Add ability to make the API readonly

ThomasKranitsas · ThomasKranitsas · commit b00fd2c37b1e · 2020-04-18T01:23:07.000+03:00
diff --git a/README.md b/README.md
@@ -34,6 +34,7 @@ Dev: [![CircleCI](https://circleci.com/gh/topcoder-platform/challenge-api/tree/d
 Configuration for the application is at `config/default.js`.
 The following parameters can be set in config files or in env variables:
 
+- READONLY: sets the API in read-only mode. POST/PUT/PATCH/DELETE operations will return 403 Forbidden
 - LOG_LEVEL: the log level, default is 'debug'
 - PORT: the server port, default is 3000
 - AUTH_SECRET: The authorization secret used during token verification.
diff --git a/app.js b/app.js
@@ -16,10 +16,19 @@ const fileUpload = require('express-fileupload')
 const YAML = require('yamljs')
 const swaggerUi = require('swagger-ui-express')
 const challengeAPISwaggerDoc = YAML.load('./docs/swagger.yaml')
+const { ForbiddenError } = require('./src/common/errors')
 
 // setup express app
 const app = express()
 
+// Disable POST, PUT, PATCH, DELETE operations if READONLY is set to true
+app.use((req, res, next) => {
+  if (config.READONLY && ['POST', 'PUT', 'PATCH', 'DELETE'].includes(req.method)) {
+    throw new ForbiddenError('Action is temporarely not allowed!')
+  }
+  next()
+})
+
 // serve challenge V5 API swagger definition
 app.use('/v5/challenges/docs', swaggerUi.serve, swaggerUi.setup(challengeAPISwaggerDoc))
 
diff --git a/config/default.js b/config/default.js
@@ -3,6 +3,7 @@
  */
 
 module.exports = {
+  READONLY: process.env.READONLY || false,
   LOG_LEVEL: process.env.LOG_LEVEL || 'debug',
   PORT: process.env.PORT || 3000,
   API_VERSION: process.env.API_VERSION || 'v5',
