4b77e7a1a9
* first pass of disallowing certain APIs with API keys Disallow the following APIs: * item.act (zap) * create withdrawal * unlink auth method * link unverified email * disallow creating lnauths via API key to stop the flow of linking via lnauth * undo the limitation on donating to rewards * revert the assertion on createAuth * assert no api key on createWithdrawal and sendToLNAddr * incorporate PR feedback by adding API Key negative assertion to more mutations: * `createInvite` * `createAuth` * `upsertWalletLND` by way of `upsertWallet` * `upsertWalletLNAddr` by way of `upsertWallet`
60 lines
1.8 KiB
JavaScript
60 lines
1.8 KiB
JavaScript
import { randomBytes } from 'crypto'
|
|
import { bech32 } from 'bech32'
|
|
import { GraphQLError } from 'graphql'
|
|
import assertGofacYourself from './ofac'
|
|
import assertApiKeyNotPermitted from './apiKey'
|
|
|
|
function encodedUrl (iurl, tag, k1) {
|
|
const url = new URL(iurl)
|
|
url.searchParams.set('tag', tag)
|
|
url.searchParams.set('k1', k1)
|
|
// bech32 encode url
|
|
const words = bech32.toWords(Buffer.from(url.toString(), 'utf8'))
|
|
return bech32.encode('lnurl', words, 1023)
|
|
}
|
|
|
|
function k1 () {
|
|
return randomBytes(32).toString('hex')
|
|
}
|
|
|
|
export default {
|
|
Query: {
|
|
lnAuth: async (parent, { k1 }, { models }) => {
|
|
return await models.lnAuth.findUnique({ where: { k1 } })
|
|
},
|
|
lnWith: async (parent, { k1 }, { models }) => {
|
|
return await models.lnWith.findUnique({ where: { k1 } })
|
|
}
|
|
},
|
|
Mutation: {
|
|
createAuth: async (parent, args, { models, me }) => {
|
|
assertApiKeyNotPermitted({ me })
|
|
return await models.lnAuth.create({ data: { k1: k1() } })
|
|
},
|
|
createWith: async (parent, args, { me, models, headers }) => {
|
|
await assertGofacYourself({ models, headers })
|
|
|
|
if (!me) {
|
|
throw new GraphQLError('you must be logged in', { extensions: { code: 'UNAUTHENTICATED' } })
|
|
}
|
|
|
|
assertApiKeyNotPermitted({ me })
|
|
|
|
return await models.lnWith.create({ data: { k1: k1(), userId: me.id } })
|
|
}
|
|
},
|
|
LnAuth: {
|
|
encodedUrl: async (lnAuth, args, { models }) => {
|
|
return encodedUrl(process.env.LNAUTH_URL, 'login', lnAuth.k1)
|
|
}
|
|
},
|
|
LnWith: {
|
|
encodedUrl: async (lnWith, args, { models }) => {
|
|
return encodedUrl(process.env.LNWITH_URL, 'withdrawRequest', lnWith.k1)
|
|
},
|
|
user: async (lnWith, args, { models }) => {
|
|
return await models.user.findUnique({ where: { id: lnWith.userId } })
|
|
}
|
|
}
|
|
}
|