directus 9.6.0 → 9.8.0

package/dist/services/fields.js

@@ -199,211 +199,222 @@ class FieldsService {
         if (this.accountability && this.accountability.admin !== true) {
             throw new exceptions_1.ForbiddenException();
         }
-        const exists = field.field in this.schema.collections[collection].fields ||
-            (0, lodash_1.isNil)(await this.knex.select('id').from('directus_fields').where({ collection, field: field.field }).first()) ===
-                false;
-        // Check if field already exists, either as a column, or as a row in directus_fields
-        if (exists) {
-            throw new exceptions_1.InvalidPayloadException(`Field "${field.field}" already exists in collection "${collection}"`);
-        }
-        await this.knex.transaction(async (trx) => {
-            const itemsService = new items_1.ItemsService('directus_fields', {
-                knex: trx,
-                accountability: this.accountability,
-                schema: this.schema,
+        try {
+            const exists = field.field in this.schema.collections[collection].fields ||
+                (0, lodash_1.isNil)(await this.knex.select('id').from('directus_fields').where({ collection, field: field.field }).first()) === false;
+            // Check if field already exists, either as a column, or as a row in directus_fields
+            if (exists) {
+                throw new exceptions_1.InvalidPayloadException(`Field "${field.field}" already exists in collection "${collection}"`);
+            }
+            await this.knex.transaction(async (trx) => {
+                const itemsService = new items_1.ItemsService('directus_fields', {
+                    knex: trx,
+                    accountability: this.accountability,
+                    schema: this.schema,
+                });
+                const hookAdjustedField = await emitter_1.default.emitFilter(`fields.create`, field, {
+                    collection: collection,
+                }, {
+                    database: trx,
+                    schema: this.schema,
+                    accountability: this.accountability,
+                });
+                if (hookAdjustedField.type && constants_1.ALIAS_TYPES.includes(hookAdjustedField.type) === false) {
+                    if (table) {
+                        this.addColumnToTable(table, hookAdjustedField);
+                    }
+                    else {
+                        await trx.schema.alterTable(collection, (table) => {
+                            this.addColumnToTable(table, hookAdjustedField);
+                        });
+                    }
+                }
+                if (hookAdjustedField.meta) {
+                    await itemsService.createOne({
+                        ...hookAdjustedField.meta,
+                        collection: collection,
+                        field: hookAdjustedField.field,
+                    }, { emitEvents: false });
+                }
+                emitter_1.default.emitAction(`fields.create`, {
+                    payload: hookAdjustedField,
+                    key: hookAdjustedField.field,
+                    collection: collection,
+                }, {
+                    database: (0, database_1.default)(),
+                    schema: this.schema,
+                    accountability: this.accountability,
+                });
             });
-            const hookAdjustedField = await emitter_1.default.emitFilter(`fields.create`, field, {
+        }
+        finally {
+            if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
+                await this.cache.clear();
+            }
+            await (0, cache_1.clearSystemCache)();
+        }
+    }
+    async updateField(collection, field) {
+        if (this.accountability && this.accountability.admin !== true) {
+            throw new exceptions_1.ForbiddenException();
+        }
+        try {
+            const hookAdjustedField = await emitter_1.default.emitFilter(`fields.update`, field, {
+                keys: [field.field],
                 collection: collection,
             }, {
-                database: trx,
+                database: this.knex,
                 schema: this.schema,
                 accountability: this.accountability,
             });
-            if (hookAdjustedField.type && constants_1.ALIAS_TYPES.includes(hookAdjustedField.type) === false) {
-                if (table) {
-                    this.addColumnToTable(table, hookAdjustedField);
-                }
-                else {
-                    await trx.schema.alterTable(collection, (table) => {
-                        this.addColumnToTable(table, hookAdjustedField);
-                    });
+            const record = field.meta
+                ? await this.knex.select('id').from('directus_fields').where({ collection, field: field.field }).first()
+                : null;
+            if (hookAdjustedField.schema) {
+                const existingColumn = await this.schemaInspector.columnInfo(collection, hookAdjustedField.field);
+                if (!(0, lodash_1.isEqual)(existingColumn, hookAdjustedField.schema)) {
+                    try {
+                        await this.knex.schema.alterTable(collection, (table) => {
+                            if (!hookAdjustedField.schema)
+                                return;
+                            this.addColumnToTable(table, field, existingColumn);
+                        });
+                    }
+                    catch (err) {
+                        throw await (0, translate_1.translateDatabaseError)(err);
+                    }
                 }
             }
             if (hookAdjustedField.meta) {
-                await itemsService.createOne({
-                    ...hookAdjustedField.meta,
-                    collection: collection,
-                    field: hookAdjustedField.field,
-                }, { emitEvents: false });
+                if (record) {
+                    await this.itemsService.updateOne(record.id, {
+                        ...hookAdjustedField.meta,
+                        collection: collection,
+                        field: hookAdjustedField.field,
+                    }, { emitEvents: false });
+                }
+                else {
+                    await this.itemsService.createOne({
+                        ...hookAdjustedField.meta,
+                        collection: collection,
+                        field: hookAdjustedField.field,
+                    }, { emitEvents: false });
+                }
             }
-            emitter_1.default.emitAction(`fields.create`, {
+            emitter_1.default.emitAction(`fields.update`, {
                 payload: hookAdjustedField,
-                key: hookAdjustedField.field,
+                keys: [hookAdjustedField.field],
                 collection: collection,
             }, {
                 database: (0, database_1.default)(),
                 schema: this.schema,
                 accountability: this.accountability,
             });
-        });
-        if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
-            await this.cache.clear();
+            return field.field;
         }
-        await this.systemCache.clear();
-    }
-    async updateField(collection, field) {
-        if (this.accountability && this.accountability.admin !== true) {
-            throw new exceptions_1.ForbiddenException();
-        }
-        const hookAdjustedField = await emitter_1.default.emitFilter(`fields.update`, field, {
-            keys: [field.field],
-            collection: collection,
-        }, {
-            database: this.knex,
-            schema: this.schema,
-            accountability: this.accountability,
-        });
-        const record = field.meta
-            ? await this.knex.select('id').from('directus_fields').where({ collection, field: field.field }).first()
-            : null;
-        if (hookAdjustedField.schema) {
-            const existingColumn = await this.schemaInspector.columnInfo(collection, hookAdjustedField.field);
-            if (!(0, lodash_1.isEqual)(existingColumn, hookAdjustedField.schema)) {
-                try {
-                    await this.knex.schema.alterTable(collection, (table) => {
-                        if (!hookAdjustedField.schema)
-                            return;
-                        this.addColumnToTable(table, field, existingColumn);
-                    });
-                }
-                catch (err) {
-                    throw await (0, translate_1.translateDatabaseError)(err);
-                }
+        finally {
+            if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
+                await this.cache.clear();
             }
+            await (0, cache_1.clearSystemCache)();
         }
-        if (hookAdjustedField.meta) {
-            if (record) {
-                await this.itemsService.updateOne(record.id, {
-                    ...hookAdjustedField.meta,
-                    collection: collection,
-                    field: hookAdjustedField.field,
-                }, { emitEvents: false });
-            }
-            else {
-                await this.itemsService.createOne({
-                    ...hookAdjustedField.meta,
-                    collection: collection,
-                    field: hookAdjustedField.field,
-                }, { emitEvents: false });
-            }
-        }
-        if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
-            await this.cache.clear();
-        }
-        await this.systemCache.clear();
-        emitter_1.default.emitAction(`fields.update`, {
-            payload: hookAdjustedField,
-            keys: [hookAdjustedField.field],
-            collection: collection,
-        }, {
-            database: (0, database_1.default)(),
-            schema: this.schema,
-            accountability: this.accountability,
-        });
-        return field.field;
     }
     async deleteField(collection, field) {
         if (this.accountability && this.accountability.admin !== true) {
             throw new exceptions_1.ForbiddenException();
         }
-        await emitter_1.default.emitFilter('fields.delete', [field], {
-            collection: collection,
-        }, {
-            database: this.knex,
-            schema: this.schema,
-            accountability: this.accountability,
-        });
-        await this.knex.transaction(async (trx) => {
-            var _a, _b;
-            if (this.schema.collections[collection] &&
-                field in this.schema.collections[collection].fields &&
-                this.schema.collections[collection].fields[field].alias === false) {
-                await trx.schema.table(collection, (table) => {
-                    table.dropColumn(field);
-                });
-            }
-            const relations = this.schema.relations.filter((relation) => {
-                var _a;
-                return ((relation.collection === collection && relation.field === field) ||
-                    (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === field));
-            });
-            const relationsService = new relations_1.RelationsService({
-                knex: trx,
-                accountability: this.accountability,
+        try {
+            await emitter_1.default.emitFilter('fields.delete', [field], {
+                collection: collection,
+            }, {
+                database: this.knex,
                 schema: this.schema,
-            });
-            const fieldsService = new FieldsService({
-                knex: trx,
                 accountability: this.accountability,
-                schema: this.schema,
             });
-            for (const relation of relations) {
-                const isM2O = relation.collection === collection && relation.field === field;
-                // If the current field is a m2o, delete the related o2m if it exists and remove the relationship
-                if (isM2O) {
-                    await relationsService.deleteOne(collection, field);
-                    if (relation.related_collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field)) {
-                        await fieldsService.deleteField(relation.related_collection, relation.meta.one_field);
+            await this.knex.transaction(async (trx) => {
+                var _a, _b;
+                if (this.schema.collections[collection] &&
+                    field in this.schema.collections[collection].fields &&
+                    this.schema.collections[collection].fields[field].alias === false) {
+                    await trx.schema.table(collection, (table) => {
+                        table.dropColumn(field);
+                    });
+                }
+                const relations = this.schema.relations.filter((relation) => {
+                    var _a;
+                    return ((relation.collection === collection && relation.field === field) ||
+                        (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === field));
+                });
+                const relationsService = new relations_1.RelationsService({
+                    knex: trx,
+                    accountability: this.accountability,
+                    schema: this.schema,
+                });
+                const fieldsService = new FieldsService({
+                    knex: trx,
+                    accountability: this.accountability,
+                    schema: this.schema,
+                });
+                for (const relation of relations) {
+                    const isM2O = relation.collection === collection && relation.field === field;
+                    // If the current field is a m2o, delete the related o2m if it exists and remove the relationship
+                    if (isM2O) {
+                        await relationsService.deleteOne(collection, field);
+                        if (relation.related_collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field)) {
+                            await fieldsService.deleteField(relation.related_collection, relation.meta.one_field);
+                        }
+                    }
+                    // If the current field is a o2m, just delete the one field config from the relation
+                    if (!isM2O && ((_b = relation.meta) === null || _b === void 0 ? void 0 : _b.one_field)) {
+                        await trx('directus_relations')
+                            .update({ one_field: null })
+                            .where({ many_collection: relation.collection, many_field: relation.field });
                     }
                 }
-                // If the current field is a o2m, just delete the one field config from the relation
-                if (!isM2O && ((_b = relation.meta) === null || _b === void 0 ? void 0 : _b.one_field)) {
-                    await trx('directus_relations')
-                        .update({ one_field: null })
-                        .where({ many_collection: relation.collection, many_field: relation.field });
+                const collectionMeta = await trx
+                    .select('archive_field', 'sort_field')
+                    .from('directus_collections')
+                    .where({ collection })
+                    .first();
+                const collectionMetaUpdates = {};
+                if ((collectionMeta === null || collectionMeta === void 0 ? void 0 : collectionMeta.archive_field) === field) {
+                    collectionMetaUpdates.archive_field = null;
                 }
+                if ((collectionMeta === null || collectionMeta === void 0 ? void 0 : collectionMeta.sort_field) === field) {
+                    collectionMetaUpdates.sort_field = null;
+                }
+                if (Object.keys(collectionMetaUpdates).length > 0) {
+                    await trx('directus_collections').update(collectionMetaUpdates).where({ collection });
+                }
+                // Cleanup directus_fields
+                const metaRow = await trx
+                    .select('collection', 'field')
+                    .from('directus_fields')
+                    .where({ collection, field })
+                    .first();
+                if (metaRow) {
+                    // Handle recursive FK constraints
+                    await trx('directus_fields')
+                        .update({ group: null })
+                        .where({ group: metaRow.field, collection: metaRow.collection });
+                }
+                await trx('directus_fields').delete().where({ collection, field });
+            });
+            emitter_1.default.emitAction('fields.delete', {
+                payload: [field],
+                collection: collection,
+            }, {
+                database: this.knex,
+                schema: this.schema,
+                accountability: this.accountability,
+            });
+        }
+        finally {
+            if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
+                await this.cache.clear();
             }
-            const collectionMeta = await trx
-                .select('archive_field', 'sort_field')
-                .from('directus_collections')
-                .where({ collection })
-                .first();
-            const collectionMetaUpdates = {};
-            if ((collectionMeta === null || collectionMeta === void 0 ? void 0 : collectionMeta.archive_field) === field) {
-                collectionMetaUpdates.archive_field = null;
-            }
-            if ((collectionMeta === null || collectionMeta === void 0 ? void 0 : collectionMeta.sort_field) === field) {
-                collectionMetaUpdates.sort_field = null;
-            }
-            if (Object.keys(collectionMetaUpdates).length > 0) {
-                await trx('directus_collections').update(collectionMetaUpdates).where({ collection });
-            }
-            // Cleanup directus_fields
-            const metaRow = await trx
-                .select('collection', 'field')
-                .from('directus_fields')
-                .where({ collection, field })
-                .first();
-            if (metaRow) {
-                // Handle recursive FK constraints
-                await trx('directus_fields')
-                    .update({ group: null })
-                    .where({ group: metaRow.field, collection: metaRow.collection });
-            }
-            await trx('directus_fields').delete().where({ collection, field });
-        });
-        if (this.cache && env_1.default.CACHE_AUTO_PURGE) {
-            await this.cache.clear();
-        }
-        await this.systemCache.clear();
-        emitter_1.default.emitAction('fields.delete', {
-            payload: [field],
-            collection: collection,
-        }, {
-            database: this.knex,
-            schema: this.schema,
-            accountability: this.accountability,
-        });
+            await (0, cache_1.clearSystemCache)();
+        }
     }
     addColumnToTable(table, field, alter = null) {
         var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;

package/dist/services/files.js

@@ -1,4 +1,23 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -11,7 +30,9 @@ const lodash_1 = require("lodash");
 const mime_types_1 = require("mime-types");
 const path_1 = __importDefault(require("path"));
 const sharp_1 = __importDefault(require("sharp"));
-const url_1 = __importDefault(require("url"));
+const url_1 = __importStar(require("url"));
+const util_1 = require("util");
+const dns_1 = require("dns");
 const emitter_1 = __importDefault(require("../emitter"));
 const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
@@ -19,6 +40,9 @@ const logger_1 = __importDefault(require("../logger"));
 const storage_1 = __importDefault(require("../storage"));
 const utils_1 = require("@directus/shared/utils");
 const items_1 = require("./items");
+const net_1 = __importDefault(require("net"));
+const os_1 = __importDefault(require("os"));
+const lookupDNS = (0, util_1.promisify)(dns_1.lookup);
 class FilesService extends items_1.ItemsService {
     constructor(options) {
         super('directus_files', options);
@@ -137,6 +161,49 @@ class FilesService extends items_1.ItemsService {
         if (this.accountability && ((_c = this.accountability) === null || _c === void 0 ? void 0 : _c.admin) !== true && !fileCreatePermissions) {
             throw new exceptions_1.ForbiddenException();
         }
+        let resolvedUrl;
+        try {
+            resolvedUrl = new url_1.URL(importURL);
+        }
+        catch (err) {
+            logger_1.default.warn(err, `Requested URL ${importURL} isn't a valid URL`);
+            throw new exceptions_1.ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
+                service: 'external-file',
+            });
+        }
+        let ip = resolvedUrl.hostname;
+        if (net_1.default.isIP(ip) === 0) {
+            try {
+                ip = (await lookupDNS(ip)).address;
+            }
+            catch (err) {
+                logger_1.default.warn(err, `Couldn't lookup the DNS for url ${importURL}`);
+                throw new exceptions_1.ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
+                    service: 'external-file',
+                });
+            }
+        }
+        if (env_1.default.IMPORT_IP_DENY_LIST.includes('0.0.0.0')) {
+            const networkInterfaces = os_1.default.networkInterfaces();
+            for (const networkInfo of Object.values(networkInterfaces)) {
+                if (!networkInfo)
+                    continue;
+                for (const info of networkInfo) {
+                    if (info.address === ip) {
+                        logger_1.default.warn(`Requested URL ${importURL} resolves to localhost.`);
+                        throw new exceptions_1.ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
+                            service: 'external-file',
+                        });
+                    }
+                }
+            }
+        }
+        if (env_1.default.IMPORT_IP_DENY_LIST.includes(ip)) {
+            logger_1.default.warn(`Requested URL ${importURL} resolves to a denied IP address.`);
+            throw new exceptions_1.ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
+                service: 'external-file',
+            });
+        }
         let fileResponse;
         try {
             fileResponse = await axios_1.default.get(importURL, {
@@ -144,8 +211,7 @@ class FilesService extends items_1.ItemsService {
             });
         }
         catch (err) {
-            logger_1.default.warn(`Couldn't fetch file from url "${importURL}"`);
-            logger_1.default.warn(err);
+            logger_1.default.warn(err, `Couldn't fetch file from url "${importURL}"`);
             throw new exceptions_1.ServiceUnavailableException(`Couldn't fetch file from url "${importURL}"`, {
                 service: 'external-file',
             });

package/dist/services/graphql.js

@@ -1732,9 +1732,9 @@ class GraphQLService {
                     if (((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) !== true) {
                         throw new exceptions_1.ForbiddenException();
                     }
-                    const { cache, systemCache } = (0, cache_1.getCache)();
+                    const { cache } = (0, cache_1.getCache)();
                     await (cache === null || cache === void 0 ? void 0 : cache.clear());
-                    await systemCache.clear();
+                    await (0, cache_1.clearSystemCache)();
                     return;
                 },
             },

package/dist/services/import-export.d.ts

@@ -0,0 +1,34 @@
+/// <reference types="node" />
+import { Knex } from 'knex';
+import { AbstractServiceOptions, File } from '../types';
+import { Accountability, Query, SchemaOverview } from '@directus/shared/types';
+export declare class ImportService {
+    knex: Knex;
+    accountability: Accountability | null;
+    schema: SchemaOverview;
+    constructor(options: AbstractServiceOptions);
+    import(collection: string, mimetype: string, stream: NodeJS.ReadableStream): Promise<void>;
+    importJSON(collection: string, stream: NodeJS.ReadableStream): Promise<void>;
+    importCSV(collection: string, stream: NodeJS.ReadableStream): Promise<void>;
+}
+export declare class ExportService {
+    knex: Knex;
+    accountability: Accountability | null;
+    schema: SchemaOverview;
+    constructor(options: AbstractServiceOptions);
+    /**
+     * Export the query results as a named file. Will query in batches, and keep appending a tmp file
+     * until all the data is retrieved. Uploads the result as a new file using the regular
+     * FilesService upload method.
+     */
+    exportToFile(collection: string, query: Partial<Query>, format: 'xml' | 'csv' | 'json', options?: {
+        file?: Partial<File>;
+    }): Promise<void>;
+    /**
+     * Transform a given input object / array to the given type
+     */
+    transform(input: Record<string, any>[], format: 'xml' | 'csv' | 'json', options?: {
+        includeHeader?: boolean;
+        includeFooter?: boolean;
+    }): string;
+}