Fix anon users can't zap other anon users

2023-08-10 22:57:45 +02:00 · 2023-08-10 22:57:45 +02:00 · 35760e1655
parent 081c5fef0b
commit 35760e1655
1 changed files with 9 additions and 7 deletions
--- a/api/resolvers/item.js
+++ b/api/resolvers/item.js
@ -764,13 +764,15 @@ export default {
        user = invoice.user
      }

-      // disallow self tips
-      const [item] = await models.$queryRawUnsafe(`
-      ${SELECT}
-      FROM "Item"
-      WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
-      if (item) {
-        throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
+      // disallow self tips except anons
+      if (user.id !== ANON_USER_ID) {
+        const [item] = await models.$queryRawUnsafe(`
+        ${SELECT}
+        FROM "Item"
+        WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
+        if (item) {
+          throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
+        }
      }

      const calls = [