// Package acl provides access control checkers for the relay.
// Each checker decides whether a pubkey may write or read.
package acl

import "bytes"

// Checker determines whether a pubkey is allowed to act.
type Checker interface {
	AllowWrite(pubkey []byte, kind uint16) bool
	AllowRead(pubkey []byte) bool
}

// Open allows everything — unrestricted relay.
type Open struct{}

func (Open) AllowWrite([]byte, uint16) bool { return true }
func (Open) AllowRead([]byte) bool          { return true }

// Whitelist allows only explicitly listed pubkeys to write.
type Whitelist struct {
	Pubkeys [][]byte // 32-byte raw pubkeys
}

func (w *Whitelist) AllowWrite(pubkey []byte, _ uint16) bool {
	for _, pk := range w.Pubkeys {
		if bytes.Equal(pk, pubkey) {
			return true
		}
	}
	return false
}

func (*Whitelist) AllowRead([]byte) bool { return true }

// ReadOnly rejects all writes.
type ReadOnly struct{}

func (ReadOnly) AllowWrite([]byte, uint16) bool { return false }
func (ReadOnly) AllowRead([]byte) bool          { return true }