From 43907485347a0875c6a0984cc166c5f5da25945e Mon Sep 17 00:00:00 2001
From: posimai <posimai.project@gmail.com>
Date: Wed, 22 Apr 2026 09:37:11 +0900
Subject: [PATCH] =?UTF-8?q?fix(together):=20JWT=20=E3=81=AA=E3=81=97=20use?=
 =?UTF-8?q?rname=20=E8=AA=8D=E8=A8=BC=E3=82=92=E5=BE=A9=E5=85=83=EF=BC=88P?=
 =?UTF-8?q?osimai=20=E3=82=A2=E3=82=AB=E3=82=A6=E3=83=B3=E3=83=88=E4=B8=8D?=
 =?UTF-8?q?=E8=A6=81=E3=83=A1=E3=83=B3=E3=83=90=E3=83=BC=E5=AF=BE=E5=BF=9C?=
 =?UTF-8?q?=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server.js | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/server.js b/server.js
index 48709d7e..76d592cc 100644
--- a/server.js
+++ b/server.js
@@ -807,24 +807,33 @@ async function togetherEnsureMember(pool, res, groupId, username, jwtUserId) {
         return false;
     }
     try {
-        if (!jwtUserId) {
-            res.status(401).json({ error: '認証が必要です' });
+        if (jwtUserId) {
+            const strict = await pool.query(
+                `SELECT 1 FROM together_members m
+                 WHERE m.group_id = $1 AND (
+                   m.user_id = $2
+                   OR (
+                     (m.user_id IS NULL OR btrim(COALESCE(m.user_id, '')) = '')
+                     AND m.username = ANY($3::text[])
+                   )
+                 )`,
+                [gidNum, jwtUserId, usernames]
+            );
+            if (strict.rows.length > 0) return true;
+            res.status(403).json({ error: 'グループのメンバーではありません' });
             return false;
         }
-        const strict = await pool.query(
-            `SELECT 1 FROM together_members m
-             WHERE m.group_id = $1 AND (
-               m.user_id = $2
-               OR (
-                 (m.user_id IS NULL OR btrim(COALESCE(m.user_id, '')) = '')
-                 AND m.username = ANY($3::text[])
-               )
-             )`,
-            [gidNum, jwtUserId, usernames]
+        // JWT なし: username のみで照合（Together は Posimai アカウント不要のため継続許容）
+        const primaryUsername = usernames[0];
+        const legacyOnly = await pool.query(
+            'SELECT 1 FROM together_members WHERE group_id=$1 AND username=$2',
+            [gidNum, primaryUsername]
         );
-        if (strict.rows.length > 0) return true;
-        res.status(403).json({ error: 'グループのメンバーではありません' });
-        return false;
+        if (legacyOnly.rows.length === 0) {
+            res.status(403).json({ error: 'グループのメンバーではありません' });
+            return false;
+        }
+        return true;
     } catch (e) {
         console.error('[Together] togetherEnsureMember', e.message);
         res.status(500).json({ error: 'Internal server error' });