feat(readonly): add check for readonly & GET in middleware

if in readonly mode, check to make sure we are only allowing GET requests through
qri-io · Mar 23, 2018 · 92a2e84 · 92a2e84
1 parent 832f7e3
commit 92a2e84
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/api/middleware.go b/api/middleware.go
@@ -2,8 +2,11 @@ package api
 
 import (
  "context"
+ "fmt"
  "net/http"
  "time"
+
+ util "github.com/datatogether/api/apiutil"
 )
 
 // middleware handles request logging
@@ -30,10 +33,19 @@ func (s *Server) middleware(handler http.HandlerFunc) http.HandlerFunc {
  // }
  s.addCORSHeaders(w, r)
 
- handler(w, r)
+ if ok := s.readOnlyCheck(r); ok {
+ handler(w, r)
+ } else {
+ util.WriteErrResponse(w, http.StatusForbidden, fmt.Errorf("qri server is in read-only mode, only certain GET requests are allowed"))
+ }
  }
 }
 
+func (s *Server) readOnlyCheck(r *http.Request) bool {
+ // return !s.cfg.ReadOnly || r.Method == "GET"
+ return true
+}
+
 // addCORSHeaders adds CORS header info for whitelisted servers
 func (s *Server) addCORSHeaders(w http.ResponseWriter, r *http.Request) {
  origin := r.Header.Get("Origin")