npm - directus - Versions diffs - 9.8.0 → 9.10.0 - Mend

directus 9.8.0 → 9.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/README.md +1 -1
package/dist/__mocks__/cache.d.ts +5 -0
package/dist/__mocks__/cache.js +7 -0
package/dist/app.js +3 -0
package/dist/auth/drivers/ldap.js +10 -11
package/dist/auth/drivers/oauth2.js +11 -6
package/dist/auth/drivers/openid.js +9 -6
package/dist/cli/commands/schema/apply.js +9 -3
package/dist/controllers/assets.js +5 -0
package/dist/controllers/files.d.ts +2 -0
package/dist/controllers/files.js +13 -5
package/dist/database/helpers/date/dialects/mssql.d.ts +4 -0
package/dist/database/helpers/date/dialects/mssql.js +12 -0
package/dist/database/helpers/date/dialects/mysql.d.ts +5 -0
package/dist/database/helpers/date/dialects/mysql.js +16 -0
package/dist/database/helpers/date/dialects/oracle.d.ts +4 -0
package/dist/database/helpers/date/dialects/oracle.js +15 -0
package/dist/database/helpers/date/dialects/sqlite.d.ts +1 -0
package/dist/database/helpers/date/dialects/sqlite.js +8 -0
package/dist/database/helpers/date/index.d.ts +3 -3
package/dist/database/helpers/date/index.js +6 -6
package/dist/database/helpers/date/types.d.ts +3 -0
package/dist/database/helpers/date/types.js +10 -0
package/dist/database/helpers/fn/dialects/postgres.js +5 -1
package/dist/database/helpers/index.d.ts +1 -1
package/dist/database/migrations/20220402A-remove-default-value-panel-icon.d.ts +3 -0
package/dist/database/migrations/20220402A-remove-default-value-panel-icon.js +22 -0
package/dist/database/run-ast.js +3 -3
package/dist/database/system-data/fields/collections.yaml +1 -1
package/dist/database/system-data/fields/settings.yaml +0 -1
package/dist/database/system-data/fields/users.yaml +3 -0
package/dist/env.js +9 -3
package/dist/exceptions/index.d.ts +1 -0
package/dist/exceptions/index.js +1 -0
package/dist/exceptions/token-expired.d.ts +4 -0
package/dist/exceptions/token-expired.js +10 -0
package/dist/middleware/cache.js +10 -0
package/dist/services/authorization.js +72 -30
package/dist/services/collections.d.ts +2 -0
package/dist/services/collections.js +10 -0
package/dist/services/fields.js +26 -1
package/dist/services/files.d.ts +5 -1
package/dist/services/files.js +59 -40
package/dist/services/graphql.d.ts +2 -3
package/dist/services/graphql.js +65 -11
package/dist/services/import-export.js +2 -0
package/dist/services/items.js +12 -5
package/dist/services/payload.d.ts +2 -1
package/dist/services/payload.js +22 -17
package/dist/services/specifications.js +1 -3
package/dist/services/users.js +4 -1
package/dist/types/files.d.ts +8 -0
package/dist/utils/apply-query.d.ts +2 -1
package/dist/utils/apply-query.js +134 -156
package/dist/utils/apply-snapshot.d.ts +3 -1
package/dist/utils/apply-snapshot.js +34 -5
package/dist/utils/get-ast-from-query.js +15 -3
package/dist/utils/get-column-path.d.ts +16 -0
package/dist/utils/get-column-path.js +46 -0
package/dist/utils/get-graphql-type.js +1 -0
package/dist/utils/get-local-type.js +5 -0
package/dist/utils/get-relation-info.d.ts +7 -0
package/dist/utils/get-relation-info.js +45 -0
package/dist/utils/get-relation-type.d.ts +1 -1
package/dist/utils/get-schema.js +3 -0
package/dist/utils/jwt.js +1 -1
package/dist/utils/merge-permissions-for-share.js +1 -1
package/dist/utils/reduce-schema.js +18 -11
package/dist/utils/validate-query.js +19 -15
package/example.env +4 -0
package/package.json +18 -19

package/dist/utils/jwt.js CHANGED Viewed

@@ -31,7 +31,7 @@ function verifyAccessJWT(token, secret) {
     }
     catch (err) {
         if (err instanceof jsonwebtoken_1.TokenExpiredError) {
-            throw new exceptions_1.InvalidTokenException('Token expired.');
+            throw new exceptions_1.TokenExpiredException();
         }
         else if (err instanceof jsonwebtoken_1.JsonWebTokenError) {
             throw new exceptions_1.InvalidTokenException('Token invalid.');

package/dist/utils/merge-permissions-for-share.js CHANGED Viewed

@@ -48,7 +48,7 @@ function mergePermissionsForShare(currentPermissions, accountability, schema) {
         }
     }
     // Explicitly filter out permissions to collections unrelated to the root parent item.
-    const limitedPermissions = currentPermissions.filter(({ collection }) => allowedCollections.includes(collection));
+    const limitedPermissions = currentPermissions.filter(({ action, collection }) => allowedCollections.includes(collection) && action === 'read');
     return (0, merge_permissions_1.mergePermissions)('and', limitedPermissions, generatedPermissions);
 }
 exports.mergePermissionsForShare = mergePermissionsForShare;

package/dist/utils/reduce-schema.js CHANGED Viewed

@@ -25,19 +25,26 @@ function reduceSchema(schema, permissions, actions = ['create', 'read', 'update'
         return acc;
     }, {})) !== null && _a !== void 0 ? _a : {};
     for (const [collectionName, collection] of Object.entries(schema.collections)) {
-        if (permissions === null || permissions === void 0 ? void 0 : permissions.some((permission) => permission.collection === collectionName && actions.includes(permission.action))) {
-            const fields = {};
-            for (const [fieldName, field] of Object.entries(schema.collections[collectionName].fields)) {
-                if (((_b = allowedFieldsInCollection[collectionName]) === null || _b === void 0 ? void 0 : _b.includes('*')) ||
-                    ((_c = allowedFieldsInCollection[collectionName]) === null || _c === void 0 ? void 0 : _c.includes(fieldName))) {
-                    fields[fieldName] = field;
-                }
+        if (!(permissions === null || permissions === void 0 ? void 0 : permissions.some((permission) => permission.collection === collectionName && actions.includes(permission.action)))) {
+            continue;
+        }
+        const fields = {};
+        for (const [fieldName, field] of Object.entries(schema.collections[collectionName].fields)) {
+            if (!((_b = allowedFieldsInCollection[collectionName]) === null || _b === void 0 ? void 0 : _b.includes('*')) &&
+                !((_c = allowedFieldsInCollection[collectionName]) === null || _c === void 0 ? void 0 : _c.includes(fieldName))) {
+                continue;
+            }
+            const o2mRelation = schema.relations.find((relation) => { var _a; return relation.related_collection === collectionName && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === fieldName; });
+            if (o2mRelation &&
+                !(permissions === null || permissions === void 0 ? void 0 : permissions.some((permission) => permission.collection === o2mRelation.collection && actions.includes(permission.action)))) {
+                continue;
             }
-            reduced.collections[collectionName] = {
-                ...collection,
-                fields,
-            };
+            fields[fieldName] = field;
         }
+        reduced.collections[collectionName] = {
+            ...collection,
+            fields,
+        };
     }
     reduced.relations = schema.relations.filter((relation) => {
         var _a, _b, _c;

package/dist/utils/validate-query.js CHANGED Viewed

@@ -47,21 +47,6 @@ function validateFilter(filter) {
         else if (key.startsWith('_')) {
             const value = nested;
             switch (key) {
-                case '_eq':
-                case '_neq':
-                case '_contains':
-                case '_ncontains':
-                case '_starts_with':
-                case '_nstarts_with':
-                case '_ends_with':
-                case '_nends_with':
-                case '_gt':
-                case '_gte':
-                case '_lt':
-                case '_lte':
-                default:
-                    validateFilterPrimitive(value, key);
-                    break;
                 case '_in':
                 case '_nin':
                 case '_between':
@@ -80,6 +65,25 @@ function validateFilter(filter) {
                 case '_nintersects_bbox':
                     validateGeometry(value, key);
                     break;
+                case '_none':
+                case '_some':
+                    validateFilter(nested);
+                    break;
+                case '_eq':
+                case '_neq':
+                case '_contains':
+                case '_ncontains':
+                case '_starts_with':
+                case '_nstarts_with':
+                case '_ends_with':
+                case '_nends_with':
+                case '_gt':
+                case '_gte':
+                case '_lt':
+                case '_lte':
+                default:
+                    validateFilterPrimitive(value, key);
+                    break;
             }
         }
         else if ((0, lodash_1.isPlainObject)(nested)) {

package/example.env CHANGED Viewed

@@ -123,6 +123,10 @@ STORAGE_LOCAL_ROOT="./uploads"
 # STORAGE_GOOGLE_KEY_FILENAME="abcdef"
 # STORAGE_GOOGLE_BUCKET="my-files"
+## CSV of additional metadata keys
+# FILE_METADATA_ALLOW_LIST=
 ####################################################################################################
 # Security

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "directus",
-	"version": "9.8.0",
+	"version": "9.10.0",
 	"license": "GPL-3.0-only",
 	"homepage": "https://github.com/directus/directus#readme",
 	"description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -78,16 +78,16 @@
 	],
 	"dependencies": {
 		"@aws-sdk/client-ses": "^3.40.0",
-		"@directus/app": "9.8.0",
-		"@directus/drive": "9.8.0",
-		"@directus/drive-azure": "9.8.0",
-		"@directus/drive-gcs": "9.8.0",
-		"@directus/drive-s3": "9.8.0",
-		"@directus/extensions-sdk": "9.8.0",
-		"@directus/format-title": "9.8.0",
-		"@directus/schema": "9.8.0",
-		"@directus/shared": "9.8.0",
-		"@directus/specs": "9.8.0",
+		"@directus/app": "9.10.0",
+		"@directus/drive": "9.10.0",
+		"@directus/drive-azure": "9.10.0",
+		"@directus/drive-gcs": "9.10.0",
+		"@directus/drive-s3": "9.10.0",
+		"@directus/extensions-sdk": "9.10.0",
+		"@directus/format-title": "9.10.0",
+		"@directus/schema": "9.10.0",
+		"@directus/shared": "9.10.0",
+		"@directus/specs": "9.10.0",
 		"@godaddy/terminus": "^4.9.0",
 		"@rollup/plugin-alias": "^3.1.9",
 		"@rollup/plugin-virtual": "^2.0.3",
@@ -124,7 +124,7 @@
 		"json2csv": "^5.0.3",
 		"jsonwebtoken": "^8.5.1",
 		"keyv": "^4.0.3",
-		"knex": "^0.95.14",
+		"knex": "^2.0.0",
 		"knex-schema-inspector": "1.7.3",
 		"ldapjs": "^2.3.1",
 		"liquidjs": "^9.25.0",
@@ -150,8 +150,9 @@
 		"resolve-cwd": "^3.0.0",
 		"rollup": "^2.67.3",
 		"sanitize-html": "^2.6.0",
-		"sharp": "^0.29.0",
+		"sharp": "^0.30.3",
 		"stream-json": "^1.7.1",
+		"strip-bom-stream": "^4.0.0",
 		"supertest": "^6.1.6",
 		"tmp-promise": "^3.0.3",
 		"update-check": "^1.5.4",
@@ -161,19 +162,16 @@
 	},
 	"optionalDependencies": {
 		"@keyv/redis": "^2.1.2",
-		"connect-memcached": "^1.0.0",
-		"connect-redis": "^6.0.0",
-		"connect-session-knex": "^2.1.0",
 		"ioredis": "^4.27.6",
 		"keyv-memcache": "^1.2.5",
 		"memcached": "^2.2.2",
 		"mysql": "^2.18.1",
 		"nodemailer-mailgun-transport": "^2.1.3",
 		"pg": "^8.6.0",
-		"sqlite3": "^5.0.2",
+		"sqlite3": "^5.0.6",
 		"tedious": "^13.0.0"
 	},
-	"gitHead": "2a6db01c42dd1d7524962e7153d1d7e1bd63fb2f",
+	"gitHead": "e3a7a7d8879fb7959fb15802734d830001108fbb",
 	"devDependencies": {
 		"@types/async": "3.2.10",
 		"@types/body-parser": "1.19.2",
@@ -214,8 +212,9 @@
 		"@types/wellknown": "0.5.1",
 		"copyfiles": "2.4.1",
 		"cross-env": "7.0.3",
+		"form-data": "^4.0.0",
 		"jest": "27.5.1",
-		"knex-mock-client": "1.6.1",
+		"knex-mock-client": "1.7.0",
 		"ts-jest": "27.1.3",
 		"ts-node-dev": "1.1.8",
 		"typescript": "4.5.2"