From 6e3d424d210acf21d79c9c0a78342226d0bfbb09 Mon Sep 17 00:00:00 2001
From: Miod Vallat <miod.vallat@powerdns.com>
Date: Thu, 10 Apr 2025 07:59:40 +0200
Subject: [PATCH] Replace the two lists of metadata keywords with a single list
 of pairs.

This removes the need for a second search in order to figure out whether
the metadata is write-protected from the API.
---
 pdns/ws-auth.cc | 71 +++++++++++++++++++------------------------------
 1 file changed, 27 insertions(+), 44 deletions(-)

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index e1d8312a38..3d7037dfc3 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -22,6 +22,7 @@
 #include "dnsbackend.hh"
 #include "webserver.hh"
 #include <array>
+#include <string_view>
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -941,59 +942,41 @@ static void updateDomainSettingsFromDocument(UeberBackend& backend, DomainInfo&
 
 static bool isValidMetadataKind(const string& kind, bool readonly)
 {
-  static vector<string> builtinOptions{
-    "ALLOW-AXFR-FROM",
-    "ALLOW-DNSUPDATE-FROM",
-    "ALSO-NOTIFY",
-    "AXFR-MASTER-TSIG",
-    "AXFR-SOURCE",
-    "FORWARD-DNSUPDATE",
-    "GSS-ACCEPTOR-PRINCIPAL",
-    "GSS-ALLOW-AXFR-PRINCIPAL",
-    "IXFR",
-    "LUA-AXFR-SCRIPT",
-    "NOTIFY-DNSUPDATE",
-    "NSEC3NARROW",
-    "NSEC3PARAM",
-    "PRESIGNED",
-    "PUBLISH-CDNSKEY",
-    "PUBLISH-CDS",
-    "SLAVE-RENOTIFY",
-    "SOA-EDIT",
-    "SOA-EDIT-DNSUPDATE",
-    "TSIG-ALLOW-AXFR",
-    "TSIG-ALLOW-DNSUPDATE",
-  };
-
-  // the following options do not allow modifications via API
-  static vector<string> protectedOptions{
-    "AXFR-MASTER-TSIG",
-    "LUA-AXFR-SCRIPT",
-    "NSEC3NARROW",
-    "NSEC3PARAM",
-    "PRESIGNED",
-    "TSIG-ALLOW-AXFR",
+  const static vector<std::pair<std::string_view, bool /* readonly */>> builtinOptions{
+    {"ALLOW-AXFR-FROM", false},
+    {"ALLOW-DNSUPDATE-FROM", false},
+    {"ALSO-NOTIFY", false},
+    {"AXFR-MASTER-TSIG", true},
+    {"AXFR-SOURCE", false},
+    {"FORWARD-DNSUPDATE", false},
+    {"GSS-ACCEPTOR-PRINCIPAL", false},
+    {"GSS-ALLOW-AXFR-PRINCIPAL", false},
+    {"IXFR", false},
+    {"LUA-AXFR-SCRIPT", true},
+    {"NOTIFY-DNSUPDATE", false},
+    {"NSEC3NARROW", true},
+    {"NSEC3PARAM", true},
+    {"PRESIGNED", true},
+    {"PUBLISH-CDNSKEY", false},
+    {"PUBLISH-CDS", false},
+    {"SLAVE-RENOTIFY", false},
+    {"SOA-EDIT", true},
+    {"SOA-EDIT-DNSUPDATE", false},
+    {"TSIG-ALLOW-AXFR", false},
+    {"TSIG-ALLOW-DNSUPDATE", false},
   };
 
   if (kind.find("X-") == 0) {
     return true;
   }
 
-  bool found = false;
-
-  for (const string& builtinOption : builtinOptions) {
-    if (kind == builtinOption) {
-      for (const string& protectedOption : protectedOptions) {
-        if (!readonly && builtinOption == protectedOption) {
-          return false;
-        }
-      }
-      found = true;
-      break;
+  for (const auto& builtinOption : builtinOptions) {
+    if (kind == builtinOption.first) {
+      return readonly || !builtinOption.second;
     }
   }
 
-  return found;
+  return false;
 }
 
 /* Return OpenAPI document describing the supported API.
-- 
2.47.2