fix createToken not allowed

2026-04-24 12:07:23 +08:00 · 2025-05-29 15:24:36 +07:00
parent e5947a8586
commit 6c8e53ad7e
5 changed files with 9 additions and 25 deletions
@@ -3,7 +3,6 @@
 namespace App\Http\Controllers;
 use App\Exceptions\NexusException;
 use App\Models\PersonalAccessTokenPlain;
 use App\Repositories\TokenRepository;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -29,6 +28,12 @@ class TokenController extends Controller
            if ($count >= 5) {
                throw new NexusException(nexus_trans("token.maximum_allow_number_reached"));
            }
            $allowed = TokenRepository::listUserTokenPermissionAllowed();
            foreach ($request->permissions as $permission) {
                if (!in_array($permission, $allowed)) {
                    throw new NexusException(nexus_trans("token.permission_not_allowed", ['permission_text' => nexus_trans("route-permission.{$permission}.text")]));
                }
            }
            $newAccessToken = $user->createToken($request->name, $request->permissions);
            $tokenText = $newAccessToken->plainTextToken;
            $msg = nexus_trans("token.create_success_tip", ['token' => $tokenText]);
@@ -52,28 +57,5 @@ class TokenController extends Controller
        }
    }
    public function getPlainText(Request $request)
    {
        try {
            $request->validate([
                'id' => 'required|integer',
            ]);
            $user = Auth::user();
            $token = $user->tokens()->where("id", $request->id)->first();
            if (!$token) {
                throw new NexusException("Token not found");
            }
            $plainRecord = PersonalAccessTokenPlain::query()->where("access_token_id", $token->id)->first();
            if (!$plainRecord) {
                throw new NexusException("Plain record not found");
            }
            return $this->success($plainRecord->plain_text_token);
        } catch (\Exception $exception) {
            return $this->fail(false, $exception->getMessage());
        }
    }
 }
@@ -7,4 +7,5 @@ return array (
  'create_success_tip' => 'The token was created successfully, this data is displayed only once, please save it properly<br/><br/>:token',
  'last_used_at' => 'Recent usage time',
  'token' => 'summary',
    "permission_not_allowed" => "Permission：:permission_text not allowed"
 );
@@ -7,4 +7,5 @@ return [
    "create_success_tip" => "token 创建成功，此数据只展示一次，请妥善保存<br/><br/>:token",
    "last_used_at" => "最近使用时间",
    "token" => "摘要",
    "permission_not_allowed" => "权限：:permission_text 不被允许"
 ];
@@ -7,4 +7,5 @@ return array (
  'create_success_tip' => 'token 創建成功，此數據只展示一次，請妥善保存<br/><br/>:token',
  'last_used_at' => '最近使用時間',
  'token' => '摘要',
    "permission_not_allowed" => "權限：:permission_text 不被允許"
 );
@@ -25,7 +25,6 @@ Route::group(['prefix' => 'web', 'middleware' => ['auth.nexus:nexus-web']], func
    Route::post('torrent-approval', [\App\Http\Controllers\TorrentController::class, 'approval']);
    Route::post('token/add', [\App\Http\Controllers\TokenController::class, 'addToken']);
    Route::post('token/del', [\App\Http\Controllers\TokenController::class, 'delToken']);
    Route::post('token/get-plain', [\App\Http\Controllers\TokenController::class, 'getPlainText']);
 });
 if (!isRunningInConsole()) {