mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-03 14:10:57 +08:00
fix createToken not allowed
This commit is contained in:
xiaomlove
@@ -3,7 +3,6 @@
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Exceptions\NexusException;
|
||||
use App\Models\PersonalAccessTokenPlain;
|
||||
use App\Repositories\TokenRepository;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
@@ -29,6 +28,12 @@ class TokenController extends Controller
|
||||
if ($count >= 5) {
|
||||
throw new NexusException(nexus_trans("token.maximum_allow_number_reached"));
|
||||
}
|
||||
$allowed = TokenRepository::listUserTokenPermissionAllowed();
|
||||
foreach ($request->permissions as $permission) {
|
||||
if (!in_array($permission, $allowed)) {
|
||||
throw new NexusException(nexus_trans("token.permission_not_allowed", ['permission_text' => nexus_trans("route-permission.{$permission}.text")]));
|
||||
}
|
||||
}
|
||||
$newAccessToken = $user->createToken($request->name, $request->permissions);
|
||||
$tokenText = $newAccessToken->plainTextToken;
|
||||
$msg = nexus_trans("token.create_success_tip", ['token' => $tokenText]);
|
||||
@@ -52,28 +57,5 @@ class TokenController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
public function getPlainText(Request $request)
|
||||
{
|
||||
try {
|
||||
$request->validate([
|
||||
'id' => 'required|integer',
|
||||
]);
|
||||
$user = Auth::user();
|
||||
$token = $user->tokens()->where("id", $request->id)->first();
|
||||
if (!$token) {
|
||||
throw new NexusException("Token not found");
|
||||
}
|
||||
$plainRecord = PersonalAccessTokenPlain::query()->where("access_token_id", $token->id)->first();
|
||||
if (!$plainRecord) {
|
||||
throw new NexusException("Plain record not found");
|
||||
}
|
||||
return $this->success($plainRecord->plain_text_token);
|
||||
} catch (\Exception $exception) {
|
||||
return $this->fail(false, $exception->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -7,4 +7,5 @@ return array (
|
||||
'create_success_tip' => 'The token was created successfully, this data is displayed only once, please save it properly<br/><br/>:token',
|
||||
'last_used_at' => 'Recent usage time',
|
||||
'token' => 'summary',
|
||||
"permission_not_allowed" => "Permission::permission_text not allowed"
|
||||
);
|
||||
|
||||
@@ -7,4 +7,5 @@ return [
|
||||
"create_success_tip" => "token 创建成功,此数据只展示一次,请妥善保存<br/><br/>:token",
|
||||
"last_used_at" => "最近使用时间",
|
||||
"token" => "摘要",
|
||||
"permission_not_allowed" => "权限::permission_text 不被允许"
|
||||
];
|
||||
|
||||
@@ -7,4 +7,5 @@ return array (
|
||||
'create_success_tip' => 'token 創建成功,此數據只展示一次,請妥善保存<br/><br/>:token',
|
||||
'last_used_at' => '最近使用時間',
|
||||
'token' => '摘要',
|
||||
"permission_not_allowed" => "權限::permission_text 不被允許"
|
||||
);
|
||||
|
||||
@@ -25,7 +25,6 @@ Route::group(['prefix' => 'web', 'middleware' => ['auth.nexus:nexus-web']], func
|
||||
Route::post('torrent-approval', [\App\Http\Controllers\TorrentController::class, 'approval']);
|
||||
Route::post('token/add', [\App\Http\Controllers\TokenController::class, 'addToken']);
|
||||
Route::post('token/del', [\App\Http\Controllers\TokenController::class, 'delToken']);
|
||||
Route::post('token/get-plain', [\App\Http\Controllers\TokenController::class, 'getPlainText']);
|
||||
});
|
||||
|
||||
if (!isRunningInConsole()) {
|
||||
|
||||
Reference in New Issue
Block a user