directus 9.23.1 → 9.23.4

package/dist/auth/drivers/oauth2.js

@@ -47,13 +47,17 @@ const get_milliseconds_1 = require("../../utils/get-milliseconds");
 const url_1 = require("../../utils/url");
 const local_1 = require("./local");
 class OAuth2AuthDriver extends local_1.LocalAuthDriver {
+    client;
+    redirectUrl;
+    usersService;
+    config;
     constructor(options, config) {
         super(options, config);
         const { authorizeUrl, accessUrl, profileUrl, clientId, clientSecret, ...additionalConfig } = config;
-        if (!authorizeUrl || !accessUrl || !profileUrl || !clientId || !clientSecret || !additionalConfig.provider) {
-            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig.provider });
+        if (!authorizeUrl || !accessUrl || !profileUrl || !clientId || !clientSecret || !additionalConfig['provider']) {
+            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig['provider'] });
         }
-        const redirectUrl = new url_1.Url(env_1.default.PUBLIC_URL).addPath('auth', 'login', additionalConfig.provider, 'callback');
+        const redirectUrl = new url_1.Url(env_1.default['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
         this.redirectUrl = redirectUrl.toString();
         this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
@@ -61,9 +65,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
             authorization_endpoint: authorizeUrl,
             token_endpoint: accessUrl,
             userinfo_endpoint: profileUrl,
-            issuer: additionalConfig.provider,
+            issuer: additionalConfig['provider'],
         });
-        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_CLIENT_`, [`AUTH_${config.provider.toUpperCase()}_CLIENT_ID`, `AUTH_${config.provider.toUpperCase()}_CLIENT_SECRET`], 'underscore');
+        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_CLIENT_`, [`AUTH_${config['provider'].toUpperCase()}_CLIENT_ID`, `AUTH_${config['provider'].toUpperCase()}_CLIENT_SECRET`], 'underscore');
         this.client = new issuer.Client({
             client_id: clientId,
             client_secret: clientSecret,
@@ -76,12 +80,11 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         return openid_client_1.generators.codeVerifier();
     }
     generateAuthUrl(codeVerifier, prompt = false) {
-        var _a;
         try {
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
-            const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
+            const paramsConfig = typeof this.config['params'] === 'object' ? this.config['params'] : {};
             return this.client.authorizationUrl({
-                scope: (_a = this.config.scope) !== null && _a !== void 0 ? _a : 'email',
+                scope: this.config['scope'] ?? 'email',
                 access_type: 'offline',
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
@@ -101,17 +104,17 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
             .from('directus_users')
             .whereRaw('LOWER(??) = ?', ['external_identifier', identifier.toLowerCase()])
             .first();
-        return user === null || user === void 0 ? void 0 : user.id;
+        return user?.id;
     }
     async getUserID(payload) {
-        if (!payload.code || !payload.codeVerifier || !payload.state) {
+        if (!payload['code'] || !payload['codeVerifier'] || !payload['state']) {
             logger_1.default.warn('[OAuth2] No code, codeVerifier or state in payload');
             throw new exceptions_2.InvalidCredentialsException();
         }
         let tokenSet;
         let userInfo;
         try {
-            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload.code, state: payload.state }, { code_verifier: payload.codeVerifier, state: openid_client_1.generators.codeChallenge(payload.codeVerifier) });
+            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: openid_client_1.generators.codeChallenge(payload['codeVerifier']) });
             userInfo = await this.client.userinfo(tokenSet.access_token);
         }
         catch (e) {
@@ -120,7 +123,7 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, emailKey, identifierKey, allowPublicRegistration } = this.config;
-        const email = userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email'] ? String(userInfo[emailKey !== null && emailKey !== void 0 ? emailKey : 'email']) : undefined;
+        const email = userInfo[emailKey ?? 'email'] ? String(userInfo[emailKey ?? 'email']) : undefined;
         // Fallback to email if explicit identifier not found
         const identifier = userInfo[identifierKey] ? String(userInfo[identifierKey]) : email;
         if (!identifier) {
@@ -145,11 +148,11 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         try {
             await this.usersService.createOne({
                 provider,
-                first_name: userInfo[this.config.firstNameKey],
-                last_name: userInfo[this.config.lastNameKey],
+                first_name: userInfo[this.config['firstNameKey']],
+                last_name: userInfo[this.config['lastNameKey']],
                 email: email,
                 external_identifier: identifier,
-                role: this.config.defaultRoleId,
+                role: this.config['defaultRoleId'],
                 auth_data: tokenSet.refresh_token && JSON.stringify({ refreshToken: tokenSet.refresh_token }),
             });
         }
@@ -175,9 +178,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`[OAuth2] Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (authData === null || authData === void 0 ? void 0 : authData.refreshToken) {
+        if (authData?.['refreshToken']) {
             try {
-                const tokenSet = await this.client.refresh(authData.refreshToken);
+                const tokenSet = await this.client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
                     await this.usersService.updateOne(user.id, {
@@ -219,8 +222,8 @@ function createOAuth2AuthRouter(providerName) {
     router.get('/', (req, res) => {
         const provider = (0, auth_1.getAuthProvider)(providerName);
         const codeVerifier = provider.generateCodeVerifier();
-        const prompt = !!req.query.prompt;
-        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect, prompt }, env_1.default.SECRET, {
+        const prompt = !!req.query['prompt'];
+        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query['redirect'], prompt }, env_1.default['SECRET'], {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -234,32 +237,38 @@ function createOAuth2AuthRouter(providerName) {
         res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
     }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
-        var _a;
         let tokenData;
         try {
-            tokenData = jsonwebtoken_1.default.verify(req.cookies[`oauth2.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
+            tokenData = jsonwebtoken_1.default.verify(req.cookies[`oauth2.${providerName}`], env_1.default['SECRET'], {
+                issuer: 'directus',
+            });
         }
         catch (e) {
             logger_1.default.warn(e, `[OAuth2] Couldn't verify OAuth2 cookie`);
             throw new exceptions_2.InvalidCredentialsException();
         }
         const { verifier, redirect, prompt } = tokenData;
+        const accountability = {
+            ip: (0, get_ip_from_req_1.getIPFromReq)(req),
+            role: null,
+        };
+        const userAgent = req.get('user-agent');
+        if (userAgent)
+            accountability.userAgent = userAgent;
+        const origin = req.get('origin');
+        if (origin)
+            accountability.origin = origin;
         const authenticationService = new services_1.AuthenticationService({
-            accountability: {
-                ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-                userAgent: req.get('user-agent'),
-                origin: req.get('origin'),
-                role: null,
-            },
+            accountability,
             schema: req.schema,
         });
         let authResponse;
         try {
             res.clearCookie(`oauth2.${providerName}`);
             authResponse = await authenticationService.login(providerName, {
-                code: req.query.code,
+                code: req.query['code'],
                 codeVerifier: verifier,
-                state: req.query.state,
+                state: req.query['state'],
             });
         }
         catch (error) {
@@ -282,16 +291,16 @@ function createOAuth2AuthRouter(providerName) {
         }
         const { accessToken, refreshToken, expires } = authResponse;
         if (redirect) {
-            res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
+            res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, {
                 httpOnly: true,
-                domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
-                sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
+                domain: env_1.default['REFRESH_TOKEN_COOKIE_DOMAIN'],
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL']),
+                secure: env_1.default['REFRESH_TOKEN_COOKIE_SECURE'] ?? false,
+                sameSite: env_1.default['REFRESH_TOKEN_COOKIE_SAME_SITE'] || 'strict',
             });
             return res.redirect(redirect);
         }
-        res.locals.payload = {
+        res.locals['payload'] = {
             data: { access_token: accessToken, refresh_token: refreshToken, expires },
         };
         next();

package/dist/auth/drivers/openid.d.ts

@@ -1,7 +1,7 @@
 import { Router } from 'express';
 import { Client } from 'openid-client';
 import { UsersService } from '../../services';
-import { AuthDriverOptions, User } from '../../types';
+import type { AuthDriverOptions, User } from '../../types';
 import { LocalAuthDriver } from './local';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: Promise<Client>;

package/dist/auth/drivers/openid.js

@@ -47,24 +47,28 @@ const get_milliseconds_1 = require("../../utils/get-milliseconds");
 const url_1 = require("../../utils/url");
 const local_1 = require("./local");
 class OpenIDAuthDriver extends local_1.LocalAuthDriver {
+    client;
+    redirectUrl;
+    usersService;
+    config;
     constructor(options, config) {
         super(options, config);
         const { issuerUrl, clientId, clientSecret, ...additionalConfig } = config;
-        if (!issuerUrl || !clientId || !clientSecret || !additionalConfig.provider) {
-            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig.provider });
+        if (!issuerUrl || !clientId || !clientSecret || !additionalConfig['provider']) {
+            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig['provider'] });
         }
-        const redirectUrl = new url_1.Url(env_1.default.PUBLIC_URL).addPath('auth', 'login', additionalConfig.provider, 'callback');
-        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_CLIENT_`, [`AUTH_${config.provider.toUpperCase()}_CLIENT_ID`, `AUTH_${config.provider.toUpperCase()}_CLIENT_SECRET`], 'underscore');
+        const redirectUrl = new url_1.Url(env_1.default['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
+        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_CLIENT_`, [`AUTH_${config['provider'].toUpperCase()}_CLIENT_ID`, `AUTH_${config['provider'].toUpperCase()}_CLIENT_SECRET`], 'underscore');
         this.redirectUrl = redirectUrl.toString();
         this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
         this.client = new Promise((resolve, reject) => {
             openid_client_1.Issuer.discover(issuerUrl)
                 .then((issuer) => {
-                const supportedTypes = issuer.metadata.response_types_supported;
-                if (!(supportedTypes === null || supportedTypes === void 0 ? void 0 : supportedTypes.includes('code'))) {
+                const supportedTypes = issuer.metadata['response_types_supported'];
+                if (!supportedTypes?.includes('code')) {
                     reject(new exceptions_2.InvalidConfigException('OpenID provider does not support required code flow', {
-                        provider: additionalConfig.provider,
+                        provider: additionalConfig['provider'],
                     }));
                 }
                 resolve(new issuer.Client({
@@ -85,13 +89,12 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         return openid_client_1.generators.codeVerifier();
     }
     async generateAuthUrl(codeVerifier, prompt = false) {
-        var _a;
         try {
             const client = await this.client;
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
-            const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
+            const paramsConfig = typeof this.config['params'] === 'object' ? this.config['params'] : {};
             return client.authorizationUrl({
-                scope: (_a = this.config.scope) !== null && _a !== void 0 ? _a : 'openid profile email',
+                scope: this.config['scope'] ?? 'openid profile email',
                 access_type: 'offline',
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
@@ -112,10 +115,10 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
             .from('directus_users')
             .whereRaw('LOWER(??) = ?', ['external_identifier', identifier.toLowerCase()])
             .first();
-        return user === null || user === void 0 ? void 0 : user.id;
+        return user?.id;
     }
     async getUserID(payload) {
-        if (!payload.code || !payload.codeVerifier || !payload.state) {
+        if (!payload['code'] || !payload['codeVerifier'] || !payload['state']) {
             logger_1.default.warn('[OpenID] No code, codeVerifier or state in payload');
             throw new exceptions_2.InvalidCredentialsException();
         }
@@ -123,10 +126,10 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         let userInfo;
         try {
             const client = await this.client;
-            const codeChallenge = openid_client_1.generators.codeChallenge(payload.codeVerifier);
-            tokenSet = await client.callback(this.redirectUrl, { code: payload.code, state: payload.state }, { code_verifier: payload.codeVerifier, state: codeChallenge, nonce: codeChallenge });
+            const codeChallenge = openid_client_1.generators.codeChallenge(payload['codeVerifier']);
+            tokenSet = await client.callback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge, nonce: codeChallenge });
             userInfo = tokenSet.claims();
-            if (client.issuer.metadata.userinfo_endpoint) {
+            if (client.issuer.metadata['userinfo_endpoint']) {
                 userInfo = {
                     ...userInfo,
                     ...(await client.userinfo(tokenSet.access_token)),
@@ -139,9 +142,9 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail } = this.config;
-        const email = userInfo.email ? String(userInfo.email) : undefined;
+        const email = userInfo['email'] ? String(userInfo['email']) : undefined;
         // Fallback to email if explicit identifier not found
-        const identifier = userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub'] ? String(userInfo[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'sub']) : email;
+        const identifier = userInfo[identifierKey ?? 'sub'] ? String(userInfo[identifierKey ?? 'sub']) : email;
         if (!identifier) {
             logger_1.default.warn(`[OpenID] Failed to find user identifier for provider "${provider}"`);
             throw new exceptions_2.InvalidCredentialsException();
@@ -156,7 +159,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
             }
             return userId;
         }
-        const isEmailVerified = !requireVerifiedEmail || userInfo.email_verified;
+        const isEmailVerified = !requireVerifiedEmail || userInfo['email_verified'];
         // Is public registration allowed?
         if (!allowPublicRegistration || !isEmailVerified) {
             logger_1.default.warn(`[OpenID] User doesn't exist, and public registration not allowed for provider "${provider}"`);
@@ -165,11 +168,11 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         try {
             await this.usersService.createOne({
                 provider,
-                first_name: userInfo.given_name,
-                last_name: userInfo.family_name,
+                first_name: userInfo['given_name'],
+                last_name: userInfo['family_name'],
                 email: email,
                 external_identifier: identifier,
-                role: this.config.defaultRoleId,
+                role: this.config['defaultRoleId'],
                 auth_data: tokenSet.refresh_token && JSON.stringify({ refreshToken: tokenSet.refresh_token }),
             });
         }
@@ -195,10 +198,10 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`[OpenID] Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (authData === null || authData === void 0 ? void 0 : authData.refreshToken) {
+        if (authData?.['refreshToken']) {
             try {
                 const client = await this.client;
-                const tokenSet = await client.refresh(authData.refreshToken);
+                const tokenSet = await client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
                     await this.usersService.updateOne(user.id, {
@@ -240,8 +243,8 @@ function createOpenIDAuthRouter(providerName) {
     router.get('/', (0, async_handler_1.default)(async (req, res) => {
         const provider = (0, auth_1.getAuthProvider)(providerName);
         const codeVerifier = provider.generateCodeVerifier();
-        const prompt = !!req.query.prompt;
-        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect, prompt }, env_1.default.SECRET, {
+        const prompt = !!req.query['prompt'];
+        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query['redirect'], prompt }, env_1.default['SECRET'], {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -255,32 +258,38 @@ function createOpenIDAuthRouter(providerName) {
         res.redirect(303, `./callback?${new URLSearchParams(req.body)}`);
     }, respond_1.respond);
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
-        var _a;
         let tokenData;
         try {
-            tokenData = jsonwebtoken_1.default.verify(req.cookies[`openid.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
+            tokenData = jsonwebtoken_1.default.verify(req.cookies[`openid.${providerName}`], env_1.default['SECRET'], {
+                issuer: 'directus',
+            });
         }
         catch (e) {
             logger_1.default.warn(e, `[OpenID] Couldn't verify OpenID cookie`);
             throw new exceptions_2.InvalidCredentialsException();
         }
         const { verifier, redirect, prompt } = tokenData;
+        const accountability = {
+            ip: (0, get_ip_from_req_1.getIPFromReq)(req),
+            role: null,
+        };
+        const userAgent = req.get('user-agent');
+        if (userAgent)
+            accountability.userAgent = userAgent;
+        const origin = req.get('origin');
+        if (origin)
+            accountability.origin = origin;
         const authenticationService = new services_1.AuthenticationService({
-            accountability: {
-                ip: (0, get_ip_from_req_1.getIPFromReq)(req),
-                userAgent: req.get('user-agent'),
-                origin: req.get('origin'),
-                role: null,
-            },
+            accountability,
             schema: req.schema,
         });
         let authResponse;
         try {
             res.clearCookie(`openid.${providerName}`);
             authResponse = await authenticationService.login(providerName, {
-                code: req.query.code,
+                code: req.query['code'],
                 codeVerifier: verifier,
-                state: req.query.state,
+                state: req.query['state'],
             });
         }
         catch (error) {
@@ -304,16 +313,16 @@ function createOpenIDAuthRouter(providerName) {
         }
         const { accessToken, refreshToken, expires } = authResponse;
         if (redirect) {
-            res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
+            res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, {
                 httpOnly: true,
-                domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: (_a = env_1.default.REFRESH_TOKEN_COOKIE_SECURE) !== null && _a !== void 0 ? _a : false,
-                sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
+                domain: env_1.default['REFRESH_TOKEN_COOKIE_DOMAIN'],
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL']),
+                secure: env_1.default['REFRESH_TOKEN_COOKIE_SECURE'] ?? false,
+                sameSite: env_1.default['REFRESH_TOKEN_COOKIE_SAME_SITE'] || 'strict',
             });
             return res.redirect(redirect);
         }
-        res.locals.payload = {
+        res.locals['payload'] = {
             data: { access_token: accessToken, refresh_token: refreshToken, expires },
         };
         next();

package/dist/auth/drivers/saml.d.ts

@@ -1,5 +1,5 @@
 import { UsersService } from '../../services';
-import { AuthDriverOptions, User } from '../../types';
+import type { AuthDriverOptions, User } from '../../types';
 import { LocalAuthDriver } from './local';
 export declare class SAMLAuthDriver extends LocalAuthDriver {
     idp: any;

package/dist/auth/drivers/saml.js

@@ -45,12 +45,16 @@ const local_1 = require("./local");
 // tell samlify to use validator...
 samlify.setSchemaValidator(validator);
 class SAMLAuthDriver extends local_1.LocalAuthDriver {
+    idp;
+    sp;
+    usersService;
+    config;
     constructor(options, config) {
         super(options, config);
         this.config = config;
         this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
-        this.sp = samlify.ServiceProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_SP`));
-        this.idp = samlify.IdentityProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_IDP`));
+        this.sp = samlify.ServiceProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_SP`));
+        this.idp = samlify.IdentityProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_IDP`));
     }
     async fetchUserID(identifier) {
         const user = await this.knex
@@ -58,12 +62,12 @@ class SAMLAuthDriver extends local_1.LocalAuthDriver {
             .from('directus_users')
             .whereRaw('LOWER(??) = ?', ['external_identifier', identifier.toLowerCase()])
             .first();
-        return user === null || user === void 0 ? void 0 : user.id;
+        return user?.id;
     }
     async getUserID(payload) {
         const { provider, emailKey, identifierKey, givenNameKey, familyNameKey, allowPublicRegistration } = this.config;
-        const email = payload[emailKey !== null && emailKey !== void 0 ? emailKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'];
-        const identifier = payload[identifierKey !== null && identifierKey !== void 0 ? identifierKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'];
+        const email = payload[emailKey ?? 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'];
+        const identifier = payload[identifierKey ?? 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'];
         const userID = await this.fetchUserID(identifier);
         if (userID)
             return userID;
@@ -71,8 +75,8 @@ class SAMLAuthDriver extends local_1.LocalAuthDriver {
             logger_1.default.trace(`[SAML] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new exceptions_2.InvalidCredentialsException();
         }
-        const firstName = payload[givenNameKey !== null && givenNameKey !== void 0 ? givenNameKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'];
-        const lastName = payload[familyNameKey !== null && familyNameKey !== void 0 ? familyNameKey : 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];
+        const firstName = payload[givenNameKey ?? 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname'];
+        const lastName = payload[familyNameKey ?? 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname'];
         try {
             return await this.usersService.createOne({
                 provider,
@@ -80,7 +84,7 @@ class SAMLAuthDriver extends local_1.LocalAuthDriver {
                 last_name: lastName,
                 email: email,
                 external_identifier: identifier.toLowerCase(),
-                role: this.config.defaultRoleId,
+                role: this.config['defaultRoleId'],
             });
         }
         catch (error) {
@@ -107,8 +111,8 @@ function createSAMLAuthRouter(providerName) {
         const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
         const { context: url } = await sp.createLoginRequest(idp, 'redirect');
         const parsedUrl = new URL(url);
-        if (req.query.redirect) {
-            parsedUrl.searchParams.append('RelayState', req.query.redirect);
+        if (req.query['redirect']) {
+            parsedUrl.searchParams.append('RelayState', req.query['redirect']);
         }
         return res.redirect(parsedUrl.toString());
     }));
@@ -116,24 +120,23 @@ function createSAMLAuthRouter(providerName) {
         const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
         const { context } = await sp.createLogoutRequest(idp, 'redirect', req.body);
         const authService = new services_1.AuthenticationService({ accountability: req.accountability, schema: req.schema });
-        if (req.cookies[env_1.default.REFRESH_TOKEN_COOKIE_NAME]) {
-            const currentRefreshToken = req.cookies[env_1.default.REFRESH_TOKEN_COOKIE_NAME];
+        if (req.cookies[env_1.default['REFRESH_TOKEN_COOKIE_NAME']]) {
+            const currentRefreshToken = req.cookies[env_1.default['REFRESH_TOKEN_COOKIE_NAME']];
             if (currentRefreshToken) {
                 await authService.logout(currentRefreshToken);
-                res.clearCookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, constants_1.COOKIE_OPTIONS);
+                res.clearCookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], constants_1.COOKIE_OPTIONS);
             }
         }
         return res.redirect(context);
     }));
     router.post('/acs', express_1.default.urlencoded({ extended: false }), (0, async_handler_1.default)(async (req, res, next) => {
-        var _a;
-        const relayState = (_a = req.body) === null || _a === void 0 ? void 0 : _a.RelayState;
+        const relayState = req.body?.RelayState;
         try {
             const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
             const { extract } = await sp.parseLoginResponse(idp, 'post', req);
             const authService = new services_1.AuthenticationService({ accountability: req.accountability, schema: req.schema });
             const { accessToken, refreshToken, expires } = await authService.login(providerName, extract.attributes);
-            res.locals.payload = {
+            res.locals['payload'] = {
                 data: {
                     access_token: accessToken,
                     refresh_token: refreshToken,
@@ -141,7 +144,7 @@ function createSAMLAuthRouter(providerName) {
                 },
             };
             if (relayState) {
-                res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_1.COOKIE_OPTIONS);
+                res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, constants_1.COOKIE_OPTIONS);
                 return res.redirect(relayState);
             }
             return next();

package/dist/auth.d.ts

@@ -1,3 +1,3 @@
-import { AuthDriver } from './auth/auth';
+import type { AuthDriver } from './auth/auth';
 export declare function getAuthProvider(provider: string): AuthDriver;
 export declare function registerAuthProviders(): Promise<void>;

package/dist/auth.js

@@ -4,16 +4,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerAuthProviders = exports.getAuthProvider = void 0;
-const database_1 = __importDefault(require("./database"));
-const env_1 = __importDefault(require("./env"));
-const logger_1 = __importDefault(require("./logger"));
+const utils_1 = require("@directus/shared/utils");
 const drivers_1 = require("./auth/drivers");
 const constants_1 = require("./constants");
+const database_1 = __importDefault(require("./database"));
+const env_1 = __importDefault(require("./env"));
 const exceptions_1 = require("./exceptions");
+const logger_1 = __importDefault(require("./logger"));
 const get_config_from_env_1 = require("./utils/get-config-from-env");
 const get_schema_1 = require("./utils/get-schema");
-const utils_1 = require("@directus/shared/utils");
-const providerNames = (0, utils_1.toArray)(env_1.default.AUTH_PROVIDERS);
+const providerNames = (0, utils_1.toArray)(env_1.default['AUTH_PROVIDERS']);
 const providers = new Map();
 function getAuthProvider(provider) {
     if (!providers.has(provider)) {
@@ -25,11 +25,11 @@ exports.getAuthProvider = getAuthProvider;
 async function registerAuthProviders() {
     const options = { knex: (0, database_1.default)(), schema: await (0, get_schema_1.getSchema)() };
     // Register default provider if not disabled
-    if (!env_1.default.AUTH_DISABLE_DEFAULT) {
+    if (!env_1.default['AUTH_DISABLE_DEFAULT']) {
         const defaultProvider = getProviderInstance('local', options);
         providers.set(constants_1.DEFAULT_AUTH_PROVIDER, defaultProvider);
     }
-    if (!env_1.default.AUTH_PROVIDERS) {
+    if (!env_1.default['AUTH_PROVIDERS']) {
         return;
     }
     // Register configured providers
@@ -66,4 +66,5 @@ function getProviderInstance(driver, options, config = {}) {
         case 'saml':
             return new drivers_1.SAMLAuthDriver(options, config);
     }
+    return undefined;
 }

package/dist/cache.d.ts

@@ -1,12 +1,20 @@
 import Keyv from 'keyv';
+import type { SchemaOverview } from '@directus/shared/types';
 export declare function getCache(): {
     cache: Keyv | null;
     systemCache: Keyv;
+    sharedSchemaCache: Keyv;
+    localSchemaCache: Keyv;
     lockCache: Keyv;
 };
 export declare function flushCaches(forced?: boolean): Promise<void>;
-export declare function clearSystemCache(forced?: boolean): Promise<void>;
+export declare function clearSystemCache(opts?: {
+    forced?: boolean | undefined;
+    autoPurgeCache?: false | undefined;
+}): Promise<void>;
 export declare function setSystemCache(key: string, value: any, ttl?: number): Promise<void>;
 export declare function getSystemCache(key: string): Promise<Record<string, any>>;
+export declare function setSchemaCache(schema: SchemaOverview): Promise<void>;
+export declare function getSchemaCache(): Promise<SchemaOverview | undefined>;
 export declare function setCacheValue(cache: Keyv, key: string, value: Record<string, any> | Record<string, any>[], ttl?: number): Promise<void>;
 export declare function getCacheValue(cache: Keyv, key: string): Promise<any>;