directus 9.5.2 → 9.6.0

package/dist/auth/drivers/ldap.d.ts

@@ -9,7 +9,6 @@ export declare class LDAPAuthDriver extends AuthDriver {
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     private validateBindClient;
-    private fetchUserDn;
     private fetchUserInfo;
     private fetchUserGroups;
     private fetchUserId;

package/dist/auth/drivers/ldap.js

@@ -44,7 +44,11 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         var _a;
         super(options, config);
         const { bindDn, bindPassword, userDn, provider, clientUrl } = config;
-        if (!bindDn || !bindPassword || !userDn || !provider || (!clientUrl && !((_a = config.client) === null || _a === void 0 ? void 0 : _a.socketPath))) {
+        if (bindDn === undefined ||
+            bindPassword === undefined ||
+            !userDn ||
+            !provider ||
+            (!clientUrl && !((_a = config.client) === null || _a === void 0 ? void 0 : _a.socketPath))) {
             throw new exceptions_1.InvalidConfigException('Invalid provider config', { provider });
         }
         const clientConfig = typeof config.client === 'object' ? config.client : {};
@@ -90,55 +94,38 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                 });
                 res.on('end', (result) => {
                     if ((result === null || result === void 0 ? void 0 : result.status) === 0) {
-                        // Handle edge case with IBM systems where authenticated bind user could not fetch their DN
+                        // Handle edge case where authenticated bind user could not fetch their own DN
                         reject(new exceptions_1.UnexpectedResponseException('Failed to find bind user record'));
                     }
                 });
             });
         });
     }
-    async fetchUserDn(identifier) {
-        const { userDn, userAttribute, userScope } = this.config;
+    async fetchUserInfo(baseDn, filter, scope) {
+        let { firstNameAttribute, lastNameAttribute, mailAttribute } = this.config;
+        firstNameAttribute !== null && firstNameAttribute !== void 0 ? firstNameAttribute : (firstNameAttribute = 'givenName');
+        lastNameAttribute !== null && lastNameAttribute !== void 0 ? lastNameAttribute : (lastNameAttribute = 'sn');
+        mailAttribute !== null && mailAttribute !== void 0 ? mailAttribute : (mailAttribute = 'mail');
         return new Promise((resolve, reject) => {
-            // Search for the user in LDAP by attribute
-            this.bindClient.search(userDn, {
-                filter: new ldapjs_1.EqualityFilter({ attribute: userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn', value: identifier }),
-                scope: userScope !== null && userScope !== void 0 ? userScope : 'one',
+            // Search for the user in LDAP by filter
+            this.bindClient.search(baseDn, {
+                filter,
+                scope,
+                attributes: ['uid', firstNameAttribute, lastNameAttribute, mailAttribute, 'userAccountControl'],
             }, (err, res) => {
                 if (err) {
                     reject(handleError(err));
                     return;
                 }
                 res.on('searchEntry', ({ object }) => {
-                    resolve(object.dn.toLowerCase());
-                });
-                res.on('error', (err) => {
-                    reject(handleError(err));
-                });
-                res.on('end', () => {
-                    resolve(undefined);
-                });
-            });
-        });
-    }
-    async fetchUserInfo(userDn) {
-        const { mailAttribute } = this.config;
-        return new Promise((resolve, reject) => {
-            // Fetch user info in LDAP by domain component
-            this.bindClient.search(userDn, { attributes: ['givenName', 'sn', mailAttribute !== null && mailAttribute !== void 0 ? mailAttribute : 'mail', 'userAccountControl'] }, (err, res) => {
-                if (err) {
-                    reject(handleError(err));
-                    return;
-                }
-                res.on('searchEntry', ({ object }) => {
-                    const email = object[mailAttribute !== null && mailAttribute !== void 0 ? mailAttribute : 'mail'];
+                    var _a;
                     const user = {
-                        firstName: typeof object.givenName === 'object' ? object.givenName[0] : object.givenName,
-                        lastName: typeof object.sn === 'object' ? object.sn[0] : object.sn,
-                        email: typeof email === 'object' ? email[0] : email,
-                        userAccountControl: typeof object.userAccountControl === 'object'
-                            ? Number(object.userAccountControl[0])
-                            : Number(object.userAccountControl),
+                        dn: object.dn,
+                        uid: getEntryValue(object.uid),
+                        firstName: getEntryValue(object[firstNameAttribute]),
+                        lastName: getEntryValue(object[lastNameAttribute]),
+                        email: getEntryValue(object[mailAttribute]),
+                        userAccountControl: Number((_a = getEntryValue(object.userAccountControl)) !== null && _a !== void 0 ? _a : 0),
                     };
                     resolve(user);
                 });
@@ -151,18 +138,14 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             });
         });
     }
-    async fetchUserGroups(userDn) {
-        const { groupDn, groupAttribute, groupScope } = this.config;
-        if (!groupDn) {
-            return Promise.resolve([]);
-        }
+    async fetchUserGroups(baseDn, filter, scope) {
         return new Promise((resolve, reject) => {
             let userGroups = [];
             // Search for the user info in LDAP by group attribute
-            this.bindClient.search(groupDn, {
+            this.bindClient.search(baseDn, {
+                filter,
+                scope,
                 attributes: ['cn'],
-                filter: new ldapjs_1.EqualityFilter({ attribute: groupAttribute !== null && groupAttribute !== void 0 ? groupAttribute : 'member', value: userDn }),
-                scope: groupScope !== null && groupScope !== void 0 ? groupScope : 'one',
             }, (err, res) => {
                 if (err) {
                     reject(handleError(err));
@@ -199,28 +182,36 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             throw new exceptions_1.InvalidCredentialsException();
         }
         await this.validateBindClient();
-        const userDn = await this.fetchUserDn(payload.identifier);
-        if (!userDn) {
+        const { userDn, userScope, userAttribute, groupDn, groupScope, groupAttribute } = this.config;
+        const userInfo = await this.fetchUserInfo(userDn, new ldapjs_1.EqualityFilter({
+            attribute: userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn',
+            value: payload.identifier,
+        }), userScope !== null && userScope !== void 0 ? userScope : 'one');
+        if (!(userInfo === null || userInfo === void 0 ? void 0 : userInfo.dn)) {
             throw new exceptions_1.InvalidCredentialsException();
         }
-        const userId = await this.fetchUserId(userDn);
-        const userGroups = await this.fetchUserGroups(userDn);
         let userRole;
-        if (userGroups.length) {
-            userRole = await this.knex
-                .select('id')
-                .from('directus_roles')
-                .whereRaw(`LOWER(??) IN (${userGroups.map(() => '?')})`, [
-                'name',
-                ...userGroups.map((group) => group.toLowerCase()),
-            ])
-                .first();
+        if (groupDn) {
+            const userGroups = await this.fetchUserGroups(groupDn, new ldapjs_1.EqualityFilter({
+                attribute: groupAttribute !== null && groupAttribute !== void 0 ? groupAttribute : 'member',
+                value: (groupAttribute === null || groupAttribute === void 0 ? void 0 : groupAttribute.toLowerCase()) === 'memberuid' && userInfo.uid ? userInfo.uid : userInfo.dn,
+            }), groupScope !== null && groupScope !== void 0 ? groupScope : 'one');
+            if (userGroups.length) {
+                userRole = await this.knex
+                    .select('id')
+                    .from('directus_roles')
+                    .whereRaw(`LOWER(??) IN (${userGroups.map(() => '?')})`, [
+                    'name',
+                    ...userGroups.map((group) => group.toLowerCase()),
+                ])
+                    .first();
+            }
         }
+        const userId = await this.fetchUserId(userInfo.dn);
         if (userId) {
             await this.usersService.updateOne(userId, { role: (_a = userRole === null || userRole === void 0 ? void 0 : userRole.id) !== null && _a !== void 0 ? _a : null });
             return userId;
         }
-        const userInfo = await this.fetchUserInfo(userDn);
         if (!userInfo) {
             throw new exceptions_1.InvalidCredentialsException();
         }
@@ -229,10 +220,10 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             first_name: userInfo.firstName,
             last_name: userInfo.lastName,
             email: userInfo.email,
-            external_identifier: userDn,
+            external_identifier: userInfo.dn,
             role: userRole === null || userRole === void 0 ? void 0 : userRole.id,
         });
-        return (await this.fetchUserId(userDn));
+        return (await this.fetchUserId(userInfo.dn));
     }
     async verify(user, password) {
         if (!user.external_identifier || !password) {
@@ -282,6 +273,9 @@ const handleError = (e) => {
         message: e.message,
     });
 };
+const getEntryValue = (value) => {
+    return typeof value === 'object' ? value[0] : value;
+};
 function createLDAPAuthRouter(provider) {
     const router = (0, express_1.Router)();
     const loginSchema = joi_1.default.object({

package/dist/cli/utils/create-env/env-stub.liquid

@@ -1,6 +1,7 @@
 ####################################################################################################
 ## General
 
+HOST="0.0.0.0"
 PORT=8055
 PUBLIC_URL="/"
 

package/dist/database/migrations/20220303A-remove-default-project-color.d.ts

@@ -0,0 +1,3 @@
+import { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20220303A-remove-default-project-color.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.down = exports.up = void 0;
+const helpers_1 = require("../helpers");
+async function up(knex) {
+    const helper = (0, helpers_1.getHelpers)(knex).schema;
+    await helper.changeToString('directus_settings', 'project_color', {
+        nullable: true,
+        default: null,
+        length: 50,
+    });
+}
+exports.up = up;
+async function down(knex) {
+    const helper = (0, helpers_1.getHelpers)(knex).schema;
+    await helper.changeToString('directus_settings', 'project_color', {
+        nullable: true,
+        default: '#00C897',
+        length: 10,
+    });
+}
+exports.down = down;

package/dist/database/run-ast.d.ts

@@ -1,5 +1,5 @@
-import { Knex } from 'knex';
 import { Item, SchemaOverview } from '@directus/shared/types';
+import { Knex } from 'knex';
 import { AST, NestedCollectionNode } from '../types/ast';
 declare type RunASTOptions = {
     /**

package/dist/database/run-ast.js

@@ -3,15 +3,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@directus/shared/utils");
 const lodash_1 = require("lodash");
+const _1 = __importDefault(require("."));
+const helpers_1 = require("../database/helpers");
+const env_1 = __importDefault(require("../env"));
 const payload_1 = require("../services/payload");
 const apply_function_to_column_name_1 = require("../utils/apply-function-to-column-name");
 const apply_query_1 = __importDefault(require("../utils/apply-query"));
 const get_column_1 = require("../utils/get-column");
 const strip_function_1 = require("../utils/strip-function");
-const utils_1 = require("@directus/shared/utils");
-const _1 = __importDefault(require("."));
-const helpers_1 = require("../database/helpers");
 /**
  * Execute a given AST using Knex. Returns array of items based on requested AST.
  */
@@ -44,10 +45,30 @@ async function runAST(originalAST, schema, options) {
         // Apply the `_in` filters to the nested collection batches
         const nestedNodes = applyParentFilters(schema, nestedCollectionNodes, items);
         for (const nestedNode of nestedNodes) {
-            const nestedItems = await runAST(nestedNode, schema, { knex, nested: true });
-            if (nestedItems) {
-                // Merge all fetched nested records with the parent items
-                items = mergeWithParentItems(schema, nestedItems, items, nestedNode);
+            let nestedItems = [];
+            if (nestedNode.type === 'o2m') {
+                let hasMore = true;
+                let batchCount = 0;
+                while (hasMore) {
+                    const node = (0, lodash_1.merge)({}, nestedNode, {
+                        query: { limit: env_1.default.RELATIONAL_BATCH_SIZE, offset: batchCount * env_1.default.RELATIONAL_BATCH_SIZE },
+                    });
+                    nestedItems = (await runAST(node, schema, { knex, nested: true }));
+                    if (nestedItems) {
+                        items = mergeWithParentItems(schema, nestedItems, items, nestedNode);
+                    }
+                    if (!nestedItems || nestedItems.length < env_1.default.RELATIONAL_BATCH_SIZE) {
+                        hasMore = false;
+                    }
+                    batchCount++;
+                }
+            }
+            else {
+                nestedItems = (await runAST(nestedNode, schema, { knex, nested: true }));
+                if (nestedItems) {
+                    // Merge all fetched nested records with the parent items
+                    items = mergeWithParentItems(schema, nestedItems, items, nestedNode);
+                }
             }
         }
         // During the fetching of data, we have to inject a couple of required fields for the child nesting
@@ -146,13 +167,7 @@ function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
         if (nestedNode.type === 'm2o') {
             const foreignField = schema.collections[nestedNode.relation.related_collection].primary;
             const foreignIds = (0, lodash_1.uniq)(parentItems.map((res) => res[nestedNode.relation.field])).filter((id) => id);
-            const limit = nestedNode.query.limit;
-            if (limit === -1) {
-                (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
-            }
-            else {
-                nestedNode.query.union = [foreignField, foreignIds];
-            }
+            (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
         }
         else if (nestedNode.type === 'o2m') {
             const relatedM2OisFetched = !!nestedNode.children.find((child) => {
@@ -174,13 +189,7 @@ function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
             }
             const foreignField = nestedNode.relation.field;
             const foreignIds = (0, lodash_1.uniq)(parentItems.map((res) => res[nestedNode.parentKey])).filter((id) => id);
-            const limit = nestedNode.query.limit;
-            if (limit === -1) {
-                (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
-            }
-            else {
-                nestedNode.query.union = [foreignField, foreignIds];
-            }
+            (0, lodash_1.merge)(nestedNode, { query: { filter: { [foreignField]: { _in: foreignIds } } } });
         }
         else if (nestedNode.type === 'a2o') {
             const keysPerCollection = {};
@@ -193,20 +202,16 @@ function applyParentFilters(schema, nestedCollectionNodes, parentItem) {
             for (const relatedCollection of nestedNode.names) {
                 const foreignField = nestedNode.relatedKey[relatedCollection];
                 const foreignIds = (0, lodash_1.uniq)(keysPerCollection[relatedCollection]);
-                const limit = nestedNode.query[relatedCollection].limit;
-                if (limit === -1) {
-                    (0, lodash_1.merge)(nestedNode, { query: { [relatedCollection]: { filter: { [foreignField]: { _in: foreignIds } } } } });
-                }
-                else {
-                    nestedNode.query[relatedCollection].union = [foreignField, foreignIds];
-                }
+                (0, lodash_1.merge)(nestedNode, {
+                    query: { [relatedCollection]: { filter: { [foreignField]: { _in: foreignIds } } } },
+                });
             }
         }
     }
     return nestedCollectionNodes;
 }
 function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
-    var _a;
+    var _a, _b;
     const nestedItems = (0, utils_1.toArray)(nestedItem);
     const parentItems = (0, lodash_1.clone)((0, utils_1.toArray)(parentItem));
     if (nestedNode.type === 'm2o') {
@@ -220,8 +225,9 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
     }
     else if (nestedNode.type === 'o2m') {
         for (const parentItem of parentItems) {
-            const itemChildren = nestedItems
-                .filter((nestedItem) => {
+            if (!parentItem[nestedNode.fieldKey])
+                parentItem[nestedNode.fieldKey] = [];
+            const itemChildren = nestedItems.filter((nestedItem) => {
                 var _a;
                 if (nestedItem === null)
                     return false;
@@ -230,8 +236,10 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
                 return (nestedItem[nestedNode.relation.field] ==
                     parentItem[schema.collections[nestedNode.relation.related_collection].primary] ||
                     ((_a = nestedItem[nestedNode.relation.field]) === null || _a === void 0 ? void 0 : _a[schema.collections[nestedNode.relation.related_collection].primary]) == parentItem[schema.collections[nestedNode.relation.related_collection].primary]);
-            })
-                .sort((a, b) => {
+            });
+            parentItem[nestedNode.fieldKey].push(...itemChildren);
+            parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, (_a = nestedNode.query.limit) !== null && _a !== void 0 ? _a : 100);
+            parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].sort((a, b) => {
                 // This is pre-filled in get-ast-from-query
                 const sortField = nestedNode.query.sort[0];
                 let column = sortField;
@@ -253,12 +261,11 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
                     return a[column] < b[column] ? 1 : -1;
                 }
             });
-            parentItem[nestedNode.fieldKey] = itemChildren.length > 0 ? itemChildren : [];
         }
     }
     else if (nestedNode.type === 'a2o') {
         for (const parentItem of parentItems) {
-            if (!((_a = nestedNode.relation.meta) === null || _a === void 0 ? void 0 : _a.one_collection_field)) {
+            if (!((_b = nestedNode.relation.meta) === null || _b === void 0 ? void 0 : _b.one_collection_field)) {
                 parentItem[nestedNode.fieldKey] = null;
                 continue;
             }

package/dist/database/system-data/fields/settings.yaml

@@ -87,9 +87,25 @@ fields:
       language: css
       lineNumber: true
       template: |
-        #app, #main-content {
-          --border-radius-outline: 0px !important;
-          --border-radius: 0px !important;
+        #app, #main-content, body {
+          --primary-alt: #F0ECFF !important;
+          --primary-10: #F0ECFF !important;
+          --primary-25: #D9D0FF !important;
+          --primary-50: #B3A1FF !important;
+          --primary-75: #8C73FF !important;
+          --primary-90: #7557FF !important;
+
+          --primary: #6644FF !important;
+
+          --primary-110: #5E41EC !important;
+          --primary-125: #523DCF !important;
+          --primary-150: #3E369F !important;
+          --primary-175: #2B3070 !important;
+          --primary-190: #1F2C53 !important;
+
+          --v-button-background-color: #6644FF !important;
+          --v-button-background-color-hover: #5E41EC !important;
+          --sidebar-detail-color-active: #5E41EC !important;
         }
     width: full
 

package/dist/env.js

@@ -17,6 +17,7 @@ const utils_1 = require("@directus/shared/utils");
 const acceptedEnvTypes = ['string', 'number', 'regex', 'array'];
 const defaults = {
     CONFIG_PATH: path_1.default.resolve(process.cwd(), '.env'),
+    HOST: '0.0.0.0',
     PORT: 8055,
     PUBLIC_URL: '/',
     MAX_PAYLOAD_SIZE: '100kb',
@@ -65,10 +66,12 @@ const defaults = {
     IP_TRUST_PROXY: true,
     IP_CUSTOM_HEADER: false,
     SERVE_APP: true,
+    RELATIONAL_BATCH_SIZE: 25000,
 };
 // Allows us to force certain environment variable into a type, instead of relying
 // on the auto-parsed type in processValues. ref #3705
 const typeMap = {
+    HOST: 'string',
     PORT: 'string',
     DB_NAME: 'string',
     DB_USER: 'string',

package/dist/extensions.js

@@ -38,8 +38,6 @@ const get_schema_1 = require("./utils/get-schema");
 const services = __importStar(require("./services"));
 const node_cron_1 = require("node-cron");
 const rollup_1 = require("rollup");
-// @TODO Remove this once a new version of @rollup/plugin-virtual has been released
-// @ts-expect-error
 const plugin_virtual_1 = __importDefault(require("@rollup/plugin-virtual"));
 const plugin_alias_1 = __importDefault(require("@rollup/plugin-alias"));
 const url_1 = require("./utils/url");

package/dist/middleware/authenticate.d.ts

@@ -1,6 +1,8 @@
-import { RequestHandler } from 'express';
+/// <reference types="qs" />
+import { NextFunction, Request, Response } from 'express';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
-declare const authenticate: RequestHandler;
-export default authenticate;
+export declare const handler: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+declare const _default: import("express").RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
+export default _default;

package/dist/middleware/authenticate.js

@@ -1,39 +1,23 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const jsonwebtoken_1 = __importStar(require("jsonwebtoken"));
+exports.handler = void 0;
+const lodash_1 = require("lodash");
 const database_1 = __importDefault(require("../database"));
+const emitter_1 = __importDefault(require("../emitter"));
 const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
 const get_ip_from_req_1 = require("../utils/get-ip-from-req");
 const is_directus_jwt_1 = __importDefault(require("../utils/is-directus-jwt"));
+const jwt_1 = require("../utils/jwt");
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */
-const authenticate = (0, async_handler_1.default)(async (req, res, next) => {
-    req.accountability = {
+const handler = async (req, res, next) => {
+    const defaultAccountability = {
         user: null,
         role: null,
         admin: false,
@@ -42,23 +26,21 @@ const authenticate = (0, async_handler_1.default)(async (req, res, next) => {
         userAgent: req.get('user-agent'),
     };
     const database = (0, database_1.default)();
+    const customAccountability = await emitter_1.default.emitFilter('authenticate', defaultAccountability, {
+        req,
+    }, {
+        database,
+        schema: null,
+        accountability: null,
+    });
+    if (customAccountability && (0, lodash_1.isEqual)(customAccountability, defaultAccountability) === false) {
+        req.accountability = customAccountability;
+        return next();
+    }
+    req.accountability = defaultAccountability;
     if (req.token) {
         if ((0, is_directus_jwt_1.default)(req.token)) {
-            let payload;
-            try {
-                payload = jsonwebtoken_1.default.verify(req.token, env_1.default.SECRET, { issuer: 'directus' });
-            }
-            catch (err) {
-                if (err instanceof jsonwebtoken_1.TokenExpiredError) {
-                    throw new exceptions_1.InvalidCredentialsException('Token expired.');
-                }
-                else if (err instanceof jsonwebtoken_1.JsonWebTokenError) {
-                    throw new exceptions_1.InvalidCredentialsException('Token invalid.');
-                }
-                else {
-                    throw err;
-                }
-            }
+            const payload = (0, jwt_1.verifyAccessJWT)(req.token, env_1.default.SECRET);
             req.accountability.share = payload.share;
             req.accountability.share_scope = payload.share_scope;
             req.accountability.user = payload.id;
@@ -87,5 +69,6 @@ const authenticate = (0, async_handler_1.default)(async (req, res, next) => {
         }
     }
     return next();
-});
-exports.default = authenticate;
+};
+exports.handler = handler;
+exports.default = (0, async_handler_1.default)(exports.handler);

package/dist/server.js

@@ -36,8 +36,10 @@ const logger_1 = __importDefault(require("./logger"));
 const emitter_1 = __importDefault(require("./emitter"));
 const update_check_1 = __importDefault(require("update-check"));
 const package_json_1 = __importDefault(require("../package.json"));
+const get_config_from_env_1 = require("./utils/get-config-from-env");
 async function createServer() {
     const server = http.createServer(await (0, app_1.default)());
+    Object.assign(server, (0, get_config_from_env_1.getConfigFromEnv)('SERVER_'));
     server.on('request', function (req, res) {
         const startTime = process.hrtime();
         const complete = (0, lodash_1.once)(function (finished) {
@@ -124,9 +126,10 @@ async function createServer() {
 exports.createServer = createServer;
 async function startServer() {
     const server = await createServer();
+    const host = env_1.default.HOST;
     const port = env_1.default.PORT;
     server
-        .listen(port, () => {
+        .listen(port, host, () => {
         (0, update_check_1.default)(package_json_1.default)
             .then((update) => {
             if (update) {
@@ -136,7 +139,7 @@ async function startServer() {
             .catch(() => {
             // No need to log/warn here. The update message is only an informative nice-to-have
         });
-        logger_1.default.info(`Server started at http://localhost:${port}`);
+        logger_1.default.info(`Server started at http://${host}:${port}`);
         emitter_1.default.emitAction('server.start', { server }, {
             database: (0, database_1.default)(),
             schema: null,

package/dist/services/authorization.js

@@ -11,6 +11,7 @@ const exceptions_2 = require("@directus/shared/exceptions");
 const utils_1 = require("@directus/shared/utils");
 const items_1 = require("./items");
 const payload_1 = require("./payload");
+const strip_function_1 = require("../utils/strip-function");
 class AuthorizationService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
@@ -97,7 +98,7 @@ class AuthorizationService {
                     }
                     if (allowedFields.includes('*'))
                         continue;
-                    const fieldKey = childNode.name;
+                    const fieldKey = (0, strip_function_1.stripFunction)(childNode.name);
                     if (allowedFields.includes(fieldKey) === false) {
                         throw new exceptions_1.ForbiddenException();
                     }

package/dist/services/mail/templates/base.liquid

@@ -35,7 +35,7 @@ a[x-apple-data-detectors] {
    line-height: inherit !important;
 }
 body a {
-    color: #00C897;
+    color: #6644ff;
     text-decoration: none;
 }
 hr {
@@ -74,7 +74,7 @@ hr {
         color: #FFFFFF !important;
     }
     .link {
-    	color: #00c897 !important;
+    	color: #6644ff !important;
     }
     .button {
     	background-color:#0BA582 !important;

package/dist/services/utils.js

@@ -7,6 +7,7 @@ exports.UtilsService = void 0;
 const database_1 = __importDefault(require("../database"));
 const collections_1 = require("../database/system-data/collections");
 const exceptions_1 = require("../exceptions");
+const emitter_1 = __importDefault(require("../emitter"));
 class UtilsService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
@@ -98,6 +99,15 @@ class UtilsService {
                 .andWhere(sortField, '<=', sourceSortValue)
                 .andWhereNot({ [primaryKeyField]: item });
         }
+        emitter_1.default.emitAction(['items.sort', `${collection}.items.sort`], {
+            collection,
+            item,
+            to,
+        }, {
+            database: this.knex,
+            schema: this.schema,
+            accountability: this.accountability,
+        });
     }
 }
 exports.UtilsService = UtilsService;

package/dist/utils/apply-query.js

@@ -48,29 +48,7 @@ function applyQuery(knex, collection, dbQuery, query, schema, subQuery = false)
     if (query.aggregate) {
         applyAggregate(dbQuery, query.aggregate, collection);
     }
-    if (query.union && query.union[1].length > 0) {
-        const [field, keys] = query.union;
-        const queries = keys.map((key) => {
-            const unionFilter = { [field]: { _eq: key } };
-            let filter = (0, lodash_1.cloneDeep)(query.filter);
-            if (filter) {
-                if ('_and' in filter) {
-                    filter._and.push(unionFilter);
-                }
-                else {
-                    filter = {
-                        _and: [filter, unionFilter],
-                    };
-                }
-            }
-            else {
-                filter = unionFilter;
-            }
-            return knex.select('*').from(applyFilter(knex, schema, dbQuery.clone(), filter, collection, subQuery).as('foo'));
-        });
-        dbQuery = knex.unionAll(queries);
-    }
-    else if (query.filter) {
+    if (query.filter) {
         applyFilter(knex, schema, dbQuery, query.filter, collection, subQuery);
     }
     return dbQuery;
@@ -234,7 +212,7 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                     applyFilterToQuery(`${collection}.${filterPath[0]}`, filterOperator, filterValue, logical);
                 }
             }
-            else if (subQuery === false) {
+            else if (subQuery === false || filterPath.length > 1) {
                 if (!relation)
                     continue;
                 let pkField = `${collection}.${schema.collections[relation.related_collection].primary}`;

package/dist/utils/is-directus-jwt.js

@@ -3,37 +3,20 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const atob_1 = __importDefault(require("atob"));
-const logger_1 = __importDefault(require("../logger"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 /**
  * Check if a given string conforms to the structure of a JWT
  * and whether it is issued by Directus.
  */
 function isDirectusJWT(string) {
-    const parts = string.split('.');
-    // JWTs have the structure header.payload.signature
-    if (parts.length !== 3)
-        return false;
-    // Check if all segments are base64 encoded
-    try {
-        (0, atob_1.default)(parts[0]);
-        (0, atob_1.default)(parts[1]);
-        (0, atob_1.default)(parts[2]);
-    }
-    catch (err) {
-        logger_1.default.error(err);
-        return false;
-    }
-    // Check if the header and payload are valid JSON
     try {
-        JSON.parse((0, atob_1.default)(parts[0]));
-        const payload = JSON.parse((0, atob_1.default)(parts[1]));
-        if (payload.iss !== 'directus')
+        const payload = jsonwebtoken_1.default.decode(string, { json: true });
+        if ((payload === null || payload === void 0 ? void 0 : payload.iss) !== 'directus')
             return false;
+        return true;
     }
     catch {
         return false;
     }
-    return true;
 }
 exports.default = isDirectusJWT;

package/dist/utils/jwt.d.ts

@@ -0,0 +1,2 @@
+import { DirectusTokenPayload } from '../types';
+export declare function verifyAccessJWT(token: string, secret: string): DirectusTokenPayload;

package/dist/utils/jwt.js

@@ -0,0 +1,49 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyAccessJWT = void 0;
+const jsonwebtoken_1 = __importStar(require("jsonwebtoken"));
+const exceptions_1 = require("../exceptions");
+function verifyAccessJWT(token, secret) {
+    let payload;
+    try {
+        payload = jsonwebtoken_1.default.verify(token, secret, {
+            issuer: 'directus',
+        });
+    }
+    catch (err) {
+        if (err instanceof jsonwebtoken_1.TokenExpiredError) {
+            throw new exceptions_1.InvalidTokenException('Token expired.');
+        }
+        else if (err instanceof jsonwebtoken_1.JsonWebTokenError) {
+            throw new exceptions_1.InvalidTokenException('Token invalid.');
+        }
+        else {
+            throw new exceptions_1.ServiceUnavailableException(`Couldn't verify token.`, { service: 'jwt' });
+        }
+    }
+    const { id, role, app_access, admin_access, share, share_scope } = payload;
+    if (role === undefined || app_access === undefined || admin_access === undefined) {
+        throw new exceptions_1.InvalidTokenException('Invalid token payload.');
+    }
+    return { id, role, app_access, admin_access, share, share_scope };
+}
+exports.verifyAccessJWT = verifyAccessJWT;

package/dist/utils/merge-permissions.js

@@ -31,9 +31,15 @@ function mergePermission(strategy, currentPerm, newPerm) {
             };
         }
         else if (currentPerm.permissions) {
-            permissions = {
-                [logicalKey]: [currentPerm.permissions, newPerm.permissions],
-            };
+            // Empty {} supersedes other permissions in _OR merge
+            if (strategy === 'or' && ((0, lodash_1.isEqual)(currentPerm.permissions, {}) || (0, lodash_1.isEqual)(newPerm.permissions, {}))) {
+                permissions = {};
+            }
+            else {
+                permissions = {
+                    [logicalKey]: [currentPerm.permissions, newPerm.permissions],
+                };
+            }
         }
         else {
             permissions = {
@@ -51,9 +57,15 @@ function mergePermission(strategy, currentPerm, newPerm) {
             };
         }
         else if (currentPerm.validation) {
-            validation = {
-                [logicalKey]: [currentPerm.validation, newPerm.validation],
-            };
+            // Empty {} supersedes other validations in _OR merge
+            if (strategy === 'or' && ((0, lodash_1.isEqual)(currentPerm.validation, {}) || (0, lodash_1.isEqual)(newPerm.validation, {}))) {
+                validation = {};
+            }
+            else {
+                validation = {
+                    [logicalKey]: [currentPerm.validation, newPerm.validation],
+                };
+            }
         }
         else {
             validation = {

package/example.env

@@ -1,6 +1,7 @@
 ####################################################################################################
 # General
 
+HOST="0.0.0.0"
 PORT=8055
 PUBLIC_URL="http://localhost:8055"
 LOG_LEVEL="info"

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "directus",
-	"version": "9.5.2",
+	"version": "9.6.0",
 	"license": "GPL-3.0-only",
 	"homepage": "https://github.com/directus/directus#readme",
 	"description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -65,7 +65,7 @@
 		"cli": "cross-env NODE_ENV=development SERVE_APP=false ts-node --script-mode --transpile-only src/cli/run.ts",
 		"test": "jest",
 		"test:coverage": "jest --coverage",
-		"test:watch": "jest --watchAll"
+		"test:watch": "jest --watch"
 	},
 	"engines": {
 		"node": ">=12.20.0"
@@ -78,23 +78,22 @@
 	],
 	"dependencies": {
 		"@aws-sdk/client-ses": "^3.40.0",
-		"@directus/app": "9.5.2",
-		"@directus/drive": "9.5.2",
-		"@directus/drive-azure": "9.5.2",
-		"@directus/drive-gcs": "9.5.2",
-		"@directus/drive-s3": "9.5.2",
-		"@directus/extensions-sdk": "9.5.2",
-		"@directus/format-title": "9.5.2",
-		"@directus/schema": "9.5.2",
-		"@directus/shared": "9.5.2",
-		"@directus/specs": "9.5.2",
+		"@directus/app": "9.6.0",
+		"@directus/drive": "9.6.0",
+		"@directus/drive-azure": "9.6.0",
+		"@directus/drive-gcs": "9.6.0",
+		"@directus/drive-s3": "9.6.0",
+		"@directus/extensions-sdk": "9.6.0",
+		"@directus/format-title": "9.6.0",
+		"@directus/schema": "9.6.0",
+		"@directus/shared": "9.6.0",
+		"@directus/specs": "9.6.0",
 		"@godaddy/terminus": "^4.9.0",
 		"@rollup/plugin-alias": "^3.1.9",
 		"@rollup/plugin-virtual": "^2.0.3",
 		"argon2": "^0.28.2",
 		"async": "^3.2.0",
 		"async-mutex": "^0.3.1",
-		"atob": "^2.1.2",
 		"axios": "^0.24.0",
 		"busboy": "^0.3.1",
 		"camelcase": "^6.2.0",
@@ -173,10 +172,9 @@
 		"sqlite3": "^5.0.2",
 		"tedious": "^13.0.0"
 	},
-	"gitHead": "47a5da78fb5e31d1657c25103adcb63542396b61",
+	"gitHead": "eba2576227d493f87160973238bddadbf23bbe01",
 	"devDependencies": {
 		"@types/async": "3.2.10",
-		"@types/atob": "2.1.2",
 		"@types/body-parser": "1.19.2",
 		"@types/busboy": "0.3.1",
 		"@types/cookie-parser": "1.4.2",
@@ -189,7 +187,7 @@
 		"@types/flat": "5.0.2",
 		"@types/fs-extra": "9.0.13",
 		"@types/inquirer": "8.1.3",
-		"@types/jest": "27.0.3",
+		"@types/jest": "27.4.1",
 		"@types/js-yaml": "4.0.5",
 		"@types/json2csv": "5.0.3",
 		"@types/jsonwebtoken": "8.5.6",
@@ -215,9 +213,9 @@
 		"@types/wellknown": "0.5.1",
 		"copyfiles": "2.4.1",
 		"cross-env": "7.0.3",
-		"jest": "27.3.1",
+		"jest": "27.5.1",
 		"knex-mock-client": "1.6.1",
-		"ts-jest": "27.0.7",
+		"ts-jest": "27.1.3",
 		"ts-node-dev": "1.1.8",
 		"typescript": "4.5.2"
 	}

package/dist/__mocks__/cache.d.ts

@@ -1,6 +0,0 @@
-/// <reference types="jest" />
-export declare const cache: {
-    get: jest.Mock<any, any>;
-    set: jest.Mock<any, any>;
-};
-export declare const getCache: jest.Mock<any, any>;

package/dist/__mocks__/cache.js

@@ -1,8 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCache = exports.cache = void 0;
-exports.cache = {
-    get: jest.fn().mockResolvedValue(undefined),
-    set: jest.fn().mockResolvedValue(true),
-};
-exports.getCache = jest.fn().mockReturnValue({ cache: exports.cache });