From a90009e6b887a8a7ca67f49566af2caffb807776 Mon Sep 17 00:00:00 2001
From: bndw <ben@bdw.to>
Date: Sat, 14 Feb 2026 10:04:07 -0800
Subject: refactor: simplify isWriteMethod to only check actual API methods

Replace pattern-matching with explicit checks for PublishEvent/PublishBatch.
API is small and well-defined - no need for extensible pattern matching.
---
 internal/auth/interceptor.go | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

(limited to 'internal/auth/interceptor.go')

diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go
index 66880a7..149cc01 100644
--- a/internal/auth/interceptor.go
+++ b/internal/auth/interceptor.go
@@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept
 }
 
 // isWriteMethod determines if a gRPC method is a write operation.
-// Write operations modify state (Publish, Delete, Create, Update, etc.)
-// Read operations query state (Query, Get, List, Subscribe, etc.)
+// Write: PublishEvent, PublishBatch
+// Read: Subscribe, Unsubscribe, QueryEvents, CountEvents
 func isWriteMethod(method string) bool {
-	// Common write operation patterns
-	writePatterns := []string{
-		"Publish",
-		"Delete",
-		"Create",
-		"Update",
-		"Insert",
-		"Remove",
-		"Set",
-		"Put",
-	}
-
-	for _, pattern := range writePatterns {
-		if strings.Contains(method, pattern) {
-			return true
-		}
-	}
-
-	return false
+	return strings.Contains(method, "/PublishEvent") || strings.Contains(method, "/PublishBatch")
 }
 
 // shouldSkipAuth checks if a method should bypass authentication.
-- 
cgit v1.2.3