feat: Check resource provider when allowlist enabled

pkg/solver/server.go

@@ -10,6 +10,7 @@ import (
 	corehttp "net/http"
 	"os"
 	"path/filepath"
+	"slices"
 	"time"
 
 	"github.com/go-chi/httprate"
@@ -299,6 +300,19 @@ func (solverServer *solverServer) addResourceOffer(resourceOffer data.ResourceOf
 	versionHeader, _ := http.GetVersionFromHeaders(req)
 	log.Debug().Msgf("resource provider adding offer with version header %s", versionHeader)
 
+	if solverServer.options.AccessControl.EnableResourceProviderAllowlist {
+		allowedProviders, err := solverServer.store.GetAllowedResourceProviders()
+		if err != nil {
+			log.Error().Err(err).Msgf("Unable to load resource provider allowlist: %s", err)
+			return nil, err
+		}
+
+		if !slices.Contains(allowedProviders, resourceOffer.ResourceProvider) {
+			log.Debug().Msgf("resource provider not in allowlist %s", resourceOffer.ResourceProvider)
+			return nil, fmt.Errorf("resource provider not allowed to post resource offer %s", resourceOffer.ResourceProvider)
+		}
+	}
+
 	signerAddress, err := http.CheckSignature(req)
 	if err != nil {
 		log.Error().Err(err).Msgf("error checking signature")