directus 9.5.1 → 9.7.0

package/dist/database/run-ast.js

@@ -3,15 +3,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@directus/shared/utils");
 const lodash_1 = require("lodash");
+const _1 = __importDefault(require("."));
+const helpers_1 = require("../database/helpers");
+const env_1 = __importDefault(require("../env"));
 const payload_1 = require("../services/payload");
 const apply_function_to_column_name_1 = require("../utils/apply-function-to-column-name");
 const apply_query_1 = __importDefault(require("../utils/apply-query"));
 const get_column_1 = require("../utils/get-column");
 const strip_function_1 = require("../utils/strip-function");
-const utils_1 = require("@directus/shared/utils");
-const _1 = __importDefault(require("."));
-const helpers_1 = require("../database/helpers");
 /**
  * Execute a given AST using Knex. Returns array of items based on requested AST.
  */
@@ -44,10 +45,33 @@ async function runAST(originalAST, schema, options) {
         // Apply the `_in` filters to the nested collection batches
         const nestedNodes = applyParentFilters(schema, nestedCollectionNodes, items);
         for (const nestedNode of nestedNodes) {
-            const nestedItems = await runAST(nestedNode, schema, { knex, nested: true });
-            if (nestedItems) {
-                // Merge all fetched nested records with the parent items
-                items = mergeWithParentItems(schema, nestedItems, items, nestedNode);
+            let nestedItems = [];
+            if (nestedNode.type === 'o2m') {
+                let hasMore = true;
+                let batchCount = 0;
+                while (hasMore) {
+                    const node = (0, lodash_1.merge)({}, nestedNode, {
+                        query: { limit: env_1.default.RELATIONAL_BATCH_SIZE, offset: batchCount * env_1.default.RELATIONAL_BATCH_SIZE },
+                    });
+                    nestedItems = (await runAST(node, schema, { knex, nested: true }));
+                    if (nestedItems) {
+                        items = mergeWithParentItems(schema, nestedItems, items, nestedNode);
+                    }
+                    if (!nestedItems || nestedItems.length < env_1.default.RELATIONAL_BATCH_SIZE) {
+                        hasMore = false;
+                    }
+                    batchCount++;
+                }
+            }
+            else {
+                const node = (0, lodash_1.merge)({}, nestedNode, {
+                    query: { limit: -1 },
+                });
+                nestedItems = (await runAST(node, schema, { knex, nested: true }));
+                if (nestedItems) {
+                    // Merge all fetched nested records with the parent items
+                    items = mergeWithParentItems(schema, nestedItems, items, nestedNode);
+                }
             }
         }
         // During the fetching of data, we have to inject a couple of required fields for the child nesting
@@ -146,13 +170,7 @@ function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
         if (nestedNode.type === 'm2o') {
             const foreignField = schema.collections[nestedNode.relation.related_collection].primary;
             const foreignIds = (0, lodash_1.uniq)(parentItems.map((res) => res[nestedNode.relation.field])).filter((id) => id);
-            const limit = nestedNode.query.limit;
-            if (limit === -1) {
-                (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
-            }
-            else {
-                nestedNode.query.union = [foreignField, foreignIds];
-            }
+            (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
         }
         else if (nestedNode.type === 'o2m') {
             const relatedM2OisFetched = !!nestedNode.children.find((child) => {
@@ -174,13 +192,7 @@ function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
             }
             const foreignField = nestedNode.relation.field;
             const foreignIds = (0, lodash_1.uniq)(parentItems.map((res) => res[nestedNode.parentKey])).filter((id) => id);
-            const limit = nestedNode.query.limit;
-            if (limit === -1) {
-                (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
-            }
-            else {
-                nestedNode.query.union = [foreignField, foreignIds];
-            }
+            (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
         }
         else if (nestedNode.type === 'a2o') {
             const keysPerCollection = {};
@@ -193,20 +205,16 @@ function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
             for (const relatedCollection of nestedNode.names) {
                 const foreignField = nestedNode.relatedKey[relatedCollection];
                 const foreignIds = (0, lodash_1.uniq)(keysPerCollection[relatedCollection]);
-                const limit = nestedNode.query[relatedCollection].limit;
-                if (limit === -1) {
-                    (0, lodash_1.merge)(nestedNode, { query: { [relatedCollection]: { filter: { [foreignField]: { _in: foreignIds } } } } });
-                }
-                else {
-                    nestedNode.query[relatedCollection].union = [foreignField, foreignIds];
-                }
+                (0, lodash_1.merge)(nestedNode, {
+                    query: { [relatedCollection]: { filter: { [foreignField]: { _in: foreignIds } } } },
+                });
             }
         }
     }
     return nestedCollectionNodes;
 }
 function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
-    var _a;
+    var _a, _b;
     const nestedItems = (0, utils_1.toArray)(nestedItem);
     const parentItems = (0, lodash_1.clone)((0, utils_1.toArray)(parentItem));
     if (nestedNode.type === 'm2o') {
@@ -220,8 +228,9 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
     }
     else if (nestedNode.type === 'o2m') {
         for (const parentItem of parentItems) {
-            const itemChildren = nestedItems
-                .filter((nestedItem) => {
+            if (!parentItem[nestedNode.fieldKey])
+                parentItem[nestedNode.fieldKey] = [];
+            const itemChildren = nestedItems.filter((nestedItem) => {
                 var _a;
                 if (nestedItem === null)
                     return false;
@@ -230,8 +239,13 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
                 return (nestedItem[nestedNode.relation.field] ==
                     parentItem[schema.collections[nestedNode.relation.related_collection].primary] ||
                     ((_a = nestedItem[nestedNode.relation.field]) === null || _a === void 0 ? void 0 : _a[schema.collections[nestedNode.relation.related_collection].primary]) == parentItem[schema.collections[nestedNode.relation.related_collection].primary]);
-            })
-                .sort((a, b) => {
+            });
+            parentItem[nestedNode.fieldKey].push(...itemChildren);
+            if (nestedNode.query.offset && nestedNode.query.offset >= 0) {
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(nestedNode.query.offset);
+            }
+            parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, (_a = nestedNode.query.limit) !== null && _a !== void 0 ? _a : 100);
+            parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].sort((a, b) => {
                 // This is pre-filled in get-ast-from-query
                 const sortField = nestedNode.query.sort[0];
                 let column = sortField;
@@ -253,12 +267,11 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
                     return a[column] < b[column] ? 1 : -1;
                 }
             });
-            parentItem[nestedNode.fieldKey] = itemChildren.length > 0 ? itemChildren : [];
         }
     }
     else if (nestedNode.type === 'a2o') {
         for (const parentItem of parentItems) {
-            if (!((_a = nestedNode.relation.meta) === null || _a === void 0 ? void 0 : _a.one_collection_field)) {
+            if (!((_b = nestedNode.relation.meta) === null || _b === void 0 ? void 0 : _b.one_collection_field)) {
                 parentItem[nestedNode.fieldKey] = null;
                 continue;
             }

package/dist/database/system-data/app-access-permissions/app-access-permissions.yaml

@@ -62,14 +62,20 @@
   permissions:
     recipient:
       _eq: $CURRENT_USER
-  fields: '*'
 
 - collection: directus_notifications
   action: update
   permissions:
     recipient:
       _eq: $CURRENT_USER
-  fields: 'status'
+  fields:
+    - status
+
+- collection: directus_shares
+  action: read
+  permissions:
+    user_created:
+      _eq: $CURRENT_USER
 
 - collection: directus_users
   action: read

package/dist/database/system-data/fields/collections.yaml

@@ -156,6 +156,8 @@ fields:
         - decimal
         - integer
       allowNone: true
+      allowPrimaryKey: false
+      allowForeignKeys: false
     width: half
 
   - field: accountability_divider

package/dist/database/system-data/fields/settings.yaml

@@ -87,9 +87,25 @@ fields:
       language: css
       lineNumber: true
       template: |
-        #app, #main-content {
-          --border-radius-outline: 0px !important;
-          --border-radius: 0px !important;
+        #app, #main-content, body {
+          --primary-alt: #F0ECFF !important;
+          --primary-10: #F0ECFF !important;
+          --primary-25: #D9D0FF !important;
+          --primary-50: #B3A1FF !important;
+          --primary-75: #8C73FF !important;
+          --primary-90: #7557FF !important;
+
+          --primary: #6644FF !important;
+
+          --primary-110: #5E41EC !important;
+          --primary-125: #523DCF !important;
+          --primary-150: #3E369F !important;
+          --primary-175: #2B3070 !important;
+          --primary-190: #1F2C53 !important;
+
+          --v-button-background-color: #6644FF !important;
+          --v-button-background-color-hover: #5E41EC !important;
+          --sidebar-detail-color-active: #5E41EC !important;
         }
     width: full
 

package/dist/env.js

@@ -17,6 +17,7 @@ const utils_1 = require("@directus/shared/utils");
 const acceptedEnvTypes = ['string', 'number', 'regex', 'array'];
 const defaults = {
     CONFIG_PATH: path_1.default.resolve(process.cwd(), '.env'),
+    HOST: '0.0.0.0',
     PORT: 8055,
     PUBLIC_URL: '/',
     MAX_PAYLOAD_SIZE: '100kb',
@@ -34,8 +35,8 @@ const defaults = {
     REFRESH_TOKEN_COOKIE_SAME_SITE: 'lax',
     REFRESH_TOKEN_COOKIE_NAME: 'directus_refresh_token',
     ROOT_REDIRECT: './admin',
-    CORS_ENABLED: true,
-    CORS_ORIGIN: true,
+    CORS_ENABLED: false,
+    CORS_ORIGIN: false,
     CORS_METHODS: 'GET,POST,PATCH,DELETE',
     CORS_ALLOWED_HEADERS: 'Content-Type,Authorization',
     CORS_EXPOSED_HEADERS: 'Content-Range',
@@ -64,11 +65,15 @@ const defaults = {
     ASSETS_TRANSFORM_MAX_OPERATIONS: 5,
     IP_TRUST_PROXY: true,
     IP_CUSTOM_HEADER: false,
+    IMPORT_IP_DENY_LIST: '0.0.0.0',
     SERVE_APP: true,
+    RELATIONAL_BATCH_SIZE: 25000,
+    EXPORT_BATCH_SIZE: 5000,
 };
 // Allows us to force certain environment variable into a type, instead of relying
 // on the auto-parsed type in processValues. ref #3705
 const typeMap = {
+    HOST: 'string',
     PORT: 'string',
     DB_NAME: 'string',
     DB_USER: 'string',
@@ -76,6 +81,7 @@ const typeMap = {
     DB_DATABASE: 'string',
     DB_PORT: 'number',
     DB_EXCLUDE_TABLES: 'array',
+    IMPORT_IP_DENY_LIST: 'array',
 };
 let env = {
     ...defaults,

package/dist/exceptions/database/dialects/mysql.js

@@ -38,6 +38,7 @@ function extractError(error) {
 }
 exports.extractError = extractError;
 function uniqueViolation(error) {
+    var _a, _b, _c, _d, _e;
     const betweenQuotes = /'([^']+)'/g;
     const matches = error.sqlMessage.match(betweenQuotes);
     if (!matches)
@@ -49,13 +50,13 @@ function uniqueViolation(error) {
      */
     /** MySQL 8+ style error message */
     if (matches[1].includes('.')) {
-        const collection = matches[1].slice(1, -1).split('.')[0];
+        const collection = (_a = matches[1]) === null || _a === void 0 ? void 0 : _a.slice(1, -1).split('.')[0];
         let field = null;
-        const indexName = matches[1].slice(1, -1).split('.')[1];
+        const indexName = (_b = matches[1]) === null || _b === void 0 ? void 0 : _b.slice(1, -1).split('.')[1];
         if ((indexName === null || indexName === void 0 ? void 0 : indexName.startsWith(`${collection}_`)) && indexName.endsWith('_unique')) {
-            field = indexName.slice(collection.length + 1, -7);
+            field = indexName === null || indexName === void 0 ? void 0 : indexName.slice(collection.length + 1, -7);
         }
-        const invalid = matches[0].slice(1, -1);
+        const invalid = (_c = matches[0]) === null || _c === void 0 ? void 0 : _c.slice(1, -1);
         return new record_not_unique_1.RecordNotUniqueException(field, {
             collection,
             field,
@@ -64,13 +65,13 @@ function uniqueViolation(error) {
     }
     else {
         /** MySQL 5.7 style error message */
-        const indexName = matches[1].slice(1, -1);
+        const indexName = (_d = matches[1]) === null || _d === void 0 ? void 0 : _d.slice(1, -1);
         const collection = indexName.split('_')[0];
         let field = null;
         if ((indexName === null || indexName === void 0 ? void 0 : indexName.startsWith(`${collection}_`)) && indexName.endsWith('_unique')) {
-            field = indexName.slice(collection.length + 1, -7);
+            field = indexName === null || indexName === void 0 ? void 0 : indexName.slice(collection.length + 1, -7);
         }
-        const invalid = matches[0].slice(1, -1);
+        const invalid = (_e = matches[0]) === null || _e === void 0 ? void 0 : _e.slice(1, -1);
         return new record_not_unique_1.RecordNotUniqueException(field, {
             collection,
             field,
@@ -79,57 +80,61 @@ function uniqueViolation(error) {
     }
 }
 function numericValueOutOfRange(error) {
+    var _a, _b;
     const betweenTicks = /`([^`]+)`/g;
     const betweenQuotes = /'([^']+)'/g;
     const tickMatches = error.sql.match(betweenTicks);
     const quoteMatches = error.sqlMessage.match(betweenQuotes);
     if (!tickMatches || !quoteMatches)
         return error;
-    const collection = tickMatches[0].slice(1, -1);
-    const field = quoteMatches[0].slice(1, -1);
+    const collection = (_a = tickMatches[0]) === null || _a === void 0 ? void 0 : _a.slice(1, -1);
+    const field = (_b = quoteMatches[0]) === null || _b === void 0 ? void 0 : _b.slice(1, -1);
     return new value_out_of_range_1.ValueOutOfRangeException(field, {
         collection,
         field,
     });
 }
 function valueLimitViolation(error) {
+    var _a, _b;
     const betweenTicks = /`([^`]+)`/g;
     const betweenQuotes = /'([^']+)'/g;
     const tickMatches = error.sql.match(betweenTicks);
     const quoteMatches = error.sqlMessage.match(betweenQuotes);
     if (!tickMatches || !quoteMatches)
         return error;
-    const collection = tickMatches[0].slice(1, -1);
-    const field = quoteMatches[0].slice(1, -1);
+    const collection = (_a = tickMatches[0]) === null || _a === void 0 ? void 0 : _a.slice(1, -1);
+    const field = (_b = quoteMatches[0]) === null || _b === void 0 ? void 0 : _b.slice(1, -1);
     return new value_too_long_1.ValueTooLongException(field, {
         collection,
         field,
     });
 }
 function notNullViolation(error) {
+    var _a, _b;
     const betweenTicks = /`([^`]+)`/g;
     const betweenQuotes = /'([^']+)'/g;
     const tickMatches = error.sql.match(betweenTicks);
     const quoteMatches = error.sqlMessage.match(betweenQuotes);
     if (!tickMatches || !quoteMatches)
         return error;
-    const collection = tickMatches[0].slice(1, -1);
-    const field = quoteMatches[0].slice(1, -1);
+    const collection = (_a = tickMatches[0]) === null || _a === void 0 ? void 0 : _a.slice(1, -1);
+    const field = (_b = quoteMatches[0]) === null || _b === void 0 ? void 0 : _b.slice(1, -1);
     return new not_null_violation_1.NotNullViolationException(field, {
         collection,
         field,
     });
 }
 function foreignKeyViolation(error) {
+    var _a, _b, _c;
     const betweenTicks = /`([^`]+)`/g;
     const betweenParens = /\(([^)]+)\)/g;
     const tickMatches = error.sqlMessage.match(betweenTicks);
     const parenMatches = error.sql.match(betweenParens);
     if (!tickMatches || !parenMatches)
         return error;
-    const collection = tickMatches[1].slice(1, -1);
-    const field = tickMatches[3].slice(1, -1);
-    const invalid = parenMatches[1].slice(1, -1);
+    const collection = (_a = tickMatches[1]) === null || _a === void 0 ? void 0 : _a.slice(1, -1);
+    const field = (_b = tickMatches[3]) === null || _b === void 0 ? void 0 : _b.slice(1, -1);
+    const invalid = (_c = parenMatches[1]) === null || _c === void 0 ? void 0 : _c.slice(1, -1);
     return new invalid_foreign_key_1.InvalidForeignKeyException(field, {
         collection,
         field,
@@ -137,12 +142,13 @@ function foreignKeyViolation(error) {
     });
 }
 function containsNullValues(error) {
+    var _a;
     const betweenTicks = /`([^`]+)`/g;
     // Normally, we shouldn't read from the executed SQL. In this case, we're altering a single
     // column, so we shouldn't have the problem where multiple columns are altered at the same time
     const tickMatches = error.sql.match(betweenTicks);
     if (!tickMatches)
         return error;
-    const field = tickMatches[1].slice(1, -1);
+    const field = (_a = tickMatches[1]) === null || _a === void 0 ? void 0 : _a.slice(1, -1);
     return new contains_null_values_1.ContainsNullValuesException(field);
 }

package/dist/extensions.js

@@ -38,8 +38,6 @@ const get_schema_1 = require("./utils/get-schema");
 const services = __importStar(require("./services"));
 const node_cron_1 = require("node-cron");
 const rollup_1 = require("rollup");
-// @TODO Remove this once a new version of @rollup/plugin-virtual has been released
-// @ts-expect-error
 const plugin_virtual_1 = __importDefault(require("@rollup/plugin-virtual"));
 const plugin_alias_1 = __importDefault(require("@rollup/plugin-alias"));
 const url_1 = require("./utils/url");

package/dist/middleware/authenticate.d.ts

@@ -1,6 +1,8 @@
-import { RequestHandler } from 'express';
+/// <reference types="qs" />
+import { NextFunction, Request, Response } from 'express';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
-declare const authenticate: RequestHandler;
-export default authenticate;
+export declare const handler: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+declare const _default: import("express").RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
+export default _default;

package/dist/middleware/authenticate.js

@@ -1,39 +1,23 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const jsonwebtoken_1 = __importStar(require("jsonwebtoken"));
+exports.handler = void 0;
+const lodash_1 = require("lodash");
 const database_1 = __importDefault(require("../database"));
+const emitter_1 = __importDefault(require("../emitter"));
 const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const get_ip_from_req_1 = require("../utils/get-ip-from-req");
 const is_directus_jwt_1 = __importDefault(require("../utils/is-directus-jwt"));
+const jwt_1 = require("../utils/jwt");
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
-const authenticate = (0, async_handler_1.default)(async (req, res, next) => {
-    req.accountability = {
+const handler = async (req, res, next) => {
+    const defaultAccountability = {
         user: null,
         role: null,
         admin: false,
@@ -42,23 +26,21 @@ const authenticate = (0, async_handler_1.default)(async (req, res, next) => {
         userAgent: req.get('user-agent'),
     };
     const database = (0, database_1.default)();
+    const customAccountability = await emitter_1.default.emitFilter('authenticate', defaultAccountability, {
+        req,
+    }, {
+        database,
+        schema: null,
+        accountability: null,
+    });
+    if (customAccountability && (0, lodash_1.isEqual)(customAccountability, defaultAccountability) === false) {
+        req.accountability = customAccountability;
+        return next();
+    }
+    req.accountability = defaultAccountability;
     if (req.token) {
         if ((0, is_directus_jwt_1.default)(req.token)) {
-            let payload;
-            try {
-                payload = jsonwebtoken_1.default.verify(req.token, env_1.default.SECRET, { issuer: 'directus' });
-            }
-            catch (err) {
-                if (err instanceof jsonwebtoken_1.TokenExpiredError) {
-                    throw new exceptions_1.InvalidCredentialsException('Token expired.');
-                }
-                else if (err instanceof jsonwebtoken_1.JsonWebTokenError) {
-                    throw new exceptions_1.InvalidCredentialsException('Token invalid.');
-                }
-                else {
-                    throw err;
-                }
-            }
+            const payload = (0, jwt_1.verifyAccessJWT)(req.token, env_1.default.SECRET);
             req.accountability.share = payload.share;
             req.accountability.share_scope = payload.share_scope;
             req.accountability.user = payload.id;
@@ -87,5 +69,6 @@ const authenticate = (0, async_handler_1.default)(async (req, res, next) => {
         }
     }
     return next();
-});
-exports.default = authenticate;
+};
+exports.handler = handler;
+exports.default = (0, async_handler_1.default)(exports.handler);

package/dist/middleware/respond.js

@@ -4,16 +4,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.respond = void 0;
-const json2csv_1 = require("json2csv");
 const ms_1 = __importDefault(require("ms"));
-const stream_1 = require("stream");
 const cache_1 = require("../cache");
 const env_1 = __importDefault(require("../env"));
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const get_cache_key_1 = require("../utils/get-cache-key");
-const js2xmlparser_1 = require("js2xmlparser");
 const get_cache_headers_1 = require("../utils/get-cache-headers");
 const logger_1 = __importDefault(require("../logger"));
+const services_1 = require("../services");
+const get_date_formatted_1 = require("../utils/get-date-formatted");
 exports.respond = (0, async_handler_1.default)(async (req, res) => {
     var _a, _b, _c;
     const { cache } = (0, cache_1.getCache)();
@@ -39,6 +38,7 @@ exports.respond = (0, async_handler_1.default)(async (req, res) => {
         res.setHeader('Vary', 'Origin, Cache-Control');
     }
     if (req.sanitizedQuery.export) {
+        const exportService = new services_1.ExportService({ accountability: req.accountability, schema: req.schema });
         let filename = '';
         if (req.collection) {
             filename += req.collection;
@@ -46,32 +46,21 @@ exports.respond = (0, async_handler_1.default)(async (req, res) => {
         else {
             filename += 'Export';
         }
-        filename += ' ' + getDateFormatted();
+        filename += ' ' + (0, get_date_formatted_1.getDateFormatted)();
         if (req.sanitizedQuery.export === 'json') {
             res.attachment(`${filename}.json`);
             res.set('Content-Type', 'application/json');
-            return res.status(200).send(JSON.stringify(((_a = res.locals.payload) === null || _a === void 0 ? void 0 : _a.data) || null, null, '\t'));
+            return res.status(200).send(exportService.transform((_a = res.locals.payload) === null || _a === void 0 ? void 0 : _a.data, 'json'));
         }
         if (req.sanitizedQuery.export === 'xml') {
             res.attachment(`${filename}.xml`);
             res.set('Content-Type', 'text/xml');
-            return res.status(200).send((0, js2xmlparser_1.parse)('data', (_b = res.locals.payload) === null || _b === void 0 ? void 0 : _b.data));
+            return res.status(200).send(exportService.transform((_b = res.locals.payload) === null || _b === void 0 ? void 0 : _b.data, 'xml'));
         }
         if (req.sanitizedQuery.export === 'csv') {
             res.attachment(`${filename}.csv`);
             res.set('Content-Type', 'text/csv');
-            const stream = new stream_1.PassThrough();
-            if (!((_c = res.locals.payload) === null || _c === void 0 ? void 0 : _c.data) || res.locals.payload.data.length === 0) {
-                stream.end(Buffer.from(''));
-                return stream.pipe(res);
-            }
-            else {
-                stream.end(Buffer.from(JSON.stringify(res.locals.payload.data), 'utf-8'));
-                const json2csv = new json2csv_1.Transform({
-                    transforms: [json2csv_1.transforms.flatten({ separator: '.' })],
-                });
-                return stream.pipe(json2csv).pipe(res);
-            }
+            return res.status(200).send(exportService.transform((_c = res.locals.payload) === null || _c === void 0 ? void 0 : _c.data, 'csv'));
         }
     }
     if (Buffer.isBuffer(res.locals.payload)) {
@@ -84,13 +73,3 @@ exports.respond = (0, async_handler_1.default)(async (req, res) => {
         return res.status(204).end();
     }
 });
-function getDateFormatted() {
-    const date = new Date();
-    let month = String(date.getMonth() + 1);
-    if (month.length === 1)
-        month = '0' + month;
-    let day = String(date.getDate());
-    if (day.length === 1)
-        day = '0' + day;
-    return `${date.getFullYear()}-${month}-${day} at ${date.getHours()}.${date.getMinutes()}.${date.getSeconds()}`;
-}

package/dist/server.js

@@ -36,8 +36,10 @@ const logger_1 = __importDefault(require("./logger"));
 const emitter_1 = __importDefault(require("./emitter"));
 const update_check_1 = __importDefault(require("update-check"));
 const package_json_1 = __importDefault(require("../package.json"));
+const get_config_from_env_1 = require("./utils/get-config-from-env");
 async function createServer() {
     const server = http.createServer(await (0, app_1.default)());
+    Object.assign(server, (0, get_config_from_env_1.getConfigFromEnv)('SERVER_'));
     server.on('request', function (req, res) {
         const startTime = process.hrtime();
         const complete = (0, lodash_1.once)(function (finished) {
@@ -124,9 +126,10 @@ async function createServer() {
 exports.createServer = createServer;
 async function startServer() {
     const server = await createServer();
+    const host = env_1.default.HOST;
     const port = env_1.default.PORT;
     server
-        .listen(port, () => {
+        .listen(port, host, () => {
         (0, update_check_1.default)(package_json_1.default)
             .then((update) => {
             if (update) {
@@ -136,7 +139,7 @@ async function startServer() {
             .catch(() => {
             // No need to log/warn here. The update message is only an informative nice-to-have
         });
-        logger_1.default.info(`Server started at http://localhost:${port}`);
+        logger_1.default.info(`Server started at http://${host}:${port}`);
         emitter_1.default.emitAction('server.start', { server }, {
             database: (0, database_1.default)(),
             schema: null,

package/dist/services/authorization.js

@@ -11,6 +11,7 @@ const exceptions_2 = require("@directus/shared/exceptions");
 const utils_1 = require("@directus/shared/utils");
 const items_1 = require("./items");
 const payload_1 = require("./payload");
+const strip_function_1 = require("../utils/strip-function");
 class AuthorizationService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
@@ -97,7 +98,7 @@ class AuthorizationService {
                     }
                     if (allowedFields.includes('*'))
                         continue;
-                    const fieldKey = childNode.name;
+                    const fieldKey = (0, strip_function_1.stripFunction)(childNode.name);
                     if (allowedFields.includes(fieldKey) === false) {
                         throw new exceptions_1.ForbiddenException();
                     }