refactor: extract whitelist package from internal/imgcache

Move HostWhitelist, NewHostWhitelist, IsWhitelisted, IsEmpty, and Count
from internal/imgcache into the new internal/whitelist package.

The whitelist package is completely self-contained, depending only on
net/url and strings from the standard library.

Updated import in internal/imgcache/service.go to use the new package.
Tests moved and adapted to external test style (package whitelist_test).

Part of #39

internal/database/database.go

@@ -9,7 +9,6 @@ import (
 	"log/slog"
 	"path/filepath"
 	"sort"
-	"strconv"
 	"strings"
 
 	"go.uber.org/fx"
@@ -22,10 +21,6 @@ import (
 //go:embed schema/*.sql
 var schemaFS embed.FS
 
-// bootstrapVersion is the migration that creates the schema_migrations
-// table itself. It is applied before the normal migration loop.
-const bootstrapVersion = 0
-
 // Params defines dependencies for Database.
 type Params struct {
 	fx.In
@@ -43,40 +38,35 @@ type Database struct {
 // ParseMigrationVersion extracts the numeric version prefix from a migration
 // filename. Filenames must follow the pattern "<version>.sql" or
 // "<version>_<description>.sql", where version is a zero-padded numeric
-// string (e.g. "001", "002"). Returns the version as an integer and an
+// string (e.g. "001", "002"). Returns the version string and an error if
-// error if the filename does not match the expected pattern.
+// the filename does not match the expected pattern.
-func ParseMigrationVersion(filename string) (int, error) {
+func ParseMigrationVersion(filename string) (string, error) {
 	name := strings.TrimSuffix(filename, filepath.Ext(filename))
 	if name == "" {
-		return 0, fmt.Errorf("invalid migration filename %q: empty name", filename)
+		return "", fmt.Errorf("invalid migration filename %q: empty name", filename)
 	}
 
 	// Split on underscore to separate version from description.
 	// If there's no underscore, the entire stem is the version.
-	versionStr := name
+	version := name
 	if idx := strings.IndexByte(name, '_'); idx >= 0 {
-		versionStr = name[:idx]
+		version = name[:idx]
 	}
 
-	if versionStr == "" {
+	if version == "" {
-		return 0, fmt.Errorf("invalid migration filename %q: empty version prefix", filename)
+		return "", fmt.Errorf("invalid migration filename %q: empty version prefix", filename)
 	}
 
 	// Validate the version is purely numeric.
-	for _, ch := range versionStr {
+	for _, ch := range version {
 		if ch < '0' || ch > '9' {
-			return 0, fmt.Errorf(
+			return "", fmt.Errorf(
 				"invalid migration filename %q: version %q contains non-numeric character %q",
-				filename, versionStr, string(ch),
+				filename, version, string(ch),
 			)
 		}
 	}
 
-	version, err := strconv.Atoi(versionStr)
-	if err != nil {
-		return 0, fmt.Errorf("invalid migration filename %q: %w", filename, err)
-	}
-
 	return version, nil
 }
 
@@ -153,34 +143,17 @@ func collectMigrations() ([]string, error) {
 	return migrations, nil
 }
 
-// bootstrapMigrationsTable ensures the schema_migrations table exists
+// ensureMigrationsTable creates the schema_migrations tracking table if
-// by applying 000.sql if the table is missing.
+// it does not already exist.
-func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger) error {
+func ensureMigrationsTable(ctx context.Context, db *sql.DB) error {
-	var tableExists int
+	_, err := db.ExecContext(ctx, `
-
+		CREATE TABLE IF NOT EXISTS schema_migrations (
-	err := db.QueryRowContext(ctx,
+			version TEXT PRIMARY KEY,
-		"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
+			applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
-	).Scan(&tableExists)
+		)
+	`)
 	if err != nil {
-		return fmt.Errorf("failed to check for migrations table: %w", err)
+		return fmt.Errorf("failed to create migrations table: %w", err)
-	}
-
-	if tableExists > 0 {
-		return nil
-	}
-
-	content, err := schemaFS.ReadFile("schema/000.sql")
-	if err != nil {
-		return fmt.Errorf("failed to read bootstrap migration 000.sql: %w", err)
-	}
-
-	if log != nil {
-		log.Info("applying bootstrap migration", "version", bootstrapVersion)
-	}
-
-	_, err = db.ExecContext(ctx, string(content))
-	if err != nil {
-		return fmt.Errorf("failed to apply bootstrap migration: %w", err)
 	}
 
 	return nil
@@ -191,7 +164,7 @@ func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger)
 // This is exported so tests can apply the real schema without the full fx
 // lifecycle.
 func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error {
-	if err := bootstrapMigrationsTable(ctx, db, log); err != nil {
+	if err := ensureMigrationsTable(ctx, db); err != nil {
 		return err
 	}
 

internal/database/database_test.go

@@ -8,51 +8,37 @@ import (
 	_ "modernc.org/sqlite" // SQLite driver registration
 )
 
-// openTestDB returns a fresh in-memory SQLite database.
-func openTestDB(t *testing.T) *sql.DB {
-	t.Helper()
-
-	db, err := sql.Open("sqlite", ":memory:")
-	if err != nil {
-		t.Fatalf("failed to open test db: %v", err)
-	}
-
-	t.Cleanup(func() { db.Close() })
-
-	return db
-}
-
 func TestParseMigrationVersion(t *testing.T) {
 	tests := []struct {
 		name     string
 		filename string
-		want     int
+		want     string
 		wantErr  bool
 	}{
 		{
 			name:     "version only",
 			filename: "001.sql",
-			want:     1,
+			want:     "001",
 		},
 		{
 			name:     "version with description",
 			filename: "001_initial_schema.sql",
-			want:     1,
+			want:     "001",
 		},
 		{
 			name:     "multi-digit version",
 			filename: "042_add_indexes.sql",
-			want:     42,
+			want:     "042",
 		},
 		{
 			name:     "long version number",
 			filename: "00001_long_prefix.sql",
-			want:     1,
+			want:     "00001",
 		},
 		{
 			name:     "description with multiple underscores",
 			filename: "003_add_user_auth_tables.sql",
-			want:     3,
+			want:     "003",
 		},
 		{
 			name:     "empty filename",
@@ -81,7 +67,7 @@ func TestParseMigrationVersion(t *testing.T) {
 			got, err := ParseMigrationVersion(tt.filename)
 			if tt.wantErr {
 				if err == nil {
-					t.Errorf("ParseMigrationVersion(%q) expected error, got %d", tt.filename, got)
+					t.Errorf("ParseMigrationVersion(%q) expected error, got %q", tt.filename, got)
 				}
 
 				return
@@ -94,131 +80,76 @@ func TestParseMigrationVersion(t *testing.T) {
 			}
 
 			if got != tt.want {
-				t.Errorf("ParseMigrationVersion(%q) = %d, want %d", tt.filename, got, tt.want)
+				t.Errorf("ParseMigrationVersion(%q) = %q, want %q", tt.filename, got, tt.want)
 			}
 		})
 	}
 }
 
-func TestApplyMigrations_CreatesSchemaAndTables(t *testing.T) {
+func TestApplyMigrations(t *testing.T) {
-	db := openTestDB(t)
+	db, err := sql.Open("sqlite", ":memory:")
-	ctx := context.Background()
+	if err != nil {
+		t.Fatalf("failed to open in-memory database: %v", err)
+	}
+	defer db.Close()
 
-	if err := ApplyMigrations(ctx, db, nil); err != nil {
+	// Apply migrations should succeed.
+	if err := ApplyMigrations(context.Background(), db, nil); err != nil {
 		t.Fatalf("ApplyMigrations failed: %v", err)
 	}
 
-	// The schema_migrations table must exist and contain at least
+	// Verify the schema_migrations table recorded the version.
-	// version 0 (the bootstrap) and 1 (the initial schema).
+	var version string
-	rows, err := db.Query("SELECT version FROM schema_migrations ORDER BY version")
+
+	err = db.QueryRowContext(context.Background(),
+		"SELECT version FROM schema_migrations LIMIT 1",
+	).Scan(&version)
 	if err != nil {
 		t.Fatalf("failed to query schema_migrations: %v", err)
 	}
-	defer rows.Close()
 
-	var versions []int
+	if version != "001" {
-	for rows.Next() {
+		t.Errorf("expected version %q, got %q", "001", version)
-		var v int
-		if err := rows.Scan(&v); err != nil {
-			t.Fatalf("failed to scan version: %v", err)
-		}
-
-		versions = append(versions, v)
 	}
 
-	if err := rows.Err(); err != nil {
+	// Verify a table from the migration exists (source_content).
-		t.Fatalf("row iteration error: %v", err)
+	var tableName string
-	}
 
-	if len(versions) < 2 {
+	err = db.QueryRowContext(context.Background(),
-		t.Fatalf("expected at least 2 migrations recorded, got %d: %v", len(versions), versions)
+		"SELECT name FROM sqlite_master WHERE type='table' AND name='source_content'",
-	}
+	).Scan(&tableName)
-
+	if err != nil {
-	if versions[0] != 0 {
+		t.Fatalf("expected source_content table to exist: %v", err)
-		t.Errorf("first recorded migration = %d, want %d", versions[0], 0)
-	}
-
-	if versions[1] != 1 {
-		t.Errorf("second recorded migration = %d, want %d", versions[1], 1)
-	}
-
-	// Verify that the application tables created by 001.sql exist.
-	for _, table := range []string{"source_content", "source_metadata", "output_content", "request_cache", "negative_cache", "cache_stats"} {
-		var count int
-
-		err := db.QueryRow(
-			"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name=?",
-			table,
-		).Scan(&count)
-		if err != nil {
-			t.Fatalf("failed to check for table %s: %v", table, err)
-		}
-
-		if count != 1 {
-			t.Errorf("table %s does not exist after migrations", table)
-		}
 	}
 }
 
-func TestApplyMigrations_Idempotent(t *testing.T) {
+func TestApplyMigrationsIdempotent(t *testing.T) {
-	db := openTestDB(t)
+	db, err := sql.Open("sqlite", ":memory:")
-	ctx := context.Background()
+	if err != nil {
+		t.Fatalf("failed to open in-memory database: %v", err)
+	}
+	defer db.Close()
 
-	if err := ApplyMigrations(ctx, db, nil); err != nil {
+	// Apply twice should succeed (idempotent).
+	if err := ApplyMigrations(context.Background(), db, nil); err != nil {
 		t.Fatalf("first ApplyMigrations failed: %v", err)
 	}
 
-	// Running a second time must succeed without errors.
+	if err := ApplyMigrations(context.Background(), db, nil); err != nil {
-	if err := ApplyMigrations(ctx, db, nil); err != nil {
 		t.Fatalf("second ApplyMigrations failed: %v", err)
 	}
 
-	// Verify no duplicate rows in schema_migrations.
+	// Should still have exactly one migration recorded.
 	var count int
 
-	err := db.QueryRow("SELECT COUNT(*) FROM schema_migrations WHERE version = 0").Scan(&count)
+	err = db.QueryRowContext(context.Background(),
+		"SELECT COUNT(*) FROM schema_migrations",
+	).Scan(&count)
 	if err != nil {
-		t.Fatalf("failed to count version 0 rows: %v", err)
+		t.Fatalf("failed to count schema_migrations: %v", err)
 	}
 
 	if count != 1 {
-		t.Errorf("expected exactly 1 row for version 0, got %d", count)
+		t.Errorf("expected 1 migration record, got %d", count)
-	}
-}
-
-func TestBootstrapMigrationsTable_FreshDatabase(t *testing.T) {
-	db := openTestDB(t)
-	ctx := context.Background()
-
-	if err := bootstrapMigrationsTable(ctx, db, nil); err != nil {
-		t.Fatalf("bootstrapMigrationsTable failed: %v", err)
-	}
-
-	// schema_migrations table must exist.
-	var tableCount int
-
-	err := db.QueryRow(
-		"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
-	).Scan(&tableCount)
-	if err != nil {
-		t.Fatalf("failed to check for table: %v", err)
-	}
-
-	if tableCount != 1 {
-		t.Fatalf("schema_migrations table not created")
-	}
-
-	// Version 0 must be recorded.
-	var recorded int
-
-	err = db.QueryRow(
-		"SELECT COUNT(*) FROM schema_migrations WHERE version = 0",
-	).Scan(&recorded)
-	if err != nil {
-		t.Fatalf("failed to check version: %v", err)
-	}
-
-	if recorded != 1 {
-		t.Errorf("expected version 0 to be recorded, got count %d", recorded)
 	}
 }

internal/database/schema/000.sql

@@ -1,9 +0,0 @@
--- Migration 000: Schema migrations tracking table
--- Applied as a bootstrap step before the normal migration loop.
-
-CREATE TABLE IF NOT EXISTS schema_migrations (
-    version INTEGER PRIMARY KEY,
-    applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
-);
-
-INSERT OR IGNORE INTO schema_migrations (version) VALUES (0);

internal/handlers/handlers.go

@@ -13,7 +13,6 @@ import (
 	"sneak.berlin/go/pixa/internal/database"
 	"sneak.berlin/go/pixa/internal/encurl"
 	"sneak.berlin/go/pixa/internal/healthcheck"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 	"sneak.berlin/go/pixa/internal/imgcache"
 	"sneak.berlin/go/pixa/internal/logger"
 	"sneak.berlin/go/pixa/internal/session"
@@ -73,7 +72,7 @@ func (s *Handlers) initImageService() error {
 	s.imgCache = cache
 
 	// Create the fetcher config
-	fetcherCfg := httpfetcher.DefaultConfig()
+	fetcherCfg := imgcache.DefaultFetcherConfig()
 	fetcherCfg.AllowHTTP = s.config.AllowHTTP
 	if s.config.UpstreamConnectionsPerHost > 0 {
 		fetcherCfg.MaxConnectionsPerHost = s.config.UpstreamConnectionsPerHost

internal/handlers/handlers_test.go

@@ -18,7 +18,6 @@ import (
 
 	"github.com/go-chi/chi/v5"
 	"sneak.berlin/go/pixa/internal/database"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 	"sneak.berlin/go/pixa/internal/imgcache"
 )
 
@@ -117,16 +116,16 @@ func newMockFetcher(fs fs.FS) *mockFetcher {
 	return &mockFetcher{fs: fs}
 }
 
-func (f *mockFetcher) Fetch(ctx context.Context, url string) (*httpfetcher.FetchResult, error) {
+func (f *mockFetcher) Fetch(ctx context.Context, url string) (*imgcache.FetchResult, error) {
 	// Remove https:// prefix
 	path := url[8:] // Remove "https://"
 
 	data, err := fs.ReadFile(f.fs, path)
 	if err != nil {
-		return nil, httpfetcher.ErrUpstreamError
+		return nil, imgcache.ErrUpstreamError
 	}
 
-	return &httpfetcher.FetchResult{
+	return &imgcache.FetchResult{
 		Content:       io.NopCloser(bytes.NewReader(data)),
 		ContentLength: int64(len(data)),
 		ContentType:   "image/jpeg",

internal/handlers/image.go

@@ -8,7 +8,6 @@ import (
 	"time"
 
 	"github.com/go-chi/chi/v5"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 	"sneak.berlin/go/pixa/internal/imgcache"
 )
 
@@ -98,13 +97,13 @@ func (s *Handlers) HandleImage() http.HandlerFunc {
 			)
 
 			// Check for specific error types
-			if errors.Is(err, httpfetcher.ErrSSRFBlocked) {
+			if errors.Is(err, imgcache.ErrSSRFBlocked) {
 				s.respondError(w, "forbidden", http.StatusForbidden)
 
 				return
 			}
 
-			if errors.Is(err, httpfetcher.ErrUpstreamError) {
+			if errors.Is(err, imgcache.ErrUpstreamError) {
 				s.respondError(w, "upstream error", http.StatusBadGateway)
 
 				return

internal/handlers/imageenc.go

@@ -11,7 +11,6 @@ import (
 	"github.com/go-chi/chi/v5"
 
 	"sneak.berlin/go/pixa/internal/encurl"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 	"sneak.berlin/go/pixa/internal/imgcache"
 )
 
@@ -101,11 +100,11 @@ func (s *Handlers) HandleImageEnc() http.HandlerFunc {
 // handleImageError converts image service errors to HTTP responses.
 func (s *Handlers) handleImageError(w http.ResponseWriter, err error) {
 	switch {
-	case errors.Is(err, httpfetcher.ErrSSRFBlocked):
+	case errors.Is(err, imgcache.ErrSSRFBlocked):
 		s.respondError(w, "forbidden", http.StatusForbidden)
-	case errors.Is(err, httpfetcher.ErrUpstreamError):
+	case errors.Is(err, imgcache.ErrUpstreamError):
 		s.respondError(w, "upstream error", http.StatusBadGateway)
-	case errors.Is(err, httpfetcher.ErrUpstreamTimeout):
+	case errors.Is(err, imgcache.ErrUpstreamTimeout):
 		s.respondError(w, "upstream timeout", http.StatusGatewayTimeout)
 	default:
 		s.log.Error("image request failed", "error", err)

internal/httpfetcher/httpfetcher_test.go

@@ -1,329 +0,0 @@
-package httpfetcher
-
-import (
-	"context"
-	"errors"
-	"io"
-	"net"
-	"testing"
-	"testing/fstest"
-)
-
-func TestDefaultConfig(t *testing.T) {
-	cfg := DefaultConfig()
-
-	if cfg.Timeout != DefaultFetchTimeout {
-		t.Errorf("Timeout = %v, want %v", cfg.Timeout, DefaultFetchTimeout)
-	}
-
-	if cfg.MaxResponseSize != DefaultMaxResponseSize {
-		t.Errorf("MaxResponseSize = %d, want %d", cfg.MaxResponseSize, DefaultMaxResponseSize)
-	}
-
-	if cfg.MaxConnectionsPerHost != DefaultMaxConnectionsPerHost {
-		t.Errorf("MaxConnectionsPerHost = %d, want %d",
-			cfg.MaxConnectionsPerHost, DefaultMaxConnectionsPerHost)
-	}
-
-	if cfg.AllowHTTP {
-		t.Error("AllowHTTP should default to false")
-	}
-
-	if len(cfg.AllowedContentTypes) == 0 {
-		t.Error("AllowedContentTypes should not be empty")
-	}
-}
-
-func TestNewWithNilConfigUsesDefaults(t *testing.T) {
-	f := New(nil)
-
-	if f == nil {
-		t.Fatal("New(nil) returned nil")
-	}
-
-	if f.config == nil {
-		t.Fatal("config should be populated from DefaultConfig")
-	}
-
-	if f.config.Timeout != DefaultFetchTimeout {
-		t.Errorf("Timeout = %v, want %v", f.config.Timeout, DefaultFetchTimeout)
-	}
-}
-
-func TestIsAllowedContentType(t *testing.T) {
-	f := New(DefaultConfig())
-
-	tests := []struct {
-		contentType string
-		want        bool
-	}{
-		{"image/jpeg", true},
-		{"image/png", true},
-		{"image/webp", true},
-		{"image/jpeg; charset=utf-8", true},
-		{"IMAGE/JPEG", true},
-		{"text/html", false},
-		{"application/octet-stream", false},
-		{"", false},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.contentType, func(t *testing.T) {
-			got := f.isAllowedContentType(tc.contentType)
-			if got != tc.want {
-				t.Errorf("isAllowedContentType(%q) = %v, want %v", tc.contentType, got, tc.want)
-			}
-		})
-	}
-}
-
-func TestExtractHost(t *testing.T) {
-	tests := []struct {
-		url  string
-		want string
-	}{
-		{"https://example.com/path", "example.com"},
-		{"http://example.com:8080/path", "example.com:8080"},
-		{"https://example.com", "example.com"},
-		{"https://example.com?q=1", "example.com"},
-		{"example.com/path", "example.com"},
-		{"", ""},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.url, func(t *testing.T) {
-			got := extractHost(tc.url)
-			if got != tc.want {
-				t.Errorf("extractHost(%q) = %q, want %q", tc.url, got, tc.want)
-			}
-		})
-	}
-}
-
-func TestIsLocalhost(t *testing.T) {
-	tests := []struct {
-		host string
-		want bool
-	}{
-		{"localhost", true},
-		{"LOCALHOST", true},
-		{"127.0.0.1", true},
-		{"::1", true},
-		{"[::1]", true},
-		{"foo.localhost", true},
-		{"foo.local", true},
-		{"example.com", false},
-		{"127.0.0.2", false}, // Handled by isPrivateIP, not isLocalhost string match
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.host, func(t *testing.T) {
-			got := isLocalhost(tc.host)
-			if got != tc.want {
-				t.Errorf("isLocalhost(%q) = %v, want %v", tc.host, got, tc.want)
-			}
-		})
-	}
-}
-
-func TestIsPrivateIP(t *testing.T) {
-	tests := []struct {
-		ip   string
-		want bool
-	}{
-		{"127.0.0.1", true},             // loopback
-		{"10.0.0.1", true},              // private
-		{"192.168.1.1", true},           // private
-		{"172.16.0.1", true},            // private
-		{"169.254.1.1", true},           // link-local
-		{"0.0.0.0", true},               // unspecified
-		{"224.0.0.1", true},             // multicast
-		{"::1", true},                   // IPv6 loopback
-		{"fe80::1", true},               // IPv6 link-local
-		{"8.8.8.8", false},              // public
-		{"2001:4860:4860::8888", false}, // public IPv6
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.ip, func(t *testing.T) {
-			ip := net.ParseIP(tc.ip)
-			if ip == nil {
-				t.Fatalf("failed to parse IP %q", tc.ip)
-			}
-
-			got := isPrivateIP(ip)
-			if got != tc.want {
-				t.Errorf("isPrivateIP(%q) = %v, want %v", tc.ip, got, tc.want)
-			}
-		})
-	}
-
-	if !isPrivateIP(nil) {
-		t.Error("isPrivateIP(nil) should return true")
-	}
-}
-
-func TestValidateURL_RejectsNonHTTPS(t *testing.T) {
-	err := validateURL("http://example.com/path", false)
-	if !errors.Is(err, ErrUnsupportedScheme) {
-		t.Errorf("validateURL http = %v, want ErrUnsupportedScheme", err)
-	}
-}
-
-func TestValidateURL_AllowsHTTPWhenConfigured(t *testing.T) {
-	// Use a host that won't resolve (explicit .invalid TLD) so we don't hit DNS.
-	err := validateURL("http://nonexistent.invalid/path", true)
-	// We expect a host resolution error, not ErrUnsupportedScheme.
-	if errors.Is(err, ErrUnsupportedScheme) {
-		t.Error("validateURL with AllowHTTP should not return ErrUnsupportedScheme")
-	}
-}
-
-func TestValidateURL_RejectsLocalhost(t *testing.T) {
-	err := validateURL("https://localhost/path", false)
-	if !errors.Is(err, ErrSSRFBlocked) {
-		t.Errorf("validateURL localhost = %v, want ErrSSRFBlocked", err)
-	}
-}
-
-func TestValidateURL_EmptyHost(t *testing.T) {
-	err := validateURL("https:///path", false)
-	if !errors.Is(err, ErrInvalidHost) {
-		t.Errorf("validateURL empty host = %v, want ErrInvalidHost", err)
-	}
-}
-
-func TestMockFetcher_FetchesFile(t *testing.T) {
-	mockFS := fstest.MapFS{
-		"example.com/images/photo.jpg": &fstest.MapFile{Data: []byte("fake-jpeg-data")},
-	}
-
-	m := NewMock(mockFS)
-
-	result, err := m.Fetch(context.Background(), "https://example.com/images/photo.jpg")
-	if err != nil {
-		t.Fatalf("Fetch() error = %v", err)
-	}
-	defer func() { _ = result.Content.Close() }()
-
-	if result.ContentType != "image/jpeg" {
-		t.Errorf("ContentType = %q, want image/jpeg", result.ContentType)
-	}
-
-	data, err := io.ReadAll(result.Content)
-	if err != nil {
-		t.Fatalf("read content: %v", err)
-	}
-
-	if string(data) != "fake-jpeg-data" {
-		t.Errorf("Content = %q, want %q", string(data), "fake-jpeg-data")
-	}
-
-	if result.ContentLength != int64(len("fake-jpeg-data")) {
-		t.Errorf("ContentLength = %d, want %d", result.ContentLength, len("fake-jpeg-data"))
-	}
-}
-
-func TestMockFetcher_MissingFileReturnsUpstreamError(t *testing.T) {
-	mockFS := fstest.MapFS{}
-	m := NewMock(mockFS)
-
-	_, err := m.Fetch(context.Background(), "https://example.com/missing.jpg")
-	if !errors.Is(err, ErrUpstreamError) {
-		t.Errorf("Fetch() error = %v, want ErrUpstreamError", err)
-	}
-}
-
-func TestMockFetcher_RespectsContextCancellation(t *testing.T) {
-	mockFS := fstest.MapFS{
-		"example.com/photo.jpg": &fstest.MapFile{Data: []byte("data")},
-	}
-	m := NewMock(mockFS)
-
-	ctx, cancel := context.WithCancel(context.Background())
-	cancel()
-
-	_, err := m.Fetch(ctx, "https://example.com/photo.jpg")
-	if !errors.Is(err, context.Canceled) {
-		t.Errorf("Fetch() error = %v, want context.Canceled", err)
-	}
-}
-
-func TestDetectContentTypeFromPath(t *testing.T) {
-	tests := []struct {
-		path string
-		want string
-	}{
-		{"foo/bar.jpg", "image/jpeg"},
-		{"foo/bar.JPG", "image/jpeg"},
-		{"foo/bar.jpeg", "image/jpeg"},
-		{"foo/bar.png", "image/png"},
-		{"foo/bar.gif", "image/gif"},
-		{"foo/bar.webp", "image/webp"},
-		{"foo/bar.avif", "image/avif"},
-		{"foo/bar.svg", "image/svg+xml"},
-		{"foo/bar.bin", "application/octet-stream"},
-		{"foo/bar", "application/octet-stream"},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.path, func(t *testing.T) {
-			got := detectContentTypeFromPath(tc.path)
-			if got != tc.want {
-				t.Errorf("detectContentTypeFromPath(%q) = %q, want %q", tc.path, got, tc.want)
-			}
-		})
-	}
-}
-
-func TestLimitedReader_EnforcesLimit(t *testing.T) {
-	src := make([]byte, 100)
-	r := &limitedReader{
-		reader:    &byteReader{data: src},
-		remaining: 50,
-	}
-
-	buf := make([]byte, 100)
-
-	n, err := r.Read(buf)
-	if err != nil {
-		t.Fatalf("first Read error = %v", err)
-	}
-
-	if n > 50 {
-		t.Errorf("read %d bytes, should be capped at 50", n)
-	}
-
-	// Drain until limit is exhausted.
-	total := n
-	for total < 50 {
-		nn, err := r.Read(buf)
-		total += nn
-		if err != nil {
-			t.Fatalf("during drain: %v", err)
-		}
-	}
-
-	// Now the limit is exhausted — next read should error.
-	_, err = r.Read(buf)
-	if !errors.Is(err, ErrResponseTooLarge) {
-		t.Errorf("exhausted Read error = %v, want ErrResponseTooLarge", err)
-	}
-}
-
-// byteReader is a minimal io.Reader over a byte slice for testing.
-type byteReader struct {
-	data []byte
-	pos  int
-}
-
-func (r *byteReader) Read(p []byte) (int, error) {
-	if r.pos >= len(r.data) {
-		return 0, io.EOF
-	}
-
-	n := copy(p, r.data[r.pos:])
-	r.pos += n
-
-	return n, nil
-}

internal/imgcache/cache.go

@@ -9,8 +9,6 @@ import (
 	"io"
 	"path/filepath"
 	"time"
-
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 )
 
 // Cache errors.
@@ -113,7 +111,7 @@ func (c *Cache) StoreSource(
 	ctx context.Context,
 	req *ImageRequest,
 	content io.Reader,
-	result *httpfetcher.FetchResult,
+	result *FetchResult,
 ) (ContentHash, error) {
 	// Store content
 	contentHash, size, err := c.srcContent.Store(content)

internal/imgcache/cache_test.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	_ "modernc.org/sqlite"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 )
 
 func setupTestDB(t *testing.T) *sql.DB {
@@ -153,7 +152,7 @@ func TestCache_StoreAndLookup(t *testing.T) {
 
 	// Store source content
 	sourceContent := []byte("fake jpeg data")
-	fetchResult := &httpfetcher.FetchResult{
+	fetchResult := &FetchResult{
 		ContentType: "image/jpeg",
 		Headers:     map[string][]string{"Content-Type": {"image/jpeg"}},
 	}

internal/imgcache/fetcher.go

@@ -1,6 +1,4 @@
-// Package httpfetcher fetches content from upstream HTTP origins with SSRF
+package imgcache
-// protection, per-host connection limits, and content-type validation.
-package httpfetcher
 
 import (
 	"context"
@@ -39,55 +37,25 @@ var (
 	ErrUpstreamTimeout    = errors.New("upstream request timeout")
 )
 
-// Fetcher retrieves content from upstream origins.
+// FetcherConfig holds configuration for the upstream fetcher.
-type Fetcher interface {
+type FetcherConfig struct {
-	// Fetch retrieves content from the given URL.
+	// Timeout for upstream requests
-	Fetch(ctx context.Context, url string) (*FetchResult, error)
-}
-
-// FetchResult contains the result of fetching from upstream.
-type FetchResult struct {
-	// Content is the raw image data.
-	Content io.ReadCloser
-	// ContentLength is the size in bytes (-1 if unknown).
-	ContentLength int64
-	// ContentType is the MIME type from upstream.
-	ContentType string
-	// Headers contains all response headers from upstream.
-	Headers map[string][]string
-	// StatusCode is the HTTP status code from upstream.
-	StatusCode int
-	// FetchDurationMs is how long the fetch took in milliseconds.
-	FetchDurationMs int64
-	// RemoteAddr is the IP:port of the upstream server.
-	RemoteAddr string
-	// HTTPVersion is the protocol version (e.g., "1.1", "2.0").
-	HTTPVersion string
-	// TLSVersion is the TLS protocol version (e.g., "TLS 1.3").
-	TLSVersion string
-	// TLSCipherSuite is the negotiated cipher suite name.
-	TLSCipherSuite string
-}
-
-// Config holds configuration for the upstream fetcher.
-type Config struct {
-	// Timeout for upstream requests.
 	Timeout time.Duration
-	// MaxResponseSize is the maximum allowed response body size.
+	// MaxResponseSize is the maximum allowed response body size
 	MaxResponseSize int64
-	// UserAgent to send to upstream servers.
+	// UserAgent to send to upstream servers
 	UserAgent string
-	// AllowedContentTypes is an allow list of MIME types to accept.
+	// AllowedContentTypes is a whitelist of MIME types to accept
 	AllowedContentTypes []string
-	// AllowHTTP allows non-TLS connections (for testing only).
+	// AllowHTTP allows non-TLS connections (for testing only)
 	AllowHTTP bool
-	// MaxConnectionsPerHost limits concurrent connections to each upstream host.
+	// MaxConnectionsPerHost limits concurrent connections to each upstream host
 	MaxConnectionsPerHost int
 }
 
-// DefaultConfig returns a Config with sensible defaults.
+// DefaultFetcherConfig returns sensible defaults.
-func DefaultConfig() *Config {
+func DefaultFetcherConfig() *FetcherConfig {
-	return &Config{
+	return &FetcherConfig{
 		Timeout:         DefaultFetchTimeout,
 		MaxResponseSize: DefaultMaxResponseSize,
 		UserAgent:       "pixa/1.0",
@@ -104,18 +72,18 @@ func DefaultConfig() *Config {
 	}
 }
 
-// HTTPFetcher implements Fetcher with SSRF protection and per-host connection limits.
+// HTTPFetcher implements the Fetcher interface with SSRF protection.
 type HTTPFetcher struct {
 	client    *http.Client
-	config    *Config
+	config    *FetcherConfig
 	hostSems  map[string]chan struct{} // per-host semaphores
 	hostSemMu sync.Mutex               // protects hostSems map
 }
 
-// New creates a new HTTPFetcher with SSRF protection.
+// NewHTTPFetcher creates a new fetcher with SSRF protection.
-func New(config *Config) *HTTPFetcher {
+func NewHTTPFetcher(config *FetcherConfig) *HTTPFetcher {
 	if config == nil {
-		config = DefaultConfig()
+		config = DefaultFetcherConfig()
 	}
 
 	// Create transport with SSRF-safe dialer
@@ -282,7 +250,7 @@ func (f *HTTPFetcher) Fetch(ctx context.Context, url string) (*FetchResult, erro
 	}, nil
 }
 
-// isAllowedContentType checks if the content type is in the allow list.
+// isAllowedContentType checks if the content type is in the whitelist.
 func (f *HTTPFetcher) isAllowedContentType(contentType string) bool {
 	// Extract the MIME type without parameters
 	mediaType := strings.TrimSpace(strings.Split(contentType, ";")[0])

internal/imgcache/imgcache.go

@@ -169,6 +169,36 @@ type Whitelist interface {
 	IsWhitelisted(u *url.URL) bool
 }
 
+// Fetcher fetches images from upstream origins
+type Fetcher interface {
+	// Fetch retrieves an image from the origin
+	Fetch(ctx context.Context, url string) (*FetchResult, error)
+}
+
+// FetchResult contains the result of fetching from upstream
+type FetchResult struct {
+	// Content is the raw image data
+	Content io.ReadCloser
+	// ContentLength is the size in bytes (-1 if unknown)
+	ContentLength int64
+	// ContentType is the MIME type from upstream
+	ContentType string
+	// Headers contains all response headers from upstream
+	Headers map[string][]string
+	// StatusCode is the HTTP status code from upstream
+	StatusCode int
+	// FetchDurationMs is how long the fetch took in milliseconds
+	FetchDurationMs int64
+	// RemoteAddr is the IP:port of the upstream server
+	RemoteAddr string
+	// HTTPVersion is the protocol version (e.g., "1.1", "2.0")
+	HTTPVersion string
+	// TLSVersion is the TLS protocol version (e.g., "TLS 1.3")
+	TLSVersion string
+	// TLSCipherSuite is the negotiated cipher suite name
+	TLSCipherSuite string
+}
+
 // Storage handles persistent storage of cached content
 type Storage interface {
 	// Store saves content and returns its hash

internal/imgcache/magic.go

@@ -1,6 +1,4 @@
-// Package magic detects image formats from magic bytes and validates
+package imgcache
-// content against declared MIME types.
-package magic
 
 import (
 	"bytes"
@@ -29,20 +27,6 @@ const (
 	MIMETypeSVG  = MIMEType("image/svg+xml")
 )
 
-// ImageFormat represents supported output image formats.
-// This mirrors the type in imgcache to avoid circular imports.
-type ImageFormat string
-
-// Supported image output formats.
-const (
-	FormatOriginal ImageFormat = "orig"
-	FormatJPEG     ImageFormat = "jpeg"
-	FormatPNG      ImageFormat = "png"
-	FormatWebP     ImageFormat = "webp"
-	FormatAVIF     ImageFormat = "avif"
-	FormatGIF      ImageFormat = "gif"
-)
-
 // MinMagicBytes is the minimum number of bytes needed to detect format.
 const MinMagicBytes = 12
 
@@ -205,7 +189,7 @@ func PeekAndValidate(r io.Reader, declaredType string) (io.Reader, error) {
 	return io.MultiReader(bytes.NewReader(buf), r), nil
 }
 
-// MIMEToImageFormat converts a MIME type to an ImageFormat.
+// MIMEToImageFormat converts a MIME type to our ImageFormat type.
 func MIMEToImageFormat(mimeType string) (ImageFormat, bool) {
 	normalized := normalizeMIMEType(mimeType)
 	switch MIMEType(normalized) {
@@ -224,7 +208,7 @@ func MIMEToImageFormat(mimeType string) (ImageFormat, bool) {
 	}
 }
 
-// ImageFormatToMIME converts an ImageFormat to a MIME type string.
+// ImageFormatToMIME converts our ImageFormat to a MIME type string.
 func ImageFormatToMIME(format ImageFormat) string {
 	switch format {
 	case FormatJPEG:

internal/imgcache/magic_test.go

@@ -1,4 +1,4 @@
-package magic
+package imgcache
 
 import (
 	"bytes"

internal/imgcache/mock_fetcher.go

@@ -1,4 +1,4 @@
-package httpfetcher
+package imgcache
 
 import (
 	"context"
@@ -10,15 +10,15 @@ import (
 	"strings"
 )
 
-// MockFetcher implements Fetcher using an embedded filesystem.
+// MockFetcher implements the Fetcher interface using an embedded filesystem.
 // Files are organized as: hostname/path/to/file.ext
-// URLs like https://example.com/images/photo.jpg map to example.com/images/photo.jpg.
+// URLs like https://example.com/images/photo.jpg map to example.com/images/photo.jpg
 type MockFetcher struct {
 	fs fs.FS
 }
 
-// NewMock creates a new mock fetcher backed by the given filesystem.
+// NewMockFetcher creates a new mock fetcher backed by the given filesystem.
-func NewMock(fsys fs.FS) *MockFetcher {
+func NewMockFetcher(fsys fs.FS) *MockFetcher {
 	return &MockFetcher{fs: fsys}
 }
 

internal/imgcache/service.go

@@ -11,19 +11,17 @@ import (
 	"time"
 
 	"github.com/dustin/go-humanize"
-	"sneak.berlin/go/pixa/internal/allowlist"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 	"sneak.berlin/go/pixa/internal/imageprocessor"
-	"sneak.berlin/go/pixa/internal/magic"
+	"sneak.berlin/go/pixa/internal/whitelist"
 )
 
 // Service implements the ImageCache interface, orchestrating cache, fetcher, and processor.
 type Service struct {
 	cache           *Cache
-	fetcher         httpfetcher.Fetcher
+	fetcher         Fetcher
 	processor       *imageprocessor.ImageProcessor
 	signer          *Signer
-	allowlist       *allowlist.HostAllowList
+	whitelist       *whitelist.HostWhitelist
 	log             *slog.Logger
 	allowHTTP       bool
 	maxResponseSize int64
@@ -34,9 +32,9 @@ type ServiceConfig struct {
 	// Cache is the cache instance
 	Cache *Cache
 	// FetcherConfig configures the upstream fetcher (ignored if Fetcher is set)
-	FetcherConfig *httpfetcher.Config
+	FetcherConfig *FetcherConfig
 	// Fetcher is an optional custom fetcher (for testing)
-	Fetcher httpfetcher.Fetcher
+	Fetcher Fetcher
 	// SigningKey is the HMAC signing key (empty disables signing)
 	SigningKey string
 	// Whitelist is the list of hosts that don't require signatures
@@ -58,15 +56,15 @@ func NewService(cfg *ServiceConfig) (*Service, error) {
 	// Resolve fetcher config for defaults
 	fetcherCfg := cfg.FetcherConfig
 	if fetcherCfg == nil {
-		fetcherCfg = httpfetcher.DefaultConfig()
+		fetcherCfg = DefaultFetcherConfig()
 	}
 
 	// Use custom fetcher if provided, otherwise create HTTP fetcher
-	var fetcher httpfetcher.Fetcher
+	var fetcher Fetcher
 	if cfg.Fetcher != nil {
 		fetcher = cfg.Fetcher
 	} else {
-		fetcher = httpfetcher.New(fetcherCfg)
+		fetcher = NewHTTPFetcher(fetcherCfg)
 	}
 
 	signer := NewSigner(cfg.SigningKey)
@@ -88,7 +86,7 @@ func NewService(cfg *ServiceConfig) (*Service, error) {
 		fetcher:         fetcher,
 		processor:       imageprocessor.New(imageprocessor.Params{MaxInputBytes: maxResponseSize}),
 		signer:          signer,
-		allowlist:       allowlist.New(cfg.Whitelist),
+		whitelist:       whitelist.NewHostWhitelist(cfg.Whitelist),
 		log:             log,
 		allowHTTP:       allowHTTP,
 		maxResponseSize: maxResponseSize,
@@ -114,7 +112,7 @@ func (s *Service) Get(ctx context.Context, req *ImageRequest) (*ImageResponse, e
 			"path", req.SourcePath,
 		)
 
-		return nil, fmt.Errorf("%w: %w", httpfetcher.ErrUpstreamError, ErrNegativeCached)
+		return nil, fmt.Errorf("%w: %w", ErrUpstreamError, ErrNegativeCached)
 	}
 
 	// Check variant cache first (disk only, no DB)
@@ -279,7 +277,7 @@ func (s *Service) fetchAndProcess(
 	)
 
 	// Validate magic bytes match content type
-	if err := magic.ValidateMagicBytes(sourceData, fetchResult.ContentType); err != nil {
+	if err := ValidateMagicBytes(sourceData, fetchResult.ContentType); err != nil {
 		return nil, fmt.Errorf("content validation failed: %w", err)
 	}
 
@@ -384,7 +382,7 @@ func (s *Service) Stats(ctx context.Context) (*CacheStats, error) {
 
 // ValidateRequest validates the request signature if required.
 func (s *Service) ValidateRequest(req *ImageRequest) error {
-	// Check if host is allowed (no signature required)
+	// Check if host is whitelisted (no signature required)
 	sourceURL := req.SourceURL()
 
 	parsedURL, err := url.Parse(sourceURL)
@@ -392,11 +390,11 @@ func (s *Service) ValidateRequest(req *ImageRequest) error {
 		return fmt.Errorf("invalid source URL: %w", err)
 	}
 
-	if s.allowlist.IsAllowed(parsedURL) {
+	if s.whitelist.IsWhitelisted(parsedURL) {
 		return nil
 	}
 
-	// Signature required for non-allowed hosts
+	// Signature required for non-whitelisted hosts
 	return s.signer.Verify(req)
 }
 
@@ -419,13 +417,13 @@ const (
 
 // isNegativeCacheable returns true if the error should be cached.
 func isNegativeCacheable(err error) bool {
-	return errors.Is(err, httpfetcher.ErrUpstreamError)
+	return errors.Is(err, ErrUpstreamError)
 }
 
 // extractStatusCode extracts HTTP status code from error message.
 func extractStatusCode(err error) int {
 	// Default to 502 Bad Gateway for upstream errors
-	if errors.Is(err, httpfetcher.ErrUpstreamError) {
+	if errors.Is(err, ErrUpstreamError) {
 		return httpStatusBadGateway
 	}
 

internal/imgcache/service_test.go

@@ -5,8 +5,6 @@ import (
 	"io"
 	"testing"
 	"time"
-
-	"sneak.berlin/go/pixa/internal/magic"
 )
 
 func TestService_Get_WhitelistedHost(t *testing.T) {
@@ -317,17 +315,17 @@ func TestService_Get_FormatConversion(t *testing.T) {
 				t.Fatalf("failed to read response: %v", err)
 			}
 
-			detectedMIME, err := magic.DetectFormat(data)
+			detectedMIME, err := DetectFormat(data)
 			if err != nil {
 				t.Fatalf("failed to detect format: %v", err)
 			}
 
-			expectedFormat, ok := magic.MIMEToImageFormat(tt.wantMIME)
+			expectedFormat, ok := MIMEToImageFormat(tt.wantMIME)
 			if !ok {
 				t.Fatalf("unknown format for MIME type: %s", tt.wantMIME)
 			}
 
-			detectedFormat, ok := magic.MIMEToImageFormat(string(detectedMIME))
+			detectedFormat, ok := MIMEToImageFormat(string(detectedMIME))
 			if !ok {
 				t.Fatalf("unknown format for detected MIME type: %s", detectedMIME)
 			}

internal/imgcache/testutil_test.go

@@ -15,7 +15,6 @@ import (
 	"time"
 
 	"sneak.berlin/go/pixa/internal/database"
-	"sneak.berlin/go/pixa/internal/httpfetcher"
 )
 
 // TestFixtures contains paths to test files in the mock filesystem.
@@ -173,7 +172,7 @@ func SetupTestService(t *testing.T, opts ...TestServiceOption) (*Service, *TestF
 
 	svc, err := NewService(&ServiceConfig{
 		Cache:      cache,
-		Fetcher:    httpfetcher.NewMock(mockFS),
+		Fetcher:    NewMockFetcher(mockFS),
 		SigningKey: cfg.signingKey,
 		Whitelist:  cfg.whitelist,
 	})

internal/whitelist/whitelist.go

@@ -1,26 +1,26 @@
-// Package allowlist provides host-based URL allow-listing for the image proxy.
+// Package whitelist provides host-based URL whitelisting for the image proxy.
-package allowlist
+package whitelist
 
 import (
 	"net/url"
 	"strings"
 )
 
-// HostAllowList checks whether source hosts are permitted.
+// HostWhitelist implements the Whitelist interface for checking allowed source hosts.
-type HostAllowList struct {
+type HostWhitelist struct {
 	// exactHosts contains hosts that must match exactly (e.g., "cdn.example.com")
 	exactHosts map[string]struct{}
 	// suffixHosts contains domain suffixes to match (e.g., ".example.com" matches "cdn.example.com")
 	suffixHosts []string
 }
 
-// New creates a HostAllowList from a list of host patterns.
+// NewHostWhitelist creates a whitelist from a list of host patterns.
 // Patterns starting with "." are treated as suffix matches.
 // Examples:
 //   - "cdn.example.com" - exact match only
 //   - ".example.com" - matches cdn.example.com, images.example.com, etc.
-func New(patterns []string) *HostAllowList {
+func NewHostWhitelist(patterns []string) *HostWhitelist {
-	w := &HostAllowList{
+	w := &HostWhitelist{
 		exactHosts:  make(map[string]struct{}),
 		suffixHosts: make([]string, 0),
 	}
@@ -41,8 +41,8 @@ func New(patterns []string) *HostAllowList {
 	return w
 }
 
-// IsAllowed checks if a URL's host is in the allow list.
+// IsWhitelisted checks if a URL's host is in the whitelist.
-func (w *HostAllowList) IsAllowed(u *url.URL) bool {
+func (w *HostWhitelist) IsWhitelisted(u *url.URL) bool {
 	if u == nil {
 		return false
 	}
@@ -72,12 +72,12 @@ func (w *HostAllowList) IsAllowed(u *url.URL) bool {
 	return false
 }
 
-// IsEmpty returns true if the allow list has no entries.
+// IsEmpty returns true if the whitelist has no entries.
-func (w *HostAllowList) IsEmpty() bool {
+func (w *HostWhitelist) IsEmpty() bool {
 	return len(w.exactHosts) == 0 && len(w.suffixHosts) == 0
 }
 
-// Count returns the total number of allow list entries.
+// Count returns the total number of whitelist entries.
-func (w *HostAllowList) Count() int {
+func (w *HostWhitelist) Count() int {
 	return len(w.exactHosts) + len(w.suffixHosts)
 }

internal/whitelist/whitelist_test.go

@@ -1,13 +1,13 @@
-package allowlist_test
+package whitelist_test
 
 import (
 	"net/url"
 	"testing"
 
-	"sneak.berlin/go/pixa/internal/allowlist"
+	"sneak.berlin/go/pixa/internal/whitelist"
 )
 
-func TestHostAllowList_IsAllowed(t *testing.T) {
+func TestHostWhitelist_IsWhitelisted(t *testing.T) {
 	tests := []struct {
 		name     string
 		patterns []string
@@ -69,7 +69,7 @@ func TestHostAllowList_IsAllowed(t *testing.T) {
 			want:     true,
 		},
 		{
-			name:     "empty allow list",
+			name:     "empty whitelist",
 			patterns: []string{},
 			testURL:  "https://cdn.example.com/image.jpg",
 			want:     false,
@@ -96,7 +96,7 @@ func TestHostAllowList_IsAllowed(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			w := allowlist.New(tt.patterns)
+			w := whitelist.NewHostWhitelist(tt.patterns)
 
 			var u *url.URL
 			if tt.testURL != "" {
@@ -107,15 +107,15 @@ func TestHostAllowList_IsAllowed(t *testing.T) {
 				}
 			}
 
-			got := w.IsAllowed(u)
+			got := w.IsWhitelisted(u)
 			if got != tt.want {
-				t.Errorf("IsAllowed() = %v, want %v", got, tt.want)
+				t.Errorf("IsWhitelisted() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
 
-func TestHostAllowList_IsEmpty(t *testing.T) {
+func TestHostWhitelist_IsEmpty(t *testing.T) {
 	tests := []struct {
 		name     string
 		patterns []string
@@ -145,7 +145,7 @@ func TestHostAllowList_IsEmpty(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			w := allowlist.New(tt.patterns)
+			w := whitelist.NewHostWhitelist(tt.patterns)
 			if got := w.IsEmpty(); got != tt.want {
 				t.Errorf("IsEmpty() = %v, want %v", got, tt.want)
 			}
@@ -153,7 +153,7 @@ func TestHostAllowList_IsEmpty(t *testing.T) {
 	}
 }
 
-func TestHostAllowList_Count(t *testing.T) {
+func TestHostWhitelist_Count(t *testing.T) {
 	tests := []struct {
 		name     string
 		patterns []string
@@ -183,7 +183,7 @@ func TestHostAllowList_Count(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			w := allowlist.New(tt.patterns)
+			w := whitelist.NewHostWhitelist(tt.patterns)
 			if got := w.Count(); got != tt.want {
 				t.Errorf("Count() = %v, want %v", got, tt.want)
 			}