directus 9.23.1 → 9.23.3

package/dist/cache.d.ts

@@ -1,12 +1,20 @@
 import Keyv from 'keyv';
+import type { SchemaOverview } from '@directus/shared/types';
 export declare function getCache(): {
     cache: Keyv | null;
     systemCache: Keyv;
+    sharedSchemaCache: Keyv;
+    localSchemaCache: Keyv;
     lockCache: Keyv;
 };
 export declare function flushCaches(forced?: boolean): Promise<void>;
-export declare function clearSystemCache(forced?: boolean): Promise<void>;
+export declare function clearSystemCache(opts?: {
+    forced?: boolean | undefined;
+    autoPurgeCache?: false | undefined;
+}): Promise<void>;
 export declare function setSystemCache(key: string, value: any, ttl?: number): Promise<void>;
 export declare function getSystemCache(key: string): Promise<Record<string, any>>;
+export declare function setSchemaCache(schema: SchemaOverview): Promise<void>;
+export declare function getSchemaCache(): Promise<SchemaOverview | undefined>;
 export declare function setCacheValue(cache: Keyv, key: string, value: Record<string, any> | Record<string, any>[], ttl?: number): Promise<void>;
 export declare function getCacheValue(cache: Keyv, key: string): Promise<any>;

package/dist/cache.js

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCacheValue = exports.setCacheValue = exports.getSystemCache = exports.setSystemCache = exports.clearSystemCache = exports.flushCaches = exports.getCache = void 0;
+exports.getCacheValue = exports.setCacheValue = exports.getSchemaCache = exports.setSchemaCache = exports.getSystemCache = exports.setSystemCache = exports.clearSystemCache = exports.flushCaches = exports.getCache = void 0;
 const keyv_1 = __importDefault(require("keyv"));
 const env_1 = __importDefault(require("./env"));
 const logger_1 = __importDefault(require("./logger"));
@@ -11,40 +11,64 @@ const compress_1 = require("./utils/compress");
 const get_config_from_env_1 = require("./utils/get-config-from-env");
 const get_milliseconds_1 = require("./utils/get-milliseconds");
 const validate_env_1 = require("./utils/validate-env");
+const messenger_1 = require("./messenger");
+const utils_1 = require("@directus/shared/utils");
 let cache = null;
 let systemCache = null;
+let localSchemaCache = null;
+let sharedSchemaCache = null;
 let lockCache = null;
+let messengerSubscribed = false;
+const messenger = (0, messenger_1.getMessenger)();
+if (env_1.default.MESSENGER_STORE === 'redis' && env_1.default.CACHE_STORE === 'memory' && env_1.default.CACHE_AUTO_PURGE && !messengerSubscribed) {
+    messengerSubscribed = true;
+    messenger.subscribe('schemaChanged', async (opts) => {
+        if (cache && opts?.autoPurgeCache !== false) {
+            await cache.clear();
+        }
+    });
+}
 function getCache() {
     if (env_1.default.CACHE_ENABLED === true && cache === null) {
         (0, validate_env_1.validateEnv)(['CACHE_NAMESPACE', 'CACHE_TTL', 'CACHE_STORE']);
-        cache = getKeyvInstance((0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_TTL));
+        cache = getKeyvInstance(env_1.default.CACHE_STORE, (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_TTL));
         cache.on('error', (err) => logger_1.default.warn(err, `[cache] ${err}`));
     }
     if (systemCache === null) {
-        systemCache = getKeyvInstance((0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_SYSTEM_TTL), '_system');
-        systemCache.on('error', (err) => logger_1.default.warn(err, `[cache] ${err}`));
+        systemCache = getKeyvInstance(env_1.default.CACHE_STORE, (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_SYSTEM_TTL), '_system');
+        systemCache.on('error', (err) => logger_1.default.warn(err, `[system-cache] ${err}`));
+    }
+    if (sharedSchemaCache === null) {
+        sharedSchemaCache = getKeyvInstance(env_1.default.CACHE_STORE, (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_SYSTEM_TTL), '_schema_shared');
+        sharedSchemaCache.on('error', (err) => logger_1.default.warn(err, `[shared-schema-cache] ${err}`));
+    }
+    if (localSchemaCache === null) {
+        localSchemaCache = getKeyvInstance('memory', (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_SYSTEM_TTL), '_schema');
+        localSchemaCache.on('error', (err) => logger_1.default.warn(err, `[schema-cache] ${err}`));
     }
     if (lockCache === null) {
-        lockCache = getKeyvInstance(undefined, '_lock');
-        lockCache.on('error', (err) => logger_1.default.warn(err, `[cache] ${err}`));
+        lockCache = getKeyvInstance(env_1.default.CACHE_STORE, undefined, '_lock');
+        lockCache.on('error', (err) => logger_1.default.warn(err, `[lock-cache] ${err}`));
     }
-    return { cache, systemCache, lockCache };
+    return { cache, systemCache, sharedSchemaCache, localSchemaCache, lockCache };
 }
 exports.getCache = getCache;
 async function flushCaches(forced) {
     const { cache } = getCache();
-    await clearSystemCache(forced);
-    await (cache === null || cache === void 0 ? void 0 : cache.clear());
+    await clearSystemCache({ forced });
+    await cache?.clear();
 }
 exports.flushCaches = flushCaches;
-async function clearSystemCache(forced) {
-    const { systemCache, lockCache } = getCache();
+async function clearSystemCache(opts) {
+    const { systemCache, localSchemaCache, lockCache } = getCache();
     // Flush system cache when forced or when system cache lock not set
-    if (forced || !(await lockCache.get('system-cache-lock'))) {
+    if (opts?.forced || !(await lockCache.get('system-cache-lock'))) {
         await lockCache.set('system-cache-lock', true, 10000);
         await systemCache.clear();
         await lockCache.delete('system-cache-lock');
     }
+    await localSchemaCache.clear();
+    messenger.publish('schemaChanged', { autoPurgeCache: opts?.autoPurgeCache });
 }
 exports.clearSystemCache = clearSystemCache;
 async function setSystemCache(key, value, ttl) {
@@ -59,6 +83,25 @@ async function getSystemCache(key) {
     return await getCacheValue(systemCache, key);
 }
 exports.getSystemCache = getSystemCache;
+async function setSchemaCache(schema) {
+    const { localSchemaCache, sharedSchemaCache } = getCache();
+    const schemaHash = await (0, utils_1.getSimpleHash)(JSON.stringify(schema));
+    await sharedSchemaCache.set('hash', schemaHash);
+    await localSchemaCache.set('schema', schema);
+    await localSchemaCache.set('hash', schemaHash);
+}
+exports.setSchemaCache = setSchemaCache;
+async function getSchemaCache() {
+    const { localSchemaCache, sharedSchemaCache } = getCache();
+    const sharedSchemaHash = await sharedSchemaCache.get('hash');
+    if (!sharedSchemaHash)
+        return;
+    const localSchemaHash = await localSchemaCache.get('hash');
+    if (!localSchemaHash || localSchemaHash !== sharedSchemaHash)
+        return;
+    return await localSchemaCache.get('schema');
+}
+exports.getSchemaCache = getSchemaCache;
 async function setCacheValue(cache, key, value, ttl) {
     const compressed = await (0, compress_1.compress)(value);
     await cache.set(key, compressed, ttl);
@@ -72,8 +115,8 @@ async function getCacheValue(cache, key) {
     return decompressed;
 }
 exports.getCacheValue = getCacheValue;
-function getKeyvInstance(ttl, namespaceSuffix) {
-    switch (env_1.default.CACHE_STORE) {
+function getKeyvInstance(store, ttl, namespaceSuffix) {
+    switch (store) {
         case 'redis':
             return new keyv_1.default(getConfig('redis', ttl, namespaceSuffix));
         case 'memcache':

package/dist/cli/commands/bootstrap/index.js

@@ -26,13 +26,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const database_1 = __importStar(require("../../../database"));
 const run_1 = __importDefault(require("../../../database/migrations/run"));
 const run_2 = __importDefault(require("../../../database/seeds/run"));
 const env_1 = __importDefault(require("../../../env"));
 const logger_1 = __importDefault(require("../../../logger"));
-const get_schema_1 = require("../../../utils/get-schema");
 const services_1 = require("../../../services");
-const database_1 = __importStar(require("../../../database"));
+const get_schema_1 = require("../../../utils/get-schema");
 const defaults_1 = require("../../utils/defaults");
 async function bootstrap({ skipAdminInit }) {
     logger_1.default.info('Initializing bootstrap...');

package/dist/cli/commands/init/index.js

@@ -6,17 +6,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const chalk_1 = __importDefault(require("chalk"));
 const execa_1 = __importDefault(require("execa"));
 const inquirer_1 = __importDefault(require("inquirer"));
+const joi_1 = __importDefault(require("joi"));
 const ora_1 = __importDefault(require("ora"));
 const uuid_1 = require("uuid");
-const joi_1 = __importDefault(require("joi"));
 const run_1 = __importDefault(require("../../../database/migrations/run"));
 const run_2 = __importDefault(require("../../../database/seeds/run"));
+const generate_hash_1 = require("../../../utils/generate-hash");
 const create_db_connection_1 = __importDefault(require("../../utils/create-db-connection"));
 const create_env_1 = __importDefault(require("../../utils/create-env"));
+const defaults_1 = require("../../utils/defaults");
 const drivers_1 = require("../../utils/drivers");
 const questions_1 = require("./questions");
-const generate_hash_1 = require("../../../utils/generate-hash");
-const defaults_1 = require("../../utils/defaults");
 async function init() {
     const rootPath = process.cwd();
     const { client } = await inquirer_1.default.prompt([

package/dist/cli/commands/schema/apply.js

@@ -41,7 +41,6 @@ const apply_snapshot_1 = require("../../../utils/apply-snapshot");
 const get_snapshot_1 = require("../../../utils/get-snapshot");
 const get_snapshot_diff_1 = require("../../../utils/get-snapshot-diff");
 async function apply(snapshotPath, options) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
     const filename = path_1.default.resolve(process.cwd(), snapshotPath);
     const database = (0, database_1.default)();
     await (0, database_1.validateDatabaseConnection)(database);
@@ -68,14 +67,14 @@ async function apply(snapshotPath, options) {
             database.destroy();
             process.exit(0);
         }
-        const dryRun = (options === null || options === void 0 ? void 0 : options.dryRun) === true;
-        const promptForChanges = !dryRun && (options === null || options === void 0 ? void 0 : options.yes) !== true;
+        const dryRun = options?.dryRun === true;
+        const promptForChanges = !dryRun && options?.yes !== true;
         if (dryRun || promptForChanges) {
             let message = '';
             if (snapshotDiff.collections.length > 0) {
                 message += chalk_1.default.black.underline.bold('Collections:');
                 for (const { collection, diff } of snapshotDiff.collections) {
-                    if (((_a = diff[0]) === null || _a === void 0 ? void 0 : _a.kind) === types_1.DiffKind.EDIT) {
+                    if (diff[0]?.kind === types_1.DiffKind.EDIT) {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}`;
                         for (const change of diff) {
                             if (change.kind === types_1.DiffKind.EDIT) {
@@ -84,13 +83,13 @@ async function apply(snapshotPath, options) {
                             }
                         }
                     }
-                    else if (((_b = diff[0]) === null || _b === void 0 ? void 0 : _b.kind) === types_1.DiffKind.DELETE) {
+                    else if (diff[0]?.kind === types_1.DiffKind.DELETE) {
                         message += `\n  - ${chalk_1.default.red('Delete')} ${collection}`;
                     }
-                    else if (((_c = diff[0]) === null || _c === void 0 ? void 0 : _c.kind) === types_1.DiffKind.NEW) {
+                    else if (diff[0]?.kind === types_1.DiffKind.NEW) {
                         message += `\n  - ${chalk_1.default.green('Create')} ${collection}`;
                     }
-                    else if (((_d = diff[0]) === null || _d === void 0 ? void 0 : _d.kind) === types_1.DiffKind.ARRAY) {
+                    else if (diff[0]?.kind === types_1.DiffKind.ARRAY) {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}`;
                     }
                 }
@@ -98,7 +97,7 @@ async function apply(snapshotPath, options) {
             if (snapshotDiff.fields.length > 0) {
                 message += '\n\n' + chalk_1.default.black.underline.bold('Fields:');
                 for (const { collection, field, diff } of snapshotDiff.fields) {
-                    if (((_e = diff[0]) === null || _e === void 0 ? void 0 : _e.kind) === types_1.DiffKind.EDIT || (0, apply_diff_1.isNestedMetaUpdate)(diff[0])) {
+                    if (diff[0]?.kind === types_1.DiffKind.EDIT || (0, apply_diff_1.isNestedMetaUpdate)(diff[0])) {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
                         for (const change of diff) {
                             const path = change.path.slice(1).join('.');
@@ -113,13 +112,13 @@ async function apply(snapshotPath, options) {
                             }
                         }
                     }
-                    else if (((_f = diff[0]) === null || _f === void 0 ? void 0 : _f.kind) === types_1.DiffKind.DELETE) {
+                    else if (diff[0]?.kind === types_1.DiffKind.DELETE) {
                         message += `\n  - ${chalk_1.default.red('Delete')} ${collection}.${field}`;
                     }
-                    else if (((_g = diff[0]) === null || _g === void 0 ? void 0 : _g.kind) === types_1.DiffKind.NEW) {
+                    else if (diff[0]?.kind === types_1.DiffKind.NEW) {
                         message += `\n  - ${chalk_1.default.green('Create')} ${collection}.${field}`;
                     }
-                    else if (((_h = diff[0]) === null || _h === void 0 ? void 0 : _h.kind) === types_1.DiffKind.ARRAY) {
+                    else if (diff[0]?.kind === types_1.DiffKind.ARRAY) {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
                     }
                 }
@@ -127,7 +126,7 @@ async function apply(snapshotPath, options) {
             if (snapshotDiff.relations.length > 0) {
                 message += '\n\n' + chalk_1.default.black.underline.bold('Relations:');
                 for (const { collection, field, related_collection, diff } of snapshotDiff.relations) {
-                    if (((_j = diff[0]) === null || _j === void 0 ? void 0 : _j.kind) === types_1.DiffKind.EDIT) {
+                    if (diff[0]?.kind === types_1.DiffKind.EDIT) {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
                         for (const change of diff) {
                             if (change.kind === types_1.DiffKind.EDIT) {
@@ -136,13 +135,13 @@ async function apply(snapshotPath, options) {
                             }
                         }
                     }
-                    else if (((_k = diff[0]) === null || _k === void 0 ? void 0 : _k.kind) === types_1.DiffKind.DELETE) {
+                    else if (diff[0]?.kind === types_1.DiffKind.DELETE) {
                         message += `\n  - ${chalk_1.default.red('Delete')} ${collection}.${field}`;
                     }
-                    else if (((_l = diff[0]) === null || _l === void 0 ? void 0 : _l.kind) === types_1.DiffKind.NEW) {
+                    else if (diff[0]?.kind === types_1.DiffKind.NEW) {
                         message += `\n  - ${chalk_1.default.green('Create')} ${collection}.${field}`;
                     }
-                    else if (((_m = diff[0]) === null || _m === void 0 ? void 0 : _m.kind) === types_1.DiffKind.ARRAY) {
+                    else if (diff[0]?.kind === types_1.DiffKind.ARRAY) {
                         message += `\n  - ${chalk_1.default.blue('Update')} ${collection}.${field}`;
                     }
                     else {

package/dist/cli/commands/schema/snapshot.js

@@ -16,7 +16,7 @@ async function snapshot(snapshotPath, options) {
     try {
         const snapshot = await (0, get_snapshot_1.getSnapshot)({ database });
         let snapshotString;
-        if ((options === null || options === void 0 ? void 0 : options.format) === 'yaml') {
+        if (options?.format === 'yaml') {
             snapshotString = (0, js_yaml_1.dump)(snapshot);
         }
         else {
@@ -32,7 +32,7 @@ async function snapshot(snapshotPath, options) {
             catch {
                 snapshotExists = false;
             }
-            if (snapshotExists && (options === null || options === void 0 ? void 0 : options.yes) === false) {
+            if (snapshotExists && options?.yes === false) {
                 const { overwrite } = await inquirer_1.default.prompt([
                     {
                         type: 'confirm',

package/dist/cli/utils/create-db-connection.d.ts

@@ -1,5 +1,5 @@
 import { Knex } from 'knex';
-import { Driver } from '../../types';
+import type { Driver } from '../../types';
 export type Credentials = {
     filename?: string;
     host?: string;

package/dist/cli/utils/create-db-connection.js

@@ -29,7 +29,8 @@ function createDBConnection(client, credentials) {
         }
         if (client === 'mssql') {
             const { options__encrypt } = credentials;
-            connection['options'] = {
+            connection = {
+                ...connection,
                 encrypt: options__encrypt,
             };
         }

package/dist/cli/utils/create-env/index.d.ts

@@ -1,3 +1,3 @@
-import { Credentials } from '../create-db-connection';
-import { drivers } from '../drivers';
+import type { Credentials } from '../create-db-connection';
+import type { drivers } from '../drivers';
 export default function createEnv(client: keyof typeof drivers, credentials: Credentials, directory: string): Promise<void>;

package/dist/cli/utils/drivers.d.ts

@@ -1,3 +1,3 @@
-import { Driver } from '../../types';
+import type { Driver } from '../../types';
 export declare const drivers: Record<Driver, string>;
 export declare function getDriverForClient(client: string): Driver | null;

package/dist/constants.d.ts

@@ -1,5 +1,5 @@
-import { CookieOptions } from 'express';
-import { TransformationParams } from './types';
+import type { CookieOptions } from 'express';
+import type { TransformationParams } from './types';
 export declare const SYSTEM_ASSET_ALLOW_LIST: TransformationParams[];
 export declare const ASSET_TRANSFORM_QUERY_KEYS: string[];
 export declare const FILTER_VARIABLES: string[];

package/dist/constants.js

@@ -2,7 +2,6 @@
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
-var _a;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OAS_REQUIRED_SCHEMAS = exports.COOKIE_OPTIONS = exports.UUID_REGEX = exports.GENERATE_SPECIAL = exports.COLUMN_TRANSFORMS = exports.DEFAULT_AUTH_PROVIDER = exports.ALIAS_TYPES = exports.FILTER_VARIABLES = exports.ASSET_TRANSFORM_QUERY_KEYS = exports.SYSTEM_ASSET_ALLOW_LIST = void 0;
 const env_1 = __importDefault(require("./env"));
@@ -53,7 +52,7 @@ exports.COOKIE_OPTIONS = {
     httpOnly: true,
     domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
     maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
-    secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
+    secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
     sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
 };
-exports.OAS_REQUIRED_SCHEMAS = ['Query', 'x-metadata'];
+exports.OAS_REQUIRED_SCHEMAS = ['Diff', 'Schema', 'Query', 'x-metadata'];

package/dist/controllers/activity.js

@@ -60,7 +60,6 @@ const createCommentSchema = joi_1.default.object({
     item: [joi_1.default.number().required(), joi_1.default.string().required()],
 });
 router.post('/comment', (0, async_handler_1.default)(async (req, res, next) => {
-    var _a;
     const service = new services_1.ActivityService({
         accountability: req.accountability,
         schema: req.schema,
@@ -72,7 +71,7 @@ router.post('/comment', (0, async_handler_1.default)(async (req, res, next) => {
     const primaryKey = await service.createOne({
         ...req.body,
         action: types_1.Action.COMMENT,
-        user: (_a = req.accountability) === null || _a === void 0 ? void 0 : _a.user,
+        user: req.accountability?.user,
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
         user_agent: req.get('user-agent'),
         origin: req.get('origin'),

package/dist/controllers/assets.js

@@ -103,8 +103,7 @@ router.get('/:pk/:filename?',
 }), 
 // Return file
 (0, async_handler_1.default)(async (req, res) => {
-    var _a, _b;
-    const id = (_a = req.params.pk) === null || _a === void 0 ? void 0 : _a.substring(0, 36);
+    const id = req.params.pk?.substring(0, 36);
     const service = new services_1.AssetsService({
         accountability: req.accountability,
         schema: req.schema,
@@ -115,16 +114,22 @@ router.get('/:pk/:filename?',
     let range = undefined;
     if (req.headers.range) {
         const rangeParts = /bytes=([0-9]*)-([0-9]*)/.exec(req.headers.range);
-        range = {
-            start: (rangeParts === null || rangeParts === void 0 ? void 0 : rangeParts[1]) ? Number(rangeParts[1]) : undefined,
-            end: (rangeParts === null || rangeParts === void 0 ? void 0 : rangeParts[2]) ? Number(rangeParts[2]) : undefined,
-        };
-        if (Number.isNaN(range.start) || Number.isNaN(range.end)) {
-            throw new exceptions_1.RangeNotSatisfiableException(range);
+        if (rangeParts && rangeParts.length > 1) {
+            range = {};
+            if (rangeParts[1]) {
+                range.start = Number(rangeParts[1]);
+                if (Number.isNaN(range.start))
+                    throw new exceptions_1.RangeNotSatisfiableException(range);
+            }
+            if (rangeParts[2]) {
+                range.end = Number(rangeParts[2]);
+                if (Number.isNaN(range.end))
+                    throw new exceptions_1.RangeNotSatisfiableException(range);
+            }
         }
     }
     const { stream, file, stat } = await service.getAsset(id, transformation, range);
-    res.attachment((_b = req.params.filename) !== null && _b !== void 0 ? _b : file.filename_download);
+    res.attachment(req.params.filename ?? file.filename_download);
     res.setHeader('Content-Type', file.type);
     res.setHeader('Accept-Ranges', 'bytes');
     res.setHeader('Cache-Control', (0, get_cache_headers_1.getCacheControlHeader)(req, (0, get_milliseconds_1.getMilliseconds)(env_1.default.ASSETS_CACHE_TTL), false, true));

package/dist/controllers/auth.js

@@ -4,17 +4,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const express_1 = require("express");
+const drivers_1 = require("../auth/drivers");
+const constants_1 = require("../constants");
 const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
+const logger_1 = __importDefault(require("../logger"));
 const respond_1 = require("../middleware/respond");
 const services_1 = require("../services");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const get_auth_providers_1 = require("../utils/get-auth-providers");
-const logger_1 = __importDefault(require("../logger"));
-const drivers_1 = require("../auth/drivers");
-const constants_1 = require("../constants");
 const get_ip_from_req_1 = require("../utils/get-ip-from-req");
-const constants_2 = require("../constants");
 const router = (0, express_1.Router)();
 const authProviders = (0, get_auth_providers_1.getAuthProviders)();
 for (const authProvider of authProviders) {
@@ -48,10 +47,14 @@ if (!env_1.default.AUTH_DISABLE_DEFAULT) {
 router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-        userAgent: req.get('user-agent'),
-        origin: req.get('origin'),
         role: null,
     };
+    const userAgent = req.get('user-agent');
+    if (userAgent)
+        accountability.userAgent = userAgent;
+    const origin = req.get('origin');
+    if (origin)
+        accountability.origin = origin;
     const authenticationService = new services_1.AuthenticationService({
         accountability: accountability,
         schema: req.schema,
@@ -69,19 +72,22 @@ router.post('/refresh', (0, async_handler_1.default)(async (req, res, next) => {
         payload.data.refresh_token = refreshToken;
     }
     if (mode === 'cookie') {
-        res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_2.COOKIE_OPTIONS);
+        res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_1.COOKIE_OPTIONS);
     }
     res.locals.payload = payload;
     return next();
 }), respond_1.respond);
 router.post('/logout', (0, async_handler_1.default)(async (req, res, next) => {
-    var _a;
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-        userAgent: req.get('user-agent'),
-        origin: req.get('origin'),
         role: null,
     };
+    const userAgent = req.get('user-agent');
+    if (userAgent)
+        accountability.userAgent = userAgent;
+    const origin = req.get('origin');
+    if (origin)
+        accountability.origin = origin;
     const authenticationService = new services_1.AuthenticationService({
         accountability: accountability,
         schema: req.schema,
@@ -95,7 +101,7 @@ router.post('/logout', (0, async_handler_1.default)(async (req, res, next) => {
         res.clearCookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, {
             httpOnly: true,
             domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-            secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
+            secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
             sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
         });
     }
@@ -107,10 +113,14 @@ router.post('/password/request', (0, async_handler_1.default)(async (req, res, n
     }
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-        userAgent: req.get('user-agent'),
-        origin: req.get('origin'),
         role: null,
     };
+    const userAgent = req.get('user-agent');
+    if (userAgent)
+        accountability.userAgent = userAgent;
+    const origin = req.get('origin');
+    if (origin)
+        accountability.origin = origin;
     const service = new services_1.UsersService({ accountability, schema: req.schema });
     try {
         await service.requestPasswordReset(req.body.email, req.body.reset_url || null);
@@ -135,10 +145,14 @@ router.post('/password/reset', (0, async_handler_1.default)(async (req, res, nex
     }
     const accountability = {
         ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-        userAgent: req.get('user-agent'),
-        origin: req.get('origin'),
         role: null,
     };
+    const userAgent = req.get('user-agent');
+    if (userAgent)
+        accountability.userAgent = userAgent;
+    const origin = req.get('origin');
+    if (origin)
+        accountability.origin = origin;
     const service = new services_1.UsersService({ accountability, schema: req.schema });
     await service.resetPassword(req.body.token, req.body.password);
     return next();

package/dist/controllers/dashboards.js

@@ -10,6 +10,7 @@ const use_collection_1 = __importDefault(require("../middleware/use-collection")
 const validate_batch_1 = require("../middleware/validate-batch");
 const services_1 = require("../services");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
+const sanitize_query_1 = require("../utils/sanitize-query");
 const router = express_1.default.Router();
 router.use((0, use_collection_1.default)('directus_dashboards'));
 router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
@@ -82,7 +83,8 @@ router.patch('/', (0, validate_batch_1.validateBatch)('update'), (0, async_handl
         keys = await service.updateMany(req.body.keys, req.body.data);
     }
     else {
-        keys = await service.updateByQuery(req.body.query, req.body.data);
+        const sanitizedQuery = (0, sanitize_query_1.sanitizeQuery)(req.body.query, req.accountability);
+        keys = await service.updateByQuery(sanitizedQuery, req.body.data);
     }
     try {
         const result = await service.readMany(keys, req.sanitizedQuery);
@@ -126,7 +128,8 @@ router.delete('/', (0, async_handler_1.default)(async (req, res, next) => {
         await service.deleteMany(req.body.keys);
     }
     else {
-        await service.deleteByQuery(req.body.query);
+        const sanitizedQuery = (0, sanitize_query_1.sanitizeQuery)(req.body.query, req.accountability);
+        await service.deleteByQuery(sanitizedQuery);
     }
     return next();
 }), respond_1.respond);

package/dist/controllers/fields.js

@@ -3,15 +3,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const constants_1 = require("@directus/shared/constants");
 const express_1 = require("express");
 const joi_1 = __importDefault(require("joi"));
-const constants_1 = require("../constants");
+const constants_2 = require("../constants");
 const exceptions_1 = require("../exceptions");
 const collection_exists_1 = __importDefault(require("../middleware/collection-exists"));
 const respond_1 = require("../middleware/respond");
 const use_collection_1 = __importDefault(require("../middleware/use-collection"));
 const fields_1 = require("../services/fields");
-const constants_2 = require("@directus/shared/constants");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const router = (0, express_1.Router)();
 router.use((0, use_collection_1.default)('directus_fields'));
@@ -46,7 +46,7 @@ const newFieldSchema = joi_1.default.object({
     collection: joi_1.default.string().optional(),
     field: joi_1.default.string().required(),
     type: joi_1.default.string()
-        .valid(...constants_2.TYPES, ...constants_1.ALIAS_TYPES)
+        .valid(...constants_1.TYPES, ...constants_2.ALIAS_TYPES)
         .allow(null)
         .optional(),
     schema: joi_1.default.object({
@@ -110,7 +110,7 @@ router.patch('/:collection', collection_exists_1.default, (0, async_handler_1.de
 }), respond_1.respond);
 const updateSchema = joi_1.default.object({
     type: joi_1.default.string()
-        .valid(...constants_2.TYPES, ...constants_1.ALIAS_TYPES)
+        .valid(...constants_1.TYPES, ...constants_2.ALIAS_TYPES)
         .allow(null),
     schema: joi_1.default.object({
         default_value: joi_1.default.any(),

package/dist/controllers/files.js

@@ -18,6 +18,7 @@ const services_1 = require("../services");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 // @ts-ignore
 const format_title_1 = __importDefault(require("@directus/format-title"));
+const sanitize_query_1 = require("../utils/sanitize-query");
 const router = express_1.default.Router();
 router.use((0, use_collection_1.default)('directus_files'));
 const multipartHandler = (req, res, next) => {
@@ -63,12 +64,14 @@ const multipartHandler = (req, res, next) => {
             return busboy.emit('error', new exceptions_1.InvalidPayloadException(`File is missing filename`));
         }
         fileCount++;
-        if (!payload.title) {
-            payload.title = (0, format_title_1.default)(path_1.default.parse(filename).name);
+        if (!existingPrimaryKey) {
+            if (!payload.title) {
+                payload.title = (0, format_title_1.default)(path_1.default.parse(filename).name);
+            }
+            payload.filename_download = filename;
         }
         const payloadWithRequiredFields = {
             ...payload,
-            filename_download: filename,
             type: mimeType,
             storage: payload.storage || disk,
         };
@@ -209,7 +212,8 @@ router.patch('/', (0, validate_batch_1.validateBatch)('update'), (0, async_handl
         keys = await service.updateMany(req.body.keys, req.body.data);
     }
     else {
-        keys = await service.updateByQuery(req.body.query, req.body.data);
+        const sanitizedQuery = (0, sanitize_query_1.sanitizeQuery)(req.body.query, req.accountability);
+        keys = await service.updateByQuery(sanitizedQuery, req.body.data);
     }
     try {
         const result = await service.readMany(keys, req.sanitizedQuery);
@@ -253,7 +257,8 @@ router.delete('/', (0, validate_batch_1.validateBatch)('delete'), (0, async_hand
         await service.deleteMany(req.body.keys);
     }
     else {
-        await service.deleteByQuery(req.body.query);
+        const sanitizedQuery = (0, sanitize_query_1.sanitizeQuery)(req.body.query, req.accountability);
+        await service.deleteByQuery(sanitizedQuery);
     }
     return next();
 }), respond_1.respond);