From d9db303935ccb93955c073b097942c3c574cfeb2 Mon Sep 17 00:00:00 2001
From: Eshan Chatterjee <eshan2001221@gmail.com>
Date: Tue, 30 Jan 2024 14:21:47 +0530
Subject: [PATCH 1/2] Update Error Message

---
 server/src/handlers/http/middleware.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/handlers/http/middleware.rs b/server/src/handlers/http/middleware.rs
index fede503e7..0a4385fd4 100644
--- a/server/src/handlers/http/middleware.rs
+++ b/server/src/handlers/http/middleware.rs
@@ -307,7 +307,7 @@ where
                 if cond {
                     Box::pin(async {
                         Err(actix_web::error::ErrorUnauthorized(
-                            "Ingest API cannot be accessed in Query Mode",
+                            "Ingestion API cannot be accessed in Query Mode",
                         ))
                     })
                 } else {

From 1313283fd2f2f70586c7b606bd33eda08a740750 Mon Sep 17 00:00:00 2001
From: Eshan Chatterjee <eshan2001221@gmail.com>
Date: Tue, 30 Jan 2024 14:25:53 +0530
Subject: [PATCH 2/2] Update: In Query Mode only GET /logstream is allowed

Previously in Query Mode, All logstream endpoints were allowed.
Now only GET requests are allowed
---
 server/src/handlers/http/middleware.rs | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/server/src/handlers/http/middleware.rs b/server/src/handlers/http/middleware.rs
index 0a4385fd4..427b2bcf6 100644
--- a/server/src/handlers/http/middleware.rs
+++ b/server/src/handlers/http/middleware.rs
@@ -299,17 +299,25 @@ where
     fn call(&self, req: ServiceRequest) -> Self::Future {
         let path = req.path();
         let mode = &CONFIG.parseable.mode;
-
         // change error messages based on mode
         match mode {
             Mode::Query => {
-                let cond = path.split('/').any(|x| x == "ingest");
-                if cond {
+                // In Query mode, only allows /ingest endpoint, and /logstream endpoint with GET method
+                let base_cond = path.split('/').any(|x| x == "ingest");
+                let logstream_cond =
+                    !(path.split('/').any(|x| x == "logstream") && req.method() == "GET");
+                if base_cond {
                     Box::pin(async {
                         Err(actix_web::error::ErrorUnauthorized(
                             "Ingestion API cannot be accessed in Query Mode",
                         ))
                     })
+                } else if logstream_cond {
+                    Box::pin(async {
+                        Err(actix_web::error::ErrorUnauthorized(
+                            "Logstream cannot be changed in Query Mode",
+                        ))
+                    })
                 } else {
                     let fut = self.service.call(req);