npm - directus - Versions diffs - 9.23.3 → 9.23.4 - Mend

directus 9.23.3 → 9.23.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/dist/app.js +12 -12
package/dist/auth/drivers/ldap.js +22 -22
package/dist/auth/drivers/local.js +7 -7
package/dist/auth/drivers/oauth2.js +27 -25
package/dist/auth/drivers/openid.js +32 -30
package/dist/auth/drivers/saml.js +10 -10
package/dist/auth.js +4 -3
package/dist/cache.js +16 -11
package/dist/cli/commands/bootstrap/index.js +5 -4
package/dist/cli/utils/create-db-connection.js +1 -1
package/dist/cli/utils/create-env/index.js +1 -1
package/dist/constants.d.ts +1 -0
package/dist/constants.js +6 -5
package/dist/controllers/activity.js +9 -9
package/dist/controllers/assets.js +19 -18
package/dist/controllers/auth.js +13 -13
package/dist/controllers/collections.js +10 -10
package/dist/controllers/dashboards.js +9 -9
package/dist/controllers/extensions.js +3 -3
package/dist/controllers/fields.js +16 -16
package/dist/controllers/files.js +16 -15
package/dist/controllers/flows.js +11 -11
package/dist/controllers/folders.js +9 -9
package/dist/controllers/graphql.js +6 -6
package/dist/controllers/items.js +17 -17
package/dist/controllers/notifications.js +9 -9
package/dist/controllers/operations.js +9 -9
package/dist/controllers/panels.js +9 -9
package/dist/controllers/permissions.js +9 -9
package/dist/controllers/presets.js +9 -9
package/dist/controllers/relations.js +10 -10
package/dist/controllers/revisions.js +3 -3
package/dist/controllers/roles.js +9 -9
package/dist/controllers/schema.js +5 -5
package/dist/controllers/server.js +7 -7
package/dist/controllers/settings.js +2 -2
package/dist/controllers/shares.js +13 -13
package/dist/controllers/users.js +16 -16
package/dist/controllers/utils.js +5 -5
package/dist/controllers/webhooks.js +9 -9
package/dist/database/helpers/fn/types.d.ts +0 -1
package/dist/database/helpers/fn/types.js +0 -2
package/dist/database/helpers/index.d.ts +3 -3
package/dist/database/index.js +5 -5
package/dist/database/migrations/20210805B-change-image-metadata-structure.js +15 -15
package/dist/database/migrations/run.js +1 -1
package/dist/database/run-ast.js +4 -4
package/dist/database/system-data/collections/index.js +2 -2
package/dist/database/system-data/fields/index.js +3 -3
package/dist/env.js +1 -1
package/dist/extensions.js +10 -10
package/dist/flows.js +33 -31
package/dist/logger.d.ts +1 -0
package/dist/logger.js +32 -32
package/dist/mailer.js +16 -16
package/dist/messenger.js +4 -4
package/dist/middleware/authenticate.js +1 -1
package/dist/middleware/cache.js +11 -11
package/dist/middleware/collection-exists.js +3 -3
package/dist/middleware/cors.js +7 -7
package/dist/middleware/error-handler.js +2 -2
package/dist/middleware/extract-token.js +2 -2
package/dist/middleware/graphql.js +12 -6
package/dist/middleware/rate-limiter-global.js +5 -5
package/dist/middleware/rate-limiter-ip.js +2 -2
package/dist/middleware/respond.js +16 -16
package/dist/middleware/sanitize-query.js +1 -1
package/dist/operations/exec/index.js +2 -2
package/dist/rate-limiter.js +1 -1
package/dist/request/validate-ip.js +2 -2
package/dist/server.js +4 -4
package/dist/services/activity.js +14 -14
package/dist/services/assets.js +6 -6
package/dist/services/authentication.js +9 -9
package/dist/services/collections.js +9 -9
package/dist/services/fields.js +5 -5
package/dist/services/files.js +12 -12
package/dist/services/graphql/index.js +100 -98
package/dist/services/import-export.js +6 -6
package/dist/services/items.js +6 -6
package/dist/services/mail/index.js +5 -5
package/dist/services/meta.js +1 -0
package/dist/services/notifications.js +4 -4
package/dist/services/revisions.js +3 -3
package/dist/services/roles.js +5 -5
package/dist/services/server.js +27 -27
package/dist/services/shares.js +9 -9
package/dist/services/specifications.js +5 -3
package/dist/services/users.d.ts +1 -5
package/dist/services/users.js +24 -27
package/dist/storage/register-locations.js +1 -1
package/dist/utils/apply-query.js +2 -1
package/dist/utils/dynamic-import.js +1 -1
package/dist/utils/generate-hash.js +1 -1
package/dist/utils/get-ast-from-query.js +1 -1
package/dist/utils/get-auth-providers.js +1 -1
package/dist/utils/get-cache-headers.js +3 -3
package/dist/utils/get-collection-from-alias.js +1 -0
package/dist/utils/get-default-value.js +1 -1
package/dist/utils/get-ip-from-req.js +2 -2
package/dist/utils/get-permissions.js +11 -11
package/dist/utils/get-schema.js +2 -2
package/dist/utils/is-url-allowed.js +5 -2
package/dist/utils/sanitize-query.js +26 -26
package/dist/utils/should-skip-cache.js +2 -2
package/dist/utils/track.js +16 -16
package/dist/utils/validate-query.js +1 -1
package/dist/utils/validate-storage.js +8 -8
package/dist/webhooks.js +2 -2
package/package.json +13 -13
package/dist/utils/redact-header-cookies.d.ts +0 -1
package/dist/utils/redact-header-cookies.js +0 -11
/package/dist/{utils/redact-header-cookies.test.d.ts → logger.test.d.ts} +0 -0

package/dist/mailer.js CHANGED Viewed

@@ -11,12 +11,12 @@ let transporter;
 function getMailer() {
     if (transporter)
         return transporter;
-    const transportName = env_1.default.EMAIL_TRANSPORT.toLowerCase();
+    const transportName = env_1.default['EMAIL_TRANSPORT'].toLowerCase();
     if (transportName === 'sendmail') {
         transporter = nodemailer_1.default.createTransport({
             sendmail: true,
-            newline: env_1.default.EMAIL_SENDMAIL_NEW_LINE || 'unix',
-            path: env_1.default.EMAIL_SENDMAIL_PATH || '/usr/sbin/sendmail',
+            newline: env_1.default['EMAIL_SENDMAIL_NEW_LINE'] || 'unix',
+            path: env_1.default['EMAIL_SENDMAIL_PATH'] || '/usr/sbin/sendmail',
         });
     }
     else if (transportName === 'ses') {
@@ -29,20 +29,20 @@ function getMailer() {
     }
     else if (transportName === 'smtp') {
         let auth = false;
-        if (env_1.default.EMAIL_SMTP_USER || env_1.default.EMAIL_SMTP_PASSWORD) {
+        if (env_1.default['EMAIL_SMTP_USER'] || env_1.default['EMAIL_SMTP_PASSWORD']) {
             auth = {
-                user: env_1.default.EMAIL_SMTP_USER,
-                pass: env_1.default.EMAIL_SMTP_PASSWORD,
+                user: env_1.default['EMAIL_SMTP_USER'],
+                pass: env_1.default['EMAIL_SMTP_PASSWORD'],
             };
         }
         const tls = (0, get_config_from_env_1.getConfigFromEnv)('EMAIL_SMTP_TLS_');
         transporter = nodemailer_1.default.createTransport({
-            name: env_1.default.EMAIL_SMTP_NAME,
-            pool: env_1.default.EMAIL_SMTP_POOL,
-            host: env_1.default.EMAIL_SMTP_HOST,
-            port: env_1.default.EMAIL_SMTP_PORT,
-            secure: env_1.default.EMAIL_SMTP_SECURE,
-            ignoreTLS: env_1.default.EMAIL_SMTP_IGNORE_TLS,
+            name: env_1.default['EMAIL_SMTP_NAME'],
+            pool: env_1.default['EMAIL_SMTP_POOL'],
+            host: env_1.default['EMAIL_SMTP_HOST'],
+            port: env_1.default['EMAIL_SMTP_PORT'],
+            secure: env_1.default['EMAIL_SMTP_SECURE'],
+            ignoreTLS: env_1.default['EMAIL_SMTP_IGNORE_TLS'],
             auth,
             tls,
         });
@@ -51,16 +51,16 @@ function getMailer() {
         const mg = require('nodemailer-mailgun-transport');
         transporter = nodemailer_1.default.createTransport(mg({
             auth: {
-                api_key: env_1.default.EMAIL_MAILGUN_API_KEY,
-                domain: env_1.default.EMAIL_MAILGUN_DOMAIN,
+                api_key: env_1.default['EMAIL_MAILGUN_API_KEY'],
+                domain: env_1.default['EMAIL_MAILGUN_DOMAIN'],
             },
-            host: env_1.default.EMAIL_MAILGUN_HOST || 'api.mailgun.net',
+            host: env_1.default['EMAIL_MAILGUN_HOST'] || 'api.mailgun.net',
         }));
     }
     else if (transportName === 'sendgrid') {
         const sg = require('nodemailer-sendgrid');
         transporter = nodemailer_1.default.createTransport(sg({
-            apiKey: env_1.default.EMAIL_SENDGRID_API_KEY,
+            apiKey: env_1.default['EMAIL_SENDGRID_API_KEY'],
         }));
     }
     else {

package/dist/messenger.js CHANGED Viewed

@@ -30,9 +30,9 @@ class MessengerRedis {
     sub;
     constructor() {
         const config = (0, get_config_from_env_1.getConfigFromEnv)('MESSENGER_REDIS');
-        this.pub = new ioredis_1.default(env_1.default.MESSENGER_REDIS ?? config);
-        this.sub = new ioredis_1.default(env_1.default.MESSENGER_REDIS ?? config);
-        this.namespace = env_1.default.MESSENGER_NAMESPACE ?? 'directus';
+        this.pub = new ioredis_1.default(env_1.default['MESSENGER_REDIS'] ?? config);
+        this.sub = new ioredis_1.default(env_1.default['MESSENGER_REDIS'] ?? config);
+        this.namespace = env_1.default['MESSENGER_NAMESPACE'] ?? 'directus';
     }
     publish(channel, payload) {
         this.pub.publish(`${this.namespace}:${channel}`, JSON.stringify(payload));
@@ -55,7 +55,7 @@ let messenger;
 function getMessenger() {
     if (messenger)
         return messenger;
-    if (env_1.default.MESSENGER_STORE === 'redis') {
+    if (env_1.default['MESSENGER_STORE'] === 'redis') {
         messenger = new MessengerRedis();
     }
     else {

package/dist/middleware/authenticate.js CHANGED Viewed

@@ -45,7 +45,7 @@ const handler = async (req, res, next) => {
     req.accountability = defaultAccountability;
     if (req.token) {
         if ((0, is_directus_jwt_1.default)(req.token)) {
-            const payload = (0, jwt_1.verifyAccessJWT)(req.token, env_1.default.SECRET);
+            const payload = (0, jwt_1.verifyAccessJWT)(req.token, env_1.default['SECRET']);
             req.accountability.role = payload.role;
             req.accountability.admin = payload.admin_access === true || payload.admin_access == 1;
             req.accountability.app = payload.app_access === true || payload.app_access == 1;

package/dist/middleware/cache.js CHANGED Viewed

@@ -14,13 +14,13 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
     const { cache } = (0, cache_1.getCache)();
     if (req.method.toLowerCase() !== 'get' && req.originalUrl?.startsWith('/graphql') === false)
         return next();
-    if (env_1.default.CACHE_ENABLED !== true)
+    if (env_1.default['CACHE_ENABLED'] !== true)
         return next();
     if (!cache)
         return next();
     if ((0, should_skip_cache_1.shouldSkipCache)(req)) {
-        if (env_1.default.CACHE_STATUS_HEADER)
-            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
+        if (env_1.default['CACHE_STATUS_HEADER'])
+            res.setHeader(`${env_1.default['CACHE_STATUS_HEADER']}`, 'MISS');
         return next();
     }
     const key = (0, get_cache_key_1.getCacheKey)(req);
@@ -30,8 +30,8 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
     }
     catch (err) {
         logger_1.default.warn(err, `[cache] Couldn't read key ${key}. ${err.message}`);
-        if (env_1.default.CACHE_STATUS_HEADER)
-            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
+        if (env_1.default['CACHE_STATUS_HEADER'])
+            res.setHeader(`${env_1.default['CACHE_STATUS_HEADER']}`, 'MISS');
         return next();
     }
     if (cachedData) {
@@ -41,20 +41,20 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
         }
         catch (err) {
             logger_1.default.warn(err, `[cache] Couldn't read key ${`${key}__expires_at`}. ${err.message}`);
-            if (env_1.default.CACHE_STATUS_HEADER)
-                res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
+            if (env_1.default['CACHE_STATUS_HEADER'])
+                res.setHeader(`${env_1.default['CACHE_STATUS_HEADER']}`, 'MISS');
             return next();
         }
         const cacheTTL = cacheExpiryDate ? cacheExpiryDate - Date.now() : undefined;
         res.setHeader('Cache-Control', (0, get_cache_headers_1.getCacheControlHeader)(req, cacheTTL, true, true));
         res.setHeader('Vary', 'Origin, Cache-Control');
-        if (env_1.default.CACHE_STATUS_HEADER)
-            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'HIT');
+        if (env_1.default['CACHE_STATUS_HEADER'])
+            res.setHeader(`${env_1.default['CACHE_STATUS_HEADER']}`, 'HIT');
         return res.json(cachedData);
     }
     else {
-        if (env_1.default.CACHE_STATUS_HEADER)
-            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
+        if (env_1.default['CACHE_STATUS_HEADER'])
+            res.setHeader(`${env_1.default['CACHE_STATUS_HEADER']}`, 'MISS');
         return next();
     }
 });

package/dist/middleware/collection-exists.js CHANGED Viewed

@@ -10,12 +10,12 @@ const collections_1 = require("../database/system-data/collections");
 const exceptions_1 = require("../exceptions");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const collectionExists = (0, async_handler_1.default)(async (req, res, next) => {
-    if (!req.params.collection)
+    if (!req.params['collection'])
         return next();
-    if (req.params.collection in req.schema.collections === false) {
+    if (req.params['collection'] in req.schema.collections === false) {
         throw new exceptions_1.ForbiddenException();
     }
-    req.collection = req.params.collection;
+    req.collection = req.params['collection'];
     if (req.collection.startsWith('directus_')) {
         const systemRow = collections_1.systemCollectionRows.find((collection) => {
             return collection?.collection === req.collection;

package/dist/middleware/cors.js CHANGED Viewed

@@ -6,14 +6,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const cors_1 = __importDefault(require("cors"));
 const env_1 = __importDefault(require("../env"));
 let corsMiddleware = (req, res, next) => next();
-if (env_1.default.CORS_ENABLED === true) {
+if (env_1.default['CORS_ENABLED'] === true) {
     corsMiddleware = (0, cors_1.default)({
-        origin: env_1.default.CORS_ORIGIN || true,
-        methods: env_1.default.CORS_METHODS || 'GET,POST,PATCH,DELETE',
-        allowedHeaders: env_1.default.CORS_ALLOWED_HEADERS,
-        exposedHeaders: env_1.default.CORS_EXPOSED_HEADERS,
-        credentials: env_1.default.CORS_CREDENTIALS || undefined,
-        maxAge: env_1.default.CORS_MAX_AGE || undefined,
+        origin: env_1.default['CORS_ORIGIN'] || true,
+        methods: env_1.default['CORS_METHODS'] || 'GET,POST,PATCH,DELETE',
+        allowedHeaders: env_1.default['CORS_ALLOWED_HEADERS'],
+        exposedHeaders: env_1.default['CORS_EXPOSED_HEADERS'],
+        credentials: env_1.default['CORS_CREDENTIALS'] || undefined,
+        maxAge: env_1.default['CORS_MAX_AGE'] || undefined,
     });
 }
 exports.default = corsMiddleware;

package/dist/middleware/error-handler.js CHANGED Viewed

@@ -32,7 +32,7 @@ const errorHandler = (err, req, res, _next) => {
         res.status(status);
     }
     for (const err of errors) {
-        if (env_1.default.NODE_ENV === 'development') {
+        if (env_1.default['NODE_ENV'] === 'development') {
             err.extensions = {
                 ...(err.extensions || {}),
                 stack: err.stack,
@@ -49,7 +49,7 @@ const errorHandler = (err, req, res, _next) => {
                 },
             });
             if (err instanceof exceptions_2.MethodNotAllowedException) {
-                res.header('Allow', err.extensions.allow.join(', '));
+                res.header('Allow', err.extensions['allow'].join(', '));
             }
         }
         else {

package/dist/middleware/extract-token.js CHANGED Viewed

@@ -10,8 +10,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const extractToken = (req, res, next) => {
     let token = null;
-    if (req.query && req.query.access_token) {
-        token = req.query.access_token;
+    if (req.query && req.query['access_token']) {
+        token = req.query['access_token'];
     }
     if (req.headers && req.headers.authorization) {
         const parts = req.headers.authorization.split(' ');

package/dist/middleware/graphql.js CHANGED Viewed

@@ -17,10 +17,10 @@ exports.parseGraphQL = (0, async_handler_1.default)(async (req, res, next) => {
     let operationName = null;
     let document;
     if (req.method === 'GET') {
-        query = req.query.query || null;
-        if (req.query.variables) {
+        query = req.query['query'] || null;
+        if (req.query['variables']) {
             try {
-                variables = (0, utils_1.parseJSON)(req.query.variables);
+                variables = (0, utils_1.parseJSON)(req.query['variables']);
             }
             catch {
                 throw new exceptions_1.InvalidQueryException(`Variables are invalid JSON.`);
@@ -29,7 +29,7 @@ exports.parseGraphQL = (0, async_handler_1.default)(async (req, res, next) => {
         else {
             variables = {};
         }
-        operationName = req.query.operationName || null;
+        operationName = req.query['operationName'] || null;
     }
     else {
         query = req.body.query || null;
@@ -56,8 +56,14 @@ exports.parseGraphQL = (0, async_handler_1.default)(async (req, res, next) => {
     }
     // Prevent caching responses when mutations are made
     if (operationAST?.operation === 'mutation') {
-        res.locals.cache = false;
+        res.locals['cache'] = false;
     }
-    res.locals.graphqlParams = { document, query, variables, operationName, contextValue: { req, res } };
+    res.locals['graphqlParams'] = {
+        document,
+        query,
+        variables,
+        operationName,
+        contextValue: { req, res },
+    };
     return next();
 });

package/dist/middleware/rate-limiter-global.js CHANGED Viewed

@@ -13,7 +13,7 @@ const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const validate_env_1 = require("../utils/validate-env");
 const RATE_LIMITER_GLOBAL_KEY = 'global-rate-limit';
 let checkRateLimit = (_req, _res, next) => next();
-if (env_1.default.RATE_LIMITER_GLOBAL_ENABLED === true) {
+if (env_1.default['RATE_LIMITER_GLOBAL_ENABLED'] === true) {
     (0, validate_env_1.validateEnv)(['RATE_LIMITER_GLOBAL_STORE', 'RATE_LIMITER_GLOBAL_DURATION', 'RATE_LIMITER_GLOBAL_POINTS']);
     validateConfiguration();
     exports.rateLimiterGlobal = (0, rate_limiter_1.createRateLimiter)('RATE_LIMITER_GLOBAL');
@@ -26,7 +26,7 @@ if (env_1.default.RATE_LIMITER_GLOBAL_ENABLED === true) {
                 throw rateLimiterRes;
             res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
             throw new index_1.HitRateLimitException(`Too many requests, retry after ${(0, ms_1.default)(rateLimiterRes.msBeforeNext)}.`, {
-                limit: +env_1.default.RATE_LIMITER_GLOBAL_POINTS,
+                limit: +env_1.default['RATE_LIMITER_GLOBAL_POINTS'],
                 reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
             });
         }
@@ -35,12 +35,12 @@ if (env_1.default.RATE_LIMITER_GLOBAL_ENABLED === true) {
 }
 exports.default = checkRateLimit;
 function validateConfiguration() {
-    if (env_1.default.RATE_LIMITER_ENABLED !== true) {
+    if (env_1.default['RATE_LIMITER_ENABLED'] !== true) {
         logger_1.default.error(`The IP based rate limiter needs to be enabled when using the global rate limiter.`);
         process.exit(1);
     }
-    const globalPointsPerSec = Number(env_1.default.RATE_LIMITER_GLOBAL_POINTS) / Math.max(Number(env_1.default.RATE_LIMITER_GLOBAL_DURATION), 1);
-    const regularPointsPerSec = Number(env_1.default.RATE_LIMITER_POINTS) / Math.max(Number(env_1.default.RATE_LIMITER_DURATION), 1);
+    const globalPointsPerSec = Number(env_1.default['RATE_LIMITER_GLOBAL_POINTS']) / Math.max(Number(env_1.default['RATE_LIMITER_GLOBAL_DURATION']), 1);
+    const regularPointsPerSec = Number(env_1.default['RATE_LIMITER_POINTS']) / Math.max(Number(env_1.default['RATE_LIMITER_DURATION']), 1);
     if (globalPointsPerSec <= regularPointsPerSec) {
         logger_1.default.error(`The global rate limiter needs to allow more requests per second than the IP based rate limiter.`);
         process.exit(1);

package/dist/middleware/rate-limiter-ip.js CHANGED Viewed

@@ -12,7 +12,7 @@ const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const get_ip_from_req_1 = require("../utils/get-ip-from-req");
 const validate_env_1 = require("../utils/validate-env");
 let checkRateLimit = (_req, _res, next) => next();
-if (env_1.default.RATE_LIMITER_ENABLED === true) {
+if (env_1.default['RATE_LIMITER_ENABLED'] === true) {
     (0, validate_env_1.validateEnv)(['RATE_LIMITER_STORE', 'RATE_LIMITER_DURATION', 'RATE_LIMITER_POINTS']);
     exports.rateLimiter = (0, rate_limiter_1.createRateLimiter)('RATE_LIMITER');
     checkRateLimit = (0, async_handler_1.default)(async (req, res, next) => {
@@ -24,7 +24,7 @@ if (env_1.default.RATE_LIMITER_ENABLED === true) {
                 throw rateLimiterRes;
             res.set('Retry-After', String(Math.round(rateLimiterRes.msBeforeNext / 1000)));
             throw new exceptions_1.HitRateLimitException(`Too many requests, retry after ${(0, ms_1.default)(rateLimiterRes.msBeforeNext)}.`, {
-                limit: +env_1.default.RATE_LIMITER_POINTS,
+                limit: +env_1.default['RATE_LIMITER_POINTS'],
                 reset: new Date(Date.now() + rateLimiterRes.msBeforeNext),
             });
         }

package/dist/middleware/respond.js CHANGED Viewed

@@ -18,26 +18,26 @@ const get_string_byte_size_1 = require("../utils/get-string-byte-size");
 exports.respond = (0, async_handler_1.default)(async (req, res) => {
     const { cache } = (0, cache_1.getCache)();
     let exceedsMaxSize = false;
-    if (env_1.default.CACHE_VALUE_MAX_SIZE !== false) {
-        const valueSize = res.locals.payload ? (0, get_string_byte_size_1.stringByteSize)(JSON.stringify(res.locals.payload)) : 0;
-        const maxSize = (0, bytes_1.parse)(env_1.default.CACHE_VALUE_MAX_SIZE);
+    if (env_1.default['CACHE_VALUE_MAX_SIZE'] !== false) {
+        const valueSize = res.locals['payload'] ? (0, get_string_byte_size_1.stringByteSize)(JSON.stringify(res.locals['payload'])) : 0;
+        const maxSize = (0, bytes_1.parse)(env_1.default['CACHE_VALUE_MAX_SIZE']);
         exceedsMaxSize = valueSize > maxSize;
     }
     if ((req.method.toLowerCase() === 'get' || req.originalUrl?.startsWith('/graphql')) &&
-        env_1.default.CACHE_ENABLED === true &&
+        env_1.default['CACHE_ENABLED'] === true &&
         cache &&
         !req.sanitizedQuery.export &&
-        res.locals.cache !== false &&
+        res.locals['cache'] !== false &&
         exceedsMaxSize === false) {
         const key = (0, get_cache_key_1.getCacheKey)(req);
         try {
-            await (0, cache_1.setCacheValue)(cache, key, res.locals.payload, (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_TTL));
-            await (0, cache_1.setCacheValue)(cache, `${key}__expires_at`, { exp: Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_TTL, 0) });
+            await (0, cache_1.setCacheValue)(cache, key, res.locals['payload'], (0, get_milliseconds_1.getMilliseconds)(env_1.default['CACHE_TTL']));
+            await (0, cache_1.setCacheValue)(cache, `${key}__expires_at`, { exp: Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default['CACHE_TTL'], 0) });
         }
         catch (err) {
             logger_1.default.warn(err, `[cache] Couldn't set key ${key}. ${err}`);
         }
-        res.setHeader('Cache-Control', (0, get_cache_headers_1.getCacheControlHeader)(req, (0, get_milliseconds_1.getMilliseconds)(env_1.default.CACHE_TTL), true, true));
+        res.setHeader('Cache-Control', (0, get_cache_headers_1.getCacheControlHeader)(req, (0, get_milliseconds_1.getMilliseconds)(env_1.default['CACHE_TTL']), true, true));
         res.setHeader('Vary', 'Origin, Cache-Control');
     }
     else {
@@ -58,29 +58,29 @@ exports.respond = (0, async_handler_1.default)(async (req, res) => {
         if (req.sanitizedQuery.export === 'json') {
             res.attachment(`${filename}.json`);
             res.set('Content-Type', 'application/json');
-            return res.status(200).send(exportService.transform(res.locals.payload?.data, 'json'));
+            return res.status(200).send(exportService.transform(res.locals['payload']?.data, 'json'));
         }
         if (req.sanitizedQuery.export === 'xml') {
             res.attachment(`${filename}.xml`);
             res.set('Content-Type', 'text/xml');
-            return res.status(200).send(exportService.transform(res.locals.payload?.data, 'xml'));
+            return res.status(200).send(exportService.transform(res.locals['payload']?.data, 'xml'));
         }
         if (req.sanitizedQuery.export === 'csv') {
             res.attachment(`${filename}.csv`);
             res.set('Content-Type', 'text/csv');
-            return res.status(200).send(exportService.transform(res.locals.payload?.data, 'csv'));
+            return res.status(200).send(exportService.transform(res.locals['payload']?.data, 'csv'));
         }
         if (req.sanitizedQuery.export === 'yaml') {
             res.attachment(`${filename}.yaml`);
             res.set('Content-Type', 'text/yaml');
-            return res.status(200).send(exportService.transform(res.locals.payload?.data, 'yaml'));
+            return res.status(200).send(exportService.transform(res.locals['payload']?.data, 'yaml'));
         }
     }
-    if (Buffer.isBuffer(res.locals.payload)) {
-        return res.end(res.locals.payload);
+    if (Buffer.isBuffer(res.locals['payload'])) {
+        return res.end(res.locals['payload']);
     }
-    else if (res.locals.payload) {
-        return res.json(res.locals.payload);
+    else if (res.locals['payload']) {
+        return res.json(res.locals['payload']);
     }
     else {
         return res.status(204).end();

package/dist/middleware/sanitize-query.js CHANGED Viewed

@@ -11,7 +11,7 @@ const sanitizeQueryMiddleware = (req, _res, next) => {
     if (!req.query)
         return;
     req.sanitizedQuery = (0, sanitize_query_1.sanitizeQuery)({
-        fields: req.query.fields || '*',
+        fields: req.query['fields'] || '*',
         ...req.query,
     }, req.accountability || null);
     Object.freeze(req.sanitizedQuery);

package/dist/operations/exec/index.js CHANGED Viewed

@@ -6,10 +6,10 @@ const node_module_1 = require("node:module");
 exports.default = (0, utils_1.defineOperationApi)({
     id: 'exec',
     handler: async ({ code }, { data, env }) => {
-        const allowedModules = env.FLOWS_EXEC_ALLOWED_MODULES ? (0, utils_1.toArray)(env.FLOWS_EXEC_ALLOWED_MODULES) : [];
+        const allowedModules = env['FLOWS_EXEC_ALLOWED_MODULES'] ? (0, utils_1.toArray)(env['FLOWS_EXEC_ALLOWED_MODULES']) : [];
         const allowedModulesBuiltIn = [];
         const allowedModulesExternal = [];
-        const allowedEnv = data.$env ?? {};
+        const allowedEnv = data['$env'] ?? {};
         const opts = {
             eval: false,
             wasm: false,

package/dist/rate-limiter.js CHANGED Viewed

@@ -9,7 +9,7 @@ const rate_limiter_flexible_1 = require("rate-limiter-flexible");
 const env_1 = __importDefault(require("./env"));
 const get_config_from_env_1 = require("./utils/get-config-from-env");
 function createRateLimiter(configPrefix = 'RATE_LIMITER', configOverrides) {
-    switch (env_1.default.RATE_LIMITER_STORE) {
+    switch (env_1.default['RATE_LIMITER_STORE']) {
         case 'redis':
             return new rate_limiter_flexible_1.RateLimiterRedis(getConfig('redis', configPrefix, configOverrides));
         case 'memcache':

package/dist/request/validate-ip.js CHANGED Viewed

@@ -8,10 +8,10 @@ const node_os_1 = __importDefault(require("node:os"));
 const env_1 = require("../env");
 const validateIP = async (ip, url) => {
     const env = (0, env_1.getEnv)();
-    if (env.IMPORT_IP_DENY_LIST.includes(ip)) {
+    if (env['IMPORT_IP_DENY_LIST'].includes(ip)) {
         throw new Error(`Requested URL "${url}" resolves to a denied IP address`);
     }
-    if (env.IMPORT_IP_DENY_LIST.includes('0.0.0.0')) {
+    if (env['IMPORT_IP_DENY_LIST'].includes('0.0.0.0')) {
         const networkInterfaces = node_os_1.default.networkInterfaces();
         for (const networkInfo of Object.values(networkInterfaces)) {
             if (!networkInfo)

package/dist/server.js CHANGED Viewed

@@ -106,7 +106,7 @@ async function createServer() {
     (0, terminus_1.createTerminus)(server, terminusOptions);
     return server;
     async function beforeShutdown() {
-        if (env_1.default.NODE_ENV !== 'development') {
+        if (env_1.default['NODE_ENV'] !== 'development') {
             logger_1.default.info('Shutting down...');
         }
     }
@@ -121,7 +121,7 @@ async function createServer() {
             schema: null,
             accountability: null,
         });
-        if (env_1.default.NODE_ENV !== 'development') {
+        if (env_1.default['NODE_ENV'] !== 'development') {
             logger_1.default.info('Directus shut down OK. Bye bye!');
         }
     }
@@ -129,8 +129,8 @@ async function createServer() {
 exports.createServer = createServer;
 async function startServer() {
     const server = await createServer();
-    const host = env_1.default.HOST;
-    const port = env_1.default.PORT;
+    const host = env_1.default['HOST'];
+    const port = env_1.default['PORT'];
     server
         .listen(port, host, () => {
         (0, update_check_1.default)(package_json_1.default)

package/dist/services/activity.js CHANGED Viewed

@@ -26,9 +26,9 @@ class ActivityService extends items_1.ItemsService {
         this.usersService = new users_1.UsersService({ schema: this.schema });
     }
     async createOne(data, opts) {
-        if (data.action === types_1.Action.COMMENT && typeof data.comment === 'string') {
+        if (data['action'] === types_1.Action.COMMENT && typeof data['comment'] === 'string') {
             const usersRegExp = new RegExp(/@[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}/gi);
-            const mentions = (0, lodash_1.uniq)(data.comment.match(usersRegExp) ?? []);
+            const mentions = (0, lodash_1.uniq)(data['comment'].match(usersRegExp) ?? []);
             const sender = await this.usersService.readOne(this.accountability.user, {
                 fields: ['id', 'first_name', 'last_name', 'email'],
             });
@@ -39,24 +39,24 @@ class ActivityService extends items_1.ItemsService {
                 });
                 const accountability = {
                     user: userID,
-                    role: user.role?.id ?? null,
-                    admin: user.role?.admin_access ?? null,
-                    app: user.role?.app_access ?? null,
+                    role: user['role']?.id ?? null,
+                    admin: user['role']?.admin_access ?? null,
+                    app: user['role']?.app_access ?? null,
                 };
                 accountability.permissions = await (0, get_permissions_1.getPermissions)(accountability, this.schema);
                 const authorizationService = new authorization_1.AuthorizationService({ schema: this.schema, accountability });
                 const usersService = new users_1.UsersService({ schema: this.schema, accountability });
                 try {
-                    await authorizationService.checkAccess('read', data.collection, data.item);
+                    await authorizationService.checkAccess('read', data['collection'], data['item']);
                     const templateData = await usersService.readByQuery({
                         fields: ['id', 'first_name', 'last_name', 'email'],
                         filter: { id: { _in: mentions.map((mention) => mention.substring(1)) } },
                     });
                     const userPreviews = templateData.reduce((acc, user) => {
-                        acc[user.id] = `<em>${(0, user_name_1.userName)(user)}</em>`;
+                        acc[user['id']] = `<em>${(0, user_name_1.userName)(user)}</em>`;
                         return acc;
                     }, {});
-                    let comment = data.comment;
+                    let comment = data['comment'];
                     for (const mention of mentions) {
                         const uuid = mention.substring(1);
                         // We only match on UUIDs in the first place. This is just an extra sanity check
@@ -72,17 +72,17 @@ ${(0, user_name_1.userName)(sender)} has mentioned you in a comment:
 ${comment}
-<a href="${new url_1.Url(env_1.default.PUBLIC_URL)
-                        .addPath('admin', 'content', data.collection, data.item)
+<a href="${new url_1.Url(env_1.default['PUBLIC_URL'])
+                        .addPath('admin', 'content', data['collection'], data['item'])
                         .toString()}">Click here to view.</a>
 `;
                     await this.notificationsService.createOne({
                         recipient: userID,
-                        sender: sender.id,
-                        subject: `You were mentioned in ${data.collection}`,
+                        sender: sender['id'],
+                        subject: `You were mentioned in ${data['collection']}`,
                         message,
-                        collection: data.collection,
-                        item: data.item,
+                        collection: data['collection'],
+                        item: data['item'],
                     });
                 }
                 catch (err) {

package/dist/services/assets.js CHANGED Viewed

@@ -131,24 +131,24 @@ class AssetsService {
             const { width, height } = file;
             if (!width ||
                 !height ||
-                width > env_1.default.ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION ||
-                height > env_1.default.ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION) {
+                width > env_1.default['ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION'] ||
+                height > env_1.default['ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION']) {
                 throw new exceptions_1.IllegalAssetTransformation(`Image is too large to be transformed, or image size couldn't be determined.`);
             }
             const { queue, process } = sharp_1.default.counters();
-            if (queue + process > env_1.default.ASSETS_TRANSFORM_MAX_CONCURRENT) {
+            if (queue + process > env_1.default['ASSETS_TRANSFORM_MAX_CONCURRENT']) {
                 throw new service_unavailable_1.ServiceUnavailableException('Server too busy', {
                     service: 'files',
                 });
             }
             const readStream = await storage.location(file.storage).read(file.filename_disk, range);
             const transformer = (0, sharp_1.default)({
-                limitInputPixels: Math.pow(env_1.default.ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION, 2),
+                limitInputPixels: Math.pow(env_1.default['ASSETS_TRANSFORM_IMAGE_MAX_DIMENSION'], 2),
                 sequentialRead: true,
-                failOn: env_1.default.ASSETS_INVALID_IMAGE_SENSITIVITY_LEVEL,
+                failOn: env_1.default['ASSETS_INVALID_IMAGE_SENSITIVITY_LEVEL'],
             });
             transformer.timeout({
-                seconds: (0, lodash_1.clamp)(Math.round((0, get_milliseconds_1.getMilliseconds)(env_1.default.ASSETS_TRANSFORM_TIMEOUT, 0) / 1000), 1, 3600),
+                seconds: (0, lodash_1.clamp)(Math.round((0, get_milliseconds_1.getMilliseconds)(env_1.default['ASSETS_TRANSFORM_TIMEOUT'], 0) / 1000), 1, 3600),
             });
             if (transforms.find((transform) => transform[0] === 'rotate') === undefined)
                 transformer.rotate();

package/dist/services/authentication.js CHANGED Viewed

@@ -40,7 +40,7 @@ class AuthenticationService {
      */
     async login(providerName = constants_1.DEFAULT_AUTH_PROVIDER, payload, otp) {
         const { nanoid } = await import('nanoid');
-        const STALL_TIME = env_1.default.LOGIN_STALL_TIME;
+        const STALL_TIME = env_1.default['LOGIN_STALL_TIME'];
         const timeStart = perf_hooks_1.performance.now();
         const provider = (0, auth_1.getAuthProvider)(providerName);
         let userId;
@@ -150,12 +150,12 @@ class AuthenticationService {
             schema: this.schema,
             accountability: this.accountability,
         });
-        const accessToken = jsonwebtoken_1.default.sign(customClaims, env_1.default.SECRET, {
-            expiresIn: env_1.default.ACCESS_TOKEN_TTL,
+        const accessToken = jsonwebtoken_1.default.sign(customClaims, env_1.default['SECRET'], {
+            expiresIn: env_1.default['ACCESS_TOKEN_TTL'],
             issuer: 'directus',
         });
         const refreshToken = nanoid(64);
-        const refreshTokenExpiration = new Date(Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL, 0));
+        const refreshTokenExpiration = new Date(Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL'], 0));
         await this.knex('directus_sessions').insert({
             token: refreshToken,
             user: user.id,
@@ -185,7 +185,7 @@ class AuthenticationService {
         return {
             accessToken,
             refreshToken,
-            expires: (0, get_milliseconds_1.getMilliseconds)(env_1.default.ACCESS_TOKEN_TTL),
+            expires: (0, get_milliseconds_1.getMilliseconds)(env_1.default['ACCESS_TOKEN_TTL']),
             id: user.id,
         };
     }
@@ -280,12 +280,12 @@ class AuthenticationService {
             schema: this.schema,
             accountability: this.accountability,
         });
-        const accessToken = jsonwebtoken_1.default.sign(customClaims, env_1.default.SECRET, {
-            expiresIn: env_1.default.ACCESS_TOKEN_TTL,
+        const accessToken = jsonwebtoken_1.default.sign(customClaims, env_1.default['SECRET'], {
+            expiresIn: env_1.default['ACCESS_TOKEN_TTL'],
             issuer: 'directus',
         });
         const newRefreshToken = nanoid(64);
-        const refreshTokenExpiration = new Date(Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL, 0));
+        const refreshTokenExpiration = new Date(Date.now() + (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL'], 0));
         await this.knex('directus_sessions')
             .update({
             token: newRefreshToken,
@@ -298,7 +298,7 @@ class AuthenticationService {
         return {
             accessToken,
             refreshToken: newRefreshToken,
-            expires: (0, get_milliseconds_1.getMilliseconds)(env_1.default.ACCESS_TOKEN_TTL),
+            expires: (0, get_milliseconds_1.getMilliseconds)(env_1.default['ACCESS_TOKEN_TTL']),
             id: record.user_id,
         };
     }