refactor(discord): unify DM command auth handling

2026-05-10 06:42:44 +00:00 · 2026-03-01 23:59:55 +00:00
parent 12c1257023
commit 75596e9370
4 changed files with 120 additions and 64 deletions
--- a/src/discord/monitor/dm-command-auth.ts
+++ b/src/discord/monitor/dm-command-auth.ts
@@ -17,6 +17,32 @@ export type DiscordDmCommandAccess = {
  allowMatch: ReturnType<typeof resolveDiscordAllowListMatch> | { allowed: false };
 };

+function resolveSenderAllowMatch(params: {
+  allowEntries: string[];
+  sender: { id: string; name?: string; tag?: string };
+  allowNameMatching: boolean;
+}) {
+  const allowList = normalizeDiscordAllowList(params.allowEntries, DISCORD_ALLOW_LIST_PREFIXES);
+  return allowList
+    ? resolveDiscordAllowListMatch({
+        allowList,
+        candidate: params.sender,
+        allowNameMatching: params.allowNameMatching,
+      })
+    : ({ allowed: false } as const);
+}
+
+function resolveDmPolicyCommandAuthorization(params: {
+  dmPolicy: DiscordDmPolicy;
+  decision: DmGroupAccessDecision;
+  commandAuthorized: boolean;
+}) {
+  if (params.dmPolicy === "open" && params.decision === "allow") {
+    return true;
+  }
+  return params.commandAuthorized;
+}
+
 export async function resolveDiscordDmCommandAccess(params: {
  accountId: string;
  dmPolicy: DiscordDmPolicy;
@@ -40,30 +66,19 @@ export async function resolveDiscordDmCommandAccess(params: {
    allowFrom: params.configuredAllowFrom,
    groupAllowFrom: [],
    storeAllowFrom,
-    isSenderAllowed: (allowEntries) => {
-      const allowList = normalizeDiscordAllowList(allowEntries, DISCORD_ALLOW_LIST_PREFIXES);
-      const allowMatch = allowList
-        ? resolveDiscordAllowListMatch({
-            allowList,
-            candidate: params.sender,
-            allowNameMatching: params.allowNameMatching,
-          })
-        : { allowed: false };
-      return allowMatch.allowed;
-    },
+    isSenderAllowed: (allowEntries) =>
+      resolveSenderAllowMatch({
+        allowEntries,
+        sender: params.sender,
+        allowNameMatching: params.allowNameMatching,
+      }).allowed,
  });

-  const commandAllowList = normalizeDiscordAllowList(
-    access.effectiveAllowFrom,
-    DISCORD_ALLOW_LIST_PREFIXES,
-  );
-  const allowMatch = commandAllowList
-    ? resolveDiscordAllowListMatch({
-        allowList: commandAllowList,
-        candidate: params.sender,
-        allowNameMatching: params.allowNameMatching,
-      })
-    : { allowed: false };
+  const allowMatch = resolveSenderAllowMatch({
+    allowEntries: access.effectiveAllowFrom,
+    sender: params.sender,
+    allowNameMatching: params.allowNameMatching,
+  });

  const commandAuthorized = resolveCommandAuthorizedFromAuthorizers({
    useAccessGroups: params.useAccessGroups,
@@ -75,13 +90,15 @@ export async function resolveDiscordDmCommandAccess(params: {
    ],
    modeWhenAccessGroupsOff: "configured",
  });
-  const effectiveCommandAuthorized =
-    access.decision === "allow" && params.dmPolicy === "open" ? true : commandAuthorized;

  return {
    decision: access.decision,
    reason: access.reason,
-    commandAuthorized: effectiveCommandAuthorized,
+    commandAuthorized: resolveDmPolicyCommandAuthorization({
+      dmPolicy: params.dmPolicy,
+      decision: access.decision,
+      commandAuthorized,
+    }),
    allowMatch,
  };
 }