From 43b241d617c55aee6563ac8e042086828f0915e4 Mon Sep 17 00:00:00 2001
From: xiaomlove <beixiao2777@gmail.com>
Date: Fri, 2 May 2025 23:27:16 +0700
Subject: [PATCH] user token permission configurable

---
 .../SettingResource/Pages/EditSetting.php     | 12 ++++++++++
 app/Http/Controllers/ToolController.php       |  5 +++-
 app/Models/Setting.php                        | 19 +++++++++++++++
 app/Models/User.php                           |  7 ++++++
 app/Repositories/TokenRepository.php          | 23 ++++++++++++++-----
 public/usercp.php                             |  2 +-
 public/userdetails.php                        |  2 +-
 7 files changed, 61 insertions(+), 9 deletions(-)

diff --git a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
index 9fce45e1..7775c559 100644
--- a/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
+++ b/app/Filament/Resources/System/SettingResource/Pages/EditSetting.php
@@ -14,6 +14,7 @@ use Filament\Facades\Filament;
 use Filament\Resources\Pages\Page;
 use Filament\Forms;
 use Illuminate\Support\HtmlString;
+use Nexus\Database\NexusDB;
 
 class EditSetting extends Page implements Forms\Contracts\HasForms
 {
@@ -85,11 +86,22 @@ class EditSetting extends Page implements Forms\Contracts\HasForms
             }
         }
         Setting::query()->upsert($data, ['name'], ['value']);
+        $this->doAfterUpdate();
         do_action("nexus_setting_update");
         clear_setting_cache();
         send_admin_success_notification();
     }
 
+    /**
+     * this actions get config must not use cache !!!
+     *
+     * @return void
+     */
+    private function doAfterUpdate(): void
+    {
+        Setting::updateUserTokenPermissionAllowedCache();
+    }
+
     private function getTabs(): array
     {
         $tabs = [];
diff --git a/app/Http/Controllers/ToolController.php b/app/Http/Controllers/ToolController.php
index 3c8e0620..8281e8ee 100644
--- a/app/Http/Controllers/ToolController.php
+++ b/app/Http/Controllers/ToolController.php
@@ -3,6 +3,8 @@
 namespace App\Http\Controllers;
 
 use App\Models\PluginStore;
+use App\Models\Setting;
+use App\Repositories\TokenRepository;
 use App\Repositories\ToolRepository;
 use App\Repositories\UploadRepository;
 use Illuminate\Http\Request;
@@ -33,7 +35,8 @@ class ToolController extends Controller
     public function test(Request $request)
     {
         $result = ['id' => 1];
-        $result['logFile'] = getLogFile();
+        $result['permissions'] = TokenRepository::listUserTokenPermissionAllowed();
+//        $result['permissions'] = Setting::getPermissionUserTokenAllowed();
         $resource = new JsonResource($result);
         return $this->success($resource);
     }
diff --git a/app/Models/Setting.php b/app/Models/Setting.php
index 089fbf2b..aae5b17d 100644
--- a/app/Models/Setting.php
+++ b/app/Models/Setting.php
@@ -19,6 +19,7 @@ class Setting extends NexusModel
     const ROLE_PERMISSION_CACHE_KEY_PREFIX = 'nexus_role_permissions_';
 
     const TORRENT_GLOBAL_STATE_CACHE_KEY = 'global_promotion_state';
+    const USER_TOKEN_PERMISSION_ALLOWED_CACHE_KRY = 'user_token_permission_allowed';
 
     /**
      * get setting autoload = yes with cache
@@ -100,6 +101,18 @@ class Setting extends NexusModel
         return $value;
     }
 
+    public static function updateUserTokenPermissionAllowedCache(): void
+    {
+        $redis = NexusDB::redis();
+        $key = self::USER_TOKEN_PERMISSION_ALLOWED_CACHE_KRY;
+        $redis->del($key);
+        //must not use cache
+        $allowed = self::getFromDb("permission.user_token_allowed");
+        if (!empty($allowed)) {
+            $redis->sAdd($key, ...$allowed);
+        }
+    }
+
     public static function getDefaultLang(): string
     {
         return self::get("main.defaultlang");
@@ -223,4 +236,10 @@ class Setting extends NexusModel
         return self::get("smtp.smtptype");
     }
 
+    public static function getPermissionUserTokenAllowed(): array
+    {
+        return self::get("permission.user_token_allowed");
+    }
+
+
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 757cd696..51e336db 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -615,6 +615,13 @@ class User extends Authenticatable implements FilamentUser, HasName
         return is_null($this->original['notifs']) || str_contains($this->notifs, "[{$name}]");
     }
 
+    public function tokenCan(string $ability)
+    {
+        $redis = NexusDB::redis();
+        return $redis->sismember(Setting::USER_TOKEN_PERMISSION_ALLOWED_CACHE_KRY, $ability)
+            && $this->accessToken && $this->accessToken->can($ability);
+    }
+
 
 
 
diff --git a/app/Repositories/TokenRepository.php b/app/Repositories/TokenRepository.php
index bd7aad9b..d7d9e9a6 100644
--- a/app/Repositories/TokenRepository.php
+++ b/app/Repositories/TokenRepository.php
@@ -2,21 +2,32 @@
 namespace App\Repositories;
 
 use App\Enums\Permission\RoutePermissionEnum;
+use App\Models\Setting;
 
 class TokenRepository extends BaseRepository
 {
     private static array $userTokenPermissions = [
-        RoutePermissionEnum::TORRENT_LIST,
-        RoutePermissionEnum::TORRENT_VIEW,
-        RoutePermissionEnum::TORRENT_UPLOAD,
-        RoutePermissionEnum::USER_VIEW,
+        RoutePermissionEnum::TORRENT_LIST->value,
+        RoutePermissionEnum::TORRENT_VIEW->value,
+        RoutePermissionEnum::TORRENT_UPLOAD->value,
+        RoutePermissionEnum::USER_VIEW->value,
     ];
 
     public static function listUserTokenPermissions(): array
+    {
+        return self::formatPermissions(self::$userTokenPermissions);
+    }
+
+    public static function listUserTokenPermissionAllowed(): array
+    {
+        return self::formatPermissions(Setting::getPermissionUserTokenAllowed());
+    }
+
+    private static function formatPermissions(array $permissions): array
     {
         $result = [];
-        foreach (self::$userTokenPermissions as $permission) {
-            $result[$permission->value] = nexus_trans("route-permission.{$permission->value}.text");
+        foreach ($permissions as $permission) {
+            $result[$permission] = nexus_trans("route-permission.{$permission}.text");
         }
         return $result;
     }
diff --git a/public/usercp.php b/public/usercp.php
index 5e7c780e..e28979b1 100644
--- a/public/usercp.php
+++ b/public/usercp.php
@@ -1128,7 +1128,7 @@ JS;
 //end seed box
 
 //token start
-$permissions = \App\Repositories\TokenRepository::listUserTokenPermissions();
+$permissions = \App\Repositories\TokenRepository::listUserTokenPermissionAllowed();
 $permissionOptions = [];
 foreach ($permissions as $name => $label) {
     $permissionOptions[] = sprintf('<label><input type="checkbox" name="permissions[]" value="%s">%s</label>', $name, $label);
diff --git a/public/userdetails.php b/public/userdetails.php
index d60d1cdf..606cb59e 100644
--- a/public/userdetails.php
+++ b/public/userdetails.php
@@ -30,7 +30,7 @@ $userRep = new \App\Repositories\UserRepository();
 if ($user['added'] == "0000-00-00 00:00:00" || $user['added'] == null) {
     $joindate = $lang_userdetails['text_not_available'];
 } else {
-    $weeks = abs($userInfo->added->diffInWeeks()) . nexus_trans('nexus.time_units.week');
+    $weeks = abs(number_format($userInfo->added->diffInWeeks(), 1)) . nexus_trans('nexus.time_units.week');
     $joindate = $user['added']." (" . gettime($user["added"], true, false, true).", $weeks)";
 }
 $lastseen = $user["last_access"];