directus 9.22.3 → 9.23.1

package/dist/services/roles.js

@@ -56,8 +56,13 @@ class RolesService extends items_1.ItemsService {
         return;
     }
     async updateOne(key, data, opts) {
-        if ('users' in data) {
-            await this.checkForOtherAdminUsers(key, data.users);
+        try {
+            if ('users' in data) {
+                await this.checkForOtherAdminUsers(key, data.users);
+            }
+        }
+        catch (err) {
+            (opts || (opts = {})).preMutationException = err;
         }
         return super.updateOne(key, data, opts);
     }
@@ -65,14 +70,24 @@ class RolesService extends items_1.ItemsService {
         const primaryKeyField = this.schema.collections[this.collection].primary;
         const keys = data.map((item) => item[primaryKeyField]);
         const setsToNoAdmin = data.some((item) => item.admin_access === false);
-        if (setsToNoAdmin) {
-            await this.checkForOtherAdminRoles(keys);
+        try {
+            if (setsToNoAdmin) {
+                await this.checkForOtherAdminRoles(keys);
+            }
+        }
+        catch (err) {
+            (opts || (opts = {})).preMutationException = err;
         }
         return super.updateBatch(data, opts);
     }
     async updateMany(keys, data, opts) {
-        if ('admin_access' in data && data.admin_access === false) {
-            await this.checkForOtherAdminRoles(keys);
+        try {
+            if ('admin_access' in data && data.admin_access === false) {
+                await this.checkForOtherAdminRoles(keys);
+            }
+        }
+        catch (err) {
+            (opts || (opts = {})).preMutationException = err;
         }
         return super.updateMany(keys, data, opts);
     }
@@ -81,7 +96,13 @@ class RolesService extends items_1.ItemsService {
         return key;
     }
     async deleteMany(keys) {
-        await this.checkForOtherAdminRoles(keys);
+        const opts = {};
+        try {
+            await this.checkForOtherAdminRoles(keys);
+        }
+        catch (err) {
+            opts.preMutationException = err;
+        }
         await this.knex.transaction(async (trx) => {
             const itemsService = new items_1.ItemsService('directus_roles', {
                 knex: trx,
@@ -106,17 +127,17 @@ class RolesService extends items_1.ItemsService {
             // Delete permissions/presets for this role, suspend all remaining users in role
             await permissionsService.deleteByQuery({
                 filter: { role: { _in: keys } },
-            });
+            }, opts);
             await presetsService.deleteByQuery({
                 filter: { role: { _in: keys } },
-            });
+            }, opts);
             await usersService.updateByQuery({
                 filter: { role: { _in: keys } },
             }, {
                 status: 'suspended',
                 role: null,
-            });
-            await itemsService.deleteMany(keys);
+            }, opts);
+            await itemsService.deleteMany(keys, opts);
         });
         return keys;
     }

package/dist/services/schema.d.ts

@@ -0,0 +1,15 @@
+import { Accountability } from '@directus/shared/types';
+import { Knex } from 'knex';
+import { AbstractServiceOptions, Snapshot, SnapshotDiff, SnapshotDiffWithHash, SnapshotWithHash } from '../types';
+export declare class SchemaService {
+    knex: Knex;
+    accountability: Accountability | null;
+    constructor(options: Omit<AbstractServiceOptions, 'schema'>);
+    snapshot(): Promise<Snapshot>;
+    apply(payload: SnapshotDiffWithHash): Promise<void>;
+    diff(snapshot: Snapshot, options?: {
+        currentSnapshot?: Snapshot;
+        force?: boolean;
+    }): Promise<SnapshotDiff | null>;
+    getHashedSnapshot(snapshot: Snapshot): SnapshotWithHash;
+}

package/dist/services/schema.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SchemaService = void 0;
+const database_1 = __importDefault(require("../database"));
+const exceptions_1 = require("../exceptions");
+const apply_diff_1 = require("../utils/apply-diff");
+const get_snapshot_1 = require("../utils/get-snapshot");
+const get_snapshot_diff_1 = require("../utils/get-snapshot-diff");
+const get_versioned_hash_1 = require("../utils/get-versioned-hash");
+const validate_diff_1 = require("../utils/validate-diff");
+const validate_snapshot_1 = require("../utils/validate-snapshot");
+class SchemaService {
+    constructor(options) {
+        var _a, _b;
+        this.knex = (_a = options.knex) !== null && _a !== void 0 ? _a : (0, database_1.default)();
+        this.accountability = (_b = options.accountability) !== null && _b !== void 0 ? _b : null;
+    }
+    async snapshot() {
+        var _a;
+        if (((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) !== true)
+            throw new exceptions_1.ForbiddenException();
+        const currentSnapshot = await (0, get_snapshot_1.getSnapshot)({ database: this.knex });
+        return currentSnapshot;
+    }
+    async apply(payload) {
+        var _a;
+        if (((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) !== true)
+            throw new exceptions_1.ForbiddenException();
+        const currentSnapshot = await this.snapshot();
+        const snapshotWithHash = this.getHashedSnapshot(currentSnapshot);
+        if (!(0, validate_diff_1.validateApplyDiff)(payload, snapshotWithHash))
+            return;
+        await (0, apply_diff_1.applyDiff)(currentSnapshot, payload.diff, { database: this.knex });
+    }
+    async diff(snapshot, options) {
+        var _a, _b;
+        if (((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) !== true)
+            throw new exceptions_1.ForbiddenException();
+        (0, validate_snapshot_1.validateSnapshot)(snapshot, options === null || options === void 0 ? void 0 : options.force);
+        const currentSnapshot = (_b = options === null || options === void 0 ? void 0 : options.currentSnapshot) !== null && _b !== void 0 ? _b : (await (0, get_snapshot_1.getSnapshot)({ database: this.knex }));
+        const diff = (0, get_snapshot_diff_1.getSnapshotDiff)(currentSnapshot, snapshot);
+        if (diff.collections.length === 0 && diff.fields.length === 0 && diff.relations.length === 0) {
+            return null;
+        }
+        return diff;
+    }
+    getHashedSnapshot(snapshot) {
+        const snapshotHash = (0, get_versioned_hash_1.getVersionedHash)(snapshot);
+        return {
+            ...snapshot,
+            hash: snapshotHash,
+        };
+    }
+}
+exports.SchemaService = SchemaService;

package/dist/services/schema.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/services/shares.d.ts

@@ -1,6 +1,6 @@
-import { AbstractServiceOptions, LoginResult, Item, PrimaryKey, MutationOptions } from '../types';
-import { ItemsService } from './items';
+import { AbstractServiceOptions, Item, LoginResult, MutationOptions, PrimaryKey } from '../types';
 import { AuthorizationService } from './authorization';
+import { ItemsService } from './items';
 export declare class SharesService extends ItemsService {
     authorizationService: AuthorizationService;
     constructor(options: AbstractServiceOptions);

package/dist/services/shares.js

@@ -4,18 +4,18 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SharesService = void 0;
-const items_1 = require("./items");
 const argon2_1 = __importDefault(require("argon2"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const ms_1 = __importDefault(require("ms"));
-const exceptions_1 = require("../exceptions");
 const env_1 = __importDefault(require("../env"));
-const authorization_1 = require("./authorization");
-const users_1 = require("./users");
-const mail_1 = require("./mail");
-const user_name_1 = require("../utils/user-name");
+const exceptions_1 = require("../exceptions");
+const get_milliseconds_1 = require("../utils/get-milliseconds");
 const md_1 = require("../utils/md");
 const url_1 = require("../utils/url");
+const user_name_1 = require("../utils/user-name");
+const authorization_1 = require("./authorization");
+const items_1 = require("./items");
+const mail_1 = require("./mail");
+const users_1 = require("./users");
 class SharesService extends items_1.ItemsService {
     constructor(options) {
         super('directus_shares', options);
@@ -80,7 +80,7 @@ class SharesService extends items_1.ItemsService {
             issuer: 'directus',
         });
         const refreshToken = nanoid(64);
-        const refreshTokenExpiration = new Date(Date.now() + (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL));
+        const refreshTokenExpiration = new Date(Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL, 0));
         await this.knex('directus_sessions').insert({
             token: refreshToken,
             expires: refreshTokenExpiration,
@@ -93,7 +93,7 @@ class SharesService extends items_1.ItemsService {
         return {
             accessToken,
             refreshToken,
-            expires: (0, ms_1.default)(env_1.default.ACCESS_TOKEN_TTL),
+            expires: (0, get_milliseconds_1.getMilliseconds)(env_1.default.ACCESS_TOKEN_TTL),
         };
     }
     /**

package/dist/services/users.js

@@ -131,11 +131,16 @@ class UsersService extends items_1.ItemsService {
     async createMany(data, opts) {
         const emails = data.map((payload) => payload.email).filter((email) => email);
         const passwords = data.map((payload) => payload.password).filter((password) => password);
-        if (emails.length) {
-            await this.checkUniqueEmails(emails);
+        try {
+            if (emails.length) {
+                await this.checkUniqueEmails(emails);
+            }
+            if (passwords.length) {
+                await this.checkPasswordPolicy(passwords);
+            }
         }
-        if (passwords.length) {
-            await this.checkPasswordPolicy(passwords);
+        catch (err) {
+            (opts || (opts = {})).preMutationException = err;
         }
         return await super.createMany(data, opts);
     }
@@ -175,44 +180,49 @@ class UsersService extends items_1.ItemsService {
      */
     async updateMany(keys, data, opts) {
         var _a, _b;
-        if (data.role) {
-            // data.role will be an object with id with GraphQL mutations
-            const roleId = (_b = (_a = data.role) === null || _a === void 0 ? void 0 : _a.id) !== null && _b !== void 0 ? _b : data.role;
-            const newRole = await this.knex.select('admin_access').from('directus_roles').where('id', roleId).first();
-            if (!(newRole === null || newRole === void 0 ? void 0 : newRole.admin_access)) {
-                await this.checkRemainingAdminExistence(keys);
+        try {
+            if (data.role) {
+                // data.role will be an object with id with GraphQL mutations
+                const roleId = (_b = (_a = data.role) === null || _a === void 0 ? void 0 : _a.id) !== null && _b !== void 0 ? _b : data.role;
+                const newRole = await this.knex.select('admin_access').from('directus_roles').where('id', roleId).first();
+                if (!(newRole === null || newRole === void 0 ? void 0 : newRole.admin_access)) {
+                    await this.checkRemainingAdminExistence(keys);
+                }
             }
-        }
-        if (data.status !== undefined && data.status !== 'active') {
-            await this.checkRemainingActiveAdmin(keys);
-        }
-        if (data.email) {
-            if (keys.length > 1) {
-                throw new record_not_unique_1.RecordNotUniqueException('email', {
-                    collection: 'directus_users',
-                    field: 'email',
-                    invalid: data.email,
-                });
+            if (data.status !== undefined && data.status !== 'active') {
+                await this.checkRemainingActiveAdmin(keys);
             }
-            await this.checkUniqueEmails([data.email], keys[0]);
-        }
-        if (data.password) {
-            await this.checkPasswordPolicy([data.password]);
-        }
-        if (data.tfa_secret !== undefined) {
-            throw new exceptions_2.InvalidPayloadException(`You can't change the "tfa_secret" value manually.`);
-        }
-        if (data.provider !== undefined) {
-            if (this.accountability && this.accountability.admin !== true) {
-                throw new exceptions_2.InvalidPayloadException(`You can't change the "provider" value manually.`);
+            if (data.email) {
+                if (keys.length > 1) {
+                    throw new record_not_unique_1.RecordNotUniqueException('email', {
+                        collection: 'directus_users',
+                        field: 'email',
+                        invalid: data.email,
+                    });
+                }
+                await this.checkUniqueEmails([data.email], keys[0]);
             }
-            data.auth_data = null;
-        }
-        if (data.external_identifier !== undefined) {
-            if (this.accountability && this.accountability.admin !== true) {
-                throw new exceptions_2.InvalidPayloadException(`You can't change the "external_identifier" value manually.`);
+            if (data.password) {
+                await this.checkPasswordPolicy([data.password]);
+            }
+            if (data.tfa_secret !== undefined) {
+                throw new exceptions_2.InvalidPayloadException(`You can't change the "tfa_secret" value manually.`);
             }
-            data.auth_data = null;
+            if (data.provider !== undefined) {
+                if (this.accountability && this.accountability.admin !== true) {
+                    throw new exceptions_2.InvalidPayloadException(`You can't change the "provider" value manually.`);
+                }
+                data.auth_data = null;
+            }
+            if (data.external_identifier !== undefined) {
+                if (this.accountability && this.accountability.admin !== true) {
+                    throw new exceptions_2.InvalidPayloadException(`You can't change the "external_identifier" value manually.`);
+                }
+                data.auth_data = null;
+            }
+        }
+        catch (err) {
+            (opts || (opts = {})).preMutationException = err;
         }
         return await super.updateMany(keys, data, opts);
     }
@@ -227,7 +237,12 @@ class UsersService extends items_1.ItemsService {
      * Delete multiple users by primary key
      */
     async deleteMany(keys, opts) {
-        await this.checkRemainingAdminExistence(keys);
+        try {
+            await this.checkRemainingAdminExistence(keys);
+        }
+        catch (err) {
+            (opts || (opts = {})).preMutationException = err;
+        }
         await this.knex('directus_notifications').update({ sender: null }).whereIn('sender', keys);
         await super.deleteMany(keys, opts);
         return keys;
@@ -248,8 +263,14 @@ class UsersService extends items_1.ItemsService {
         return await this.deleteMany(keys, opts);
     }
     async inviteUser(email, role, url, subject) {
-        if (url && (0, is_url_allowed_1.default)(url, env_1.default.USER_INVITE_URL_ALLOW_LIST) === false) {
-            throw new exceptions_2.InvalidPayloadException(`Url "${url}" can't be used to invite users.`);
+        const opts = {};
+        try {
+            if (url && (0, is_url_allowed_1.default)(url, env_1.default.USER_INVITE_URL_ALLOW_LIST) === false) {
+                throw new exceptions_2.InvalidPayloadException(`Url "${url}" can't be used to invite users.`);
+            }
+        }
+        catch (err) {
+            opts.preMutationException = err;
         }
         const emails = (0, utils_1.toArray)(email);
         const mailService = new mail_1.MailService({
@@ -263,7 +284,7 @@ class UsersService extends items_1.ItemsService {
             const inviteURL = url ? new url_1.Url(url) : new url_1.Url(env_1.default.PUBLIC_URL).addPath('admin', 'accept-invite');
             inviteURL.setQuery('token', token);
             // Create user first to verify uniqueness
-            await this.createOne({ email, role, status: 'invited' });
+            await this.createOne({ email, role, status: 'invited' }, opts);
             await mailService.send({
                 to: email,
                 subject: subjectLine,
@@ -293,9 +314,6 @@ class UsersService extends items_1.ItemsService {
         await service.updateOne(user.id, { password, status: 'active' });
     }
     async requestPasswordReset(email, url, subject) {
-        if (url && (0, is_url_allowed_1.default)(url, env_1.default.PASSWORD_RESET_URL_ALLOW_LIST) === false) {
-            throw new exceptions_2.InvalidPayloadException(`Url "${url}" can't be used to reset passwords.`);
-        }
         const STALL_TIME = 500;
         const timeStart = perf_hooks_1.performance.now();
         const user = await this.knex
@@ -307,6 +325,9 @@ class UsersService extends items_1.ItemsService {
             await (0, stall_1.stall)(STALL_TIME, timeStart);
             throw new exceptions_2.ForbiddenException();
         }
+        if (url && (0, is_url_allowed_1.default)(url, env_1.default.PASSWORD_RESET_URL_ALLOW_LIST) === false) {
+            throw new exceptions_2.InvalidPayloadException(`Url "${url}" can't be used to reset passwords.`);
+        }
         const mailService = new mail_1.MailService({
             schema: this.schema,
             knex: this.knex,
@@ -336,7 +357,13 @@ class UsersService extends items_1.ItemsService {
         const { email, scope, hash } = jsonwebtoken_1.default.verify(token, env_1.default.SECRET, { issuer: 'directus' });
         if (scope !== 'password-reset' || !hash)
             throw new exceptions_2.ForbiddenException();
-        await this.checkPasswordPolicy([password]);
+        const opts = {};
+        try {
+            await this.checkPasswordPolicy([password]);
+        }
+        catch (err) {
+            opts.preMutationException = err;
+        }
         const user = await this.knex.select('id', 'status', 'password').from('directus_users').where({ email }).first();
         if ((user === null || user === void 0 ? void 0 : user.status) !== 'active' || hash !== (0, utils_2.getSimpleHash)('' + user.password)) {
             throw new exceptions_2.ForbiddenException();
@@ -350,7 +377,7 @@ class UsersService extends items_1.ItemsService {
                 admin: true, // We need to skip permissions checks for the update call below
             },
         });
-        await service.updateOne(user.id, { password, status: 'active' });
+        await service.updateOne(user.id, { password, status: 'active' }, opts);
     }
 }
 exports.UsersService = UsersService;

package/dist/types/assets.d.ts

@@ -1,6 +1,6 @@
 import { ResizeOptions, Sharp } from 'sharp';
 export declare const TransformationMethods: readonly ["toFormat", "jpeg", "png", "tiff", "webp", "resize", "extend", "extract", "trim", "rotate", "flip", "flop", "sharpen", "median", "blur", "flatten", "gamma", "negate", "normalise", "normalize", "clahe", "convolve", "threshold", "linear", "recomb", "modulate", "tint", "greyscale", "grayscale", "toColorspace", "toColourspace", "removeAlpha", "ensureAlpha", "extractChannel", "bandbool"];
-type AllowedSharpMethods = Pick<Sharp, typeof TransformationMethods[number]>;
+type AllowedSharpMethods = Pick<Sharp, (typeof TransformationMethods)[number]>;
 export type TransformationMap = {
     [M in keyof AllowedSharpMethods]: readonly [M, ...Parameters<AllowedSharpMethods[M]>];
 };

package/dist/types/database.d.ts

@@ -0,0 +1,3 @@
+export type Driver = 'mysql' | 'pg' | 'cockroachdb' | 'sqlite3' | 'oracledb' | 'mssql';
+export declare const DatabaseClients: readonly ["mysql", "postgres", "cockroachdb", "sqlite", "oracle", "mssql", "redshift"];
+export type DatabaseClient = (typeof DatabaseClients)[number];

package/dist/types/database.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DatabaseClients = void 0;
+exports.DatabaseClients = ['mysql', 'postgres', 'cockroachdb', 'sqlite', 'oracle', 'mssql', 'redshift'];

package/dist/types/index.d.ts

@@ -2,6 +2,7 @@ export * from './assets';
 export * from './ast';
 export * from './auth';
 export * from './collection';
+export * from './database';
 export * from './events';
 export * from './files';
 export * from './graphql';

package/dist/types/index.js

@@ -18,6 +18,7 @@ __exportStar(require("./assets"), exports);
 __exportStar(require("./ast"), exports);
 __exportStar(require("./auth"), exports);
 __exportStar(require("./collection"), exports);
+__exportStar(require("./database"), exports);
 __exportStar(require("./events"), exports);
 __exportStar(require("./files"), exports);
 __exportStar(require("./graphql"), exports);

package/dist/types/items.d.ts

@@ -2,6 +2,7 @@
  * I know this looks a little silly, but it allows us to explicitly differentiate between when we're
  * expecting an item vs any other generic object.
  */
+import { BaseException } from '@directus/shared/exceptions';
 import { EventContext } from '@directus/shared/types';
 export type Item = Record<string, any>;
 export type PrimaryKey = string | number;
@@ -36,6 +37,10 @@ export type MutationOptions = {
      * Can be used to queue up the nested events from item service's create, update and delete
      */
     bypassEmitAction?: (params: ActionEventParams) => void;
+    /**
+     * The validation error to throw right before the mutation takes place
+     */
+    preMutationException?: BaseException;
 };
 export type ActionEventParams = {
     event: string | string[];

package/dist/types/snapshot.d.ts

@@ -1,9 +1,11 @@
 import { Collection } from './collection';
 import { Relation, RelationMeta, Field, FieldMeta } from '@directus/shared/types';
 import { Diff } from 'deep-diff';
+import { DatabaseClient } from './database';
 export type Snapshot = {
     version: number;
     directus: string;
+    vendor?: DatabaseClient;
     collections: Collection[];
     fields: SnapshotField[];
     relations: SnapshotRelation[];
@@ -14,6 +16,9 @@ export type SnapshotField = Field & {
 export type SnapshotRelation = Relation & {
     meta: Omit<RelationMeta, 'id'>;
 };
+export type SnapshotWithHash = Snapshot & {
+    hash: string;
+};
 export type SnapshotDiff = {
     collections: {
         collection: string;
@@ -31,3 +36,20 @@ export type SnapshotDiff = {
         diff: Diff<SnapshotRelation | undefined>[];
     }[];
 };
+export type SnapshotDiffWithHash = {
+    hash: string;
+    diff: SnapshotDiff;
+};
+/**
+ * Indicates the kind of change based on comparisons by deep-diff package
+ */
+export declare const DiffKind: {
+    /** indicates a newly added property/element */
+    readonly NEW: "N";
+    /** indicates a property/element was deleted */
+    readonly DELETE: "D";
+    /** indicates a property/element was edited */
+    readonly EDIT: "E";
+    /** indicates a change occurred within an array */
+    readonly ARRAY: "A";
+};

package/dist/types/snapshot.js

@@ -1,2 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DiffKind = void 0;
+/**
+ * Indicates the kind of change based on comparisons by deep-diff package
+ */
+exports.DiffKind = {
+    /** indicates a newly added property/element */
+    NEW: 'N',
+    /** indicates a property/element was deleted */
+    DELETE: 'D',
+    /** indicates a property/element was edited */
+    EDIT: 'E',
+    /** indicates a change occurred within an array */
+    ARRAY: 'A',
+};

package/dist/utils/apply-diff.d.ts

@@ -0,0 +1,9 @@
+import { SchemaOverview } from '@directus/shared/types';
+import { Knex } from 'knex';
+import { Snapshot, SnapshotDiff, SnapshotField } from '../types';
+import { Diff } from 'deep-diff';
+export declare function applyDiff(currentSnapshot: Snapshot, snapshotDiff: SnapshotDiff, options?: {
+    database?: Knex;
+    schema?: SchemaOverview;
+}): Promise<void>;
+export declare function isNestedMetaUpdate(diff: Diff<SnapshotField | undefined>): boolean;