feat: add writer output with custom formatter support (#1)

* feat: add writer output with custom formatter support

Add `Output` and `Formatter` fields to `Options`
for logging blacklist detections. When `Output` is
set, detection events are written using either a
user-provided `Formatter` function or a default
format.

The `Formatter` callback receives the full
`sslbl.Record` and fingerprint, allowing users to
customize output format for their logging needs.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* docs: checks TODO

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>

Author: dwisiswant0

README.md

@@ -72,7 +72,7 @@ These examples demonstrate various ways to set up Sebel and integrate it with HT
 ## TODO
 
 * [ ] Caching SSLBL data under user-specific cache directory.
-* [ ] Add `io.Writer` option.
+* [x] Add `io.Writer` option.
 * [ ] ~Add `CheckIP` method.~ Not planned, instead:
 * [ ] Add `CheckHost` method.
 

options.go

@@ -1,12 +1,25 @@
 package sebel
 
+import (
+	"io"
+
+	"github.com/teler-sh/sebel/pkg/sslbl"
+)
+
 // Options holds configuration settings for the [Sebel] package.
 type Options struct {
 	// DisableSSLBlacklist, when set to true, disables SSL/TLS certificate
 	// blacklist checks.
 	DisableSSLBlacklist bool
 
+	// Output specifies the writer for logging blacklist detections.
+	// If nil, no output is written.
+	Output io.Writer
+
+	// Formatter customizes the output format for blacklist detections.
+	// If nil, a default format is used.
+	Formatter func(record *sslbl.Record, fingerprint string) string
+
 	// TODO(dwisiswant0): Add these fields
 	// DisableHostBlacklist bool
-	// Output               io.Writer
 }

sebel.go

@@ -88,9 +88,26 @@ func (s *Sebel) checkTLS() (*sslbl.Record, error) {
 	record, ok = sslbl.Find(sha1sum, data)
 	if ok {
 		reason := record.Listing.Reason
+		s.write(record, sha1sum)
 
 		return record, fmt.Errorf("%w: %s detected", ErrSSLBlacklist, reason)
 	}
 
 	return record, nil
 }
+
+// write writes the blacklist detection to the configured output writer.
+func (s *Sebel) write(record *sslbl.Record, fingerprint string) {
+	if s.options.Output == nil {
+		return
+	}
+
+	var msg string
+	if s.options.Formatter != nil {
+		msg = s.options.Formatter(record, fingerprint)
+	} else {
+		msg = fmt.Sprintf("%s: fingerprint=%q reason=%q\n", ErrSSLBlacklist, fingerprint, record.Listing.Reason)
+	}
+
+	_, _ = fmt.Fprint(s.options.Output, msg)
+}