From c52cccdc40b0c787a0935537ce1a1b21e0107bad Mon Sep 17 00:00:00 2001
From: Vincent Koc <vincentkoc@ieee.org>
Date: Sat, 14 Mar 2026 20:02:27 -0700
Subject: [PATCH] Synology Chat: reject duplicate webhook path ownership

---
 extensions/synology-chat/src/accounts.ts     | 17 ++++++++
 extensions/synology-chat/src/channel.test.ts | 41 ++++++++++++++++++++
 extensions/synology-chat/src/channel.ts      | 20 +++++++++-
 3 files changed, 76 insertions(+), 2 deletions(-)

diff --git a/extensions/synology-chat/src/accounts.ts b/extensions/synology-chat/src/accounts.ts
index 483aa5944e8..7b730d5856d 100644
--- a/extensions/synology-chat/src/accounts.ts
+++ b/extensions/synology-chat/src/accounts.ts
@@ -94,3 +94,20 @@ export function resolveAccount(cfg: any, accountId?: string | null): ResolvedSyn
     allowInsecureSsl: accountOverride.allowInsecureSsl ?? channelCfg.allowInsecureSsl ?? false,
   };
 }
+
+export function findConflictingWebhookPathAccountIds(cfg: any, accountId: string): string[] {
+  const current = resolveAccount(cfg, accountId);
+  const currentPath = current.webhookPath.trim();
+  if (!current.enabled || !current.token.trim() || !currentPath) {
+    return [];
+  }
+
+  return listAccountIds(cfg)
+    .filter((candidateId) => candidateId !== accountId)
+    .map((candidateId) => resolveAccount(cfg, candidateId))
+    .filter(
+      (candidate) =>
+        candidate.enabled && candidate.token.trim() && candidate.webhookPath.trim() === currentPath,
+    )
+    .map((candidate) => candidate.accountId);
+}
diff --git a/extensions/synology-chat/src/channel.test.ts b/extensions/synology-chat/src/channel.test.ts
index bdce5f37d79..6c06ada44ef 100644
--- a/extensions/synology-chat/src/channel.test.ts
+++ b/extensions/synology-chat/src/channel.test.ts
@@ -334,5 +334,46 @@ describe("createSynologyChatPlugin", () => {
       abortSecond.abort();
       await Promise.allSettled([firstPromise, secondPromise]);
     });
+
+    it("refuses to register when another enabled account resolves to the same webhook path", async () => {
+      const registerMock = registerPluginHttpRouteMock;
+      registerMock.mockClear();
+      const plugin = createSynologyChatPlugin();
+      const abortController = new AbortController();
+      const log = { info: vi.fn(), warn: vi.fn(), error: vi.fn() };
+
+      const result = plugin.gateway.startAccount({
+        cfg: {
+          channels: {
+            "synology-chat": {
+              enabled: true,
+              token: "base-token",
+              incomingUrl: "https://nas/incoming",
+              webhookPath: "/webhook/synology/shared",
+              dmPolicy: "allowlist",
+              allowedUserIds: ["owner-a"],
+              accounts: {
+                alerts: {
+                  enabled: true,
+                  token: "alerts-token",
+                  incomingUrl: "https://nas/incoming-alerts",
+                  webhookPath: "/webhook/synology/shared",
+                  dmPolicy: "open",
+                },
+              },
+            },
+          },
+        },
+        accountId: "default",
+        log,
+        abortSignal: abortController.signal,
+      });
+
+      await expectPendingStartAccountPromise(result, abortController);
+      expect(registerMock).not.toHaveBeenCalled();
+      expect(log.error).toHaveBeenCalledWith(
+        expect.stringContaining("Each enabled account must use a unique webhookPath."),
+      );
+    });
   });
 });
diff --git a/extensions/synology-chat/src/channel.ts b/extensions/synology-chat/src/channel.ts
index d84516dbda5..f8e17aa1609 100644
--- a/extensions/synology-chat/src/channel.ts
+++ b/extensions/synology-chat/src/channel.ts
@@ -11,7 +11,11 @@ import {
   buildChannelConfigSchema,
 } from "openclaw/plugin-sdk/synology-chat";
 import { z } from "zod";
-import { listAccountIds, resolveAccount } from "./accounts.js";
+import {
+  findConflictingWebhookPathAccountIds,
+  listAccountIds,
+  resolveAccount,
+} from "./accounts.js";
 import { sendMessage, sendFileUrl } from "./client.js";
 import { getSynologyRuntime } from "./runtime.js";
 import type { ResolvedSynologyChatAccount } from "./types.js";
@@ -249,6 +253,19 @@ export function createSynologyChatPlugin() {
           );
           return waitUntilAbort(ctx.abortSignal);
         }
+        const conflictingAccounts = findConflictingWebhookPathAccountIds(
+          ctx.cfg,
+          account.accountId,
+        );
+        if (conflictingAccounts.length > 0) {
+          log?.error?.(
+            `Conflicting webhookPath ${account.webhookPath} for Synology Chat accounts: ${[
+              account.accountId,
+              ...conflictingAccounts,
+            ].join(", ")}. Each enabled account must use a unique webhookPath.`,
+          );
+          return waitUntilAbort(ctx.abortSignal);
+        }
 
         log?.info?.(
           `Starting Synology Chat channel (account: ${accountId}, path: ${account.webhookPath})`,
@@ -325,7 +342,6 @@ export function createSynologyChatPlugin() {
         const unregister = registerPluginHttpRoute({
           path: account.webhookPath,
           auth: "plugin",
-          replaceExisting: true,
           pluginId: CHANNEL_ID,
           accountId: account.accountId,
           log: (msg: string) => log?.info?.(msg),