mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-04-28 19:41:17 +00:00
49 lines
1.3 KiB
Go
49 lines
1.3 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/rcourtman/pulse-go-rewrite/internal/config"
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
// DemoModeMiddleware blocks all modification requests in demo mode
|
|
func DemoModeMiddleware(cfg *config.Config, next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if !cfg.DemoMode {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// Add header so frontend knows we're in demo mode
|
|
w.Header().Set("X-Demo-Mode", "true")
|
|
|
|
// Allow GET and HEAD requests (read-only)
|
|
if r.Method == http.MethodGet || r.Method == http.MethodHead || r.Method == http.MethodOptions {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// Allow WebSocket upgrades
|
|
if strings.ToLower(r.Header.Get("Upgrade")) == "websocket" {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// Block all modification requests (POST, PUT, DELETE, PATCH)
|
|
log.Warn().
|
|
Str("method", r.Method).
|
|
Str("path", r.URL.Path).
|
|
Str("remote", r.RemoteAddr).
|
|
Msg("Demo mode: blocked modification request")
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusForbidden)
|
|
json.NewEncoder(w).Encode(map[string]string{
|
|
"error": "Demo mode enabled",
|
|
"message": "This is a read-only demo instance. Modifications are disabled.",
|
|
})
|
|
})
|
|
}
|