From a90009e6b887a8a7ca67f49566af2caffb807776 Mon Sep 17 00:00:00 2001 From: bndw Date: Sat, 14 Feb 2026 10:04:07 -0800 Subject: refactor: simplify isWriteMethod to only check actual API methods Replace pattern-matching with explicit checks for PublishEvent/PublishBatch. API is small and well-defined - no need for extensible pattern matching. --- internal/auth/auth_test.go | 16 ++++------------ internal/auth/interceptor.go | 24 +++--------------------- 2 files changed, 7 insertions(+), 33 deletions(-) (limited to 'internal/auth') diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 7a0da19..d5f3257 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -312,21 +312,13 @@ func TestIsWriteMethod(t *testing.T) { }{ // Write methods {"/nostr.v1.NostrRelay/PublishEvent", true}, - {"/nostr.v1.NostrRelay/DeleteEvent", true}, - {"/admin.v1.Admin/CreateUser", true}, - {"/admin.v1.Admin/UpdateSettings", true}, - {"/data.v1.Data/InsertRecord", true}, - {"/data.v1.Data/RemoveItem", true}, - {"/storage.v1.Storage/SetValue", true}, - {"/storage.v1.Storage/PutObject", true}, + {"/nostr.v1.NostrRelay/PublishBatch", true}, // Read methods - {"/nostr.v1.NostrRelay/QueryEvents", false}, {"/nostr.v1.NostrRelay/Subscribe", false}, - {"/nostr.v1.NostrRelay/GetEvent", false}, - {"/admin.v1.Admin/ListUsers", false}, - {"/health.v1.Health/Check", false}, - {"/info.v1.Info/GetRelayInfo", false}, + {"/nostr.v1.NostrRelay/Unsubscribe", false}, + {"/nostr.v1.NostrRelay/QueryEvents", false}, + {"/nostr.v1.NostrRelay/CountEvents", false}, // Edge cases {"", false}, diff --git a/internal/auth/interceptor.go b/internal/auth/interceptor.go index 66880a7..149cc01 100644 --- a/internal/auth/interceptor.go +++ b/internal/auth/interceptor.go @@ -198,28 +198,10 @@ func validateAuthFromContext(ctx context.Context, method string, opts *Intercept } // isWriteMethod determines if a gRPC method is a write operation. -// Write operations modify state (Publish, Delete, Create, Update, etc.) -// Read operations query state (Query, Get, List, Subscribe, etc.) +// Write: PublishEvent, PublishBatch +// Read: Subscribe, Unsubscribe, QueryEvents, CountEvents func isWriteMethod(method string) bool { - // Common write operation patterns - writePatterns := []string{ - "Publish", - "Delete", - "Create", - "Update", - "Insert", - "Remove", - "Set", - "Put", - } - - for _, pattern := range writePatterns { - if strings.Contains(method, pattern) { - return true - } - } - - return false + return strings.Contains(method, "/PublishEvent") || strings.Contains(method, "/PublishBatch") } // shouldSkipAuth checks if a method should bypass authentication. -- cgit v1.2.3