checker: add CheckEnabler interface for data-driven eligibility

Add an optional CheckEnabler interface that lets a provider decide, from the actual target data, whether running the checker is meaningful at all (e.g. reverse-zone outside in-addr.arpa, delegation without DNSSEC). The result is folded into the POST /definition response via new Eligible and EligibilityReason fields, and the handler now tracks load since IsEligible may perform I/O.
2026-05-29 21:07:45 +08:00 · 2026-05-29 21:07:45 +08:00 · d387cd629b
commit d387cd629b
parent f203b2e573
3 changed files with 157 additions and 3 deletions
--- a/checker/server/server.go
+++ b/checker/server/server.go
@ -133,7 +133,7 @@ func New(provider checker.ObservationProvider) *Server {
 			s.definition = def
 			s.definition.BuildRulesInfo()
 			s.mux.HandleFunc("GET /definition", s.handleDefinition)
-			s.mux.HandleFunc("POST /definition", s.handlePrecheck)
+			s.mux.Handle("POST /definition", s.TrackWork(http.HandlerFunc(s.handlePrecheck)))
 			s.mux.Handle("POST /evaluate", s.TrackWork(http.HandlerFunc(s.handleEvaluate)))
 		}
 	}
@ -343,10 +343,23 @@ func (s *Server) handlePrecheck(w http.ResponseWriter, r *http.Request) {
 			failures[rule.Name()] = err.Error()
 		}
 	}
-	writeJSON(w, http.StatusOK, checker.RulePrecheckResponse{
+	resp := checker.RulePrecheckResponse{
 		CheckerDefinition: s.definition,
 		PrecheckFailures:  failures,
-	})
+	}
+	if en, ok := s.provider.(checker.CheckEnabler); ok {
+		eligible, reason, err := en.IsEligible(r.Context(), req.Options)
+		if err != nil {
+			// Eligibility undetermined: leave Eligible nil so the host fails
+			// open (shows the checker), but surface the error for diagnostics.
+			log.Printf("IsEligible failed: %v", err)
+			resp.EligibilityReason = err.Error()
+		} else {
+			resp.Eligible = &eligible
+			resp.EligibilityReason = reason
+		}
+	}
+	writeJSON(w, http.StatusOK, resp)
 }

 func (s *Server) handleCollect(w http.ResponseWriter, r *http.Request) {