diff --git a/app/Http/Controllers/Modules/UserController.php b/app/Http/Controllers/Modules/UserController.php
index 2491d48..48da927 100644
--- a/app/Http/Controllers/Modules/UserController.php
+++ b/app/Http/Controllers/Modules/UserController.php
@@ -4,9 +4,11 @@
 
 use App\Http\Controllers\Controller;
 use App\Models\Host;
+use App\Models\PersonalAccessToken;
 use App\Models\User;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Arr;
 
 class UserController extends Controller
 {
@@ -91,4 +93,21 @@ public function update(Request $request, User $user): JsonResponse
         return $this->updated();
     }
 
+    public function auth($token): JsonResponse
+    {
+        $token = PersonalAccessToken::findToken($token);
+
+        // 画饼: 验证 Token 能力，比如是否可以访问这个模块
+
+        return $token ? $this->success(Arr::only(
+            $token->tokenable
+                ->makeVisible('real_name')
+                ->toArray()
+            ,
+            [
+                'id', 'name', 'email', 'real_name'
+            ]
+        )) : $this->notFound();
+    }
+
 }
diff --git a/app/Models/User.php b/app/Models/User.php
index 8830114..f835e02 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -41,6 +41,7 @@ class User extends Authenticatable
     protected $hidden = [
         'password',
         'remember_token',
+        'real_name',
         'id_card',
     ];
 
@@ -59,7 +60,13 @@ class User extends Authenticatable
         'birthday_at',
     ];
 
-    // id card 必须加密
+    public array $publics = [
+        'id',
+        'name',
+        'email',
+        'real_name',
+        'balance',
+    ];
 
     protected static function boot()
     {
@@ -145,8 +152,8 @@ public function scopeBirthday()
 
     public function selectPublic(): User
     {
-        // 过滤掉私有字段
-        return $this->select(['id', 'name', 'email_md5', 'created_at']);
+        // 仅需选择公开的
+        return $this->select($this->publics);
     }
 
     public function startTransfer(User $to, string $amount, string|null $description)
diff --git a/routes/modules.php b/routes/modules.php
index b4eb167..e7b0ced 100644
--- a/routes/modules.php
+++ b/routes/modules.php
@@ -22,6 +22,7 @@
 // 用户信息
 Route::resource('users', UserController::class)->only(['index', 'show', 'update']);
 
+Route::get('token/{token}', [UserController::class, 'auth']);
 Route::get('users/{user}/hosts', [UserController::class, 'hosts']);
 
 Route::post('broadcast/users/{user}', [BroadcastController::class, 'broadcast_to_user']);