From 0530c1f633feaca21635a18cbb1f8f9986433f1c Mon Sep 17 00:00:00 2001
From: siujamo <jamo.siu@gmail.com>
Date: Mon, 1 Jun 2026 16:30:46 +0800
Subject: [PATCH] feat: add allowed-users sender filtering for GitHub webhook

Only issues submitted by users in the allowed-users list are processed.
An empty or null list allows all senders (no filtering). Checks
sender.login from the webhook payload against the configured list.
---
 .../domain/dto/GitHubIssueRequest.java        |  3 ++-
 .../domain/dto/GitHubWebhookSender.java       | 12 +++++++++
 .../service/WebhookService.java               | 27 +++++++++++++++++--
 3 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubWebhookSender.java

diff --git a/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubIssueRequest.java b/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubIssueRequest.java
index 449591b..8c4e1a6 100644
--- a/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubIssueRequest.java
+++ b/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubIssueRequest.java
@@ -9,6 +9,7 @@ import com.fasterxml.jackson.databind.annotation.JsonNaming;
 public record GitHubIssueRequest(
         String action,
         GitHubWebhookIssue issue,
-        GitHubWebhookRepository repository
+        GitHubWebhookRepository repository,
+        GitHubWebhookSender sender
 ) {
 }
diff --git a/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubWebhookSender.java b/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubWebhookSender.java
new file mode 100644
index 0000000..416891e
--- /dev/null
+++ b/src/main/java/com/onixbyte/deltaforceguide/domain/dto/GitHubWebhookSender.java
@@ -0,0 +1,12 @@
+package com.onixbyte.deltaforceguide.domain.dto;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.PropertyNamingStrategies;
+import com.fasterxml.jackson.databind.annotation.JsonNaming;
+
+@JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public record GitHubWebhookSender(
+        String login
+) {
+}
diff --git a/src/main/java/com/onixbyte/deltaforceguide/service/WebhookService.java b/src/main/java/com/onixbyte/deltaforceguide/service/WebhookService.java
index 3489c2c..f54f39c 100644
--- a/src/main/java/com/onixbyte/deltaforceguide/service/WebhookService.java
+++ b/src/main/java/com/onixbyte/deltaforceguide/service/WebhookService.java
@@ -1,11 +1,11 @@
 package com.onixbyte.deltaforceguide.service;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.onixbyte.deltaforceguide.domain.dto.AccessoryRequest;
 import com.onixbyte.deltaforceguide.domain.dto.GitHubIssueRequest;
 import com.onixbyte.deltaforceguide.domain.dto.ModificationRequest;
 import com.onixbyte.deltaforceguide.domain.dto.TuningRequest;
 import com.onixbyte.deltaforceguide.manager.ModificationManager;
+import com.onixbyte.deltaforceguide.manager.WebhookManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.data.redis.core.RedisTemplate;
@@ -29,20 +29,30 @@ public class WebhookService {
 
     private final ModificationManager modificationManager;
     private final RedisTemplate<String, Object> redisTemplate;
+    private final WebhookManager webhookManager;
     private final Yaml yaml;
 
     public WebhookService(
             ModificationManager modificationManager,
-            RedisTemplate<String, Object> redisTemplate
+            RedisTemplate<String, Object> redisTemplate,
+            WebhookManager webhookManager
     ) {
         this.modificationManager = modificationManager;
         this.redisTemplate = redisTemplate;
+        this.webhookManager = webhookManager;
         this.yaml = new Yaml();
     }
 
     public void processIssueEvent(GitHubIssueRequest request) {
         var issue = request.issue();
         var repository = request.repository();
+        var sender = request.sender();
+
+        if (!isAllowedSender(sender)) {
+            log.info("Issue #{} sender={} not in allowed-users, skipping",
+                    issue.number(), sender != null ? sender.login() : "null");
+            return;
+        }
 
         if (!hasTriggerLabel(issue.labels())) {
             log.debug("Issue #{} lacks trigger label, skipping", issue.number());
@@ -155,6 +165,19 @@ public class WebhookService {
         return new ArrayList<>();
     }
 
+    private boolean isAllowedSender(
+            com.onixbyte.deltaforceguide.domain.dto.GitHubWebhookSender sender
+    ) {
+        var allowedUsers = webhookManager.github().allowedUsers();
+        if (allowedUsers == null || allowedUsers.isEmpty()) {
+            return true;
+        }
+        if (sender == null || sender.login() == null) {
+            return false;
+        }
+        return allowedUsers.contains(sender.login());
+    }
+
     private boolean hasTriggerLabel(List<com.onixbyte.deltaforceguide.domain.dto.GitHubWebhookLabel> labels) {
         if (labels == null) {
             return false;