initial

2025-05-27 21:42:25 +03:00
parent fc08583c54
commit ead3eb030c
10 changed files with 60129 additions and 283 deletions
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,3 @@
+{
+    
+}
--- a/compose.yml
+++ b/compose.yml
@@ -0,0 +1,11 @@
+services:
+  directus:
+    image: directus/directus:latest
+    container_name: directus
+    env_file: .env
+    ports:
+      - "8055:8055"
+    volumes:
+      - ./.docker/data:/data
+      - ./dist:/directus/extensions/directus-extension-external-jwt/dist
+      - ./package.json:/directus/extensions/directus-extension-external-jwt/package.json
--- a/extensions/.gitkeep
+++ b/extensions/.gitkeep
--- a/extensions/@zerosubnet/directus-extension-external-jwt
+++ b/extensions/@zerosubnet/directus-extension-external-jwt
@@ -1 +0,0 @@
-../../dist
--- a/index.js
+++ b/index.js
--- a/package.json
+++ b/package.json
@@ -1,169 +1,172 @@
 {
-	"name": "@zerosubnet/directus-extension-external-jwt",
-	"description": "External JWT Directus Extension allow directus to trust tokens issued by an oauth2 or OIDC provider",
-	"icon": "extension",
-	"version": "1.0.0",
-	"keywords": [
-		"directus",
-		"directus-extension",
-		"directus-custom-hook",
-		"directus-external-jwt"
-	],
-	"homepage": "https://github.com/Zerosubnet/directus-extension-external-jwt",
-	"license": "LGPL-3.0-only",
-	"author": {
-		"name": "zerosubnet"
-	},
-	"repository": {
-		"type": "git",
-		"url": "https://github.com/Zerosubnet/directus-extension-external-jwt.git"
-	},
-	"type": "module",
-	"release": {
-		"branches": [
-			"main",
-			"next",
-			{
-				"name": "beta",
-				"prerelease": true
-			}
-		],
-		"plugins": [
-			"@semantic-release/commit-analyzer",
-			"@semantic-release/release-notes-generator",
-			"@semantic-release/changelog",
-			"@semantic-release/npm",
-			[
-				"@semantic-release/github",
-				{
-					"assets": [
-						"dist/**"
-					]
-				}
-			],
-			[
-				"@semantic-release/exec",
-				{
-					"tagImage": "docker tag ${SRCIMAGE} ${DSTIMAGE}:${nextRelease.version}",
-					"publishImage": "docker push ${DSTIMAGE}:${nextRelease.version}"
-				}
-			]
-		],
-		"preset": "angular"
-	},
-	"publishConfig": {
-		"access": "public"
-	},
-	"directus:extension": {
-		"type": "hook",
-		"path": "dist/index.js",
-		"source": "src/index.ts",
-		"host": "^10.1.7"
-	},
-	"engines": {
-		"node": ">=18.0.0"
-	},
-	"scripts": {
-		"build": "directus-extension build",
-		"dev": "directus-extension build -w --no-minify",
-		"link": "directus-extension link",
-		"directus": "pnpm dlx directus start",
-		"lint": "eslint . --ext .ts",
-		"test": "vitest",
-		"test:coverage": "vitest run --coverage"
-	},
-	"nyc": {
-		"extension": [
-			".ts",
-			".tsx"
-		],
-		"reporter": [
-			"text",
-			"lcov"
-		],
-		"report-dir": "coverage",
-		"all": true,
-		"extends": "@istanbuljs/nyc-config-typescript",
-		"check-coverage": true,
-		"include": [
-			"src/**/*.[tj]s?(x)"
-		],
-		"exclude": [
-			"src/_tests_/**/*.*",
-			"src/**/*.test.[tj]s?(x)"
-		]
-	},
-	"devDependencies": {
-		"@directus/errors": "^0.3.2",
-		"@directus/extensions-sdk": "^13.0.1",
-		"@directus/tsconfig": "^1.0.1",
-		"@directus/types": "^11.1.2",
-		"@directus/utils": "^11.0.9",
-		"@istanbuljs/nyc-config-typescript": "^1.0.2",
-		"@semantic-release/changelog": "^6.0.3",
-		"@semantic-release/commit-analyzer": "^10.0.4",
-		"@semantic-release/exec": "^6.0.3",
-		"@semantic-release/github": "^9.2.6",
-		"@semantic-release/npm": "^10.0.6",
-		"@types/chai": "^4.3.16",
-		"@types/chai-as-promised": "^7.1.8",
-		"@types/config": "^3.3.4",
-		"@types/express": "^4.17.21",
-		"@types/fs-extra": "^11.0.4",
-		"@types/js-yaml": "^4.0.9",
-		"@types/jsonwebtoken": "^9.0.6",
-		"@types/lodash-es": "^4.17.12",
-		"@types/mocha": "^10.0.6",
-		"@types/node": "^20.14.2",
-		"@typescript-eslint/eslint-plugin": "^5.62.0",
-		"@vitest/coverage-istanbul": "^0.34.6",
-		"axios": "^1.7.2",
-		"config": "^3.3.11",
-		"dotenv": "^16.4.5",
-		"eslint": "^8.57.0",
-		"eslint-config-standard-with-typescript": "^37.0.0",
-		"eslint-plugin-import": "^2.29.1",
-		"eslint-plugin-n": "^15.7.0",
-		"eslint-plugin-no-loops": "^0.3.0",
-		"eslint-plugin-promise": "^6.2.0",
-		"fs-extra": "^11.2.0",
-		"js-yaml": "^4.1.0",
-		"lodash-es": "^4.17.21",
-		"nyc": "^15.1.0",
-		"semantic-release": "^21.1.2",
-		"sqlite3": "^5.1.7",
-		"ts-mocha": "^10.0.0",
-		"ts-node": "^10.9.2",
-		"typescript": "^5.4.5",
-		"vitest": "^0.34.6"
-	},
-	"dependencies": {
-		"@keyv/redis": "^2.8.5",
-		"jsonwebtoken": "^9.0.2",
-		"jwks-rsa": "^3.1.0",
-		"keyv": "^4.5.4",
-		"openid-client": "^5.6.5"
-	},
-	"pnpm": {
-		"overrides": {
-			"vite@<4.3.9": "^4.3.9",
-			"vite@>4.3.9": "^4.5.3",
-			"zod@<=3.22.2": ">=3.22.3",
-			"axios@<=1.4.0": ">=1.4.1",
-			"axios@>=1.3.2 <=1.7.3": ">=1.7.4",
-			"micromatch@<4.0.8": ">=4.0.8",
-			"vite@>=4.0.0 <4.5.4": ">=4.5.4",
-			"vite@>=4.0.0 <=4.5.3": ">=4.5.4",
-			"rollup@>=3.0.0 <3.29.5": ">=3.29.5",
-			"cross-spawn@>=7.0.0 <7.0.5": ">=7.0.5",
-			"nanoid@<3.3.8": ">=3.3.8",
-			"@octokit/request-error@>=1.0.0 <5.1.1": ">=5.1.1",
-			"@octokit/endpoint@>=9.0.5 <9.0.6": ">=9.0.6",
-			"@octokit/request@>=1.0.0 <9.2.1": ">=9.2.1",
-			"@octokit/plugin-paginate-rest@>=1.0.0 <11.4.1": ">=11.4.1",
-			"serialize-javascript@<6.0.2": ">=6.0.2",
-			"esbuild@<=0.24.2": ">=0.25.0",
-			"vite@<=4.5.5": ">=4.5.6"
-		}
-	}
+  "name": "directus-extension-external-jwt",
+  "description": "External JWT Directus Extension allow directus to trust tokens issued by an oauth2 or OIDC provider",
+  "icon": "extension",
+  "version": "1.0.0",
+  "keywords": [
+    "directus",
+    "directus-extension",
+    "directus-custom-hook",
+    "directus-external-jwt"
+  ],
+  "homepage": "https://github.com/Zerosubnet/directus-extension-external-jwt",
+  "license": "LGPL-3.0-only",
+  "author": {
+    "name": "zerosubnet"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Zerosubnet/directus-extension-external-jwt.git"
+  },
+  "type": "module",
+  "release": {
+    "branches": [
+      "main",
+      "next",
+      {
+        "name": "beta",
+        "prerelease": true
+      }
+    ],
+    "plugins": [
+      "@semantic-release/commit-analyzer",
+      "@semantic-release/release-notes-generator",
+      "@semantic-release/changelog",
+      "@semantic-release/npm",
+      [
+        "@semantic-release/github",
+        {
+          "assets": [
+            "dist/**"
+          ]
+        }
+      ],
+      [
+        "@semantic-release/exec",
+        {
+          "tagImage": "docker tag ${SRCIMAGE} ${DSTIMAGE}:${nextRelease.version}",
+          "publishImage": "docker push ${DSTIMAGE}:${nextRelease.version}"
+        }
+      ]
+    ],
+    "preset": "angular"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "directus:extension": {
+    "type": "hook",
+    "path": "dist/index.js",
+    "source": "src/index.ts",
+    "host": "^10.1.7"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "directus-extension build && npm run sync",
+    "dev": "directus-extension build -w --no-minify",
+    "link": "directus-extension link",
+    "sync": "rm -rf ./extensions/directus-extension-external-jwt && mkdir -p ./extensions/directus-extension-external-jwt/dist && ln ./package.json ./extensions/directus-extension-external-jwt/package.json && ln ./dist/index.js ./extensions/directus-extension-external-jwt/dist/index.js",
+    "directus": "pnpm dlx directus start",
+    "lint": "eslint . --ext .ts",
+    "test": "vitest",
+    "test:coverage": "vitest run --coverage"
+  },
+  "nyc": {
+    "extension": [
+      ".ts",
+      ".tsx"
+    ],
+    "reporter": [
+      "text",
+      "lcov"
+    ],
+    "report-dir": "coverage",
+    "all": true,
+    "extends": "@istanbuljs/nyc-config-typescript",
+    "check-coverage": true,
+    "include": [
+      "src/**/*.[tj]s?(x)"
+    ],
+    "exclude": [
+      "src/_tests_/**/*.*",
+      "src/**/*.test.[tj]s?(x)"
+    ]
+  },
+  "devDependencies": {
+    "@directus/errors": "^0.3.2",
+    "@directus/extensions-sdk": "^13.0.1",
+    "@directus/tsconfig": "^1.0.1",
+    "@directus/types": "^11.1.2",
+    "@directus/utils": "^11.0.9",
+    "@istanbuljs/nyc-config-typescript": "^1.0.2",
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/commit-analyzer": "^10.0.4",
+    "@semantic-release/exec": "^6.0.3",
+    "@semantic-release/github": "^9.2.6",
+    "@semantic-release/npm": "^10.0.6",
+    "@types/chai": "^4.3.16",
+    "@types/chai-as-promised": "^7.1.8",
+    "@types/config": "^3.3.4",
+    "@types/express": "^4.17.21",
+    "@types/fs-extra": "^11.0.4",
+    "@types/js-yaml": "^4.0.9",
+    "@types/jsonwebtoken": "^9.0.6",
+    "@types/lodash-es": "^4.17.12",
+    "@types/mocha": "^10.0.6",
+    "@types/node": "^20.14.2",
+    "@typescript-eslint/eslint-plugin": "^5.62.0",
+    "@vitest/coverage-istanbul": "^0.34.6",
+    "axios": "^1.7.2",
+    "config": "^3.3.11",
+    "dotenv": "^16.4.5",
+    "eslint": "^8.57.0",
+    "eslint-config-standard-with-typescript": "^37.0.0",
+    "eslint-plugin-import": "^2.29.1",
+    "eslint-plugin-n": "^15.7.0",
+    "eslint-plugin-no-loops": "^0.3.0",
+    "eslint-plugin-promise": "^6.2.0",
+    "fs-extra": "^11.2.0",
+    "js-yaml": "^4.1.0",
+    "lodash-es": "^4.17.21",
+    "nyc": "^15.1.0",
+    "semantic-release": "^21.1.2",
+    "sqlite3": "^5.1.7",
+    "ts-mocha": "^10.0.0",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.4.5",
+    "vitest": "^0.34.6"
+  },
+  "dependencies": {
+    "@directus/extensions": "^3.0.5",
+    "@keyv/redis": "^2.8.5",
+    "jsonwebtoken": "^9.0.2",
+    "jwks-rsa": "^3.1.0",
+    "keyv": "^4.5.4",
+    "openid-client": "^5.6.5",
+    "uuid": "^11.1.0"
+  },
+  "pnpm": {
+    "overrides": {
+      "vite@<4.3.9": "^4.3.9",
+      "vite@>4.3.9": "^4.5.3",
+      "zod@<=3.22.2": ">=3.22.3",
+      "axios@<=1.4.0": ">=1.4.1",
+      "axios@>=1.3.2 <=1.7.3": ">=1.7.4",
+      "micromatch@<4.0.8": ">=4.0.8",
+      "vite@>=4.0.0 <4.5.4": ">=4.5.4",
+      "vite@>=4.0.0 <=4.5.3": ">=4.5.4",
+      "rollup@>=3.0.0 <3.29.5": ">=3.29.5",
+      "cross-spawn@>=7.0.0 <7.0.5": ">=7.0.5",
+      "nanoid@<3.3.8": ">=3.3.8",
+      "@octokit/request-error@>=1.0.0 <5.1.1": ">=5.1.1",
+      "@octokit/endpoint@>=9.0.5 <9.0.6": ">=9.0.6",
+      "@octokit/request@>=1.0.0 <9.2.1": ">=9.2.1",
+      "@octokit/plugin-paginate-rest@>=1.0.0 <11.4.1": ">=11.4.1",
+      "serialize-javascript@<6.0.2": ">=6.0.2",
+      "esbuild@<=0.24.2": ">=0.25.0",
+      "vite@<=4.5.5": ">=4.5.6"
+    }
+  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -28,6 +28,9 @@ importers:

  .:
    dependencies:
+      '@directus/extensions':
+        specifier: ^3.0.5
+        version: 3.0.5(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(knex@3.1.0(sqlite3@5.1.7))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))
      '@keyv/redis':
        specifier: ^2.8.5
        version: 2.8.5
@@ -43,6 +46,9 @@ importers:
      openid-client:
        specifier: ^5.6.5
        version: 5.6.5
+      uuid:
+        specifier: ^11.1.0
+        version: 11.1.0
    devDependencies:
      '@directus/errors':
        specifier: ^0.3.2
@@ -300,6 +306,9 @@ packages:
  '@directus/constants@13.0.0':
    resolution: {integrity: sha512-R2uuMEJarlq29IPH9Pqe11U74mDqQWBHWhVy77R7ZrnJeZiiayLFoQTlZS4FN8M+ROVrCkIcsg39meNpxEyvpA==}

+  '@directus/constants@13.0.1':
+    resolution: {integrity: sha512-7Ls9uiOPiUIRx4qsMud097AqgSytjTc9lygSK+Qiv5aPQbNx3iCiqTcpC99eoHUTWS4bD5cUuzSWIXRoQezCUg==}
+
  '@directus/errors@0.3.2':
    resolution: {integrity: sha512-9ovCeuvnUN3UdT8/mGRIh3bRZO/YWLjc3nGAS3LjBQ3ww/qyMjy5eol/Snz0TV+9AdWryZFxVK+c4T2i05+DaQ==}

@@ -325,12 +334,32 @@ packages:
      vue-router:
        optional: true

+  '@directus/extensions@3.0.5':
+    resolution: {integrity: sha512-w9btk7zEVdeD9cKjzUFPjF9dpnkKngy2GyV3ZmYhJo0Niz/LtAlgJzm8adH0HAbOlf4tCUf3eTAX5Y480d9KSw==}
+    peerDependencies:
+      knex: '3'
+      pino: '9'
+      vue: ^3.4
+      vue-router: '4'
+    peerDependenciesMeta:
+      knex:
+        optional: true
+      pino:
+        optional: true
+      vue:
+        optional: true
+      vue-router:
+        optional: true
+
  '@directus/schema@11.0.2':
    resolution: {integrity: sha512-iEaS5cKc7Mf236NbCKBvyeRVXSKXYdwU0BAo0NMkQxqS1lpN5okPjjJIoMqJJ8c6aHvkQYOC54KPSQO17n/csg==}

  '@directus/schema@13.0.0':
    resolution: {integrity: sha512-QrL+HQ6BWyoyQSXNoPNhaFE7OrK/9jcT10TP86qKxWwLt1BQ+yxgWqar53Hh3i4r/dA25qCIXhm9I/SLWqe9SA==}

+  '@directus/schema@13.0.1':
+    resolution: {integrity: sha512-kRQ8KER70RUDQL5Caao4OWlw7YQFYXM1TNS7OlwZfvPyEGqAdEIC4z3jTh5ANJpBv2b6XZk+5BMcu+ddFwJ11w==}
+
  '@directus/storage@10.0.13':
    resolution: {integrity: sha512-LcViLLABpegq9okHWxAHFyVu190bRhCES77S/1lJIGxhpiOOcVMRR546JZnVtwUxoipllkT1xF60uh8yi7wEQQ==}

@@ -340,6 +369,9 @@ packages:
  '@directus/system-data@3.0.0':
    resolution: {integrity: sha512-CwhZ/eRWqgmikxNgJONsYzdxGSr1us/35o+fTcTjh9YsLYBzV3d/jNzeU7JjAR1+i9AfFOwrnwQyraPmmS2nrw==}

+  '@directus/system-data@3.1.0':
+    resolution: {integrity: sha512-0s7YWuS7DbDRlwcLhKeCDQfLEJAjjy7S4JmV0oMzZO6FMJuN2ah7Sm/oqV/LV0o9H+ftXobq0MlEN6eqazUONA==}
+
  '@directus/themes@1.0.7':
    resolution: {integrity: sha512-RBsl+vCKvbuvc0eJVXN8hDsXJwPGPl4yLOnnQiV7L0wW/h27W4jTB0Zf5mdyg+OBVSAxLhGStH5hUDmqWZJLIw==}
    peerDependencies:
@@ -347,6 +379,13 @@ packages:
      pinia: '2'
      vue: ^3.4

+  '@directus/themes@1.1.0':
+    resolution: {integrity: sha512-rKKeKY4ivTwVfAysxPGL2GgxD0YHBooVPXN/trBmO+DPokMLhQcbgseeaVmzMFbFlPfmN7Mk4VQYp+s7fDPuqw==}
+    peerDependencies:
+      '@unhead/vue': '1'
+      pinia: '2'
+      vue: ^3.4
+
  '@directus/tsconfig@1.0.1':
    resolution: {integrity: sha512-1LJ8qBWfVFJA4cGK4TnmDVbtPAYVAW8ceZpj93DSOTuPIhfuLWCtSgKNalEZV1JvNUAUYwCktY97+FoQJjYT/A==}

@@ -372,6 +411,17 @@ packages:
      vue:
        optional: true

+  '@directus/types@13.1.1':
+    resolution: {integrity: sha512-q+flW7Xbs9Ka8ruVZybjqTsNPsdKnhQHvxf3lj2PIb32xQJTht+mxxSApYeUO2mADchMLs4Jjdi8IQPMmuQu5A==}
+    peerDependencies:
+      knex: '3'
+      vue: ^3.4
+    peerDependenciesMeta:
+      knex:
+        optional: true
+      vue:
+        optional: true
+
  '@directus/utils@11.0.9':
    resolution: {integrity: sha512-1yKl3KJON93MKtlHEqQBOyJ/oWpINOOF6DAoi9FBFY6TGVAehk9MSMwKu0MKlL7NeWqqXxfEM6ZtXZLkJjb5ag==}
    peerDependencies:
@@ -388,6 +438,14 @@ packages:
      vue:
        optional: true

+  '@directus/utils@13.0.4':
+    resolution: {integrity: sha512-pg8LyrJ2mg+t7voMDL5KvlMCDNMMgE0GQu7kqXfzFThPYbkexyZ/nXUHkSyAcL9ppIo/A5YHuIbPyxMCz0X9xA==}
+    peerDependencies:
+      vue: ^3.4
+    peerDependenciesMeta:
+      vue:
+        optional: true
+
  '@esbuild/aix-ppc64@0.25.0':
    resolution: {integrity: sha512-O7vun9Sf8DFjH2UtqK8Ku3LkquL9SZL8OLY1T5NZkA34+wG3OQF7cl4Ql8vdNzM6fzBbYfLaiRLIOZ+2FOCgBQ==}
    engines: {node: '>=18'}
@@ -1062,6 +1120,9 @@ packages:
  '@sinclair/typebox@0.34.13':
    resolution: {integrity: sha512-ceVKqyCEgC355Kw0s/0tyfY9MzMQINSykJ/pG2w6YnaZyrcjV48svZpr8lVZrYgWjzOmrIPBhQRAtr/7eJpA5g==}

+  '@sinclair/typebox@0.34.28':
+    resolution: {integrity: sha512-e2B9vmvaa5ym5hWgCHw5CstP54au6AOLXrhZErLsOyyRzuWJtXl/8TszKtc5x8rw/b+oY7HKS9m9iRI53RK0WQ==}
+
  '@sindresorhus/merge-streams@2.3.0':
    resolution: {integrity: sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==}
    engines: {node: '>=18'}
@@ -1129,6 +1190,9 @@ packages:
  '@types/geojson@7946.0.15':
    resolution: {integrity: sha512-9oSxFzDCT2Rj6DfcHF8G++jxBKS7mBqXl5xrRW+Kbvjry6Uduya2iiwqHPhVXpasAVMBYKkEPGgKhd3+/HZ6xA==}

+  '@types/geojson@7946.0.16':
+    resolution: {integrity: sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==}
+
  '@types/http-errors@2.0.4':
    resolution: {integrity: sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==}

@@ -2373,6 +2437,10 @@ packages:
    resolution: {integrity: sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==}
    engines: {node: '>=14.14'}

+  fs-extra@11.3.0:
+    resolution: {integrity: sha512-Z4XaCL6dUDHfP/jT25jJKMmtxvuwbkrD1vNSMFlo9lNLY2c5FHYSQgHPRZUjAB26TpDEoW9HCOgplrdbaPV/ew==}
+    engines: {node: '>=14.14'}
+
  fs-minipass@2.1.0:
    resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==}
    engines: {node: '>= 8'}
@@ -4653,6 +4721,10 @@ packages:
  util-deprecate@1.0.2:
    resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}

+  uuid@11.1.0:
+    resolution: {integrity: sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==}
+    hasBin: true
+
  uuid@8.3.2:
    resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
    hasBin: true
@@ -4887,6 +4959,9 @@ packages:
  zod@3.24.1:
    resolution: {integrity: sha512-muH7gBL9sI1nciMZV67X5fTKKBLtwpZ5VBp1vsOQzj1MhrBZ4wlVCm3gedKZWLp0Oyel8sIGfeiz54Su+OVT+A==}

+  zod@3.24.2:
+    resolution: {integrity: sha512-lY7CDW43ECgW9u1TcT3IoXHflywfVqDYze4waEz812jR/bZ8FHDsl7pFQoSZTz5N+2NqRXs8GBwnAwo3ZNxqhQ==}
+
 snapshots:

  '@ampproject/remapping@2.3.0':
@@ -5052,6 +5127,8 @@ snapshots:

  '@directus/constants@13.0.0': {}

+  '@directus/constants@13.0.1': {}
+
  '@directus/errors@0.3.2':
    dependencies:
      '@directus/storage': 10.0.13
@@ -5138,6 +5215,31 @@ snapshots:
      - supports-color
      - tedious

+  '@directus/extensions@3.0.5(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(knex@3.1.0(sqlite3@5.1.7))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))':
+    dependencies:
+      '@directus/constants': 13.0.1
+      '@directus/themes': 1.1.0(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(vue@3.5.13(typescript@5.4.5))
+      '@directus/types': 13.1.1(knex@3.1.0(sqlite3@5.1.7))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))
+      '@directus/utils': 13.0.4(vue@3.5.13(typescript@5.4.5))
+      '@types/express': 4.17.21
+      fs-extra: 11.3.0
+      lodash-es: 4.17.21
+      zod: 3.24.2
+    optionalDependencies:
+      knex: 3.1.0(sqlite3@5.1.7)
+      vue: 3.5.13(typescript@5.4.5)
+    transitivePeerDependencies:
+      - '@unhead/vue'
+      - better-sqlite3
+      - mysql
+      - mysql2
+      - pg
+      - pg-native
+      - pinia
+      - sqlite3
+      - supports-color
+      - tedious
+
  '@directus/schema@11.0.2(sqlite3@5.1.7)':
    dependencies:
      knex: 3.1.0(sqlite3@5.1.7)
@@ -5164,12 +5266,27 @@ snapshots:
      - supports-color
      - tedious

+  '@directus/schema@13.0.1(sqlite3@5.1.7)':
+    dependencies:
+      knex: 3.1.0(sqlite3@5.1.7)
+    transitivePeerDependencies:
+      - better-sqlite3
+      - mysql
+      - mysql2
+      - pg
+      - pg-native
+      - sqlite3
+      - supports-color
+      - tedious
+
  '@directus/storage@10.0.13': {}

  '@directus/system-data@1.0.4': {}

  '@directus/system-data@3.0.0': {}

+  '@directus/system-data@3.1.0': {}
+
  '@directus/themes@1.0.7(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(vue@3.5.13(typescript@5.4.5))':
    dependencies:
      '@directus/utils': 13.0.0(vue@3.5.13(typescript@5.4.5))
@@ -5181,6 +5298,17 @@ snapshots:
      pinia: 2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5))
      vue: 3.5.13(typescript@5.4.5)

+  '@directus/themes@1.1.0(@unhead/vue@1.9.12(vue@3.5.13(typescript@5.4.5)))(pinia@2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5)))(vue@3.5.13(typescript@5.4.5))':
+    dependencies:
+      '@directus/utils': 13.0.4(vue@3.5.13(typescript@5.4.5))
+      '@sinclair/typebox': 0.34.28
+      '@unhead/vue': 1.9.12(vue@3.5.13(typescript@5.4.5))
+      decamelize: 6.0.0
+      flat: 6.0.1
+      lodash-es: 4.17.21
+      pinia: 2.1.7(typescript@5.4.5)(vue@3.5.13(typescript@5.4.5))
+      vue: 3.5.13(typescript@5.4.5)
+
  '@directus/tsconfig@1.0.1': {}

  '@directus/types@11.1.2(knex@3.1.0(sqlite3@5.1.7))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))':
@@ -5219,6 +5347,24 @@ snapshots:
      - supports-color
      - tedious

+  '@directus/types@13.1.1(knex@3.1.0(sqlite3@5.1.7))(sqlite3@5.1.7)(vue@3.5.13(typescript@5.4.5))':
+    dependencies:
+      '@directus/constants': 13.0.1
+      '@directus/schema': 13.0.1(sqlite3@5.1.7)
+      '@types/geojson': 7946.0.16
+    optionalDependencies:
+      knex: 3.1.0(sqlite3@5.1.7)
+      vue: 3.5.13(typescript@5.4.5)
+    transitivePeerDependencies:
+      - better-sqlite3
+      - mysql
+      - mysql2
+      - pg
+      - pg-native
+      - sqlite3
+      - supports-color
+      - tedious
+
  '@directus/utils@11.0.9(vue@3.5.13(typescript@5.4.5))':
    dependencies:
      '@directus/constants': 11.0.4
@@ -5245,6 +5391,19 @@ snapshots:
    optionalDependencies:
      vue: 3.5.13(typescript@5.4.5)

+  '@directus/utils@13.0.4(vue@3.5.13(typescript@5.4.5))':
+    dependencies:
+      '@directus/constants': 13.0.1
+      '@directus/system-data': 3.1.0
+      date-fns: 4.1.0
+      fs-extra: 11.3.0
+      joi: 17.13.3
+      js-yaml: 4.1.0
+      lodash-es: 4.17.21
+      micromustache: 8.0.3
+    optionalDependencies:
+      vue: 3.5.13(typescript@5.4.5)
+
  '@esbuild/aix-ppc64@0.25.0':
    optional: true

@@ -5863,6 +6022,8 @@ snapshots:

  '@sinclair/typebox@0.34.13': {}

+  '@sinclair/typebox@0.34.28': {}
+
  '@sindresorhus/merge-streams@2.3.0': {}

  '@tootallnate/once@1.1.2':
@@ -5932,6 +6093,8 @@ snapshots:

  '@types/geojson@7946.0.15': {}

+  '@types/geojson@7946.0.16': {}
+
  '@types/http-errors@2.0.4': {}

  '@types/js-yaml@4.0.9': {}
@@ -7426,6 +7589,12 @@ snapshots:
      jsonfile: 6.1.0
      universalify: 2.0.1

+  fs-extra@11.3.0:
+    dependencies:
+      graceful-fs: 4.2.11
+      jsonfile: 6.1.0
+      universalify: 2.0.1
+
  fs-minipass@2.1.0:
    dependencies:
      minipass: 3.3.6
@@ -9788,6 +9957,8 @@ snapshots:

  util-deprecate@1.0.2: {}

+  uuid@11.1.0: {}
+
  uuid@8.3.2: {}

  v8-compile-cache-lib@3.0.1: {}
@@ -10022,3 +10193,5 @@ snapshots:
  zhead@2.2.4: {}

  zod@3.24.1: {}
+
+  zod@3.24.2: {}
--- a/src/external-jwt/authProvider/get-auth-providers.ts
+++ b/src/external-jwt/authProvider/get-auth-providers.ts
@@ -12,28 +12,30 @@ const InvalidJWKKeys = createError('INVALID_JWKS_ISSUER_ERROR', 'No signing keys


 export interface AuthProvider {
-	label: string;
-	name: string;
-	driver: string;
-	icon?: string;
-	client_id: string;
-	client_secret?: string;
-	trusted: boolean;
-	jwks_url?: string;
-	jwks_keys?: string;
-	issuer_url?: string;
-	
-	admin_key?: string;
-	app_key?: string;
-	role_key?: string;
-	JWKSClient?: JwksClient;
-	use_database?: boolean;
+  label: string;
+  name: string;
+  driver: string;
+  icon?: string;
+  client_id: string;
+  client_secret?: string;
+  trusted: boolean;
+  jwks_url?: string;
+  jwks_keys?: string;
+  issuer_url?: string;
+
+  admin_key?: string;
+  app_key?: string;
+  role_key?: string;
+  JWKSClient?: JwksClient;
+  use_database?: boolean;
+
+  initial_role?: string;
 }



 export async function getAuthProviders(): Promise<AuthProvider[]> {
-	console.log("calling auth providers")
+	console.log("calling auth providers _")
 	return new Promise((resolve, reject) => {
 		const authProviders: AuthProvider[] = toArray(env['AUTH_PROVIDERS'])
 			.filter((provider) => provider && env[`AUTH_${provider.toUpperCase()}_DRIVER`] === ('openid' || 'oauth2'))
@@ -52,6 +54,8 @@ export async function getAuthProviders(): Promise<AuthProvider[]> {
 				client_id: env[`AUTH_${provider.toUpperCase()}_CLIENT_ID`],
 				client_secret: env[`AUTH_${provider.toUpperCase()}_CLIENT_SECRET`],
 				use_database: env[`AUTH_${provider.toUpperCase()}_JWT_USEDB`],
+
+				initial_role: env[`AUTH_${provider.toUpperCase()}_INITIAL_ROLE`]
 			}));

 		
@@ -78,6 +82,7 @@ export async function getAuthProviders(): Promise<AuthProvider[]> {
 		}

 		Promise.all(promises).then((values) => {
+			console.log("resolved auth providers", values)
 			resolve(values);
 		}).catch((error) => {
 			reject(error);
--- a/src/external-jwt/get-accountability-for-token.ts
+++ b/src/external-jwt/get-accountability-for-token.ts
@@ -1,10 +1,10 @@
-import type { Accountability } from '@directus/types';
-import { getAuthProviders } from './authProvider/get-auth-providers.js';
-
-import { verify_token } from './verify-token.js';
-import { CacheEnabled, CacheGet, CacheSet } from './cache.js';
-import type { Knex } from 'knex';
+import type { Accountability } from "@directus/types";
+import { getAuthProviders } from "./authProvider/get-auth-providers.js";

+import { verify_token } from "./verify-token.js";
+import { CacheEnabled, CacheGet, CacheSet } from "./cache.js";
+import type { Knex } from "knex";
+import * as uuid from "uuid";

 const authProviders = await getAuthProviders();

@@ -14,111 +14,157 @@ const NoValidKeysError = createError('INVALID_JWKS_ISSUER_ERROR', 'could not ret
 const NoAuthProvidersError = createError('INVALID_JWKS_ISSUER_ERROR', 'No auth providers in the list', 500);
 */

+const getUser = async (
+  database: Knex,
+  externalIdentifier: string | undefined,
+  provider: string
+) => {
+  return database
+    .select(
+      "directus_users.id",
+      "directus_users.role",
+      "directus_policies.admin_access"
+    )
+    .from("directus_users")
+    .leftJoin("directus_roles", "directus_users.role", "directus_roles.id")
+    .leftJoin("directus_access", "directus_users.role", "directus_access.role")
+    .leftJoin(
+      "directus_policies",
+      "directus_access.policy",
+      "directus_policies.id"
+    )
+    .where({
+      "directus_users.external_identifier": externalIdentifier,
+      "directus_users.provider": provider,
+    })
+    .first();
+};
+
+const insertUser = async (database: Knex, user: Record<string, any>) => {
+  return database("directus_users").insert(user).returning("*");
+};
+
 // TODO: optimize this function, reduce the amount of loops
-
-
 export async function getAccountabilityForToken(
-	token: string | null,
-	iss: string[] | string | undefined,
-	accountability: Accountability | null,
-	database: Knex
+  token: string | null,
+  iss: string[] | string | undefined,
+  accountability: Accountability | null,
+  database: Knex
 ): Promise<Accountability> {
-    if (accountability == null) {
-		accountability = {
-			user: null,
-			role: null,
-			admin: false,
-			app: false,
-		};
-	}
+  console.log(
+    "getAccountabilityForToken called with token",
+    token,
+    "and iss",
+    iss,
+    "and accountability",
+    accountability
+  );
+  if (accountability == null) {
+    accountability = {
+      user: null,
+      role: null,
+      admin: false,
+      app: false,
+    };
+  }

-	if (token == null || iss == null) {
-		
-		return accountability
-	}
-	
-	const providers = authProviders.filter((provider) => provider.issuer_url && iss.includes(provider.issuer_url));
-	
-	if(providers.length === 0) return accountability;
-	if(providers.length > 1) {
-		return accountability;
-	}
-	
+  if (token == null || iss == null) {
+    return accountability;
+  }

-	const provider = providers[0];
+  const providers = authProviders.filter(
+    (provider) =>
+      provider.issuer_url && provider.issuer_url.includes(iss.toString())
+  );

-	
+  if (providers.length === 0) return accountability;
+  if (providers.length > 1) {
+    return accountability;
+  }

-	try {
+  const provider = providers[0];

-		
-		const result = await verify_token(provider, token)
+  try {
+    const result = await verify_token(provider, token);

-		
-		
-		if(provider.use_database) { // use database to get user
-			// TODO: Add caching to this function
-			if (CacheEnabled() && result.sub) {
-				
-				const cachedAccountability = await CacheGet(result.sub);
-				if (cachedAccountability) {
-					return cachedAccountability;
-				}
-			}
+    if (provider.use_database) {
+      // use database to get user
+      // TODO: Add caching to this function
+      if (CacheEnabled() && result.sub) {
+        const cachedAccountability = await CacheGet(result.sub);
+        if (cachedAccountability) {
+          return cachedAccountability;
+        }
+      }

-			const user = await database
-				.select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
-				.from('directus_users')
-				.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
-				.where({
-					'directus_users.external_identifier': result.sub,
-					'directus_users.provider': provider.name,
-				})
-				.first();
-			
-			if(!user) {
-				return accountability;
-			}
+      try {
+        let user = await getUser(database, result.sub, provider.name);

-			accountability.user = user.id;
-			accountability.role = user.role;
-			accountability.admin = user.admin_access === true || user.admin_access == 1;
-			accountability.app = user.app_access === true || user.app_access == 1;
+        console.debug("User found in database:", user);

-			if (CacheEnabled() && result.sub) {
-				CacheSet(result.sub, accountability);
-			}
-			
+        if (!user) {
+          const role = provider.initial_role
+          user = await insertUser(database, {
+            id: uuid.v4(),
+            role: role,
+            provider: provider.name,
+            external_identifier: result.sub,
+          });
+          console.debug("Inserted new user:", user);
+        }

-			return accountability;
-		} 
+        if (user) {
+          // return accountability;

-		// check if role key is set else try role key
-		if(provider.role_key != null) {
-			if(typeof result[provider.role_key] === 'string') {
-				accountability.role = result[provider.role_key];
-			}
-			if(typeof result[provider.role_key] === 'object') {
-				accountability.role = ''
-			}
-			if(result[provider.role_key].instanceOf(Array)) {
-				accountability.role = result[provider.role_key][0];
-			}
-		}
+          accountability.user = user.id;
+          accountability.role = user.role;
+          accountability.admin =
+            user.admin_access === true || user.admin_access == 1;
+          accountability.app = user.app_access === true || user.app_access == 1;

-		if(provider.admin_key != null) {
-			accountability.admin = result[provider.admin_key];
-		}
-		if(provider.app_key != null) {
-			accountability.app = result[provider.app_key];
-		}
-		accountability.user = result.sub;
-	
-	} catch (error) {
-		return accountability;
-	}
-	
-	
-	return accountability;
+          if (CacheEnabled() && result.sub) {
+            CacheSet(result.sub, accountability);
+          }

-}
+          console.log(
+            "Returning accountability from database:",
+            accountability
+          );
+
+          return accountability;
+        }
+      } catch (error) {
+        console.error("Error getting user from database:", error);
+        return accountability;
+      }
+    }
+
+    // check if role key is set else try role key
+    if (provider.role_key != null) {
+      if (typeof result[provider.role_key] === "string") {
+        accountability.role = result[provider.role_key];
+      }
+      if (typeof result[provider.role_key] === "object") {
+        accountability.role = "";
+      }
+      if (result[provider.role_key].instanceOf(Array)) {
+        accountability.role = result[provider.role_key][0];
+      }
+    }
+
+    // if (provider.admin_key != null) {
+    //   accountability.admin = result[provider.admin_key];
+    // }
+    // if (provider.app_key != null) {
+    //   accountability.app = result[provider.app_key];
+    // }
+    // accountability.user = result.sub;
+    // accountability.role = "d737d4bd-ae35-4a68-a907-e913bcdfcc53";
+    // accountability.admin = true;
+    // accountability.app = true;
+  } catch (error) {
+    return accountability;
+  }
+
+  return accountability;
+}
--- a/src/index.ts
+++ b/src/index.ts
@@ -10,6 +10,7 @@ export default defineHook<HookConfig>(({ filter }) => {
 	// get all configuration
 	
 	filter('authenticate', (defaultAccountability: Accountability, event, context: EventContext)  => {
+		console.log("authenticate hook called");
 		const req = <Request>event['req'];
 		if(!req.token) return defaultAccountability;

@@ -20,6 +21,7 @@ export default defineHook<HookConfig>(({ filter }) => {
 		

 		const decodedToken = jwt.decode(req.token);
+		console.log("decoded token", decodedToken);
 		
 		if(typeof decodedToken === 'string' || decodedToken == null) return defaultAccountability; // if token is not a jwt, let directus handle it
 		if(decodedToken?.iss == 'directus') return defaultAccountability; // if token issued by directus, let directus handle it
@@ -30,6 +32,7 @@ export default defineHook<HookConfig>(({ filter }) => {
 		return getAccountabilityForToken(req.token, decodedToken?.iss, context.accountability, context.database)
 	});

+
 	/*filter('auth.jwt', (status, user, provider) => {

 	})*/