feat(dangerous protections): disable dangerous operations by default

This commit is contained in:
2025-07-29 12:13:26 +00:00
parent cb6e79ba50
commit dfbf66e339
3 changed files with 16 additions and 0 deletions

View File

@@ -11,6 +11,7 @@ export interface IBunqConstructorOptions {
environment: 'SANDBOX' | 'PRODUCTION'; environment: 'SANDBOX' | 'PRODUCTION';
permittedIps?: string[]; permittedIps?: string[];
isOAuthToken?: boolean; // Set to true when using OAuth access token instead of API key isOAuthToken?: boolean; // Set to true when using OAuth access token instead of API key
dangerousOperations?: boolean; // Set to true to enable dangerous operations like closing accounts
} }
/** /**

View File

@@ -97,6 +97,12 @@ export class BunqCard {
* Update card settings * Update card settings
*/ */
public async update(updates: any): Promise<void> { public async update(updates: any): Promise<void> {
// Check if this is a dangerous operation
if ((updates.status === 'CANCELLED' || updates.status === 'BLOCKED') &&
!this.bunqAccount.options.dangerousOperations) {
throw new Error('Dangerous operations are not enabled. Initialize the BunqAccount with dangerousOperations: true to allow cancelling or blocking cards.');
}
await this.bunqAccount.apiContext.ensureValidSession(); await this.bunqAccount.apiContext.ensureValidSession();
const cardType = this.type === 'MASTERCARD' ? 'CardCredit' : 'CardDebit'; const cardType = this.type === 'MASTERCARD' ? 'CardCredit' : 'CardDebit';

View File

@@ -170,6 +170,11 @@ export class BunqMonetaryAccount {
* Update account settings * Update account settings
*/ */
public async update(updates: any): Promise<void> { public async update(updates: any): Promise<void> {
// Check if this is a dangerous operation
if (updates.status === 'CANCELLED' && !this.bunqAccountRef.options.dangerousOperations) {
throw new Error('Dangerous operations are not enabled. Initialize the BunqAccount with dangerousOperations: true to allow cancelling accounts.');
}
await this.bunqAccountRef.apiContext.ensureValidSession(); await this.bunqAccountRef.apiContext.ensureValidSession();
const endpoint = `/v1/user/${this.bunqAccountRef.userId}/monetary-account/${this.id}`; const endpoint = `/v1/user/${this.bunqAccountRef.userId}/monetary-account/${this.id}`;
@@ -235,6 +240,10 @@ export class BunqMonetaryAccount {
* Close this monetary account * Close this monetary account
*/ */
public async close(reason: string): Promise<void> { public async close(reason: string): Promise<void> {
if (!this.bunqAccountRef.options.dangerousOperations) {
throw new Error('Dangerous operations are not enabled. Initialize the BunqAccount with dangerousOperations: true to allow closing accounts.');
}
await this.update({ await this.update({
status: 'CANCELLED', status: 'CANCELLED',
sub_status: 'REDEMPTION_VOLUNTARY', sub_status: 'REDEMPTION_VOLUNTARY',