refactor: centralize synology dangerous name matching

2026-04-26 16:06:16 +00:00 · 2026-03-22 23:14:52 -07:00
parent ea800dd4ef
commit 677a821a2f
4 changed files with 59 additions and 2 deletions
--- a/extensions/synology-chat/src/accounts.ts
+++ b/extensions/synology-chat/src/accounts.ts
@@ -9,6 +9,7 @@ import {
  resolveMergedAccountConfig,
  type OpenClawConfig,
 } from "openclaw/plugin-sdk/account-resolution";
+import { resolveDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime";
 import type { SynologyChatChannelConfig, ResolvedSynologyChatAccount } from "./types.js";

 /** Extract the channel config from the full OpenClaw config object. */
@@ -65,6 +66,8 @@ export function resolveAccount(
 ): ResolvedSynologyChatAccount {
  const channelCfg = getChannelConfig(cfg) ?? {};
  const id = accountId || DEFAULT_ACCOUNT_ID;
+  const accountOverrides =
+    id === DEFAULT_ACCOUNT_ID ? undefined : (channelCfg.accounts?.[id] ?? undefined);
  const merged = resolveMergedAccountConfig<Record<string, unknown> & SynologyChatChannelConfig>({
    channelConfig: channelCfg as Record<string, unknown> & SynologyChatChannelConfig,
    accounts: channelCfg.accounts as
@@ -89,7 +92,10 @@ export function resolveAccount(
    incomingUrl: merged.incomingUrl ?? envIncomingUrl,
    nasHost: merged.nasHost ?? envNasHost,
    webhookPath: merged.webhookPath ?? "/webhook/synology",
-    dangerouslyAllowNameMatching: merged.dangerouslyAllowNameMatching ?? false,
+    dangerouslyAllowNameMatching: resolveDangerousNameMatchingEnabled({
+      providerConfig: channelCfg,
+      accountConfig: accountOverrides,
+    }),
    dmPolicy: merged.dmPolicy ?? "allowlist",
    allowedUserIds: parseAllowedUserIds(merged.allowedUserIds ?? envAllowedUserIds),
    rateLimitPerMinute: merged.rateLimitPerMinute ?? envRateLimitValue,
--- a/src/config/dangerous-name-matching.test.ts
+++ b/src/config/dangerous-name-matching.test.ts
@@ -0,0 +1,34 @@
+import { describe, expect, it } from "vitest";
+import { resolveDangerousNameMatchingEnabled } from "./dangerous-name-matching.js";
+
+describe("resolveDangerousNameMatchingEnabled", () => {
+  it("defaults to false when no provider or account flag is set", () => {
+    expect(resolveDangerousNameMatchingEnabled({})).toBe(false);
+  });
+
+  it("inherits the provider break-glass flag when the account is unset", () => {
+    expect(
+      resolveDangerousNameMatchingEnabled({
+        providerConfig: { dangerouslyAllowNameMatching: true },
+      }),
+    ).toBe(true);
+  });
+
+  it("lets an account override the provider flag back to false", () => {
+    expect(
+      resolveDangerousNameMatchingEnabled({
+        providerConfig: { dangerouslyAllowNameMatching: true },
+        accountConfig: { dangerouslyAllowNameMatching: false },
+      }),
+    ).toBe(false);
+  });
+
+  it("lets an account opt in when the provider flag is false", () => {
+    expect(
+      resolveDangerousNameMatchingEnabled({
+        providerConfig: { dangerouslyAllowNameMatching: false },
+        accountConfig: { dangerouslyAllowNameMatching: true },
+      }),
+    ).toBe(true);
+  });
+});
--- a/src/config/dangerous-name-matching.ts
+++ b/src/config/dangerous-name-matching.ts
@@ -11,6 +11,11 @@ export type ProviderDangerousNameMatchingScope = {
  dangerousFlagPath: string;
 };

+export type DangerousNameMatchingResolverInput = {
+  providerConfig?: DangerousNameMatchingConfig | null | undefined;
+  accountConfig?: DangerousNameMatchingConfig | null | undefined;
+};
+
 function asObjectRecord(value: unknown): Record<string, unknown> | null {
  if (!value || typeof value !== "object" || Array.isArray(value)) {
    return null;
@@ -28,6 +33,15 @@ export function isDangerousNameMatchingEnabled(
  return config?.dangerouslyAllowNameMatching === true;
 }

+export function resolveDangerousNameMatchingEnabled(
+  input: DangerousNameMatchingResolverInput,
+): boolean {
+  if (typeof input.accountConfig?.dangerouslyAllowNameMatching === "boolean") {
+    return input.accountConfig.dangerouslyAllowNameMatching;
+  }
+  return isDangerousNameMatchingEnabled(input.providerConfig);
+}
+
 export function collectProviderDangerousNameMatchingScopes(
  cfg: OpenClawConfig,
  provider: string,
--- a/src/plugin-sdk/config-runtime.ts
+++ b/src/plugin-sdk/config-runtime.ts
@@ -95,4 +95,7 @@ export {
  resolveThreadFlag,
 } from "../config/sessions/reset.js";
 export { resolveSessionStoreEntry } from "../config/sessions/store.js";
-export { isDangerousNameMatchingEnabled } from "../config/dangerous-name-matching.js";
+export {
+  isDangerousNameMatchingEnabled,
+  resolveDangerousNameMatchingEnabled,
+} from "../config/dangerous-name-matching.js";