feat(dangerous protections): disable dangerous operations by default

This commit is contained in:
Juergen Kunz
2025-07-29 12:13:26 +00:00
parent cb6e79ba50
commit dfbf66e339
3 changed files with 16 additions and 0 deletions

View File

@@ -11,6 +11,7 @@ export interface IBunqConstructorOptions {
environment: 'SANDBOX' | 'PRODUCTION';
permittedIps?: string[];
isOAuthToken?: boolean; // Set to true when using OAuth access token instead of API key
dangerousOperations?: boolean; // Set to true to enable dangerous operations like closing accounts
}
/**

View File

@@ -97,6 +97,12 @@ export class BunqCard {
* Update card settings
*/
public async update(updates: any): Promise<void> {
// Check if this is a dangerous operation
if ((updates.status === 'CANCELLED' || updates.status === 'BLOCKED') &&
!this.bunqAccount.options.dangerousOperations) {
throw new Error('Dangerous operations are not enabled. Initialize the BunqAccount with dangerousOperations: true to allow cancelling or blocking cards.');
}
await this.bunqAccount.apiContext.ensureValidSession();
const cardType = this.type === 'MASTERCARD' ? 'CardCredit' : 'CardDebit';

View File

@@ -170,6 +170,11 @@ export class BunqMonetaryAccount {
* Update account settings
*/
public async update(updates: any): Promise<void> {
// Check if this is a dangerous operation
if (updates.status === 'CANCELLED' && !this.bunqAccountRef.options.dangerousOperations) {
throw new Error('Dangerous operations are not enabled. Initialize the BunqAccount with dangerousOperations: true to allow cancelling accounts.');
}
await this.bunqAccountRef.apiContext.ensureValidSession();
const endpoint = `/v1/user/${this.bunqAccountRef.userId}/monetary-account/${this.id}`;
@@ -235,6 +240,10 @@ export class BunqMonetaryAccount {
* Close this monetary account
*/
public async close(reason: string): Promise<void> {
if (!this.bunqAccountRef.options.dangerousOperations) {
throw new Error('Dangerous operations are not enabled. Initialize the BunqAccount with dangerousOperations: true to allow closing accounts.');
}
await this.update({
status: 'CANCELLED',
sub_status: 'REDEMPTION_VOLUNTARY',