directus 9.8.0 → 9.10.0

package/dist/exceptions/index.js

@@ -25,6 +25,7 @@ __exportStar(require("./method-not-allowed"), exports);
 __exportStar(require("./range-not-satisfiable"), exports);
 __exportStar(require("./route-not-found"), exports);
 __exportStar(require("./service-unavailable"), exports);
+__exportStar(require("./token-expired"), exports);
 __exportStar(require("./unprocessable-entity"), exports);
 __exportStar(require("./unsupported-media-type"), exports);
 __exportStar(require("./user-suspended"), exports);

package/dist/exceptions/token-expired.d.ts

@@ -0,0 +1,4 @@
+import { BaseException } from '@directus/shared/exceptions';
+export declare class TokenExpiredException extends BaseException {
+    constructor(message?: string);
+}

package/dist/exceptions/token-expired.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenExpiredException = void 0;
+const exceptions_1 = require("@directus/shared/exceptions");
+class TokenExpiredException extends exceptions_1.BaseException {
+    constructor(message = 'Token expired.') {
+        super(message, 401, 'TOKEN_EXPIRED');
+    }
+}
+exports.TokenExpiredException = TokenExpiredException;

package/dist/middleware/cache.js

@@ -19,6 +19,8 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
     if (!cache)
         return next();
     if (((_a = req.headers['cache-control']) === null || _a === void 0 ? void 0 : _a.includes('no-store')) || ((_b = req.headers['Cache-Control']) === null || _b === void 0 ? void 0 : _b.includes('no-store'))) {
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
         return next();
     }
     const key = (0, get_cache_key_1.getCacheKey)(req);
@@ -28,6 +30,8 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
     }
     catch (err) {
         logger_1.default.warn(err, `[cache] Couldn't read key ${key}. ${err.message}`);
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
         return next();
     }
     if (cachedData) {
@@ -37,14 +41,20 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
         }
         catch (err) {
             logger_1.default.warn(err, `[cache] Couldn't read key ${`${key}__expires_at`}. ${err.message}`);
+            if (env_1.default.CACHE_STATUS_HEADER)
+                res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
             return next();
         }
         const cacheTTL = cacheExpiryDate ? cacheExpiryDate - Date.now() : null;
         res.setHeader('Cache-Control', (0, get_cache_headers_1.getCacheControlHeader)(req, cacheTTL));
         res.setHeader('Vary', 'Origin, Cache-Control');
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'HIT');
         return res.json(cachedData);
     }
     else {
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
         return next();
     }
 });

package/dist/services/authorization.js

@@ -35,7 +35,7 @@ class AuthorizationService {
             throw new exceptions_2.ForbiddenException();
         }
         validateFields(ast);
-        validateFilterPermissions(ast, this.schema, this.accountability);
+        validateFilterPermissions(ast, this.schema, action, this.accountability);
         applyFilters(ast, this.accountability);
         return ast;
         /**
@@ -87,6 +87,8 @@ class AuthorizationService {
                         if (!aliasMap)
                             continue;
                         for (const column of Object.values(aliasMap)) {
+                            if (column === '*')
+                                continue;
                             if (allowedFields.includes(column) === false)
                                 throw new exceptions_2.ForbiddenException();
                         }
@@ -106,7 +108,7 @@ class AuthorizationService {
                 }
             }
         }
-        function validateFilterPermissions(ast, schema, accountability) {
+        function validateFilterPermissions(ast, schema, action, accountability) {
             var _a, _b, _c, _d, _e;
             let requiredFieldPermissions = {};
             if (ast.type !== 'field') {
@@ -114,28 +116,34 @@ class AuthorizationService {
                     for (const collection of Object.keys(ast.children)) {
                         requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, extractRequiredFieldPermissions(collection, (_c = (_b = (_a = ast.query) === null || _a === void 0 ? void 0 : _a[collection]) === null || _b === void 0 ? void 0 : _b.filter) !== null && _c !== void 0 ? _c : {}));
                         for (const child of ast.children[collection]) {
-                            // Always add relational field as a deep child may have a filter
-                            if (child.type !== 'field') {
-                                (requiredFieldPermissions[collection] || (requiredFieldPermissions[collection] = new Set())).add(child.fieldKey);
+                            const childPermissions = validateFilterPermissions(child, schema, action, accountability);
+                            if (Object.keys(childPermissions).length > 0) {
+                                //Only add relational field if deep child has a filter
+                                if (child.type !== 'field') {
+                                    (requiredFieldPermissions[collection] || (requiredFieldPermissions[collection] = new Set())).add(child.fieldKey);
+                                }
+                                requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, childPermissions);
                             }
-                            requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, validateFilterPermissions(child, schema, accountability));
                         }
                     }
                 }
                 else {
                     requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, extractRequiredFieldPermissions(ast.name, (_e = (_d = ast.query) === null || _d === void 0 ? void 0 : _d.filter) !== null && _e !== void 0 ? _e : {}));
                     for (const child of ast.children) {
-                        // Always add relational field as a deep child may have a filter
-                        if (child.type !== 'field') {
-                            (requiredFieldPermissions[ast.name] || (requiredFieldPermissions[ast.name] = new Set())).add(child.fieldKey);
+                        const childPermissions = validateFilterPermissions(child, schema, action, accountability);
+                        if (Object.keys(childPermissions).length > 0) {
+                            // Only add relational field if deep child has a filter
+                            if (child.type !== 'field') {
+                                (requiredFieldPermissions[ast.name] || (requiredFieldPermissions[ast.name] = new Set())).add(child.fieldKey);
+                            }
+                            requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, childPermissions);
                         }
-                        requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, validateFilterPermissions(child, schema, accountability));
                     }
                 }
             }
             if (ast.type === 'root') {
                 // Validate all required permissions once at the root level
-                checkFieldPermissions(requiredFieldPermissions);
+                checkFieldPermissions(ast.name, schema, action, requiredFieldPermissions);
             }
             return requiredFieldPermissions;
             function extractRequiredFieldPermissions(collection, filter, parentCollection, parentField) {
@@ -153,6 +161,34 @@ class AuthorizationService {
                         // Filter value is not a filter, so we should skip it
                         return result;
                     }
+                    // m2a filter in the form of `item:collection`
+                    else if (filterKey.includes(':')) {
+                        const [field, collectionScope] = filterKey.split(':');
+                        if (collection) {
+                            // Add the `item` field to the required permissions
+                            (result[collection] || (result[collection] = new Set())).add(field);
+                            // Add the `collection` field to the required permissions
+                            result[collection].add('collection');
+                        }
+                        else {
+                            const relation = schema.relations.find((relation) => {
+                                var _a;
+                                return ((relation.collection === parentCollection && relation.field === parentField) ||
+                                    (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === parentField));
+                            });
+                            // Filter key not found in parent collection
+                            if (!relation)
+                                throw new exceptions_2.ForbiddenException();
+                            const relatedCollectionName = relation.related_collection === parentCollection ? relation.collection : relation.related_collection;
+                            // Add the `item` field to the required permissions
+                            (result[relatedCollectionName] || (result[relatedCollectionName] = new Set())).add(field);
+                            // Add the `collection` field to the required permissions
+                            result[relatedCollectionName].add('collection');
+                        }
+                        // Continue to parse the filter for nested `collection` afresh
+                        const requiredPermissions = extractRequiredFieldPermissions(collectionScope, filterValue);
+                        result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                    }
                     else {
                         if (collection) {
                             (result[collection] || (result[collection] = new Set())).add(filterKey);
@@ -163,20 +199,12 @@ class AuthorizationService {
                                 return ((relation.collection === parentCollection && relation.field === parentField) ||
                                     (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === parentField));
                             });
-                            if (relation) {
-                                if (relation.related_collection === parentCollection) {
-                                    (result[relation.collection] || (result[relation.collection] = new Set())).add(filterKey);
-                                    parentCollection = relation.collection;
-                                }
-                                else {
-                                    (result[relation.related_collection] || (result[relation.related_collection] = new Set())).add(filterKey);
-                                    parentCollection = relation.related_collection;
-                                }
-                            }
-                            else {
-                                // Filter key not found in parent collection
+                            // Filter key not found in parent collection
+                            if (!relation)
                                 throw new exceptions_2.ForbiddenException();
-                            }
+                            parentCollection =
+                                relation.related_collection === parentCollection ? relation.collection : relation.related_collection;
+                            (result[parentCollection] || (result[parentCollection] = new Set())).add(filterKey);
                         }
                         if (typeof filterValue === 'object') {
                             // Parent collection is undefined when we process the top level filter
@@ -214,20 +242,34 @@ class AuthorizationService {
                 }
                 return current;
             }
-            function checkFieldPermissions(requiredPermissions) {
-                var _a;
+            function checkFieldPermissions(rootCollection, schema, action, requiredPermissions) {
+                var _a, _b;
                 if ((accountability === null || accountability === void 0 ? void 0 : accountability.admin) === true)
                     return;
                 for (const collection of Object.keys(requiredPermissions)) {
                     const permission = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.find((permission) => permission.collection === collection && permission.action === 'read');
-                    if (!permission || !permission.fields)
+                    let allowedFields;
+                    // Allow the filtering of top level ID for actions such as update and delete
+                    if (action !== 'read' && collection === rootCollection) {
+                        const actionPermission = (_b = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _b === void 0 ? void 0 : _b.find((permission) => permission.collection === collection && permission.action === action);
+                        if (!actionPermission || !actionPermission.fields) {
+                            throw new exceptions_2.ForbiddenException();
+                        }
+                        allowedFields = (permission === null || permission === void 0 ? void 0 : permission.fields)
+                            ? [...permission.fields, schema.collections[collection].primary]
+                            : [schema.collections[collection].primary];
+                    }
+                    else if (!permission || !permission.fields) {
                         throw new exceptions_2.ForbiddenException();
-                    const allowedFields = permission.fields;
+                    }
+                    else {
+                        allowedFields = permission.fields;
+                    }
                     if (allowedFields.includes('*'))
                         continue;
                     // Allow legacy permissions with an empty fields array, where id can be accessed
                     if (allowedFields.length === 0)
-                        allowedFields.push('id');
+                        allowedFields.push(schema.collections[collection].primary);
                     for (const field of requiredPermissions[collection]) {
                         if (!allowedFields.includes(field))
                             throw new exceptions_2.ForbiddenException();
@@ -342,7 +384,7 @@ class AuthorizationService {
             }
         }
         if (hasFieldValidationRules) {
-            if (permission.validation) {
+            if (permission.validation && Object.keys(permission.validation).length > 0) {
                 permission.validation = { _and: [permission.validation, ...fieldValidationRules] };
             }
             else {

package/dist/services/collections.d.ts

@@ -4,6 +4,7 @@ import Keyv from 'keyv';
 import { AbstractServiceOptions, Collection, CollectionMeta, MutationOptions } from '../types';
 import { Accountability, RawField, SchemaOverview } from '@directus/shared/types';
 import { Table } from 'knex-schema-inspector/dist/types/table';
+import { Helpers } from '../database/helpers';
 export declare type RawCollection = {
     collection: string;
     fields?: RawField[];
@@ -12,6 +13,7 @@ export declare type RawCollection = {
 };
 export declare class CollectionsService {
     knex: Knex;
+    helpers: Helpers;
     accountability: Accountability | null;
     schemaInspector: ReturnType<typeof SchemaInspector>;
     schema: SchemaOverview;

package/dist/services/collections.js

@@ -32,9 +32,12 @@ const env_1 = __importDefault(require("../env"));
 const exceptions_1 = require("../exceptions");
 const fields_1 = require("../services/fields");
 const items_1 = require("../services/items");
+const utils_1 = require("@directus/shared/utils");
+const helpers_1 = require("../database/helpers");
 class CollectionsService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
+        this.helpers = (0, helpers_1.getHelpers)(this.knex);
         this.accountability = options.accountability || null;
         this.schemaInspector = options.knex ? (0, schema_1.default)(options.knex) : (0, database_1.getSchemaInspector)();
         this.schema = options.schema;
@@ -96,6 +99,11 @@ class CollectionsService {
                                 collection: payload.collection,
                             };
                         }
+                        // Add flag for specific database type overrides
+                        const flagToAdd = this.helpers.date.fieldFlagForField(field.type);
+                        if (flagToAdd) {
+                            (0, utils_1.addFieldFlag)(field, flagToAdd);
+                        }
                         return field;
                     });
                     const fieldsService = new fields_1.FieldsService({ knex: trx, schema: this.schema });
@@ -231,6 +239,8 @@ class CollectionsService {
      */
     async readOne(collectionKey) {
         const result = await this.readMany([collectionKey]);
+        if (result.length === 0)
+            throw new exceptions_1.ForbiddenException();
         return result[0];
     }
     /**

package/dist/services/fields.js

@@ -40,6 +40,7 @@ const utils_1 = require("@directus/shared/utils");
 const lodash_1 = require("lodash");
 const relations_1 = require("./relations");
 const helpers_1 = require("../database/helpers");
+const constants_2 = require("@directus/shared/constants");
 class FieldsService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
@@ -60,6 +61,7 @@ class FieldsService {
         }));
     }
     async readAll(collection) {
+        var _a, _b, _c, _d;
         let fields;
         if (this.accountability && this.accountability.admin !== true && this.hasReadAccess === false) {
             throw new exceptions_1.ForbiddenException();
@@ -151,6 +153,15 @@ class FieldsService {
                 return allowedFields.includes(field.field);
             });
         }
+        // Update specific database type overrides
+        for (const field of result) {
+            if ((_b = (_a = field.meta) === null || _a === void 0 ? void 0 : _a.special) === null || _b === void 0 ? void 0 : _b.includes('cast-timestamp')) {
+                field.type = 'timestamp';
+            }
+            else if ((_d = (_c = field.meta) === null || _c === void 0 ? void 0 : _c.special) === null || _d === void 0 ? void 0 : _d.includes('cast-datetime')) {
+                field.type = 'dateTime';
+            }
+        }
         return result;
     }
     async readOne(collection, field) {
@@ -184,6 +195,8 @@ class FieldsService {
         catch {
             // Do nothing
         }
+        if (!column && !fieldInfo)
+            throw new exceptions_1.ForbiddenException();
         const type = (0, get_local_type_1.default)(column, fieldInfo);
         const data = {
             collection,
@@ -206,6 +219,11 @@ class FieldsService {
             if (exists) {
                 throw new exceptions_1.InvalidPayloadException(`Field "${field.field}" already exists in collection "${collection}"`);
             }
+            // Add flag for specific database type overrides
+            const flagToAdd = this.helpers.date.fieldFlagForField(field.type);
+            if (flagToAdd) {
+                (0, utils_1.addFieldFlag)(field, flagToAdd);
+            }
             await this.knex.transaction(async (trx) => {
                 const itemsService = new items_1.ItemsService('directus_fields', {
                     knex: trx,
@@ -452,9 +470,16 @@ class FieldsService {
             column = table[field.type](field.field);
         }
         if (((_f = field.schema) === null || _f === void 0 ? void 0 : _f.default_value) !== undefined) {
-            if (typeof field.schema.default_value === 'string' && field.schema.default_value.toLowerCase() === 'now()') {
+            if (typeof field.schema.default_value === 'string' &&
+                (field.schema.default_value.toLowerCase() === 'now()' || field.schema.default_value === 'CURRENT_TIMESTAMP')) {
                 column.defaultTo(this.knex.fn.now());
             }
+            else if (typeof field.schema.default_value === 'string' &&
+                field.schema.default_value.includes('CURRENT_TIMESTAMP(') &&
+                field.schema.default_value.includes(')')) {
+                const precision = field.schema.default_value.match(constants_2.REGEX_BETWEEN_PARENS)[1];
+                column.defaultTo(this.knex.fn.now(Number(precision)));
+            }
             else if (typeof field.schema.default_value === 'string' &&
                 ['"null"', 'null'].includes(field.schema.default_value.toLowerCase())) {
                 column.defaultTo(null);

package/dist/services/files.d.ts

@@ -1,5 +1,5 @@
 /// <reference types="node" />
-import { AbstractServiceOptions, File, PrimaryKey, MutationOptions } from '../types';
+import { AbstractServiceOptions, File, PrimaryKey, MutationOptions, Metadata } from '../types';
 import { ItemsService } from './items';
 export declare class FilesService extends ItemsService {
     constructor(options: AbstractServiceOptions);
@@ -10,6 +10,10 @@ export declare class FilesService extends ItemsService {
         filename_download: string;
         storage: string;
     }, primaryKey?: PrimaryKey, opts?: MutationOptions): Promise<PrimaryKey>;
+    /**
+     * Extract metadata from a buffer's content
+     */
+    getMetadata(bufferContent: any, allowList?: any): Promise<Metadata>;
     /**
      * Import a single file from an external URL
      */

package/dist/services/files.js

@@ -88,46 +88,13 @@ class FilesService extends items_1.ItemsService {
         payload.filesize = size;
         if (['image/jpeg', 'image/png', 'image/webp', 'image/gif', 'image/tiff'].includes(payload.type)) {
             const buffer = await storage_1.default.disk(data.storage).getBuffer(payload.filename_disk);
-            try {
-                const meta = await (0, sharp_1.default)(buffer.content, {}).metadata();
-                if (meta.orientation && meta.orientation >= 5) {
-                    payload.height = meta.width;
-                    payload.width = meta.height;
-                }
-                else {
-                    payload.width = meta.width;
-                    payload.height = meta.height;
-                }
-            }
-            catch (err) {
-                logger_1.default.warn(`Couldn't extract sharp metadata from file`);
-                logger_1.default.warn(err);
-            }
-            payload.metadata = {};
-            try {
-                payload.metadata = await exifr_1.default.parse(buffer.content, {
-                    icc: false,
-                    iptc: true,
-                    ifd1: true,
-                    interop: true,
-                    translateValues: true,
-                    reviveValues: true,
-                    mergeOutput: false,
-                });
-                if ((_b = (_a = payload.metadata) === null || _a === void 0 ? void 0 : _a.iptc) === null || _b === void 0 ? void 0 : _b.Headline) {
-                    payload.title = payload.metadata.iptc.Headline;
-                }
-                if (!payload.description && ((_d = (_c = payload.metadata) === null || _c === void 0 ? void 0 : _c.iptc) === null || _d === void 0 ? void 0 : _d.Caption)) {
-                    payload.description = payload.metadata.iptc.Caption;
-                }
-                if ((_f = (_e = payload.metadata) === null || _e === void 0 ? void 0 : _e.iptc) === null || _f === void 0 ? void 0 : _f.Keywords) {
-                    payload.tags = payload.metadata.iptc.Keywords;
-                }
-            }
-            catch (err) {
-                logger_1.default.warn(`Couldn't extract EXIF metadata from file`);
-                logger_1.default.warn(err);
-            }
+            const { height, width, description, title, tags, metadata } = await this.getMetadata(buffer.content);
+            (_a = payload.height) !== null && _a !== void 0 ? _a : (payload.height = height);
+            (_b = payload.width) !== null && _b !== void 0 ? _b : (payload.width = width);
+            (_c = payload.description) !== null && _c !== void 0 ? _c : (payload.description = description);
+            (_d = payload.title) !== null && _d !== void 0 ? _d : (payload.title = title);
+            (_e = payload.tags) !== null && _e !== void 0 ? _e : (payload.tags = tags);
+            (_f = payload.metadata) !== null && _f !== void 0 ? _f : (payload.metadata = metadata);
         }
         // We do this in a service without accountability. Even if you don't have update permissions to the file,
         // we still want to be able to set the extracted values from the file on create
@@ -152,6 +119,58 @@ class FilesService extends items_1.ItemsService {
         }
         return primaryKey;
     }
+    /**
+     * Extract metadata from a buffer's content
+     */
+    async getMetadata(bufferContent, allowList = env_1.default.FILE_METADATA_ALLOW_LIST) {
+        const metadata = {};
+        try {
+            const sharpMetadata = await (0, sharp_1.default)(bufferContent, {}).metadata();
+            if (sharpMetadata.orientation && sharpMetadata.orientation >= 5) {
+                metadata.height = sharpMetadata.width;
+                metadata.width = sharpMetadata.height;
+            }
+            else {
+                metadata.width = sharpMetadata.width;
+                metadata.height = sharpMetadata.height;
+            }
+        }
+        catch (err) {
+            logger_1.default.warn(`Couldn't extract sharp metadata from file`);
+            logger_1.default.warn(err);
+        }
+        try {
+            const exifrMetadata = await exifr_1.default.parse(bufferContent, {
+                icc: false,
+                iptc: true,
+                ifd1: true,
+                interop: true,
+                translateValues: true,
+                reviveValues: true,
+                mergeOutput: false,
+            });
+            if (allowList === '*' || (allowList === null || allowList === void 0 ? void 0 : allowList[0]) === '*') {
+                metadata.metadata = exifrMetadata;
+            }
+            else {
+                metadata.metadata = (0, lodash_1.pick)(exifrMetadata, allowList);
+            }
+            if (!metadata.description && (exifrMetadata === null || exifrMetadata === void 0 ? void 0 : exifrMetadata.Caption)) {
+                metadata.description = exifrMetadata.Caption;
+            }
+            if (exifrMetadata === null || exifrMetadata === void 0 ? void 0 : exifrMetadata.Headline) {
+                metadata.title = exifrMetadata.Headline;
+            }
+            if (exifrMetadata === null || exifrMetadata === void 0 ? void 0 : exifrMetadata.Keywords) {
+                metadata.tags = exifrMetadata.Keywords;
+            }
+        }
+        catch (err) {
+            logger_1.default.warn(`Couldn't extract EXIF metadata from file`);
+            logger_1.default.warn(err);
+        }
+        return metadata;
+    }
     /**
      * Import a single file from an external URL
      */

package/dist/services/graphql.d.ts

@@ -1,9 +1,8 @@
+import { BaseException } from '@directus/shared/exceptions';
+import { Accountability, Query, SchemaOverview } from '@directus/shared/types';
 import { ArgumentNode, FormattedExecutionResult, FragmentDefinitionNode, GraphQLError, GraphQLResolveInfo, GraphQLScalarType, GraphQLSchema, ObjectFieldNode, SelectionNode } from 'graphql';
-import { SchemaOverview } from '@directus/shared/types';
 import { ObjectTypeComposer, SchemaComposer } from 'graphql-compose';
 import { Knex } from 'knex';
-import { BaseException } from '@directus/shared/exceptions';
-import { Accountability, Query } from '@directus/shared/types';
 import { AbstractServiceOptions, GraphQLParams, Item } from '../types';
 import { ItemsService } from './items';
 export declare const GraphQLGeoJSON: GraphQLScalarType;