ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix missing authentication check for invite revocation (#1666)

Browse Source 
* Fix missing authentication check for invite revocation

* Toast invite revocation error
This commit is contained in:
ekzyis 2024-11-30 19:08:30 +01:00 committed by GitHub
parent 55d1f2c952
commit 0837460c53
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
api/resolvers/invite.js
View File

@ -1,7 +1,7 @@
import { inviteSchema, validateSchema } from '@/lib/validate' import { inviteSchema, validateSchema } from '@/lib/validate'
import { msatsToSats } from '@/lib/format' import { msatsToSats } from '@/lib/format'
import assertApiKeyNotPermitted from './apiKey' import assertApiKeyNotPermitted from './apiKey'
import { GqlAuthenticationError } from '@/lib/error' import { GqlAuthenticationError, GqlInputError } from '@/lib/error'
export default { export default {
Query: { Query: {
@ -46,10 +46,17 @@ export default {
throw new GqlAuthenticationError() throw new GqlAuthenticationError()
} }
return await models.invite.update({ try {
where: { id }, return await models.invite.update({
data: { revoked: true } where: { id, userId: me.id },
}) data: { revoked: true }
})
} catch (err) {
if (err.code === 'P2025') {
throw new GqlInputError('invite not found')
}
throw err
}
} }
}, },

10
components/invite.js
View File

@ -2,6 +2,7 @@ import { CopyInput } from './form'
import { gql, useMutation } from '@apollo/client' import { gql, useMutation } from '@apollo/client'
import { INVITE_FIELDS } from '@/fragments/invites' import { INVITE_FIELDS } from '@/fragments/invites'
import styles from '@/styles/invites.module.css' import styles from '@/styles/invites.module.css'
import { useToast } from '@/components/toast'
export default function Invite ({ invite, active }) { export default function Invite ({ invite, active }) {
const [revokeInvite] = useMutation( const [revokeInvite] = useMutation(
@ -13,6 +14,7 @@ export default function Invite ({ invite, active }) {
} }
}` }`
) )
const toaster = useToast()
return ( return (
<div <div
@ -33,7 +35,13 @@ export default function Invite ({ invite, active }) {
<span> \ </span> <span> \ </span>
<span <span
className={styles.revoke} className={styles.revoke}
onClick={() => revokeInvite({ variables: { id: invite.id } })} onClick={async () => {
try {
await revokeInvite({ variables: { id: invite.id } })
} catch (err) {
toaster.danger(err.message)
}
}}
>revoke >revoke
</span> </span>
</>) </>)