directus 9.5.0 → 9.5.1

package/dist/controllers/files.js

@@ -20,7 +20,7 @@ const router = express_1.default.Router();
 router.use((0, use_collection_1.default)('directus_files'));
 const multipartHandler = (0, async_handler_1.default)(async (req, res, next) => {
     if (req.is('multipart/form-data') === false)
-        throw new exceptions_1.UnsupportedMediaTypeException(`Unsupported Content-Type header`);
+        return next();
     let headers;
     if (req.headers['content-type']) {
         headers = req.headers;
@@ -93,6 +93,9 @@ const multipartHandler = (0, async_handler_1.default)(async (req, res, next) =>
     }
 });
 router.post('/', multipartHandler, (0, async_handler_1.default)(async (req, res, next) => {
+    if (req.is('multipart/form-data') === false) {
+        throw new exceptions_1.UnsupportedMediaTypeException(`Unsupported Content-Type header`);
+    }
     const service = new services_1.FilesService({
         accountability: req.accountability,
         schema: req.schema,

package/dist/database/index.js

@@ -103,16 +103,14 @@ function getDatabase() {
         // act the same
         (0, lodash_1.merge)(knexConfig, { connection: { options: { useUTC: false } } });
     }
-    if (env_1.default.DB_CLIENT === 'mysql' && !env_1.default.DB_CHARSET) {
-        logger_1.default.warn(`DB_CHARSET hasn't been set. Please make sure DB_CHARSET matches your database's collation.`);
-    }
     database = (0, knex_1.knex)(knexConfig);
+    validateDatabaseCharset(database);
     const times = {};
     database
         .on('query', (queryInfo) => {
         times[queryInfo.__knexUid] = perf_hooks_1.performance.now();
     })
-        .on('query-response', (response, queryInfo) => {
+        .on('query-response', (_response, queryInfo) => {
         const delta = perf_hooks_1.performance.now() - times[queryInfo.__knexUid];
         logger_1.default.trace(`[${delta.toFixed(3)}ms] ${queryInfo.sql} [${queryInfo.bindings.join(', ')}]`);
         delete times[queryInfo.__knexUid];
@@ -234,3 +232,34 @@ async function validateDatabaseExtensions() {
     }
 }
 exports.validateDatabaseExtensions = validateDatabaseExtensions;
+async function validateDatabaseCharset(database) {
+    database = database !== null && database !== void 0 ? database : getDatabase();
+    if (getDatabaseClient(database) === 'mysql') {
+        if (env_1.default.DB_CHARSET) {
+            logger_1.default.warn(`Using custom DB_CHARSET "${env_1.default.DB_CHARSET}". Using a charset different from the database's default can cause problems in relationships. Omitting DB_CHARSET is strongly recommended.`);
+        }
+        const { collation } = await database.select(database.raw(`@@collation_database as collation`)).first();
+        const tables = await database('information_schema.tables')
+            .select({ name: 'TABLE_NAME', collation: 'TABLE_COLLATION' })
+            .where({ TABLE_SCHEMA: env_1.default.DB_DATABASE });
+        const columns = await database('information_schema.columns')
+            .select({ table_name: 'TABLE_NAME', name: 'COLUMN_NAME', collation: 'COLLATION_NAME' })
+            .where({ TABLE_SCHEMA: env_1.default.DB_DATABASE })
+            .whereNot({ COLLATION_NAME: collation });
+        let inconsistencies = '';
+        for (const table of tables) {
+            const tableColumns = columns.filter((column) => column.table_name === table.name);
+            const tableHasInvalidCollation = table.collation !== collation;
+            if (tableHasInvalidCollation || tableColumns.length > 0) {
+                inconsistencies += `\t\t- Table "${table.name}": "${table.collation}"\n`;
+                for (const column of tableColumns) {
+                    inconsistencies += `\t\t  - Column "${column.name}": "${column.collation}"\n`;
+                }
+            }
+        }
+        if (inconsistencies) {
+            logger_1.default.warn(`Some tables and columns do not match your database's default collation (${collation}):\n${inconsistencies}`);
+        }
+    }
+    return;
+}

package/dist/middleware/extract-token.js

@@ -15,7 +15,7 @@ const extractToken = (req, res, next) => {
     }
     if (req.headers && req.headers.authorization) {
         const parts = req.headers.authorization.split(' ');
-        if (parts.length === 2 && parts[0] === 'Bearer') {
+        if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') {
             token = parts[1];
         }
     }

package/dist/services/collections.js

@@ -66,24 +66,7 @@ class CollectionsService {
         // permission problems. This might not work reliably in MySQL, as it doesn't support DDL in
         // transactions.
         await this.knex.transaction(async (trx) => {
-            if (payload.meta) {
-                const collectionItemsService = new items_1.ItemsService('directus_collections', {
-                    knex: trx,
-                    accountability: this.accountability,
-                    schema: this.schema,
-                });
-                await collectionItemsService.createOne({
-                    ...payload.meta,
-                    collection: payload.collection,
-                });
-            }
             if (payload.schema) {
-                const fieldsService = new fields_1.FieldsService({ knex: trx, schema: this.schema });
-                const fieldItemsService = new items_1.ItemsService('directus_fields', {
-                    knex: trx,
-                    accountability: this.accountability,
-                    schema: this.schema,
-                });
                 // Directus heavily relies on the primary key of a collection, so we have to make sure that
                 // every collection that is created has a primary key. If no primary key field is created
                 // while making the collection, we default to an auto incremented id named `id`
@@ -114,18 +97,33 @@ class CollectionsService {
                     }
                     return field;
                 });
-                await trx.transaction(async (schemaTrx) => {
-                    await schemaTrx.schema.createTable(payload.collection, (table) => {
-                        for (const field of payload.fields) {
-                            if (field.type && constants_1.ALIAS_TYPES.includes(field.type) === false) {
-                                fieldsService.addColumnToTable(table, field);
-                            }
+                const fieldsService = new fields_1.FieldsService({ knex: trx, schema: this.schema });
+                await trx.schema.createTable(payload.collection, (table) => {
+                    for (const field of payload.fields) {
+                        if (field.type && constants_1.ALIAS_TYPES.includes(field.type) === false) {
+                            fieldsService.addColumnToTable(table, field);
                         }
-                    });
+                    }
+                });
+                const fieldItemsService = new items_1.ItemsService('directus_fields', {
+                    knex: trx,
+                    accountability: this.accountability,
+                    schema: this.schema,
                 });
                 const fieldPayloads = payload.fields.filter((field) => field.meta).map((field) => field.meta);
                 await fieldItemsService.createMany(fieldPayloads);
             }
+            if (payload.meta) {
+                const collectionItemsService = new items_1.ItemsService('directus_collections', {
+                    knex: trx,
+                    accountability: this.accountability,
+                    schema: this.schema,
+                });
+                await collectionItemsService.createOne({
+                    ...payload.meta,
+                    collection: payload.collection,
+                });
+            }
             return payload.collection;
         });
         if (this.cache && env_1.default.CACHE_AUTO_PURGE && (opts === null || opts === void 0 ? void 0 : opts.autoPurgeCache) !== false) {
@@ -318,6 +316,7 @@ class CollectionsService {
         }
         await this.knex.transaction(async (trx) => {
             var _a;
+            await trx.schema.dropTable(collectionKey);
             // Make sure this collection isn't used as a group in any other collections
             await trx('directus_collections').update({ group: null }).where({ group: collectionKey });
             if (collectionToBeDeleted.meta) {
@@ -373,9 +372,6 @@ class CollectionsService {
                         .update({ one_allowed_collections: newAllowedCollections })
                         .where({ id: relation.meta.id });
                 }
-                await trx.transaction(async (schemaTrx) => {
-                    await schemaTrx.schema.dropTable(collectionKey);
-                });
             }
         });
         if (this.cache && env_1.default.CACHE_AUTO_PURGE && (opts === null || opts === void 0 ? void 0 : opts.autoPurgeCache) !== false) {

package/dist/services/fields.js

@@ -224,10 +224,8 @@ class FieldsService {
                     this.addColumnToTable(table, hookAdjustedField);
                 }
                 else {
-                    await trx.transaction(async (schemaTrx) => {
-                        await schemaTrx.schema.alterTable(collection, (table) => {
-                            this.addColumnToTable(table, hookAdjustedField);
-                        });
+                    await trx.schema.alterTable(collection, (table) => {
+                        this.addColumnToTable(table, hookAdjustedField);
                     });
                 }
             }
@@ -327,6 +325,13 @@ class FieldsService {
         });
         await this.knex.transaction(async (trx) => {
             var _a, _b;
+            if (this.schema.collections[collection] &&
+                field in this.schema.collections[collection].fields &&
+                this.schema.collections[collection].fields[field].alias === false) {
+                await trx.schema.table(collection, (table) => {
+                    table.dropColumn(field);
+                });
+            }
             const relations = this.schema.relations.filter((relation) => {
                 var _a;
                 return ((relation.collection === collection && relation.field === field) ||
@@ -386,15 +391,6 @@ class FieldsService {
                     .where({ group: metaRow.field, collection: metaRow.collection });
             }
             await trx('directus_fields').delete().where({ collection, field });
-            if (this.schema.collections[collection] &&
-                field in this.schema.collections[collection].fields &&
-                this.schema.collections[collection].fields[field].alias === false) {
-                await trx.transaction(async (schemaTrx) => {
-                    await schemaTrx.schema.table(collection, (table) => {
-                        table.dropColumn(field);
-                    });
-                });
-            }
         });
         if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
             await this.cache.clear();
@@ -410,7 +406,7 @@ class FieldsService {
         });
     }
     addColumnToTable(table, field, alter = null) {
-        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
         let column;
         // Don't attempt to add a DB column for alias / corrupt fields
         if (field.type === 'alias' || field.type === 'unknown')
@@ -456,21 +452,25 @@ class FieldsService {
                 column.defaultTo(field.schema.default_value);
             }
         }
-        if (((_g = field.schema) === null || _g === void 0 ? void 0 : _g.is_nullable) !== undefined && field.schema.is_nullable === false) {
-            column.notNullable();
+        if (((_g = field.schema) === null || _g === void 0 ? void 0 : _g.is_nullable) === false) {
+            if (!alter || alter.is_nullable === true) {
+                column.notNullable();
+            }
         }
-        else {
-            column.nullable();
+        else if (((_h = field.schema) === null || _h === void 0 ? void 0 : _h.is_nullable) === true) {
+            if (!alter || alter.is_nullable === false) {
+                column.nullable();
+            }
         }
-        if ((_h = field.schema) === null || _h === void 0 ? void 0 : _h.is_primary_key) {
+        if ((_j = field.schema) === null || _j === void 0 ? void 0 : _j.is_primary_key) {
             column.primary().notNullable();
         }
-        else if (((_j = field.schema) === null || _j === void 0 ? void 0 : _j.is_unique) === true) {
+        else if (((_k = field.schema) === null || _k === void 0 ? void 0 : _k.is_unique) === true) {
             if (!alter || alter.is_unique === false) {
                 column.unique();
             }
         }
-        else if (((_k = field.schema) === null || _k === void 0 ? void 0 : _k.is_unique) === false) {
+        else if (((_l = field.schema) === null || _l === void 0 ? void 0 : _l.is_unique) === false) {
             if (alter && alter.is_unique === true) {
                 table.dropUnique([field.field]);
             }

package/dist/services/payload.js

@@ -100,12 +100,16 @@ class PayloadService {
                 return value;
             },
             async csv({ action, value }) {
-                if (!value)
+                if (Array.isArray(value) === false && typeof value !== 'string')
                     return;
-                if (action === 'read' && Array.isArray(value) === false)
+                if (action === 'read' && Array.isArray(value) === false) {
+                    if (value === '')
+                        return [];
                     return value.split(',');
-                if (Array.isArray(value))
+                }
+                if (Array.isArray(value)) {
                     return value.join(',');
+                }
                 return value;
             },
         };

package/dist/utils/get-permissions.js

@@ -145,7 +145,7 @@ function processPermissions(accountability, permissions, filterContext) {
     return permissions.map((permission) => {
         permission.permissions = (0, utils_1.parseFilter)(permission.permissions, accountability, filterContext);
         permission.validation = (0, utils_1.parseFilter)(permission.validation, accountability, filterContext);
-        permission.presets = (0, utils_1.parseFilter)(permission.presets, accountability, filterContext);
+        permission.presets = (0, utils_1.parsePreset)(permission.presets, accountability, filterContext);
         return permission;
     });
 }

package/dist/utils/md.js

@@ -10,6 +10,6 @@ const sanitize_html_1 = __importDefault(require("sanitize-html"));
  * Render and sanitize a markdown string
  */
 function md(str) {
-    return (0, sanitize_html_1.default)((0, marked_1.parse)(str));
+    return (0, sanitize_html_1.default)((0, marked_1.marked)(str));
 }
 exports.md = md;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "directus",
-	"version": "9.5.0",
+	"version": "9.5.1",
 	"license": "GPL-3.0-only",
 	"homepage": "https://github.com/directus/directus#readme",
 	"description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -63,7 +63,8 @@
 		"cleanup": "rimraf dist",
 		"dev": "cross-env NODE_ENV=development SERVE_APP=false ts-node-dev --files --transpile-only --respawn --watch \".env\" --inspect=0 --exit-child -- src/start.ts",
 		"cli": "cross-env NODE_ENV=development SERVE_APP=false ts-node --script-mode --transpile-only src/cli/run.ts",
-		"test": "jest --coverage",
+		"test": "jest",
+		"test:coverage": "jest --coverage",
 		"test:watch": "jest --watchAll"
 	},
 	"engines": {
@@ -77,16 +78,16 @@
 	],
 	"dependencies": {
 		"@aws-sdk/client-ses": "^3.40.0",
-		"@directus/app": "9.5.0",
-		"@directus/drive": "9.5.0",
-		"@directus/drive-azure": "9.5.0",
-		"@directus/drive-gcs": "9.5.0",
-		"@directus/drive-s3": "9.5.0",
-		"@directus/extensions-sdk": "9.5.0",
-		"@directus/format-title": "9.5.0",
-		"@directus/schema": "9.5.0",
-		"@directus/shared": "9.5.0",
-		"@directus/specs": "9.5.0",
+		"@directus/app": "9.5.1",
+		"@directus/drive": "9.5.1",
+		"@directus/drive-azure": "9.5.1",
+		"@directus/drive-gcs": "9.5.1",
+		"@directus/drive-s3": "9.5.1",
+		"@directus/extensions-sdk": "9.5.1",
+		"@directus/format-title": "9.5.1",
+		"@directus/schema": "9.5.1",
+		"@directus/shared": "9.5.1",
+		"@directus/specs": "9.5.1",
 		"@godaddy/terminus": "^4.9.0",
 		"@rollup/plugin-alias": "^3.1.2",
 		"@rollup/plugin-virtual": "^2.0.3",
@@ -125,7 +126,7 @@
 		"jsonwebtoken": "^8.5.1",
 		"keyv": "^4.0.3",
 		"knex": "^0.95.14",
-		"knex-schema-inspector": "1.7.2",
+		"knex-schema-inspector": "1.7.3",
 		"ldapjs": "^2.3.1",
 		"liquidjs": "^9.25.0",
 		"lodash": "^4.17.21",
@@ -172,7 +173,7 @@
 		"sqlite3": "^5.0.2",
 		"tedious": "^13.0.0"
 	},
-	"gitHead": "78a25fe9538dcd30452dc1a0889e720040c0596c",
+	"gitHead": "c0c412d30b116bd38a2690b62463f775d37db79c",
 	"devDependencies": {
 		"@types/async": "3.2.10",
 		"@types/atob": "2.1.2",
@@ -195,12 +196,15 @@
 		"@types/keyv": "3.1.3",
 		"@types/ldapjs": "2.2.2",
 		"@types/lodash": "4.14.177",
+		"@types/marked": "4.0.1",
 		"@types/mime-types": "2.1.1",
 		"@types/ms": "0.7.31",
 		"@types/node": "16.11.9",
 		"@types/node-cron": "2.0.5",
 		"@types/nodemailer": "6.4.4",
 		"@types/object-hash": "2.2.1",
+		"@types/pino": "6.3.12",
+		"@types/pino-http": "5.8.0",
 		"@types/qs": "6.9.7",
 		"@types/sanitize-html": "2.5.0",
 		"@types/sharp": "0.29.4",