refactor: simplify isWriteMethod to only check actual API methods

Replace pattern-matching with explicit checks for PublishEvent/PublishBatch. API is small and well-defined - no need for extensible pattern matching.
author: bndw <ben@bdw.to> 2026-02-14 10:04:07 -0800
committer: bndw <ben@bdw.to> 2026-02-14 10:04:07 -0800
commit: a90009e6b887a8a7ca67f49566af2caffb807776 (patch)
tree: 89f44c9531392ee59f0ede87eb4d1c8194f3a830 /internal/auth/interceptor.go
parent: 5d21632ea70e1c7de7becb7ab6227b06b1535a83 (diff)
1 files changed, 3 insertions, 21 deletions
diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go
index 66880a7..149cc01 100644
--- a/internal/auth/interceptor.go
+++ b/internal/auth/interceptor.go
@@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept
 }
 // isWriteMethod determines if a gRPC method is a write operation.
-// Write operations modify state (Publish, Delete, Create, Update, etc.)
+// Write: PublishEvent, PublishBatch
-// Read operations query state (Query, Get, List, Subscribe, etc.)
+// Read: Subscribe, Unsubscribe, QueryEvents, CountEvents
 func isWriteMethod(method string) bool {
-        // Common write operation patterns
+        return strings.Contains(method, "/PublishEvent") || strings.Contains(method, "/PublishBatch")
-        writePatterns := []string{
-                "Publish",
-                "Delete",
-                "Create",
-                "Update",
-                "Insert",
-                "Remove",
-                "Set",
-                "Put",
-        }
-        for _, pattern := range writePatterns {
-                if strings.Contains(method, pattern) {
-                        return true
-                }
-        }
-        return false
 }
 // shouldSkipAuth checks if a method should bypass authentication.
author	bndw <ben@bdw.to>	2026-02-14 10:04:07 -0800
committer	bndw <ben@bdw.to>	2026-02-14 10:04:07 -0800
commit	a90009e6b887a8a7ca67f49566af2caffb807776 (patch)
tree	89f44c9531392ee59f0ede87eb4d1c8194f3a830 /internal/auth/interceptor.go
parent	5d21632ea70e1c7de7becb7ab6227b06b1535a83 (diff)

diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go index 66880a7..149cc01 100644 --- a/internal/auth/interceptor.go +++ b/internal/auth/interceptor.go
@@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept
198	}	198	}
199		199
200	// isWriteMethod determines if a gRPC method is a write operation.	200	// isWriteMethod determines if a gRPC method is a write operation.
201	// Write operations modify state (Publish, Delete, Create, Update, etc.)	201	// Write: PublishEvent, PublishBatch
202	// Read operations query state (Query, Get, List, Subscribe, etc.)	202	// Read: Subscribe, Unsubscribe, QueryEvents, CountEvents
203	func isWriteMethod(method string) bool {	203	func isWriteMethod(method string) bool {
204	// Common write operation patterns	204	return strings.Contains(method, "/PublishEvent") \|\| strings.Contains(method, "/PublishBatch")
205	writePatterns := []string{
206	"Publish",
207	"Delete",
208	"Create",
209	"Update",
210	"Insert",
211	"Remove",
212	"Set",
213	"Put",
214	}
215
216	for _, pattern := range writePatterns {
217	if strings.Contains(method, pattern) {
218	return true
219	}
220	}
221
222	return false
223	}	205	}
224		206
225	// shouldSkipAuth checks if a method should bypass authentication.	207	// shouldSkipAuth checks if a method should bypass authentication.