From 35760e1655ea0ebbe64bedae62f877922cc35ad0 Mon Sep 17 00:00:00 2001
From: ekzyis <ek@stacker.news>
Date: Thu, 10 Aug 2023 22:57:45 +0200
Subject: [PATCH] Fix anon users can't zap other anon users

---
 api/resolvers/item.js | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/api/resolvers/item.js b/api/resolvers/item.js
index 57673785..cb3213a0 100644
--- a/api/resolvers/item.js
+++ b/api/resolvers/item.js
@@ -764,13 +764,15 @@ export default {
         user = invoice.user
       }
 
-      // disallow self tips
-      const [item] = await models.$queryRawUnsafe(`
-      ${SELECT}
-      FROM "Item"
-      WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
-      if (item) {
-        throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
+      // disallow self tips except anons
+      if (user.id !== ANON_USER_ID) {
+        const [item] = await models.$queryRawUnsafe(`
+        ${SELECT}
+        FROM "Item"
+        WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
+        if (item) {
+          throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
+        }
       }
 
       const calls = [