directus 9.22.4 → 9.23.3

package/dist/app.js

@@ -44,20 +44,21 @@ const folders_1 = __importDefault(require("./controllers/folders"));
 const graphql_1 = __importDefault(require("./controllers/graphql"));
 const items_1 = __importDefault(require("./controllers/items"));
 const not_found_1 = __importDefault(require("./controllers/not-found"));
-const panels_1 = __importDefault(require("./controllers/panels"));
 const notifications_1 = __importDefault(require("./controllers/notifications"));
 const operations_1 = __importDefault(require("./controllers/operations"));
+const panels_1 = __importDefault(require("./controllers/panels"));
 const permissions_1 = __importDefault(require("./controllers/permissions"));
 const presets_1 = __importDefault(require("./controllers/presets"));
 const relations_1 = __importDefault(require("./controllers/relations"));
 const revisions_1 = __importDefault(require("./controllers/revisions"));
 const roles_1 = __importDefault(require("./controllers/roles"));
+const schema_1 = __importDefault(require("./controllers/schema"));
 const server_1 = __importDefault(require("./controllers/server"));
 const settings_1 = __importDefault(require("./controllers/settings"));
+const shares_1 = __importDefault(require("./controllers/shares"));
 const users_1 = __importDefault(require("./controllers/users"));
 const utils_1 = __importDefault(require("./controllers/utils"));
 const webhooks_1 = __importDefault(require("./controllers/webhooks"));
-const shares_1 = __importDefault(require("./controllers/shares"));
 const database_1 = require("./database");
 const emitter_1 = __importDefault(require("./emitter"));
 const env_1 = __importDefault(require("./env"));
@@ -66,25 +67,25 @@ const extensions_2 = require("./extensions");
 const flows_2 = require("./flows");
 const logger_1 = __importStar(require("./logger"));
 const authenticate_1 = __importDefault(require("./middleware/authenticate"));
-const get_permissions_1 = __importDefault(require("./middleware/get-permissions"));
 const cache_1 = __importDefault(require("./middleware/cache"));
 const check_ip_1 = require("./middleware/check-ip");
 const cors_1 = __importDefault(require("./middleware/cors"));
 const error_handler_1 = __importDefault(require("./middleware/error-handler"));
 const extract_token_1 = __importDefault(require("./middleware/extract-token"));
-const rate_limiter_1 = __importDefault(require("./middleware/rate-limiter"));
+const get_permissions_1 = __importDefault(require("./middleware/get-permissions"));
+const rate_limiter_global_1 = __importDefault(require("./middleware/rate-limiter-global"));
+const rate_limiter_ip_1 = __importDefault(require("./middleware/rate-limiter-ip"));
 const sanitize_query_1 = __importDefault(require("./middleware/sanitize-query"));
-const schema_1 = __importDefault(require("./middleware/schema"));
-const constants_1 = require("./constants");
+const schema_2 = __importDefault(require("./middleware/schema"));
+const lodash_1 = require("lodash");
+const auth_2 = require("./auth");
+const cache_2 = require("./cache");
+const get_config_from_env_1 = require("./utils/get-config-from-env");
 const track_1 = require("./utils/track");
+const url_1 = require("./utils/url");
 const validate_env_1 = require("./utils/validate-env");
 const validate_storage_1 = require("./utils/validate-storage");
 const webhooks_2 = require("./webhooks");
-const cache_2 = require("./cache");
-const auth_2 = require("./auth");
-const url_1 = require("./utils/url");
-const get_config_from_env_1 = require("./utils/get-config-from-env");
-const lodash_1 = require("lodash");
 async function createApp() {
     const helmet = await import('helmet');
     (0, validate_env_1.validateEnv)(['KEY', 'SECRET']);
@@ -165,7 +166,7 @@ async function createApp() {
     app.get('/robots.txt', (_, res) => {
         res.set('Content-Type', 'text/plain');
         res.status(200);
-        res.send(constants_1.ROBOTSTXT);
+        res.send(env_1.default.ROBOTS_TXT);
     });
     if (env_1.default.SERVE_APP) {
         const adminPath = require.resolve('@directus/app');
@@ -191,15 +192,18 @@ async function createApp() {
         app.use('/admin/*', sendHtml);
     }
     // use the rate limiter - all routes for now
+    if (env_1.default.RATE_LIMITER_GLOBAL_ENABLED === true) {
+        app.use(rate_limiter_global_1.default);
+    }
     if (env_1.default.RATE_LIMITER_ENABLED === true) {
-        app.use(rate_limiter_1.default);
+        app.use(rate_limiter_ip_1.default);
     }
     app.get('/server/ping', (req, res) => res.send('pong'));
     app.use(authenticate_1.default);
     app.use(check_ip_1.checkIP);
     app.use(sanitize_query_1.default);
     app.use(cache_1.default);
-    app.use(schema_1.default);
+    app.use(schema_2.default);
     app.use(get_permissions_1.default);
     await emitter_1.default.emitInit('middlewares.after', { app });
     await emitter_1.default.emitInit('routes.before', { app });
@@ -223,6 +227,7 @@ async function createApp() {
     app.use('/relations', relations_1.default);
     app.use('/revisions', revisions_1.default);
     app.use('/roles', roles_1.default);
+    app.use('/schema', schema_1.default);
     app.use('/server', server_1.default);
     app.use('/settings', settings_1.default);
     app.use('/shares', shares_1.default);

package/dist/auth/auth.d.ts

@@ -1,6 +1,6 @@
-import { SchemaOverview } from '@directus/shared/types';
-import { Knex } from 'knex';
-import { AuthDriverOptions, User } from '../types';
+import type { SchemaOverview } from '@directus/shared/types';
+import type { Knex } from 'knex';
+import type { AuthDriverOptions, User } from '../types';
 export declare abstract class AuthDriver {
     knex: Knex;
     schema: SchemaOverview;

package/dist/auth/auth.js

@@ -2,6 +2,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthDriver = void 0;
 class AuthDriver {
+    knex;
+    schema;
     constructor(options, _config) {
         this.knex = options.knex;
         this.schema = options.schema;

package/dist/auth/drivers/ldap.d.ts

@@ -1,8 +1,8 @@
 import { Router } from 'express';
 import { Client } from 'ldapjs';
-import { AuthDriver } from '../auth';
-import { AuthDriverOptions, User } from '../../types';
 import { UsersService } from '../../services';
+import type { AuthDriverOptions, User } from '../../types';
+import { AuthDriver } from '../auth';
 export declare class LDAPAuthDriver extends AuthDriver {
     bindClient: Client;
     usersService: UsersService;

package/dist/auth/drivers/ldap.js

@@ -28,32 +28,34 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createLDAPAuthRouter = exports.LDAPAuthDriver = void 0;
 const express_1 = require("express");
-const ldapjs_1 = __importStar(require("ldapjs"));
-const ms_1 = __importDefault(require("ms"));
-const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
 const joi_1 = __importDefault(require("joi"));
-const auth_1 = require("../auth");
+const ldapjs_1 = __importStar(require("ldapjs"));
+const env_1 = __importDefault(require("../../env"));
 const exceptions_1 = require("../../exceptions");
 const record_not_unique_1 = require("../../exceptions/database/record-not-unique");
+const logger_1 = __importDefault(require("../../logger"));
+const respond_1 = require("../../middleware/respond");
 const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
-const env_1 = __importDefault(require("../../env"));
-const respond_1 = require("../../middleware/respond");
-const logger_1 = __importDefault(require("../../logger"));
+const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const get_milliseconds_1 = require("../../utils/get-milliseconds");
+const auth_1 = require("../auth");
 // 0x2: ACCOUNTDISABLE
 // 0x10: LOCKOUT
 // 0x800000: PASSWORD_EXPIRED
 const INVALID_ACCOUNT_FLAGS = 0x800012;
 class LDAPAuthDriver extends auth_1.AuthDriver {
+    bindClient;
+    usersService;
+    config;
     constructor(options, config) {
-        var _a;
         super(options, config);
         const { bindDn, bindPassword, userDn, provider, clientUrl } = config;
         if (bindDn === undefined ||
             bindPassword === undefined ||
             !userDn ||
             !provider ||
-            (!clientUrl && !((_a = config.client) === null || _a === void 0 ? void 0 : _a.socketPath))) {
+            (!clientUrl && !config.client?.socketPath)) {
             throw new exceptions_1.InvalidConfigException('Invalid provider config', { provider });
         }
         const clientConfig = typeof config.client === 'object' ? config.client : {};
@@ -95,7 +97,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                 });
                 res.on('end', (result) => {
                     // Handle edge case where authenticated bind user cannot read their own DN
-                    if ((result === null || result === void 0 ? void 0 : result.status) === 0) {
+                    if (result?.status === 0) {
                         reject(new exceptions_1.UnexpectedResponseException('Failed to find bind user record'));
                     }
                 });
@@ -104,9 +106,9 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
     }
     async fetchUserInfo(baseDn, filter, scope) {
         let { firstNameAttribute, lastNameAttribute, mailAttribute } = this.config;
-        firstNameAttribute !== null && firstNameAttribute !== void 0 ? firstNameAttribute : (firstNameAttribute = 'givenName');
-        lastNameAttribute !== null && lastNameAttribute !== void 0 ? lastNameAttribute : (lastNameAttribute = 'sn');
-        mailAttribute !== null && mailAttribute !== void 0 ? mailAttribute : (mailAttribute = 'mail');
+        firstNameAttribute ??= 'givenName';
+        lastNameAttribute ??= 'sn';
+        mailAttribute ??= 'mail';
         return new Promise((resolve, reject) => {
             // Search for the user in LDAP by filter
             this.bindClient.search(baseDn, {
@@ -119,15 +121,22 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                     return;
                 }
                 res.on('searchEntry', ({ object }) => {
-                    var _a;
                     const user = {
                         dn: object.dn,
-                        uid: getEntryValue(object.uid),
-                        firstName: getEntryValue(object[firstNameAttribute]),
-                        lastName: getEntryValue(object[lastNameAttribute]),
-                        email: getEntryValue(object[mailAttribute]),
-                        userAccountControl: Number((_a = getEntryValue(object.userAccountControl)) !== null && _a !== void 0 ? _a : 0),
+                        userAccountControl: Number(getEntryValue(object.userAccountControl) ?? 0),
                     };
+                    const firstName = getEntryValue(object[firstNameAttribute]);
+                    if (firstName)
+                        user.firstName = firstName;
+                    const lastName = getEntryValue(object[lastNameAttribute]);
+                    if (lastName)
+                        user.lastName = lastName;
+                    const email = getEntryValue(object[mailAttribute]);
+                    if (email)
+                        user.email = email;
+                    const uid = getEntryValue(object.uid);
+                    if (uid)
+                        user.uid = uid;
                     resolve(user);
                 });
                 res.on('error', (err) => {
@@ -175,28 +184,27 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             .from('directus_users')
             .orWhereRaw('LOWER(??) = ?', ['external_identifier', userDn.toLowerCase()])
             .first();
-        return user === null || user === void 0 ? void 0 : user.id;
+        return user?.id;
     }
     async getUserID(payload) {
-        var _a, _b, _c;
         if (!payload.identifier) {
             throw new exceptions_1.InvalidCredentialsException();
         }
         await this.validateBindClient();
         const { userDn, userScope, userAttribute, groupDn, groupScope, groupAttribute, defaultRoleId } = this.config;
         const userInfo = await this.fetchUserInfo(userDn, new ldapjs_1.EqualityFilter({
-            attribute: userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn',
+            attribute: userAttribute ?? 'cn',
             value: payload.identifier,
-        }), userScope !== null && userScope !== void 0 ? userScope : 'one');
-        if (!(userInfo === null || userInfo === void 0 ? void 0 : userInfo.dn)) {
+        }), userScope ?? 'one');
+        if (!userInfo?.dn) {
             throw new exceptions_1.InvalidCredentialsException();
         }
         let userRole;
         if (groupDn) {
             const userGroups = await this.fetchUserGroups(groupDn, new ldapjs_1.EqualityFilter({
-                attribute: groupAttribute !== null && groupAttribute !== void 0 ? groupAttribute : 'member',
-                value: (groupAttribute === null || groupAttribute === void 0 ? void 0 : groupAttribute.toLowerCase()) === 'memberuid' && userInfo.uid ? userInfo.uid : userInfo.dn,
-            }), groupScope !== null && groupScope !== void 0 ? groupScope : 'one');
+                attribute: groupAttribute ?? 'member',
+                value: groupAttribute?.toLowerCase() === 'memberuid' && userInfo.uid ? userInfo.uid : userInfo.dn,
+            }), groupScope ?? 'one');
             if (userGroups.length) {
                 userRole = await this.knex
                     .select('id')
@@ -212,7 +220,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         if (userId) {
             // Only sync roles if the AD groups are configured
             if (groupDn) {
-                await this.usersService.updateOne(userId, { role: (_b = (_a = userRole === null || userRole === void 0 ? void 0 : userRole.id) !== null && _a !== void 0 ? _a : defaultRoleId) !== null && _b !== void 0 ? _b : null });
+                await this.usersService.updateOne(userId, { role: userRole?.id ?? defaultRoleId ?? null });
             }
             return userId;
         }
@@ -226,7 +234,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                 last_name: userInfo.lastName,
                 email: userInfo.email,
                 external_identifier: userInfo.dn,
-                role: (_c = userRole === null || userRole === void 0 ? void 0 : userRole.id) !== null && _c !== void 0 ? _c : defaultRoleId,
+                role: userRole?.id ?? defaultRoleId,
             });
         }
         catch (e) {
@@ -269,7 +277,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
     async refresh(user) {
         await this.validateBindClient();
         const userInfo = await this.fetchUserInfo(user.external_identifier);
-        if ((userInfo === null || userInfo === void 0 ? void 0 : userInfo.userAccountControl) && userInfo.userAccountControl & INVALID_ACCOUNT_FLAGS) {
+        if (userInfo?.userAccountControl && userInfo.userAccountControl & INVALID_ACCOUNT_FLAGS) {
             throw new exceptions_1.InvalidCredentialsException();
         }
     }
@@ -298,13 +306,16 @@ function createLDAPAuthRouter(provider) {
         otp: joi_1.default.string(),
     }).unknown();
     router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
-        var _a, _b;
         const accountability = {
             ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-            userAgent: req.get('user-agent'),
-            origin: req.get('origin'),
             role: null,
         };
+        const userAgent = req.get('user-agent');
+        if (userAgent)
+            accountability.userAgent = userAgent;
+        const origin = req.get('origin');
+        if (origin)
+            accountability.origin = origin;
         const authenticationService = new services_1.AuthenticationService({
             accountability: accountability,
             schema: req.schema,
@@ -314,7 +325,7 @@ function createLDAPAuthRouter(provider) {
             throw new exceptions_1.InvalidPayloadException(error.message);
         }
         const mode = req.body.mode || 'json';
-        const { accessToken, refreshToken, expires } = await authenticationService.login(provider, req.body, (_a = req.body) === null || _a === void 0 ? void 0 : _a.otp);
+        const { accessToken, refreshToken, expires } = await authenticationService.login(provider, req.body, req.body?.otp);
         const payload = {
             data: { access_token: accessToken, expires },
         };
@@ -325,8 +336,8 @@ function createLDAPAuthRouter(provider) {
             res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
                 httpOnly: true,
                 domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: (_b = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _b !== void 0 ? _b : false,
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
+                secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
                 sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
             });
         }

package/dist/auth/drivers/local.d.ts

@@ -1,6 +1,6 @@
 import { Router } from 'express';
+import type { User } from '../../types';
 import { AuthDriver } from '../auth';
-import { User } from '../../types';
 export declare class LocalAuthDriver extends AuthDriver {
     getUserID(payload: Record<string, any>): Promise<string>;
     verify(user: User, password?: string): Promise<void>;

package/dist/auth/drivers/local.js

@@ -4,19 +4,19 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createLocalAuthRouter = exports.LocalAuthDriver = void 0;
-const express_1 = require("express");
 const argon2_1 = __importDefault(require("argon2"));
+const express_1 = require("express");
 const joi_1 = __importDefault(require("joi"));
-const auth_1 = require("../auth");
+const perf_hooks_1 = require("perf_hooks");
+const constants_1 = require("../../constants");
+const env_1 = __importDefault(require("../../env"));
 const exceptions_1 = require("../../exceptions");
+const respond_1 = require("../../middleware/respond");
 const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
-const env_1 = __importDefault(require("../../env"));
-const respond_1 = require("../../middleware/respond");
-const constants_1 = require("../../constants");
 const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
-const perf_hooks_1 = require("perf_hooks");
 const stall_1 = require("../../utils/stall");
+const auth_1 = require("../auth");
 class LocalAuthDriver extends auth_1.AuthDriver {
     async getUserID(payload) {
         if (!payload.email) {
@@ -51,15 +51,18 @@ function createLocalAuthRouter(provider) {
         otp: joi_1.default.string(),
     }).unknown();
     router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
-        var _a;
         const STALL_TIME = env_1.default.LOGIN_STALL_TIME;
         const timeStart = perf_hooks_1.performance.now();
         const accountability = {
             ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-            userAgent: req.get('user-agent'),
-            origin: req.get('origin'),
             role: null,
         };
+        const userAgent = req.get('user-agent');
+        if (userAgent)
+            accountability.userAgent = userAgent;
+        const origin = req.get('origin');
+        if (origin)
+            accountability.origin = origin;
         const authenticationService = new services_1.AuthenticationService({
             accountability: accountability,
             schema: req.schema,
@@ -70,7 +73,7 @@ function createLocalAuthRouter(provider) {
             throw new exceptions_1.InvalidPayloadException(error.message);
         }
         const mode = req.body.mode || 'json';
-        const { accessToken, refreshToken, expires } = await authenticationService.login(provider, req.body, (_a = req.body) === null || _a === void 0 ? void 0 : _a.otp);
+        const { accessToken, refreshToken, expires } = await authenticationService.login(provider, req.body, req.body?.otp);
         const payload = {
             data: { access_token: accessToken, expires },
         };

package/dist/auth/drivers/oauth2.d.ts

@@ -1,7 +1,7 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
 import { UsersService } from '../../services';
-import { AuthDriverOptions, User } from '../../types';
+import type { AuthDriverOptions, User } from '../../types';
 import { LocalAuthDriver } from './local';
 export declare class OAuth2AuthDriver extends LocalAuthDriver {
     client: Client;

package/dist/auth/drivers/oauth2.js

@@ -32,7 +32,6 @@ const utils_1 = require("@directus/shared/utils");
 const express_1 = __importStar(require("express"));
 const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const ms_1 = __importDefault(require("ms"));
 const openid_client_1 = require("openid-client");
 const auth_1 = require("../../auth");
 const env_1 = __importDefault(require("../../env"));
@@ -44,9 +43,14 @@ const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
 const get_config_from_env_1 = require("../../utils/get-config-from-env");
 const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const get_milliseconds_1 = require("../../utils/get-milliseconds");
 const url_1 = require("../../utils/url");
 const local_1 = require("./local");
 class OAuth2AuthDriver extends local_1.LocalAuthDriver {
+    client;
+    redirectUrl;
+    usersService;
+    config;
     constructor(options, config) {
         super(options, config);
         const { authorizeUrl, accessUrl, profileUrl, clientId, clientSecret, ...additionalConfig } = config;
@@ -76,12 +80,11 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         return openid_client_1.generators.codeVerifier();
     }
     generateAuthUrl(codeVerifier, prompt = false) {
-        var _a;
         try {
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
             const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
             return this.client.authorizationUrl({
-                scope: (_a = this.config.scope) !== null && _a !== void 0 ? _a : 'email',
+                scope: this.config.scope ?? 'email',
                 access_type: 'offline',
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
@@ -101,7 +104,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
             .from('directus_users')
             .whereRaw('LOWER(??) = ?', ['external_identifier', identifier.toLowerCase()])
             .first();
-        return user === null || user === void 0 ? void 0 : user.id;
+        return user?.id;
     }
     async getUserID(payload) {
         if (!payload.code || !payload.codeVerifier || !payload.state) {
@@ -120,7 +123,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, emailKey, identifierKey, allowPublicRegistration } = this.config;
-        const email = userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email'] ? String(userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email']) : undefined;
+        const email = userInfo[emailKey ?? 'email'] ? String(userInfo[emailKey ?? 'email']) : undefined;
         // Fallback to email if explicit identifier not found
         const identifier = userInfo[identifierKey] ? String(userInfo[identifierKey]) : email;
         if (!identifier) {
@@ -175,7 +178,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`[OAuth2] Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (authData === null || authData === void 0 ? void 0 : authData.refreshToken) {
+        if (authData?.refreshToken) {
             try {
                 const tokenSet = await this.client.refresh(authData.refreshToken);
                 // Update user refreshToken if provided
@@ -234,7 +237,6 @@ function createOAuth2AuthRouter(providerName) {
         res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
     }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
-        var _a;
         let tokenData;
         try {
             tokenData = jsonwebtoken_1.default.verify(req.cookies[`oauth2.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
@@ -244,13 +246,18 @@ function createOAuth2AuthRouter(providerName) {
             throw new exceptions_2.InvalidCredentialsException();
         }
         const { verifier, redirect, prompt } = tokenData;
+        const accountability = {
+            ip: (0, get_ip_from_req_1.getIPFromReq)(req),
+            role: null,
+        };
+        const userAgent = req.get('user-agent');
+        if (userAgent)
+            accountability.userAgent = userAgent;
+        const origin = req.get('origin');
+        if (origin)
+            accountability.origin = origin;
         const authenticationService = new services_1.AuthenticationService({
-            accountability: {
-                ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-                userAgent: req.get('user-agent'),
-                origin: req.get('origin'),
-                role: null,
-            },
+            accountability,
             schema: req.schema,
         });
         let authResponse;
@@ -285,8 +292,8 @@ function createOAuth2AuthRouter(providerName) {
             res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
                 httpOnly: true,
                 domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
+                secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
                 sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
             });
             return res.redirect(redirect);

package/dist/auth/drivers/openid.d.ts

@@ -1,7 +1,7 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
 import { UsersService } from '../../services';
-import { AuthDriverOptions, User } from '../../types';
+import type { AuthDriverOptions, User } from '../../types';
 import { LocalAuthDriver } from './local';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: Promise<Client>;

package/dist/auth/drivers/openid.js

@@ -32,7 +32,6 @@ const utils_1 = require("@directus/shared/utils");
 const express_1 = __importStar(require("express"));
 const flat_1 = __importDefault(require("flat"));
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const ms_1 = __importDefault(require("ms"));
 const openid_client_1 = require("openid-client");
 const auth_1 = require("../../auth");
 const env_1 = __importDefault(require("../../env"));
@@ -44,9 +43,14 @@ const services_1 = require("../../services");
 const async_handler_1 = __importDefault(require("../../utils/async-handler"));
 const get_config_from_env_1 = require("../../utils/get-config-from-env");
 const get_ip_from_req_1 = require("../../utils/get-ip-from-req");
+const get_milliseconds_1 = require("../../utils/get-milliseconds");
 const url_1 = require("../../utils/url");
 const local_1 = require("./local");
 class OpenIDAuthDriver extends local_1.LocalAuthDriver {
+    client;
+    redirectUrl;
+    usersService;
+    config;
     constructor(options, config) {
         super(options, config);
         const { issuerUrl, clientId, clientSecret, ...additionalConfig } = config;
@@ -62,7 +66,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
             openid_client_1.Issuer.discover(issuerUrl)
                 .then((issuer) => {
                 const supportedTypes = issuer.metadata.response_types_supported;
-                if (!(supportedTypes === null || supportedTypes === void 0 ? void 0 : supportedTypes.includes('code'))) {
+                if (!supportedTypes?.includes('code')) {
                     reject(new exceptions_2.InvalidConfigException('OpenID provider does not support required code flow', {
                         provider: additionalConfig.provider,
                     }));
@@ -85,13 +89,12 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         return openid_client_1.generators.codeVerifier();
     }
     async generateAuthUrl(codeVerifier, prompt = false) {
-        var _a;
         try {
             const client = await this.client;
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
             const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
             return client.authorizationUrl({
-                scope: (_a = this.config.scope) !== null && _a !== void 0 ? _a : 'openid profile email',
+                scope: this.config.scope ?? 'openid profile email',
                 access_type: 'offline',
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
@@ -112,7 +115,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
             .from('directus_users')
             .whereRaw('LOWER(??) = ?', ['external_identifier', identifier.toLowerCase()])
             .first();
-        return user === null || user === void 0 ? void 0 : user.id;
+        return user?.id;
     }
     async getUserID(payload) {
         if (!payload.code || !payload.codeVerifier || !payload.state) {
@@ -141,7 +144,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail } = this.config;
         const email = userInfo.email ? String(userInfo.email) : undefined;
         // Fallback to email if explicit identifier not found
-        const identifier = userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub'] ? String(userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub']) : email;
+        const identifier = userInfo[identifierKey ?? 'sub'] ? String(userInfo[identifierKey ?? 'sub']) : email;
         if (!identifier) {
             logger_1.default.warn(`[OpenID] Failed to find user identifier for provider "${provider}"`);
             throw new exceptions_2.InvalidCredentialsException();
@@ -195,7 +198,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`[OpenID] Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (authData === null || authData === void 0 ? void 0 : authData.refreshToken) {
+        if (authData?.refreshToken) {
             try {
                 const client = await this.client;
                 const tokenSet = await client.refresh(authData.refreshToken);
@@ -255,7 +258,6 @@ function createOpenIDAuthRouter(providerName) {
         res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
     }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
-        var _a;
         let tokenData;
         try {
             tokenData = jsonwebtoken_1.default.verify(req.cookies[`openid.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
@@ -265,13 +267,18 @@ function createOpenIDAuthRouter(providerName) {
             throw new exceptions_2.InvalidCredentialsException();
         }
         const { verifier, redirect, prompt } = tokenData;
+        const accountability = {
+            ip: (0, get_ip_from_req_1.getIPFromReq)(req),
+            role: null,
+        };
+        const userAgent = req.get('user-agent');
+        if (userAgent)
+            accountability.userAgent = userAgent;
+        const origin = req.get('origin');
+        if (origin)
+            accountability.origin = origin;
         const authenticationService = new services_1.AuthenticationService({
-            accountability: {
-                ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-                userAgent: req.get('user-agent'),
-                origin: req.get('origin'),
-                role: null,
-            },
+            accountability,
             schema: req.schema,
         });
         let authResponse;
@@ -307,8 +314,8 @@ function createOpenIDAuthRouter(providerName) {
             res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
                 httpOnly: true,
                 domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
+                secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
                 sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
             });
             return res.redirect(redirect);

package/dist/auth/drivers/saml.d.ts

@@ -1,5 +1,5 @@
 import { UsersService } from '../../services';
-import { AuthDriverOptions, User } from '../../types';
+import type { AuthDriverOptions, User } from '../../types';
 import { LocalAuthDriver } from './local';
 export declare class SAMLAuthDriver extends LocalAuthDriver {
     idp: any;