feat(allowlist): owner allowlist enforcement

2026-05-04 21:26:50 +02:00
parent d564cdcae3
commit 4ebb1eef6d
2 changed files with 41 additions and 0 deletions
--- a/internal/allowlist/allowlist.go
+++ b/internal/allowlist/allowlist.go
@@ -0,0 +1,25 @@
+package allowlist
+
+import "fmt"
+
+type Allowlist struct {
+	owners map[string]struct{}
+}
+
+func New(owners []string) *Allowlist {
+	m := make(map[string]struct{}, len(owners))
+	for _, o := range owners {
+		m[o] = struct{}{}
+	}
+	return &Allowlist{owners: m}
+}
+
+func (a *Allowlist) Check(owner string) error {
+	if owner == "" {
+		return fmt.Errorf("owner required")
+	}
+	if _, ok := a.owners[owner]; !ok {
+		return fmt.Errorf("owner %q not in allowlist", owner)
+	}
+	return nil
+}