']);
+}
+exports.getGraphqlQueryAndVariables = getGraphqlQueryAndVariables;

package/dist/utils/get-graphql-query-and-variables.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/get-permissions.js

@@ -15,19 +15,26 @@ const roles_1 = require("../services/roles");
 const users_1 = require("../services/users");
 const merge_permissions_1 = require("../utils/merge-permissions");
 const merge_permissions_for_share_1 = require("./merge-permissions-for-share");
+const logger_1 = __importDefault(require("../logger"));
 async function getPermissions(accountability, schema) {
     const database = (0, database_1.default)();
     const { cache } = (0, cache_1.getCache)();
     let permissions = [];
     const { user, role, app, admin, share_scope } = accountability;
     const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin, share_scope })}`;
-    if (env_1.default.CACHE_PERMISSIONS !== false) {
-        const cachedPermissions = await (0, cache_1.getSystemCache)(cacheKey);
+    if (cache && env_1.default.CACHE_PERMISSIONS !== false) {
+        let cachedPermissions;
+        try {
+            cachedPermissions = await (0, cache_1.getSystemCache)(cacheKey);
+        }
+        catch (err) {
+            logger_1.default.warn(err, `[cache] Couldn't read key ${cacheKey}. ${err.message}`);
+        }
         if (cachedPermissions) {
             if (!cachedPermissions.containDynamicData) {
                 return processPermissions(accountability, cachedPermissions.permissions, {});
             }
-            const cachedFilterContext = await (cache === null || cache === void 0 ? void 0 : cache.get(`filterContext-${(0, object_hash_1.default)({ user, role, permissions: cachedPermissions.permissions })}`));
+            const cachedFilterContext = await (0, cache_1.getCacheValue)(cache, `filterContext-${(0, object_hash_1.default)({ user, role, permissions: cachedPermissions.permissions })}`);
             if (cachedFilterContext) {
                 return processPermissions(accountability, cachedPermissions.permissions, cachedFilterContext);
             }
@@ -38,7 +45,7 @@ async function getPermissions(accountability, schema) {
                     ? await getFilterContext(schema, accountability, requiredPermissionData)
                     : {};
                 if (containDynamicData && env_1.default.CACHE_ENABLED !== false) {
-                    await (cache === null || cache === void 0 ? void 0 : cache.set(`filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext));
+                    await (0, cache_1.setCacheValue)(cache, `filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext);
                 }
                 return processPermissions(accountability, permissions, filterContext);
             }
@@ -64,10 +71,10 @@ async function getPermissions(accountability, schema) {
         const filterContext = containDynamicData
             ? await getFilterContext(schema, accountability, requiredPermissionData)
             : {};
-        if (env_1.default.CACHE_PERMISSIONS !== false) {
+        if (cache && env_1.default.CACHE_PERMISSIONS !== false) {
             await (0, cache_1.setSystemCache)(cacheKey, { permissions, containDynamicData });
             if (containDynamicData && env_1.default.CACHE_ENABLED !== false) {
-                await (cache === null || cache === void 0 ? void 0 : cache.set(`filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext));
+                await (0, cache_1.setCacheValue)(cache, `filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext);
             }
         }
         return processPermissions(accountability, permissions, filterContext);

package/dist/utils/md.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/sanitize-query.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/stall.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/strip-function.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/user-name.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/validate-env.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/validate-query.js

@@ -15,9 +15,9 @@ const querySchema = joi_1.default.object({
     group: joi_1.default.array().items(joi_1.default.string()),
     sort: joi_1.default.array().items(joi_1.default.string()),
     filter: joi_1.default.object({}).unknown(),
-    limit: joi_1.default.number(),
-    offset: joi_1.default.number(),
-    page: joi_1.default.number(),
+    limit: joi_1.default.number().integer().min(-1),
+    offset: joi_1.default.number().integer().min(0),
+    page: joi_1.default.number().integer().min(0),
     meta: joi_1.default.array().items(joi_1.default.string().valid('total_count', 'filter_count')),
     search: joi_1.default.string(),
     export: joi_1.default.string().valid('json', 'csv', 'xml'),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "directus",
-  "version": "9.22.1",
+  "version": "9.22.4",
   "description": "Directus is a real-time API and App dashboard for managing SQL database content",
   "keywords": [
     "directus",
@@ -65,7 +65,7 @@
   ],
   "dependencies": {
     "@authenio/samlify-node-xmllint": "2.0.0",
-    "@aws-sdk/client-ses": "3.211.0",
+    "@aws-sdk/client-ses": "3.236.0",
     "@directus/format-title": "9.15.0",
     "@godaddy/terminus": "4.11.2",
     "@rollup/plugin-alias": "4.0.2",
@@ -73,7 +73,7 @@
     "argon2": "0.30.2",
     "async": "3.2.4",
     "async-mutex": "0.4.0",
-    "axios": "1.1.3",
+    "axios": "1.2.1",
     "busboy": "1.6.0",
     "bytes": "3.1.2",
     "camelcase": "6.3.0",
@@ -90,15 +90,15 @@
     "encodeurl": "1.0.2",
     "eventemitter2": "6.4.9",
     "execa": "5.1.1",
-    "exif-reader": "1.0.3",
+    "exif-reader": "1.1.0",
     "express": "4.18.2",
     "fast-redact": "3.1.2",
     "flat": "5.0.2",
-    "fs-extra": "10.1.0",
+    "fs-extra": "11.1.0",
     "globby": "11.0.4",
     "graphql": "16.6.0",
     "graphql-compose": "9.0.10",
-    "helmet": "6.0.0",
+    "helmet": "6.0.1",
     "icc": "2.0.0",
     "inquirer": "8.2.4",
     "ioredis": "5.2.4",
@@ -106,69 +106,69 @@
     "js-yaml": "4.1.0",
     "js2xmlparser": "5.0.0",
     "json2csv": "5.0.7",
-    "jsonwebtoken": "8.5.1",
+    "jsonwebtoken": "9.0.0",
     "keyv": "4.5.2",
     "knex": "2.3.0",
     "knex-schema-inspector": "3.0.0",
     "ldapjs": "2.3.3",
-    "liquidjs": "9.42.1",
+    "liquidjs": "10.3.3",
     "lodash": "4.17.21",
-    "marked": "4.2.2",
+    "marked": "4.2.4",
     "micromustache": "8.0.3",
     "mime-types": "2.1.35",
     "ms": "2.1.3",
-    "nanoid": "3.1.23",
+    "nanoid": "3.3.4",
     "node-cron": "3.0.2",
     "node-machine-id": "1.1.12",
     "nodemailer": "6.8.0",
     "object-hash": "3.0.0",
-    "openapi3-ts": "3.1.1",
-    "openid-client": "5.3.0",
+    "openapi3-ts": "3.1.2",
+    "openid-client": "5.3.1",
     "ora": "5.4.0",
     "otplib": "12.0.1",
-    "pino": "8.7.0",
-    "pino-http": "8.2.1",
+    "pino": "8.8.0",
+    "pino-http": "8.3.0",
     "pino-http-print": "3.1.0",
     "pino-pretty": "9.1.1",
     "qs": "6.11.0",
     "rate-limiter-flexible": "2.4.1",
-    "rollup": "3.3.0",
+    "rollup": "3.7.5",
     "samlify": "2.8.7",
-    "sanitize-html": "2.7.3",
-    "sharp": "0.31.2",
+    "sanitize-html": "2.8.1",
+    "sharp": "0.31.3",
     "snappy": "7.2.2",
-    "stream-json": "1.7.4",
+    "stream-json": "1.7.5",
     "strip-bom-stream": "4.0.0",
     "tmp-promise": "3.0.3",
     "update-check": "1.5.4",
     "uuid": "9.0.0",
     "uuid-validate": "0.0.3",
-    "vm2": "3.9.11",
+    "vm2": "3.9.13",
     "wellknown": "0.5.0",
-    "@directus/app": "9.22.1",
-    "@directus/extensions-sdk": "9.22.1",
-    "@directus/schema": "9.22.1",
-    "@directus/shared": "9.22.1",
-    "@directus/specs": "9.22.1",
-    "@directus/storage": "9.22.1",
-    "@directus/storage-driver-azure": "9.22.1",
-    "@directus/storage-driver-cloudinary": "9.22.1",
-    "@directus/storage-driver-gcs": "9.22.1",
-    "@directus/storage-driver-local": "9.22.1",
-    "@directus/storage-driver-s3": "9.22.1"
+    "@directus/app": "9.22.3",
+    "@directus/extensions-sdk": "9.22.4",
+    "@directus/schema": "9.22.4",
+    "@directus/shared": "9.22.3",
+    "@directus/specs": "9.22.4",
+    "@directus/storage": "9.22.4",
+    "@directus/storage-driver-azure": "9.22.4",
+    "@directus/storage-driver-cloudinary": "9.22.4",
+    "@directus/storage-driver-gcs": "9.22.4",
+    "@directus/storage-driver-local": "9.22.4",
+    "@directus/storage-driver-s3": "9.22.4"
   },
   "devDependencies": {
-    "@ngneat/falso": "6.3.0",
-    "@types/async": "3.2.15",
+    "@ngneat/falso": "6.3.2",
+    "@types/async": "3.2.16",
     "@types/busboy": "1.5.0",
     "@types/bytes": "3.1.1",
     "@types/cookie-parser": "1.4.3",
-    "@types/cors": "2.8.12",
-    "@types/deep-diff": "1.0.1",
+    "@types/cors": "2.8.13",
+    "@types/deep-diff": "1.0.2",
     "@types/destroy": "1.0.0",
     "@types/encodeurl": "1.0.0",
     "@types/exif-reader": "1.0.0",
-    "@types/express": "4.17.14",
+    "@types/express": "4.17.15",
     "@types/express-serve-static-core": "4.17.31",
     "@types/fast-redact": "3.0.2",
     "@types/flat": "5.0.2",
@@ -179,42 +179,40 @@
     "@types/jsonwebtoken": "8.5.9",
     "@types/keyv": "3.1.4",
     "@types/ldapjs": "2.2.5",
-    "@types/lodash": "4.14.189",
-    "@types/marked": "4.0.7",
+    "@types/lodash": "4.14.191",
+    "@types/marked": "4.0.8",
     "@types/mime-types": "2.1.1",
     "@types/ms": "0.7.31",
-    "@types/node": "18.11.9",
+    "@types/node": "18.11.17",
     "@types/node-cron": "3.0.6",
-    "@types/nodemailer": "6.4.6",
-    "@types/object-hash": "2.2.1",
-    "@types/pino": "7.0.4",
-    "@types/pino-http": "5.8.1",
+    "@types/nodemailer": "6.4.7",
+    "@types/object-hash": "3.0.2",
     "@types/qs": "6.9.7",
-    "@types/sanitize-html": "2.6.2",
+    "@types/sanitize-html": "2.8.0",
     "@types/sharp": "0.31.0",
     "@types/stream-json": "1.7.2",
-    "@types/uuid": "8.3.4",
+    "@types/uuid": "9.0.0",
     "@types/uuid-validate": "0.0.1",
     "@types/wellknown": "0.5.4",
-    "@vitest/coverage-c8": "0.25.2",
+    "@vitest/coverage-c8": "0.26.2",
     "copyfiles": "2.4.1",
     "form-data": "4.0.0",
-    "knex-mock-client": "1.8.4",
+    "knex-mock-client": "1.11.0",
     "ts-node": "10.9.1",
     "ts-node-dev": "2.0.0",
-    "typescript": "4.9.3",
-    "vitest": "0.25.2"
+    "typescript": "4.9.4",
+    "vitest": "0.26.2"
   },
   "optionalDependencies": {
-    "@keyv/redis": "2.5.3",
-    "keyv-memcache": "1.2.5",
+    "@keyv/redis": "2.5.4",
+    "keyv-memcache": "1.3.3",
     "memcached": "2.2.2",
     "mysql": "2.18.1",
     "nodemailer-mailgun-transport": "2.1.5",
     "nodemailer-sendgrid": "1.0.3",
     "pg": "8.8.0",
-    "sqlite3": "5.1.2",
-    "tedious": "15.1.1"
+    "sqlite3": "5.1.4",
+    "tedious": "15.1.2"
   },
   "engines": {
     "node": ">=12.20.0"