feat(core): clear saved chat and add message deletion scopes

backend:

- add message_hidden table for per-user message hiding

- support DELETE /messages/{id}?for_all=true|false

- implement delete-for-me vs delete-for-all logic by chat type/permissions

- add POST /chats/{chat_id}/clear and route saved chat deletion to clear

web:

- saved messages action changed from delete to clear

- message context menu now supports delete modal: for me / for everyone

- add local store helpers removeMessage/clearChatMessages

- include realtime stability improvements and app error boundary

app/messages/service.py

@@ -2,6 +2,8 @@ from fastapi import HTTPException, status
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.ext.asyncio import AsyncSession
 
+from app.chats import repository as chats_repository
+from app.chats.models import ChatMemberRole, ChatType
 from app.chats.service import ensure_chat_membership
 from app.messages import repository
 from app.messages.models import Message
@@ -79,7 +81,7 @@ async def get_messages(
 ) -> list[Message]:
     await ensure_chat_membership(db, chat_id=chat_id, user_id=user_id)
     safe_limit = max(1, min(limit, 100))
-    return await repository.list_chat_messages(db, chat_id, limit=safe_limit, before_id=before_id)
+    return await repository.list_chat_messages(db, chat_id, user_id=user_id, limit=safe_limit, before_id=before_id)
 
 
 async def search_messages(
@@ -129,8 +131,48 @@ async def delete_message(db: AsyncSession, *, message_id: int, user_id: int) ->
     if not message:
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Message not found")
     await ensure_chat_membership(db, chat_id=message.chat_id, user_id=user_id)
-    if message.sender_id != user_id:
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="You can delete only your own messages")
+    chat = await chats_repository.get_chat_by_id(db, message.chat_id)
+    if not chat:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Chat not found")
+    membership = await chats_repository.get_chat_member(db, chat_id=message.chat_id, user_id=user_id)
+    if not membership:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="You are not a member of this chat")
+    # Telegram-like default: delete only for current user.
+    hidden = await repository.get_hidden_message(db, message_id=message.id, user_id=user_id)
+    if not hidden:
+        try:
+            await repository.hide_message_for_user(db, message_id=message.id, user_id=user_id)
+        except IntegrityError:
+            await db.rollback()
+            return
+    await db.commit()
+
+
+async def delete_message_for_all(db: AsyncSession, *, message_id: int, user_id: int) -> None:
+    message = await repository.get_message_by_id(db, message_id)
+    if not message:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Message not found")
+    await ensure_chat_membership(db, chat_id=message.chat_id, user_id=user_id)
+    chat = await chats_repository.get_chat_by_id(db, message.chat_id)
+    if not chat:
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Chat not found")
+    membership = await chats_repository.get_chat_member(db, chat_id=message.chat_id, user_id=user_id)
+    if not membership:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="You are not a member of this chat")
+    if chat.is_saved:
+        await delete_message(db, message_id=message_id, user_id=user_id)
+        return
+
+    can_delete_for_all = False
+    if chat.type == ChatType.PRIVATE:
+        can_delete_for_all = True
+    elif message.sender_id == user_id:
+        can_delete_for_all = True
+    elif chat.type in {ChatType.GROUP, ChatType.CHANNEL} and membership.role in {ChatMemberRole.OWNER, ChatMemberRole.ADMIN}:
+        can_delete_for_all = True
+
+    if not can_delete_for_all:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Insufficient permissions for delete-for-all")
     await repository.delete_message(db, message)
     await db.commit()