From 8e0a56c4ba3439c50690551a0d339c4dd7fe2832 Mon Sep 17 00:00:00 2001
From: Orion <orionc1226@gmail.com>
Date: Mon, 4 May 2026 02:52:21 +0800
Subject: [PATCH] =?UTF-8?q?refactor(core):=20=E2=99=BB=EF=B8=8F=20?=
 =?UTF-8?q?=E9=99=90=E5=88=B6=E7=94=A8=E6=88=B7=E4=BB=85=E8=83=BD=E5=88=A0?=
 =?UTF-8?q?=E9=99=A4=E8=87=AA=E5=B7=B1=E5=8F=91=E9=80=81=E7=9A=84=E6=B6=88?=
 =?UTF-8?q?=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

通过增加对回复消息发送者的校验，防止用户尝试删除管理员（Bot）回复的消息。当检测到目标消息来自 Bot 时，将拦截删除请求并向用户发送提醒。同时移除了一些冗余的日志打印和旧的数据库查询逻辑。
---
 telegram/tg-bot.js | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/telegram/tg-bot.js b/telegram/tg-bot.js
index e9b864d..31a3c14 100644
--- a/telegram/tg-bot.js
+++ b/telegram/tg-bot.js
@@ -246,6 +246,16 @@ async function handleUserDelete(msg, u, env) {
         });
     }
 
+    // 检查是否是 Bot 发送的消息（管理员回复）
+    if (msg.reply_to_message.from && msg.reply_to_message.from.is_bot) {
+        console.log(`Delete blocked: User tried to delete bot's message`);
+        return api(env.BOT_TOKEN, "sendMessage", {
+            chat_id: u.user_id,
+            text: "❌ 您只能删除自己发送的消息，无法删除管理员回复的消息",
+            reply_to_message_id: msg.message_id
+        });
+    }
+
     const targetMsgIdRaw = msg.reply_to_message.message_id;
     const targetMsgId = targetMsgIdRaw.toString();
     console.log(`Delete request: user=${u.user_id}, target_msg_raw=${targetMsgIdRaw} (type: ${typeof targetMsgIdRaw}), target_msg_str=${targetMsgId}`);
@@ -261,18 +271,6 @@ async function handleUserDelete(msg, u, env) {
     
     if (!ref || !ref.topic_message_id) {
         console.log(`Delete failed: No mapping found for user=${u.user_id}, msg=${targetMsgId}`);
-        
-        // 检查是否是管理员发送的消息（通过反向查询）
-        const adminRef = await sql(env, "SELECT user_id FROM messages WHERE topic_message_id=?", [targetMsgId], 'first');
-        if (adminRef) {
-            console.log(`Delete blocked: User tried to delete admin's message (topic_msg=${targetMsgId})`);
-            return api(env.BOT_TOKEN, "sendMessage", {
-                chat_id: u.user_id,
-                text: "❌ 您只能删除自己发送的消息，无法删除管理员回复的消息",
-                reply_to_message_id: msg.message_id
-            });
-        }
-        
         console.log(`Tip: Check database records with: SELECT * FROM messages WHERE user_id='${u.user_id}'`);
         
         // 帮助用户排查：列出该用户的最近5条消息记录