ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix anon users can't zap other anon users

Browse Source
This commit is contained in:
ekzyis 2023-08-10 22:57:45 +02:00
parent 081c5fef0b
commit 35760e1655
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/resolvers/item.js
View File

@ -764,13 +764,15 @@ export default {
user = invoice.user
}
// disallow self tips
const [item] = await models.$queryRawUnsafe(`
${SELECT}
FROM "Item"
WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
if (item) {
throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
// disallow self tips except anons
if (user.id !== ANON_USER_ID) {
const [item] = await models.$queryRawUnsafe(`
${SELECT}
FROM "Item"
WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
if (item) {
throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
}
}
const calls = [