4b77e7a1a9
* first pass of disallowing certain APIs with API keys Disallow the following APIs: * item.act (zap) * create withdrawal * unlink auth method * link unverified email * disallow creating lnauths via API key to stop the flow of linking via lnauth * undo the limitation on donating to rewards * revert the assertion on createAuth * assert no api key on createWithdrawal and sendToLNAddr * incorporate PR feedback by adding API Key negative assertion to more mutations: * `createInvite` * `createAuth` * `upsertWalletLND` by way of `upsertWallet` * `upsertWalletLNAddr` by way of `upsertWallet`
8 lines
262 B
JavaScript
8 lines
262 B
JavaScript
import { GraphQLError } from 'graphql'
|
|
|
|
export default function assertApiKeyNotPermitted ({ me }) {
|
|
if (me?.apiKey === true) {
|
|
throw new GraphQLError('this operation is not allowed to be performed via API Key', { extensions: { code: 'FORBIDDEN' } })
|
|
}
|
|
}
|