From d1cef4bd675e91b22437bd5952baca15db908d40 Mon Sep 17 00:00:00 2001
From: Last2014 <info@last2014.com>
Date: Fri, 5 Jun 2026 06:18:51 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20=E8=87=AA=E8=BA=AB=E3=81=8C=E9=80=81?=
 =?UTF-8?q?=E4=BF=A1=E3=81=97=E3=81=A6=E3=81=84=E3=81=AA=E3=81=84=E3=83=A1?=
 =?UTF-8?q?=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8=E3=82=92=E5=89=8A=E9=99=A4?=
 =?UTF-8?q?=E3=81=A7=E3=81=8D=E3=82=8B=E5=95=8F=E9=A1=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/src/routes/message/delete.ts | 19 ++++++++++++++++++-
 packages/frontend/src/components/Message.vue  |  4 +++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/routes/message/delete.ts b/packages/backend/src/routes/message/delete.ts
index d70e2e4..d7f2813 100644
--- a/packages/backend/src/routes/message/delete.ts
+++ b/packages/backend/src/routes/message/delete.ts
@@ -1,4 +1,4 @@
-import { DatabaseError, InputError } from "@/errors";
+import { DatabaseError, ErrorBase, InputError } from "@/errors";
 import Logger from "@/lib/logger";
 import { MessageEntity } from "@/modules/entities/Message";
 import type { FastifyInstance } from "fastify";
@@ -23,6 +23,23 @@ export default async function MessageDelete(fastify: FastifyInstance) {
 
     try {
       const messageRepo = fastify.orm.em.getRepository(MessageEntity);
+      const itMessage = await messageRepo.findOne({ id: result.data.id });
+      if (!itMessage) {
+        return res.code(400).send(ErrorBase({
+          bad: "client",
+          code: "message_not_found",
+          message: "対象のメッセージが見つかりませんでした。",
+        }));
+      }
+
+      if (itMessage.createdBy.userid !== req.token.user.userid) {
+        return res.code(403).send(ErrorBase({
+          bad: "client",
+          code: "not_your_message",
+          message: "あなたの送信したメッセージではありません。",
+        }));
+      }
+
       await messageRepo.deleteMessage(result.data.id);
 
       return res.send({
diff --git a/packages/frontend/src/components/Message.vue b/packages/frontend/src/components/Message.vue
index 3f12315..c1eaefa 100644
--- a/packages/frontend/src/components/Message.vue
+++ b/packages/frontend/src/components/Message.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="message" ref="messageElem">
+  <div class="message" v-if="account && account.success" ref="messageElem">
     <img
       v-if="message.createdBy.icon"
       :src="message.createdBy.icon"
@@ -31,6 +31,7 @@
       />
 
       <Icon
+        v-if="account.userid === message.createdBy.userid"
         icon="material-symbols:delete-rounded"
         style="color: #ff0000"
         @click="deleteMessage()"
@@ -123,6 +124,7 @@ import type ApiMap from "lynqchat-js/1.0.0-alpha.0/map";
 import ErrorModal from "@/components/Modal/Error.vue";
 import Confirm from "@/components/Modal/Confirm.vue";
 import { inject, onBeforeUnmount, onMounted, ref, watch, type Ref } from "vue";
+import { account } from "@/lib/account";
 
 const props = defineProps<{
   message: Extract<ApiMap["message/list"]["response"], { messages: any }>["messages"][number];