Pterodactyl-Panel/app/Http/Kernel.php

<?php

namespace Pterodactyl\Http;

use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Http\Middleware\HandleCors;
use Illuminate\Auth\Middleware\Authenticate;
use Illuminate\Http\Middleware\TrustProxies;
use Pterodactyl\Http\Middleware\TrimStrings;
use Illuminate\Session\Middleware\StartSession;
use Pterodactyl\Http\Middleware\EncryptCookies;
use Pterodactyl\Http\Middleware\Api\IsValidJson;
use Pterodactyl\Http\Middleware\VerifyCsrfToken;
use Pterodactyl\Http\Middleware\VerifyReCaptcha;
use Illuminate\Routing\Middleware\ThrottleRequests;
use Pterodactyl\Http\Middleware\LanguageMiddleware;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Pterodactyl\Http\Middleware\Activity\TrackAPIKey;
use Illuminate\Session\Middleware\AuthenticateSession;
use Illuminate\View\Middleware\ShareErrorsFromSession;
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
use Pterodactyl\Http\Middleware\EnsureStatefulRequests;
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
use Pterodactyl\Http\Middleware\Api\Client\RequireClientApiKey;
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings;
use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     */
    protected $middleware = [
        TrustProxies::class,
        HandleCors::class,
        PreventRequestsDuringMaintenance::class,
        ValidatePostSize::class,
        TrimStrings::class,
        ConvertEmptyStringsToNull::class,
    ];

    /**
     * The application's route middleware groups.
     */
    protected $middlewareGroups = [
        'web' => [
            EncryptCookies::class,
            AddQueuedCookiesToResponse::class,
            StartSession::class,
            ShareErrorsFromSession::class,
            VerifyCsrfToken::class,
            SubstituteBindings::class,
            LanguageMiddleware::class,
        ],
        'api' => [
            EnsureStatefulRequests::class,
            'auth:sanctum',
            IsValidJson::class,
            TrackAPIKey::class,
            RequireTwoFactorAuthentication::class,
            AuthenticateIPAccess::class,
        ],
        'application-api' => [
            SubstituteBindings::class,
            AuthenticateApplicationUser::class,
        ],
        'client-api' => [
            SubstituteClientBindings::class,
            RequireClientApiKey::class,
        ],
        'daemon' => [
            SubstituteBindings::class,
            DaemonAuthenticate::class,
        ],
    ];

    /**
     * The application's route middleware.
     */
    protected $routeMiddleware = [
        'auth' => Authenticate::class,
        'auth.basic' => AuthenticateWithBasicAuth::class,
        'auth.session' => AuthenticateSession::class,
        'guest' => RedirectIfAuthenticated::class,
        'csrf' => VerifyCsrfToken::class,
        'throttle' => ThrottleRequests::class,
        'can' => Authorize::class,
        'bindings' => SubstituteBindings::class,
        'recaptcha' => VerifyReCaptcha::class,
        'node.maintenance' => MaintenanceMiddleware::class,
    ];
}
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 19:58:49 +01:00			`<?php`

			`namespace Pterodactyl\Http;`

Shorten imports 2017-10-29 21:57:43 +01:00			`use Illuminate\Auth\Middleware\Authorize;`
Upgrade to Laravel 9 (#4413) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2022-10-14 18:59:20 +02:00			`use Illuminate\Http\Middleware\HandleCors;`
Shorten imports 2017-10-29 21:57:43 +01:00			`use Illuminate\Auth\Middleware\Authenticate;`
Run php-cs-fixer 2022-05-14 22:03:50 +02:00			`use Illuminate\Http\Middleware\TrustProxies;`
Shorten imports 2017-10-29 21:57:43 +01:00			`use Pterodactyl\Http\Middleware\TrimStrings;`
			`use Illuminate\Session\Middleware\StartSession;`
			`use Pterodactyl\Http\Middleware\EncryptCookies;`
Show a better error when JSON data cannot be parsed in the request 2020-07-01 05:05:11 +02:00			`use Pterodactyl\Http\Middleware\Api\IsValidJson;`
Shorten imports 2017-10-29 21:57:43 +01:00			`use Pterodactyl\Http\Middleware\VerifyCsrfToken;`
			`use Pterodactyl\Http\Middleware\VerifyReCaptcha;`
			`use Illuminate\Routing\Middleware\ThrottleRequests;`
			`use Pterodactyl\Http\Middleware\LanguageMiddleware;`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 19:58:49 +01:00			`use Illuminate\Foundation\Http\Kernel as HttpKernel;`
Begin implementation of new daemon authentication scheme 2017-09-24 03:45:25 +02:00			`use Illuminate\Routing\Middleware\SubstituteBindings;`
Add support for tracking when an activity event is triggered from an API key 2022-06-18 18:07:44 +02:00			`use Pterodactyl\Http\Middleware\Activity\TrackAPIKey;`
Logout other sessions when password is changed closes #1222 2018-07-01 02:50:58 +02:00			`use Illuminate\Session\Middleware\AuthenticateSession;`
Shorten imports 2017-10-29 21:57:43 +01:00			`use Illuminate\View\Middleware\ShareErrorsFromSession;`
Get dashboard in a more working state 2018-06-06 08:42:34 +02:00			`use Pterodactyl\Http\Middleware\MaintenanceMiddleware;`
Mark a request as being stateful if a cookie for the session is provided at all This accounts for poorly configured API clients that try to use cookies for authentication purposes. Treat everything with a session cookie as being a stateful request from the front-end. 2022-05-22 22:50:36 +02:00			`use Pterodactyl\Http\Middleware\EnsureStatefulRequests;`
Shorten imports 2017-10-29 21:57:43 +01:00			`use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;`
			`use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;`
Move everything around as needed to get things setup for the client API 2018-02-25 22:30:56 +01:00			`use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 19:20:09 +01:00			`use Illuminate\Foundation\Http\Middleware\ValidatePostSize;`
Shorten imports 2017-10-29 21:57:43 +01:00			`use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;`
Change the way API keys are stored and validated; clarify API namespacing Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison. 2018-01-13 23:06:19 +01:00			`use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;`
Fix up API handling logic for keys and set a prefix on all keys 2022-05-23 01:03:51 +02:00			`use Pterodactyl\Http\Middleware\Api\Client\RequireClientApiKey;`
Fix cs-fix run 2022-06-26 22:21:07 +02:00			`use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 19:20:09 +01:00			`use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 20:10:01 +02:00			`use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings;`
Ensure we don't cause a mess with the auth providers 2022-05-23 00:16:47 +02:00			`use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;`
Move everything around as needed to get things setup for the client API 2018-02-25 22:30:56 +01:00			`use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 19:58:49 +01:00
			`class Kernel extends HttpKernel`
			`{`
			`/**`
			`* The application's global HTTP middleware stack.`
			`*/`
			`protected $middleware = [`
Ensure we don't cause a mess with the auth providers 2022-05-23 00:16:47 +02:00			`TrustProxies::class,`
			`HandleCors::class,`
			`PreventRequestsDuringMaintenance::class,`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 19:20:09 +01:00			`ValidatePostSize::class,`
Shorten imports 2017-10-29 21:57:43 +01:00			`TrimStrings::class,`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 19:20:09 +01:00			`ConvertEmptyStringsToNull::class,`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 19:58:49 +01:00			`];`

Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 23:09:00 +02:00			`/**`
			`* The application's route middleware groups.`
			`*/`
			`protected $middlewareGroups = [`
			`'web' => [`
Ensure we don't cause a mess with the auth providers 2022-05-23 00:16:47 +02:00			`EncryptCookies::class,`
Shorten imports 2017-10-29 21:57:43 +01:00			`AddQueuedCookiesToResponse::class,`
			`StartSession::class,`
			`ShareErrorsFromSession::class,`
			`VerifyCsrfToken::class,`
			`SubstituteBindings::class,`
			`LanguageMiddleware::class,`
Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 23:09:00 +02:00			`],`
			`'api' => [`
Mark a request as being stateful if a cookie for the session is provided at all This accounts for poorly configured API clients that try to use cookies for authentication purposes. Treat everything with a session cookie as being a stateful request from the front-end. 2022-05-22 22:50:36 +02:00			`EnsureStatefulRequests::class,`
Initial pass at implementing Laravel Sanctum for authorization on the API 2022-05-22 20:57:06 +02:00			`'auth:sanctum',`
Perform a bit of code cleanup 2022-05-22 23:23:48 +02:00			`IsValidJson::class,`
Add support for tracking when an activity event is triggered from an API key 2022-06-18 18:07:44 +02:00			`TrackAPIKey::class,`
Initial pass at implementing Laravel Sanctum for authorization on the API 2022-05-22 20:57:06 +02:00			`RequireTwoFactorAuthentication::class,`
			`AuthenticateIPAccess::class,`
Switch to more recent Laravel route definition methods 2022-05-14 21:51:05 +02:00			`],`
			`'application-api' => [`
Massively simplify API binding logic Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code. This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking. 2022-05-22 20:10:01 +02:00			`SubstituteBindings::class,`
Move everything around as needed to get things setup for the client API 2018-02-25 22:30:56 +01:00			`AuthenticateApplicationUser::class,`
Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 23:09:00 +02:00			`],`
Fix up API handling logic for keys and set a prefix on all keys 2022-05-23 01:03:51 +02:00			`'client-api' => [`
			`SubstituteClientBindings::class,`
			`RequireClientApiKey::class,`
			`],`
Begin implementation of new daemon authentication scheme 2017-09-24 03:45:25 +02:00			`'daemon' => [`
			`SubstituteBindings::class,`
Fix daemon auth 2017-11-04 23:16:44 +01:00			`DaemonAuthenticate::class,`
Begin implementation of new daemon authentication scheme 2017-09-24 03:45:25 +02:00			`],`
Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 23:09:00 +02:00			`];`

Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 19:58:49 +01:00			`/**`
			`* The application's route middleware.`
			`*/`
			`protected $routeMiddleware = [`
Shorten imports 2017-10-29 21:57:43 +01:00			`'auth' => Authenticate::class,`
			`'auth.basic' => AuthenticateWithBasicAuth::class,`
Ensure we don't cause a mess with the auth providers 2022-05-23 00:16:47 +02:00			`'auth.session' => AuthenticateSession::class,`
Shorten imports 2017-10-29 21:57:43 +01:00			`'guest' => RedirectIfAuthenticated::class,`
			`'csrf' => VerifyCsrfToken::class,`
			`'throttle' => ThrottleRequests::class,`
			`'can' => Authorize::class,`
			`'bindings' => SubstituteBindings::class,`
			`'recaptcha' => VerifyReCaptcha::class,`
Renamed middleware, and fixed the test 2018-05-31 16:40:18 +02:00			`'node.maintenance' => MaintenanceMiddleware::class,`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 19:58:49 +01:00			`];`
			`}`