diff options
| author | bndw <ben@bdw.to> | 2026-02-14 10:04:07 -0800 |
|---|---|---|
| committer | bndw <ben@bdw.to> | 2026-02-14 10:04:07 -0800 |
| commit | a90009e6b887a8a7ca67f49566af2caffb807776 (patch) | |
| tree | 89f44c9531392ee59f0ede87eb4d1c8194f3a830 | |
| parent | 5d21632ea70e1c7de7becb7ab6227b06b1535a83 (diff) | |
refactor: simplify isWriteMethod to only check actual API methods
Replace pattern-matching with explicit checks for PublishEvent/PublishBatch.
API is small and well-defined - no need for extensible pattern matching.
| -rw-r--r-- | internal/auth/auth_test.go | 16 | ||||
| -rw-r--r-- | internal/auth/interceptor.go | 24 |
2 files changed, 7 insertions, 33 deletions
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 7a0da19..d5f3257 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go | |||
| @@ -312,21 +312,13 @@ func TestIsWriteMethod(t *testing.T) { | |||
| 312 | }{ | 312 | }{ |
| 313 | // Write methods | 313 | // Write methods |
| 314 | {"/nostr.v1.NostrRelay/PublishEvent", true}, | 314 | {"/nostr.v1.NostrRelay/PublishEvent", true}, |
| 315 | {"/nostr.v1.NostrRelay/DeleteEvent", true}, | 315 | {"/nostr.v1.NostrRelay/PublishBatch", true}, |
| 316 | {"/admin.v1.Admin/CreateUser", true}, | ||
| 317 | {"/admin.v1.Admin/UpdateSettings", true}, | ||
| 318 | {"/data.v1.Data/InsertRecord", true}, | ||
| 319 | {"/data.v1.Data/RemoveItem", true}, | ||
| 320 | {"/storage.v1.Storage/SetValue", true}, | ||
| 321 | {"/storage.v1.Storage/PutObject", true}, | ||
| 322 | 316 | ||
| 323 | // Read methods | 317 | // Read methods |
| 324 | {"/nostr.v1.NostrRelay/QueryEvents", false}, | ||
| 325 | {"/nostr.v1.NostrRelay/Subscribe", false}, | 318 | {"/nostr.v1.NostrRelay/Subscribe", false}, |
| 326 | {"/nostr.v1.NostrRelay/GetEvent", false}, | 319 | {"/nostr.v1.NostrRelay/Unsubscribe", false}, |
| 327 | {"/admin.v1.Admin/ListUsers", false}, | 320 | {"/nostr.v1.NostrRelay/QueryEvents", false}, |
| 328 | {"/health.v1.Health/Check", false}, | 321 | {"/nostr.v1.NostrRelay/CountEvents", false}, |
| 329 | {"/info.v1.Info/GetRelayInfo", false}, | ||
| 330 | 322 | ||
| 331 | // Edge cases | 323 | // Edge cases |
| 332 | {"", false}, | 324 | {"", false}, |
diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go index 66880a7..149cc01 100644 --- a/internal/auth/interceptor.go +++ b/internal/auth/interceptor.go | |||
| @@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept | |||
| 198 | } | 198 | } |
| 199 | 199 | ||
| 200 | // isWriteMethod determines if a gRPC method is a write operation. | 200 | // isWriteMethod determines if a gRPC method is a write operation. |
| 201 | // Write operations modify state (Publish, Delete, Create, Update, etc.) | 201 | // Write: PublishEvent, PublishBatch |
| 202 | // Read operations query state (Query, Get, List, Subscribe, etc.) | 202 | // Read: Subscribe, Unsubscribe, QueryEvents, CountEvents |
| 203 | func isWriteMethod(method string) bool { | 203 | func isWriteMethod(method string) bool { |
| 204 | // Common write operation patterns | 204 | return strings.Contains(method, "/PublishEvent") || strings.Contains(method, "/PublishBatch") |
| 205 | writePatterns := []string{ | ||
| 206 | "Publish", | ||
| 207 | "Delete", | ||
| 208 | "Create", | ||
| 209 | "Update", | ||
| 210 | "Insert", | ||
| 211 | "Remove", | ||
| 212 | "Set", | ||
| 213 | "Put", | ||
| 214 | } | ||
| 215 | |||
| 216 | for _, pattern := range writePatterns { | ||
| 217 | if strings.Contains(method, pattern) { | ||
| 218 | return true | ||
| 219 | } | ||
| 220 | } | ||
| 221 | |||
| 222 | return false | ||
| 223 | } | 205 | } |
| 224 | 206 | ||
| 225 | // shouldSkipAuth checks if a method should bypass authentication. | 207 | // shouldSkipAuth checks if a method should bypass authentication. |