2 files changed, 7 insertions, 33 deletions
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
index 7a0da19..d5f3257 100644
--- a/internal/auth/auth_test.go
+++ b/internal/auth/auth_test.go
@@ -312,21 +312,13 @@ func TestIsWriteMethod(t *testing.T) {
        }{
                // Write methods
                {"/nostr.v1.NostrRelay/PublishEvent", true},
-                {"/nostr.v1.NostrRelay/DeleteEvent", true},
+                {"/nostr.v1.NostrRelay/PublishBatch", true},
-                {"/admin.v1.Admin/CreateUser", true},
-                {"/admin.v1.Admin/UpdateSettings", true},
-                {"/data.v1.Data/InsertRecord", true},
-                {"/data.v1.Data/RemoveItem", true},
-                {"/storage.v1.Storage/SetValue", true},
-                {"/storage.v1.Storage/PutObject", true},
                // Read methods
-                {"/nostr.v1.NostrRelay/QueryEvents", false},
                {"/nostr.v1.NostrRelay/Subscribe", false},
-                {"/nostr.v1.NostrRelay/GetEvent", false},
+                {"/nostr.v1.NostrRelay/Unsubscribe", false},
-                {"/admin.v1.Admin/ListUsers", false},
+                {"/nostr.v1.NostrRelay/QueryEvents", false},
-                {"/health.v1.Health/Check", false},
+                {"/nostr.v1.NostrRelay/CountEvents", false},
-                {"/info.v1.Info/GetRelayInfo", false},
                // Edge cases
                {"", false},
diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go
index 66880a7..149cc01 100644
--- a/internal/auth/interceptor.go
+++ b/internal/auth/interceptor.go
@@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept
 }
 // isWriteMethod determines if a gRPC method is a write operation.
-// Write operations modify state (Publish, Delete, Create, Update, etc.)
+// Write: PublishEvent, PublishBatch
-// Read operations query state (Query, Get, List, Subscribe, etc.)
+// Read: Subscribe, Unsubscribe, QueryEvents, CountEvents
 func isWriteMethod(method string) bool {
-        // Common write operation patterns
+        return strings.Contains(method, "/PublishEvent") || strings.Contains(method, "/PublishBatch")
-        writePatterns := []string{
-                "Publish",
-                "Delete",
-                "Create",
-                "Update",
-                "Insert",
-                "Remove",
-                "Set",
-                "Put",
-        }
-        for _, pattern := range writePatterns {
-                if strings.Contains(method, pattern) {
-                        return true
-                }
-        }
-        return false
 }
 // shouldSkipAuth checks if a method should bypass authentication.

diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 7a0da19..d5f3257 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go
@@ -312,21 +312,13 @@ func TestIsWriteMethod(t *testing.T) {
312	}{	312	}{
313	// Write methods	313	// Write methods
314	{"/nostr.v1.NostrRelay/PublishEvent", true},	314	{"/nostr.v1.NostrRelay/PublishEvent", true},
315	{"/nostr.v1.NostrRelay/DeleteEvent", true},	315	{"/nostr.v1.NostrRelay/PublishBatch", true},
316	{"/admin.v1.Admin/CreateUser", true},
317	{"/admin.v1.Admin/UpdateSettings", true},
318	{"/data.v1.Data/InsertRecord", true},
319	{"/data.v1.Data/RemoveItem", true},
320	{"/storage.v1.Storage/SetValue", true},
321	{"/storage.v1.Storage/PutObject", true},
322		316
323	// Read methods	317	// Read methods
324	{"/nostr.v1.NostrRelay/QueryEvents", false},
325	{"/nostr.v1.NostrRelay/Subscribe", false},	318	{"/nostr.v1.NostrRelay/Subscribe", false},
326	{"/nostr.v1.NostrRelay/GetEvent", false},	319	{"/nostr.v1.NostrRelay/Unsubscribe", false},
327	{"/admin.v1.Admin/ListUsers", false},	320	{"/nostr.v1.NostrRelay/QueryEvents", false},
328	{"/health.v1.Health/Check", false},	321	{"/nostr.v1.NostrRelay/CountEvents", false},
329	{"/info.v1.Info/GetRelayInfo", false},
330		322
331	// Edge cases	323	// Edge cases
332	{"", false},	324	{"", false},


diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go index 66880a7..149cc01 100644 --- a/internal/auth/interceptor.go +++ b/internal/auth/interceptor.go
@@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept
198	}	198	}
199		199
200	// isWriteMethod determines if a gRPC method is a write operation.	200	// isWriteMethod determines if a gRPC method is a write operation.
201	// Write operations modify state (Publish, Delete, Create, Update, etc.)	201	// Write: PublishEvent, PublishBatch
202	// Read operations query state (Query, Get, List, Subscribe, etc.)	202	// Read: Subscribe, Unsubscribe, QueryEvents, CountEvents
203	func isWriteMethod(method string) bool {	203	func isWriteMethod(method string) bool {
204	// Common write operation patterns	204	return strings.Contains(method, "/PublishEvent") \|\| strings.Contains(method, "/PublishBatch")
205	writePatterns := []string{
206	"Publish",
207	"Delete",
208	"Create",
209	"Update",
210	"Insert",
211	"Remove",
212	"Set",
213	"Put",
214	}
215
216	for _, pattern := range writePatterns {
217	if strings.Contains(method, pattern) {
218	return true
219	}
220	}
221
222	return false
223	}	205	}
224		206
225	// shouldSkipAuth checks if a method should bypass authentication.	207	// shouldSkipAuth checks if a method should bypass authentication.