From 4ee9e0b546e7bf2a48a9b3fd55f558e0ed45a31e Mon Sep 17 00:00:00 2001
From: Feng Yue <2525275@gmail.com>
Date: Tue, 9 Sep 2025 12:52:34 +0800
Subject: [PATCH] API Keys created by users have all permissions by default

---
 src/routes/userRoutes.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/routes/userRoutes.js b/src/routes/userRoutes.js
index f4f995c1..4952dd5e 100644
--- a/src/routes/userRoutes.js
+++ b/src/routes/userRoutes.js
@@ -315,7 +315,8 @@ router.post('/api-keys', authenticateUser, async (req, res) => {
       expiresAt: expiresAt || null,
       dailyCostLimit: dailyCostLimit || null,
       createdBy: 'user',
-      permissions: ['messages'] // 用户创建的API Key默认只有messages权限
+      // 设置服务权限为全部服务，确保前端显示“服务权限”为“全部服务”且具备完整访问权限
+      permissions: 'all'
     }
 
     const newApiKey = await apiKeyService.createApiKey(apiKeyData)