From 0336cae5377ef856e1e7f53a4e3e58aca9bf123a Mon Sep 17 00:00:00 2001
From: "iVampireSP.com" <im@ivampiresp.com>
Date: Fri, 17 Feb 2023 21:18:58 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=B9=E8=BF=9B=20Token=20=E6=8E=88=E6=9D=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Web/AuthController.php | 17 ++++++-----------
 resources/views/confirm_redirect.blade.php  | 19 ++++++++++++++++---
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/app/Http/Controllers/Web/AuthController.php b/app/Http/Controllers/Web/AuthController.php
index 321750b..213beb9 100644
--- a/app/Http/Controllers/Web/AuthController.php
+++ b/app/Http/Controllers/Web/AuthController.php
@@ -38,15 +38,13 @@ public function index(Request $request): View|RedirectResponse
                         return redirect()->route('real_name.create')->with('status', '重定向已被打断，需要先实人认证。');
                     }
 
-                    $requestHost = parse_url($request->header('referer'), PHP_URL_HOST);
-
-                    $token = $request->user()->createToken('Dashboard', [
-                        'domain-access:'.$requestHost,
-                    ])->plainTextToken;
+                    $token = $request->user()->createToken('Dashboard')->plainTextToken;
 
                     return redirect($callback.'?token='.$token);
                 }
 
+                session(['referer.domain' => parse_url($request->header('referer'), PHP_URL_HOST)]);
+
                 return redirect()->route('confirm_redirect');
             } else {
                 // url.intended 存放当前页面 URL
@@ -63,7 +61,9 @@ public function confirm_redirect(Request $request): View
     {
         $callback = $request->callback ?? session('callback');
 
-        return view('confirm_redirect', compact('callback'));
+        $referer_host = session('referer.domain');
+
+        return view('confirm_redirect', compact('callback', 'referer_host'));
     }
 
     public function update(Request $request): RedirectResponse
@@ -91,11 +91,6 @@ public function newToken(Request $request): RedirectResponse
         $abilities = [];
 
         if ($request->has('domain')) {
-            // 检测是不是一个合格的域名
-            if (! preg_match('/^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/', $request->input('domain'))) {
-                return back()->with('error', '域名格式不正确。');
-            }
-
             $abilities = ['domain-access:'.$request->input('domain')];
         }
 
diff --git a/resources/views/confirm_redirect.blade.php b/resources/views/confirm_redirect.blade.php
index 8dbac84..6136448 100644
--- a/resources/views/confirm_redirect.blade.php
+++ b/resources/views/confirm_redirect.blade.php
@@ -8,16 +8,25 @@
 
         @if(session('token'))
 
-            <h3>带你去目标站点...</h3>
+            <div style="height: 80vh; display: flex" class="justify-content-center align-items-center">
+                <div>
+                    <i class="bi bi-back" style="font-size: 10rem"></i>
+                    <br/>
+                    <p class="text-center fs-3">
+                        正在返回
+                    </p>
+                </div>
+            </div>
 
             @php
                 session()->forget('callback');
+                session()->forget('referer.domain');
             @endphp
 
             <script>
                 setTimeout(function () {
                     window.location.href = "{{ $callback . '?token=' . session('token')}}";
-                }, 1000);
+                }, 100);
             </script>
         @else
 
@@ -26,11 +35,15 @@
 
             <p>您点击"好"后，您将前往这个地址: <code>{{ $callback }}</code>。</p>
 
-
             <form action="{{ route('token.new') }}" name="newToken" method="POST">
                 @csrf
                 <input type="hidden" name="name" placeholder="Token 名字"
                        value="自动登录 - {{ date('Y-m-d H:i:s') }}"/>
+
+                @if($referer_host)
+                    <input type="hidden" name="domain" value="{{ $referer_host }}"/>
+                @endif
+
                 <button type="submit" class="btn btn-primary">授权</button>
 
                 <a href="/" class="btn btn-danger">不</a>