directus 9.23.3 → 9.24.0

package/dist/app.js

@@ -81,7 +81,7 @@ const lodash_1 = require("lodash");
 const auth_2 = require("./auth");
 const cache_2 = require("./cache");
 const get_config_from_env_1 = require("./utils/get-config-from-env");
-const track_1 = require("./utils/track");
+const telemetry_1 = require("./utils/telemetry");
 const url_1 = require("./utils/url");
 const validate_env_1 = require("./utils/validate-env");
 const validate_storage_1 = require("./utils/validate-storage");
@@ -89,7 +89,7 @@ const webhooks_2 = require("./webhooks");
 async function createApp() {
     const helmet = await import('helmet');
     (0, validate_env_1.validateEnv)(['KEY', 'SECRET']);
-    if (!new url_1.Url(env_1.default.PUBLIC_URL).isAbsolute()) {
+    if (!new url_1.Url(env_1.default['PUBLIC_URL']).isAbsolute()) {
         logger_1.default.warn('PUBLIC_URL should be a full URL');
     }
     await (0, validate_storage_1.validateStorage)();
@@ -110,7 +110,7 @@ async function createApp() {
     await flowManager.initialize();
     const app = (0, express_1.default)();
     app.disable('x-powered-by');
-    app.set('trust proxy', env_1.default.IP_TRUST_PROXY);
+    app.set('trust proxy', env_1.default['IP_TRUST_PROXY']);
     app.set('query parser', (str) => qs_1.default.parse(str, { depth: 10 }));
     app.use(helmet.contentSecurityPolicy((0, lodash_1.merge)({
         useDefaults: true,
@@ -130,7 +130,7 @@ async function createApp() {
             connectSrc: ["'self'", 'https://*'],
         },
     }, (0, get_config_from_env_1.getConfigFromEnv)('CONTENT_SECURITY_POLICY_'))));
-    if (env_1.default.HSTS_ENABLED) {
+    if (env_1.default['HSTS_ENABLED']) {
         app.use(helmet.hsts((0, get_config_from_env_1.getConfigFromEnv)('HSTS_', ['HSTS_ENABLED'])));
     }
     await emitter_1.default.emitInit('app.before', { app });
@@ -140,12 +140,12 @@ async function createApp() {
         res.setHeader('X-Powered-By', 'Directus');
         next();
     });
-    if (env_1.default.CORS_ENABLED === true) {
+    if (env_1.default['CORS_ENABLED'] === true) {
         app.use(cors_1.default);
     }
     app.use((req, res, next) => {
         express_1.default.json({
-            limit: env_1.default.MAX_PAYLOAD_SIZE,
+            limit: env_1.default['MAX_PAYLOAD_SIZE'],
         })(req, res, (err) => {
             if (err) {
                 return next(new exceptions_1.InvalidPayloadException(err.message));
@@ -156,8 +156,8 @@ async function createApp() {
     app.use((0, cookie_parser_1.default)());
     app.use(extract_token_1.default);
     app.get('/', (_req, res, next) => {
-        if (env_1.default.ROOT_REDIRECT) {
-            res.redirect(env_1.default.ROOT_REDIRECT);
+        if (env_1.default['ROOT_REDIRECT']) {
+            res.redirect(env_1.default['ROOT_REDIRECT']);
         }
         else {
             next();
@@ -166,11 +166,11 @@ async function createApp() {
     app.get('/robots.txt', (_, res) => {
         res.set('Content-Type', 'text/plain');
         res.status(200);
-        res.send(env_1.default.ROBOTS_TXT);
+        res.send(env_1.default['ROBOTS_TXT']);
     });
-    if (env_1.default.SERVE_APP) {
+    if (env_1.default['SERVE_APP']) {
         const adminPath = require.resolve('@directus/app');
-        const adminUrl = new url_1.Url(env_1.default.PUBLIC_URL).addPath('admin');
+        const adminUrl = new url_1.Url(env_1.default['PUBLIC_URL']).addPath('admin');
         const embeds = extensionManager.getEmbeds();
         // Set the App's base path according to the APIs public URL
         const html = await fs_extra_1.default.readFile(adminPath, 'utf8');
@@ -192,13 +192,13 @@ async function createApp() {
         app.use('/admin/*', sendHtml);
     }
     // use the rate limiter - all routes for now
-    if (env_1.default.RATE_LIMITER_GLOBAL_ENABLED === true) {
+    if (env_1.default['RATE_LIMITER_GLOBAL_ENABLED'] === true) {
         app.use(rate_limiter_global_1.default);
     }
-    if (env_1.default.RATE_LIMITER_ENABLED === true) {
+    if (env_1.default['RATE_LIMITER_ENABLED'] === true) {
         app.use(rate_limiter_ip_1.default);
     }
-    app.get('/server/ping', (req, res) => res.send('pong'));
+    app.get('/server/ping', (_req, res) => res.send('pong'));
     app.use(authenticate_1.default);
     app.use(check_ip_1.checkIP);
     app.use(sanitize_query_1.default);
@@ -243,7 +243,7 @@ async function createApp() {
     await emitter_1.default.emitInit('routes.after', { app });
     // Register all webhooks
     await (0, webhooks_2.init)();
-    (0, track_1.track)('serverStarted');
+    (0, telemetry_1.collectTelemetry)();
     await emitter_1.default.emitInit('app.after', { app });
     return app;
 }

package/dist/auth/drivers/ldap.js

@@ -55,10 +55,10 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             bindPassword === undefined ||
             !userDn ||
             !provider ||
-            (!clientUrl && !config.client?.socketPath)) {
+            (!clientUrl && !config['client']?.socketPath)) {
             throw new exceptions_1.InvalidConfigException('Invalid provider config', { provider });
         }
-        const clientConfig = typeof config.client === 'object' ? config.client : {};
+        const clientConfig = typeof config['client'] === 'object' ? config['client'] : {};
         this.bindClient = ldapjs_1.default.createClient({ url: clientUrl, reconnect: true, ...clientConfig });
         this.bindClient.on('error', (err) => {
             logger_1.default.warn(err);
@@ -122,8 +122,8 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                 }
                 res.on('searchEntry', ({ object }) => {
                     const user = {
-                        dn: object.dn,
-                        userAccountControl: Number(getEntryValue(object.userAccountControl) ?? 0),
+                        dn: object['dn'],
+                        userAccountControl: Number(getEntryValue(object['userAccountControl']) ?? 0),
                     };
                     const firstName = getEntryValue(object[firstNameAttribute]);
                     if (firstName)
@@ -134,7 +134,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                     const email = getEntryValue(object[mailAttribute]);
                     if (email)
                         user.email = email;
-                    const uid = getEntryValue(object.uid);
+                    const uid = getEntryValue(object['uid']);
                     if (uid)
                         user.uid = uid;
                     resolve(user);
@@ -162,11 +162,11 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                     return;
                 }
                 res.on('searchEntry', ({ object }) => {
-                    if (typeof object.cn === 'object') {
-                        userGroups = [...userGroups, ...object.cn];
+                    if (typeof object['cn'] === 'object') {
+                        userGroups = [...userGroups, ...object['cn']];
                     }
-                    else if (object.cn) {
-                        userGroups.push(object.cn);
+                    else if (object['cn']) {
+                        userGroups.push(object['cn']);
                     }
                 });
                 res.on('error', (err) => {
@@ -187,14 +187,14 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         return user?.id;
     }
     async getUserID(payload) {
-        if (!payload.identifier) {
+        if (!payload['identifier']) {
             throw new exceptions_1.InvalidCredentialsException();
         }
         await this.validateBindClient();
         const { userDn, userScope, userAttribute, groupDn, groupScope, groupAttribute, defaultRoleId } = this.config;
         const userInfo = await this.fetchUserInfo(userDn, new ldapjs_1.EqualityFilter({
             attribute: userAttribute ?? 'cn',
-            value: payload.identifier,
+            value: payload['identifier'],
         }), userScope ?? 'one');
         if (!userInfo?.dn) {
             throw new exceptions_1.InvalidCredentialsException();
@@ -229,7 +229,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         }
         try {
             await this.usersService.createOne({
-                provider: this.config.provider,
+                provider: this.config['provider'],
                 first_name: userInfo.firstName,
                 last_name: userInfo.lastName,
                 email: userInfo.email,
@@ -251,9 +251,9 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             throw new exceptions_1.InvalidCredentialsException();
         }
         return new Promise((resolve, reject) => {
-            const clientConfig = typeof this.config.client === 'object' ? this.config.client : {};
+            const clientConfig = typeof this.config['client'] === 'object' ? this.config['client'] : {};
             const client = ldapjs_1.default.createClient({
-                url: this.config.clientUrl,
+                url: this.config['clientUrl'],
                 ...clientConfig,
                 reconnect: false,
             });
@@ -272,7 +272,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         });
     }
     async login(user, payload) {
-        await this.verify(user, payload.password);
+        await this.verify(user, payload['password']);
     }
     async refresh(user) {
         await this.validateBindClient();
@@ -330,18 +330,18 @@ function createLDAPAuthRouter(provider) {
             data: { access_token: accessToken, expires },
         };
         if (mode === 'json') {
-            payload.data.refresh_token = refreshToken;
+            payload['data']['refresh_token'] = refreshToken;
         }
         if (mode === 'cookie') {
-            res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
+            res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, {
                 httpOnly: true,
-                domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
-                sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
+                domain: env_1.default['REFRESH_TOKEN_COOKIE_DOMAIN'],
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL']),
+                secure: env_1.default['REFRESH_TOKEN_COOKIE_SECURE'] ?? false,
+                sameSite: env_1.default['REFRESH_TOKEN_COOKIE_SAME_SITE'] || 'strict',
             });
         }
-        res.locals.payload = payload;
+        res.locals['payload'] = payload;
         return next();
     }), respond_1.respond);
     return router;

package/dist/auth/drivers/local.js

@@ -19,13 +19,13 @@ const stall_1 = require("../../utils/stall");
 const auth_1 = require("../auth");
 class LocalAuthDriver extends auth_1.AuthDriver {
     async getUserID(payload) {
-        if (!payload.email) {
+        if (!payload['email']) {
             throw new exceptions_1.InvalidCredentialsException();
         }
         const user = await this.knex
             .select('id')
             .from('directus_users')
-            .whereRaw('LOWER(??) = ?', ['email', payload.email.toLowerCase()])
+            .whereRaw('LOWER(??) = ?', ['email', payload['email'].toLowerCase()])
             .first();
         if (!user) {
             throw new exceptions_1.InvalidCredentialsException();
@@ -38,7 +38,7 @@ class LocalAuthDriver extends auth_1.AuthDriver {
         }
     }
     async login(user, payload) {
-        await this.verify(user, payload.password);
+        await this.verify(user, payload['password']);
     }
 }
 exports.LocalAuthDriver = LocalAuthDriver;
@@ -51,7 +51,7 @@ function createLocalAuthRouter(provider) {
         otp: joi_1.default.string(),
     }).unknown();
     router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
-        const STALL_TIME = env_1.default.LOGIN_STALL_TIME;
+        const STALL_TIME = env_1.default['LOGIN_STALL_TIME'];
         const timeStart = perf_hooks_1.performance.now();
         const accountability = {
             ip: (0, get_ip_from_req_1.getIPFromReq)(req),
@@ -78,12 +78,12 @@ function createLocalAuthRouter(provider) {
             data: { access_token: accessToken, expires },
         };
         if (mode === 'json') {
-            payload.data.refresh_token = refreshToken;
+            payload['data']['refresh_token'] = refreshToken;
         }
         if (mode === 'cookie') {
-            res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_1.COOKIE_OPTIONS);
+            res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, constants_1.COOKIE_OPTIONS);
         }
-        res.locals.payload = payload;
+        res.locals['payload'] = payload;
         return next();
     }), respond_1.respond);
     return router;

package/dist/auth/drivers/oauth2.js

@@ -54,10 +54,10 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
     constructor(options, config) {
         super(options, config);
         const { authorizeUrl, accessUrl, profileUrl, clientId, clientSecret, ...additionalConfig } = config;
-        if (!authorizeUrl || !accessUrl || !profileUrl || !clientId || !clientSecret || !additionalConfig.provider) {
-            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig.provider });
+        if (!authorizeUrl || !accessUrl || !profileUrl || !clientId || !clientSecret || !additionalConfig['provider']) {
+            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig['provider'] });
         }
-        const redirectUrl = new url_1.Url(env_1.default.PUBLIC_URL).addPath('auth', 'login', additionalConfig.provider, 'callback');
+        const redirectUrl = new url_1.Url(env_1.default['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
         this.redirectUrl = redirectUrl.toString();
         this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
@@ -65,9 +65,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
             authorization_endpoint: authorizeUrl,
             token_endpoint: accessUrl,
             userinfo_endpoint: profileUrl,
-            issuer: additionalConfig.provider,
+            issuer: additionalConfig['provider'],
         });
-        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_CLIENT_`, [`AUTH_${config.provider.toUpperCase()}_CLIENT_ID`, `AUTH_${config.provider.toUpperCase()}_CLIENT_SECRET`], 'underscore');
+        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_CLIENT_`, [`AUTH_${config['provider'].toUpperCase()}_CLIENT_ID`, `AUTH_${config['provider'].toUpperCase()}_CLIENT_SECRET`], 'underscore');
         this.client = new issuer.Client({
             client_id: clientId,
             client_secret: clientSecret,
@@ -82,9 +82,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
     generateAuthUrl(codeVerifier, prompt = false) {
         try {
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
-            const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
+            const paramsConfig = typeof this.config['params'] === 'object' ? this.config['params'] : {};
             return this.client.authorizationUrl({
-                scope: this.config.scope ?? 'email',
+                scope: this.config['scope'] ?? 'email',
                 access_type: 'offline',
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
@@ -107,14 +107,14 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         return user?.id;
     }
     async getUserID(payload) {
-        if (!payload.code || !payload.codeVerifier || !payload.state) {
+        if (!payload['code'] || !payload['codeVerifier'] || !payload['state']) {
             logger_1.default.warn('[OAuth2] No code, codeVerifier or state in payload');
             throw new exceptions_2.InvalidCredentialsException();
         }
         let tokenSet;
         let userInfo;
         try {
-            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload.code, state: payload.state }, { code_verifier: payload.codeVerifier, state: openid_client_1.generators.codeChallenge(payload.codeVerifier) });
+            tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: openid_client_1.generators.codeChallenge(payload['codeVerifier']) });
             userInfo = await this.client.userinfo(tokenSet.access_token);
         }
         catch (e) {
@@ -148,11 +148,11 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         try {
             await this.usersService.createOne({
                 provider,
-                first_name: userInfo[this.config.firstNameKey],
-                last_name: userInfo[this.config.lastNameKey],
+                first_name: userInfo[this.config['firstNameKey']],
+                last_name: userInfo[this.config['lastNameKey']],
                 email: email,
                 external_identifier: identifier,
-                role: this.config.defaultRoleId,
+                role: this.config['defaultRoleId'],
                 auth_data: tokenSet.refresh_token && JSON.stringify({ refreshToken: tokenSet.refresh_token }),
             });
         }
@@ -178,9 +178,9 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`[OAuth2] Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (authData?.refreshToken) {
+        if (authData?.['refreshToken']) {
             try {
-                const tokenSet = await this.client.refresh(authData.refreshToken);
+                const tokenSet = await this.client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
                     await this.usersService.updateOne(user.id, {
@@ -222,8 +222,8 @@ function createOAuth2AuthRouter(providerName) {
     router.get('/', (req, res) => {
         const provider = (0, auth_1.getAuthProvider)(providerName);
         const codeVerifier = provider.generateCodeVerifier();
-        const prompt = !!req.query.prompt;
-        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect, prompt }, env_1.default.SECRET, {
+        const prompt = !!req.query['prompt'];
+        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query['redirect'], prompt }, env_1.default['SECRET'], {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -239,7 +239,9 @@ function createOAuth2AuthRouter(providerName) {
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
         let tokenData;
         try {
-            tokenData = jsonwebtoken_1.default.verify(req.cookies[`oauth2.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
+            tokenData = jsonwebtoken_1.default.verify(req.cookies[`oauth2.${providerName}`], env_1.default['SECRET'], {
+                issuer: 'directus',
+            });
         }
         catch (e) {
             logger_1.default.warn(e, `[OAuth2] Couldn't verify OAuth2 cookie`);
@@ -264,9 +266,9 @@ function createOAuth2AuthRouter(providerName) {
         try {
             res.clearCookie(`oauth2.${providerName}`);
             authResponse = await authenticationService.login(providerName, {
-                code: req.query.code,
+                code: req.query['code'],
                 codeVerifier: verifier,
-                state: req.query.state,
+                state: req.query['state'],
             });
         }
         catch (error) {
@@ -289,16 +291,16 @@ function createOAuth2AuthRouter(providerName) {
         }
         const { accessToken, refreshToken, expires } = authResponse;
         if (redirect) {
-            res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
+            res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, {
                 httpOnly: true,
-                domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
-                sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
+                domain: env_1.default['REFRESH_TOKEN_COOKIE_DOMAIN'],
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL']),
+                secure: env_1.default['REFRESH_TOKEN_COOKIE_SECURE'] ?? false,
+                sameSite: env_1.default['REFRESH_TOKEN_COOKIE_SAME_SITE'] || 'strict',
             });
             return res.redirect(redirect);
         }
-        res.locals.payload = {
+        res.locals['payload'] = {
             data: { access_token: accessToken, refresh_token: refreshToken, expires },
         };
         next();

package/dist/auth/drivers/openid.js

@@ -54,21 +54,21 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
     constructor(options, config) {
         super(options, config);
         const { issuerUrl, clientId, clientSecret, ...additionalConfig } = config;
-        if (!issuerUrl || !clientId || !clientSecret || !additionalConfig.provider) {
-            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig.provider });
+        if (!issuerUrl || !clientId || !clientSecret || !additionalConfig['provider']) {
+            throw new exceptions_2.InvalidConfigException('Invalid provider config', { provider: additionalConfig['provider'] });
         }
-        const redirectUrl = new url_1.Url(env_1.default.PUBLIC_URL).addPath('auth', 'login', additionalConfig.provider, 'callback');
-        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_CLIENT_`, [`AUTH_${config.provider.toUpperCase()}_CLIENT_ID`, `AUTH_${config.provider.toUpperCase()}_CLIENT_SECRET`], 'underscore');
+        const redirectUrl = new url_1.Url(env_1.default['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
+        const clientOptionsOverrides = (0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_CLIENT_`, [`AUTH_${config['provider'].toUpperCase()}_CLIENT_ID`, `AUTH_${config['provider'].toUpperCase()}_CLIENT_SECRET`], 'underscore');
         this.redirectUrl = redirectUrl.toString();
         this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
         this.client = new Promise((resolve, reject) => {
             openid_client_1.Issuer.discover(issuerUrl)
                 .then((issuer) => {
-                const supportedTypes = issuer.metadata.response_types_supported;
+                const supportedTypes = issuer.metadata['response_types_supported'];
                 if (!supportedTypes?.includes('code')) {
                     reject(new exceptions_2.InvalidConfigException('OpenID provider does not support required code flow', {
-                        provider: additionalConfig.provider,
+                        provider: additionalConfig['provider'],
                     }));
                 }
                 resolve(new issuer.Client({
@@ -92,9 +92,9 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         try {
             const client = await this.client;
             const codeChallenge = openid_client_1.generators.codeChallenge(codeVerifier);
-            const paramsConfig = typeof this.config.params === 'object' ? this.config.params : {};
+            const paramsConfig = typeof this.config['params'] === 'object' ? this.config['params'] : {};
             return client.authorizationUrl({
-                scope: this.config.scope ?? 'openid profile email',
+                scope: this.config['scope'] ?? 'openid profile email',
                 access_type: 'offline',
                 prompt: prompt ? 'consent' : undefined,
                 ...paramsConfig,
@@ -118,7 +118,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         return user?.id;
     }
     async getUserID(payload) {
-        if (!payload.code || !payload.codeVerifier || !payload.state) {
+        if (!payload['code'] || !payload['codeVerifier'] || !payload['state']) {
             logger_1.default.warn('[OpenID] No code, codeVerifier or state in payload');
             throw new exceptions_2.InvalidCredentialsException();
         }
@@ -126,10 +126,10 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         let userInfo;
         try {
             const client = await this.client;
-            const codeChallenge = openid_client_1.generators.codeChallenge(payload.codeVerifier);
-            tokenSet = await client.callback(this.redirectUrl, { code: payload.code, state: payload.state }, { code_verifier: payload.codeVerifier, state: codeChallenge, nonce: codeChallenge });
+            const codeChallenge = openid_client_1.generators.codeChallenge(payload['codeVerifier']);
+            tokenSet = await client.callback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge, nonce: codeChallenge });
             userInfo = tokenSet.claims();
-            if (client.issuer.metadata.userinfo_endpoint) {
+            if (client.issuer.metadata['userinfo_endpoint']) {
                 userInfo = {
                     ...userInfo,
                     ...(await client.userinfo(tokenSet.access_token)),
@@ -142,7 +142,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         // Flatten response to support dot indexes
         userInfo = (0, flat_1.default)(userInfo);
         const { provider, identifierKey, allowPublicRegistration, requireVerifiedEmail } = this.config;
-        const email = userInfo.email ? String(userInfo.email) : undefined;
+        const email = userInfo['email'] ? String(userInfo['email']) : undefined;
         // Fallback to email if explicit identifier not found
         const identifier = userInfo[identifierKey ?? 'sub'] ? String(userInfo[identifierKey ?? 'sub']) : email;
         if (!identifier) {
@@ -159,7 +159,7 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
             }
             return userId;
         }
-        const isEmailVerified = !requireVerifiedEmail || userInfo.email_verified;
+        const isEmailVerified = !requireVerifiedEmail || userInfo['email_verified'];
         // Is public registration allowed?
         if (!allowPublicRegistration || !isEmailVerified) {
             logger_1.default.warn(`[OpenID] User doesn't exist, and public registration not allowed for provider "${provider}"`);
@@ -168,11 +168,11 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         try {
             await this.usersService.createOne({
                 provider,
-                first_name: userInfo.given_name,
-                last_name: userInfo.family_name,
+                first_name: userInfo['given_name'],
+                last_name: userInfo['family_name'],
                 email: email,
                 external_identifier: identifier,
-                role: this.config.defaultRoleId,
+                role: this.config['defaultRoleId'],
                 auth_data: tokenSet.refresh_token && JSON.stringify({ refreshToken: tokenSet.refresh_token }),
             });
         }
@@ -198,10 +198,10 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
                 logger_1.default.warn(`[OpenID] Session data isn't valid JSON: ${authData}`);
             }
         }
-        if (authData?.refreshToken) {
+        if (authData?.['refreshToken']) {
             try {
                 const client = await this.client;
-                const tokenSet = await client.refresh(authData.refreshToken);
+                const tokenSet = await client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
                     await this.usersService.updateOne(user.id, {
@@ -243,8 +243,8 @@ function createOpenIDAuthRouter(providerName) {
     router.get('/', (0, async_handler_1.default)(async (req, res) => {
         const provider = (0, auth_1.getAuthProvider)(providerName);
         const codeVerifier = provider.generateCodeVerifier();
-        const prompt = !!req.query.prompt;
-        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query.redirect, prompt }, env_1.default.SECRET, {
+        const prompt = !!req.query['prompt'];
+        const token = jsonwebtoken_1.default.sign({ verifier: codeVerifier, redirect: req.query['redirect'], prompt }, env_1.default['SECRET'], {
             expiresIn: '5m',
             issuer: 'directus',
         });
@@ -260,7 +260,9 @@ function createOpenIDAuthRouter(providerName) {
     router.get('/callback', (0, async_handler_1.default)(async (req, res, next) => {
         let tokenData;
         try {
-            tokenData = jsonwebtoken_1.default.verify(req.cookies[`openid.${providerName}`], env_1.default.SECRET, { issuer: 'directus' });
+            tokenData = jsonwebtoken_1.default.verify(req.cookies[`openid.${providerName}`], env_1.default['SECRET'], {
+                issuer: 'directus',
+            });
         }
         catch (e) {
             logger_1.default.warn(e, `[OpenID] Couldn't verify OpenID cookie`);
@@ -285,9 +287,9 @@ function createOpenIDAuthRouter(providerName) {
         try {
             res.clearCookie(`openid.${providerName}`);
             authResponse = await authenticationService.login(providerName, {
-                code: req.query.code,
+                code: req.query['code'],
                 codeVerifier: verifier,
-                state: req.query.state,
+                state: req.query['state'],
             });
         }
         catch (error) {
@@ -311,16 +313,16 @@ function createOpenIDAuthRouter(providerName) {
         }
         const { accessToken, refreshToken, expires } = authResponse;
         if (redirect) {
-            res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
+            res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, {
                 httpOnly: true,
-                domain: env_1.default.REFRESH_TOKEN_COOKIE_DOMAIN,
-                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default.REFRESH_TOKEN_TTL),
-                secure: env_1.default.REFRESH_TOKEN_COOKIE_SECURE ?? false,
-                sameSite: env_1.default.REFRESH_TOKEN_COOKIE_SAME_SITE || 'strict',
+                domain: env_1.default['REFRESH_TOKEN_COOKIE_DOMAIN'],
+                maxAge: (0, get_milliseconds_1.getMilliseconds)(env_1.default['REFRESH_TOKEN_TTL']),
+                secure: env_1.default['REFRESH_TOKEN_COOKIE_SECURE'] ?? false,
+                sameSite: env_1.default['REFRESH_TOKEN_COOKIE_SAME_SITE'] || 'strict',
             });
             return res.redirect(redirect);
         }
-        res.locals.payload = {
+        res.locals['payload'] = {
             data: { access_token: accessToken, refresh_token: refreshToken, expires },
         };
         next();

package/dist/auth/drivers/saml.js

@@ -53,8 +53,8 @@ class SAMLAuthDriver extends local_1.LocalAuthDriver {
         super(options, config);
         this.config = config;
         this.usersService = new services_1.UsersService({ knex: this.knex, schema: this.schema });
-        this.sp = samlify.ServiceProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_SP`));
-        this.idp = samlify.IdentityProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config.provider.toUpperCase()}_IDP`));
+        this.sp = samlify.ServiceProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_SP`));
+        this.idp = samlify.IdentityProvider((0, get_config_from_env_1.getConfigFromEnv)(`AUTH_${config['provider'].toUpperCase()}_IDP`));
     }
     async fetchUserID(identifier) {
         const user = await this.knex
@@ -84,7 +84,7 @@ class SAMLAuthDriver extends local_1.LocalAuthDriver {
                 last_name: lastName,
                 email: email,
                 external_identifier: identifier.toLowerCase(),
-                role: this.config.defaultRoleId,
+                role: this.config['defaultRoleId'],
             });
         }
         catch (error) {
@@ -111,8 +111,8 @@ function createSAMLAuthRouter(providerName) {
         const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
         const { context: url } = await sp.createLoginRequest(idp, 'redirect');
         const parsedUrl = new URL(url);
-        if (req.query.redirect) {
-            parsedUrl.searchParams.append('RelayState', req.query.redirect);
+        if (req.query['redirect']) {
+            parsedUrl.searchParams.append('RelayState', req.query['redirect']);
         }
         return res.redirect(parsedUrl.toString());
     }));
@@ -120,11 +120,11 @@ function createSAMLAuthRouter(providerName) {
         const { sp, idp } = (0, auth_1.getAuthProvider)(providerName);
         const { context } = await sp.createLogoutRequest(idp, 'redirect', req.body);
         const authService = new services_1.AuthenticationService({ accountability: req.accountability, schema: req.schema });
-        if (req.cookies[env_1.default.REFRESH_TOKEN_COOKIE_NAME]) {
-            const currentRefreshToken = req.cookies[env_1.default.REFRESH_TOKEN_COOKIE_NAME];
+        if (req.cookies[env_1.default['REFRESH_TOKEN_COOKIE_NAME']]) {
+            const currentRefreshToken = req.cookies[env_1.default['REFRESH_TOKEN_COOKIE_NAME']];
             if (currentRefreshToken) {
                 await authService.logout(currentRefreshToken);
-                res.clearCookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, constants_1.COOKIE_OPTIONS);
+                res.clearCookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], constants_1.COOKIE_OPTIONS);
             }
         }
         return res.redirect(context);
@@ -136,7 +136,7 @@ function createSAMLAuthRouter(providerName) {
             const { extract } = await sp.parseLoginResponse(idp, 'post', req);
             const authService = new services_1.AuthenticationService({ accountability: req.accountability, schema: req.schema });
             const { accessToken, refreshToken, expires } = await authService.login(providerName, extract.attributes);
-            res.locals.payload = {
+            res.locals['payload'] = {
                 data: {
                     access_token: accessToken,
                     refresh_token: refreshToken,
@@ -144,7 +144,7 @@ function createSAMLAuthRouter(providerName) {
                 },
             };
             if (relayState) {
-                res.cookie(env_1.default.REFRESH_TOKEN_COOKIE_NAME, refreshToken, constants_1.COOKIE_OPTIONS);
+                res.cookie(env_1.default['REFRESH_TOKEN_COOKIE_NAME'], refreshToken, constants_1.COOKIE_OPTIONS);
                 return res.redirect(relayState);
             }
             return next();