Add --read-only option

typicode · typicode · commit 672393e9159c · 2016-01-07T04:12:04.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change Log
 
+## [0.8.6][2015-01-07]
+
+### Added
+
+* CLI option `-ro/--read-only` to allow only GET requests
+
 ## [0.8.5][2015-12-28]
 
 ### Fixed
@@ -16,7 +22,7 @@
 
 ### Added
 
-* CLI option `-q/--quied`
+* CLI option `-q/--quiet`
 * Nested route `POST /posts/1/comments`
 * Not equal operator `GET /posts?id_ne=1`
 
diff --git a/src/cli/index.js b/src/cli/index.js
@@ -32,6 +32,10 @@ module.exports = function () {
         alias: 's',
         description: 'Set static files directory'
       },
+      'read-only': {
+        alias: 'ro',
+        description: 'Allow only GET requests'
+      },
       snapshots: {
         alias: 'S',
         description: 'Set snapshots directory',
@@ -52,6 +56,7 @@ module.exports = function () {
       }
     })
     .boolean('watch')
+    .boolean('read-only')
     .boolean('quiet')
     .help('help').alias('help', 'h')
     .version(pkg.version).alias('version', 'v')
@@ -63,5 +68,4 @@ module.exports = function () {
     .argv
 
   run(argv)
-
 }
diff --git a/src/cli/run.js b/src/cli/run.js
@@ -42,18 +42,16 @@ function createApp (source, object, routes, argv) {
     object
   )
 
-  var defaults
+  var defaultsOpts = {
+    logger: !argv.quiet,
+    readOnly: argv.readOnly
+  }
+
   if (argv.static) {
-    defaults = jsonServer.defaults({
-      logger: !argv.quiet,
-      static: path.join(process.cwd(), argv.static)
-    })
-  } else {
-    defaults = jsonServer.defaults({
-      logger: !argv.quiet
-    })
+    defaultsOpts.static = path.join(process.cwd(), argv.static)
   }
 
+  var defaults = jsonServer.defaults(defaultsOpts)
   app.use(defaults)
 
   if (routes) {
diff --git a/src/server/defaults.js b/src/server/defaults.js
@@ -47,5 +47,16 @@ module.exports = function (opts) {
     next()
   })
 
+  // Read-only
+  if (opts.readOnly) {
+    arr.push(function (req, res, next) {
+      if (req.method === 'GET') {
+        next() // Continue
+      } else {
+        res.sendStatus(403) // Forbidden
+      }
+    })
+  }
+
   return arr
 }
diff --git a/test/cli/index.js b/test/cli/index.js
@@ -82,17 +82,21 @@ describe('cli', function () {
 
   })
 
-  describe('db.json -r routes.json -i _id', function () {
+  describe('db.json -r routes.json -i _id --read-only', function () {
 
     beforeEach(function (done) {
-      child = cli([dbFile, '-r', routesFile, '-i', '_id'])
+      child = cli([dbFile, '-r', routesFile, '-i', '_id', '--read-only'])
       serverReady(PORT, done)
     })
 
     it('should use routes.json and _id as the identifier', function (done) {
       request.get('/blog/posts/2').expect(200, done)
     })
 
+    it('should allow only GET requests', function (done) {
+      request.post('/blog/posts').expect(403, done)
+    })
+
   })
 
   describe('db.json -d 1000', function () {
