ekzyis
/
stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix anon users can't zap other anon users

This commit is contained in:
ekzyis 2023-08-10 22:57:45 +02:00
parent 081c5fef0b
commit 35760e1655
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/resolvers/item.js
View File

@ -764,13 +764,15 @@ export default {
user = invoice.user user = invoice.user
} }
// disallow self tips // disallow self tips except anons
const [item] = await models.$queryRawUnsafe(` if (user.id !== ANON_USER_ID) {
${SELECT} const [item] = await models.$queryRawUnsafe(`
FROM "Item" ${SELECT}
WHERE id = $1 AND "userId" = $2`, Number(id), user.id) FROM "Item"
if (item) { WHERE id = $1 AND "userId" = $2`, Number(id), user.id)
throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } }) if (item) {
throw new GraphQLError('cannot zap your self', { extensions: { code: 'BAD_INPUT' } })
}
} }
const calls = [ const calls = [