120 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			120 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| namespace Pterodactyl\Http;
 | |
| 
 | |
| use Pterodactyl\Models\ApiKey;
 | |
| use Illuminate\Auth\Middleware\Authorize;
 | |
| use Illuminate\Http\Middleware\TrustProxies;
 | |
| use Illuminate\Auth\Middleware\Authenticate;
 | |
| use Pterodactyl\Http\Middleware\TrimStrings;
 | |
| use Illuminate\Session\Middleware\StartSession;
 | |
| use Pterodactyl\Http\Middleware\EncryptCookies;
 | |
| use Pterodactyl\Http\Middleware\Api\IsValidJson;
 | |
| use Pterodactyl\Http\Middleware\VerifyCsrfToken;
 | |
| use Pterodactyl\Http\Middleware\VerifyReCaptcha;
 | |
| use Pterodactyl\Http\Middleware\AdminAuthenticate;
 | |
| use Illuminate\Routing\Middleware\ThrottleRequests;
 | |
| use Pterodactyl\Http\Middleware\LanguageMiddleware;
 | |
| use Illuminate\Foundation\Http\Kernel as HttpKernel;
 | |
| use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
 | |
| use Illuminate\Routing\Middleware\SubstituteBindings;
 | |
| use Illuminate\Session\Middleware\AuthenticateSession;
 | |
| use Illuminate\View\Middleware\ShareErrorsFromSession;
 | |
| use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 | |
| use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
 | |
| use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 | |
| use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
 | |
| use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 | |
| use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
 | |
| use Pterodactyl\Http\Middleware\Api\HandleStatelessRequest;
 | |
| use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 | |
| use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
 | |
| use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
 | |
| use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
 | |
| use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
 | |
| use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
 | |
| use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
 | |
| 
 | |
| class Kernel extends HttpKernel
 | |
| {
 | |
|     /**
 | |
|      * The application's global HTTP middleware stack.
 | |
|      *
 | |
|      * @var array
 | |
|      */
 | |
|     protected $middleware = [
 | |
|         CheckForMaintenanceMode::class,
 | |
|         EncryptCookies::class,
 | |
|         ValidatePostSize::class,
 | |
|         TrimStrings::class,
 | |
|         ConvertEmptyStringsToNull::class,
 | |
|         TrustProxies::class,
 | |
|     ];
 | |
| 
 | |
|     /**
 | |
|      * The application's route middleware groups.
 | |
|      *
 | |
|      * @var array
 | |
|      */
 | |
|     protected $middlewareGroups = [
 | |
|         'web' => [
 | |
|             AddQueuedCookiesToResponse::class,
 | |
|             StartSession::class,
 | |
|             AuthenticateSession::class,
 | |
|             ShareErrorsFromSession::class,
 | |
|             VerifyCsrfToken::class,
 | |
|             SubstituteBindings::class,
 | |
|             LanguageMiddleware::class,
 | |
|             RequireTwoFactorAuthentication::class,
 | |
|         ],
 | |
|         'api' => [
 | |
|             HandleStatelessRequest::class,
 | |
|             IsValidJson::class,
 | |
|             StartSession::class,
 | |
|             AuthenticateSession::class,
 | |
|             VerifyCsrfToken::class,
 | |
|         ],
 | |
|         'application-api' => [
 | |
|             ApiSubstituteBindings::class,
 | |
|             'api..key:' . ApiKey::TYPE_APPLICATION,
 | |
|             AuthenticateApplicationUser::class,
 | |
|             AuthenticateIPAccess::class,
 | |
|         ],
 | |
|         'client-api' => [
 | |
|             SubstituteClientApiBindings::class,
 | |
|             'api..key:' . ApiKey::TYPE_ACCOUNT,
 | |
|             AuthenticateIPAccess::class,
 | |
|             // This is perhaps a little backwards with the Client API, but logically you'd be unable
 | |
|             // to create/get an API key without first enabling 2FA on the account, so I suppose in the
 | |
|             // end it makes sense.
 | |
|             //
 | |
|             // You just wouldn't be authenticating with the API by providing a 2FA token.
 | |
|             RequireTwoFactorAuthentication::class,
 | |
|         ],
 | |
|         'daemon' => [
 | |
|             SubstituteBindings::class,
 | |
|             DaemonAuthenticate::class,
 | |
|         ],
 | |
|     ];
 | |
| 
 | |
|     /**
 | |
|      * The application's route middleware.
 | |
|      *
 | |
|      * @var array
 | |
|      */
 | |
|     protected $routeMiddleware = [
 | |
|         'auth' => Authenticate::class,
 | |
|         'auth.basic' => AuthenticateWithBasicAuth::class,
 | |
|         'guest' => RedirectIfAuthenticated::class,
 | |
|         'admin' => AdminAuthenticate::class,
 | |
|         'csrf' => VerifyCsrfToken::class,
 | |
|         'throttle' => ThrottleRequests::class,
 | |
|         'can' => Authorize::class,
 | |
|         'bindings' => SubstituteBindings::class,
 | |
|         'recaptcha' => VerifyReCaptcha::class,
 | |
|         'node.maintenance' => MaintenanceMiddleware::class,
 | |
|         // API Specific Middleware
 | |
|         'api..key' => AuthenticateKey::class,
 | |
|     ];
 | |
| }
 | 
