From 08f535c15c3d19e33a617f805bb2db13b7bf570b Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Thu, 30 Jan 2025 21:38:23 +0100
Subject: [PATCH] Enforce read only clients

---
 src/extractors/client_auth.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/extractors/client_auth.rs b/src/extractors/client_auth.rs
index e6f673c..fcaa58c 100644
--- a/src/extractors/client_auth.rs
+++ b/src/extractors/client_auth.rs
@@ -106,8 +106,14 @@ impl APIClientAuth {
             return Err(actix_web::error::ErrorBadRequest("Method mismatch!"));
         }
 
+        // Check for write access
+        if client.readonly_client && !req.method().is_safe() {
+            return Err(actix_web::error::ErrorBadRequest(
+                "Read only client cannot perform write operations!",
+            ));
+        }
+
         // TODO : handle payload
-        // TODO : check read only access
         // TODO : update last use (if required)
         // TODO : check for IP restriction