2015-12-06 19:58:49 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Pterodactyl\Http;
|
|
|
|
|
2018-02-25 22:30:56 +01:00
|
|
|
use Pterodactyl\Models\ApiKey;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Illuminate\Auth\Middleware\Authorize;
|
|
|
|
use Illuminate\Auth\Middleware\Authenticate;
|
|
|
|
use Pterodactyl\Http\Middleware\TrimStrings;
|
2017-12-16 19:20:09 +01:00
|
|
|
use Pterodactyl\Http\Middleware\TrustProxies;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Illuminate\Session\Middleware\StartSession;
|
|
|
|
use Pterodactyl\Http\Middleware\EncryptCookies;
|
2020-07-01 05:05:11 +02:00
|
|
|
use Pterodactyl\Http\Middleware\Api\IsValidJson;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Pterodactyl\Http\Middleware\VerifyCsrfToken;
|
|
|
|
use Pterodactyl\Http\Middleware\VerifyReCaptcha;
|
|
|
|
use Pterodactyl\Http\Middleware\AdminAuthenticate;
|
|
|
|
use Illuminate\Routing\Middleware\ThrottleRequests;
|
|
|
|
use Pterodactyl\Http\Middleware\LanguageMiddleware;
|
2015-12-06 19:58:49 +01:00
|
|
|
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
2018-02-25 22:30:56 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
|
2017-09-24 03:45:25 +02:00
|
|
|
use Illuminate\Routing\Middleware\SubstituteBindings;
|
2018-07-01 02:50:58 +02:00
|
|
|
use Illuminate\Session\Middleware\AuthenticateSession;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
2018-06-06 08:42:34 +02:00
|
|
|
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
|
|
|
|
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
2018-02-25 22:30:56 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
2018-01-20 22:33:04 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
|
2017-12-16 19:20:09 +01:00
|
|
|
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
|
2021-11-04 04:51:18 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\HandleStatelessRequest;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
2018-01-13 23:06:19 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
|
2017-10-29 21:57:43 +01:00
|
|
|
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
|
|
|
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
|
2017-12-16 19:20:09 +01:00
|
|
|
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
2018-02-28 04:28:43 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
|
2018-02-25 22:30:56 +01:00
|
|
|
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
|
2015-12-06 19:58:49 +01:00
|
|
|
|
|
|
|
class Kernel extends HttpKernel
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* The application's global HTTP middleware stack.
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $middleware = [
|
2017-10-29 21:57:43 +01:00
|
|
|
CheckForMaintenanceMode::class,
|
2018-07-15 07:42:58 +02:00
|
|
|
EncryptCookies::class,
|
2017-12-16 19:20:09 +01:00
|
|
|
ValidatePostSize::class,
|
2017-10-29 21:57:43 +01:00
|
|
|
TrimStrings::class,
|
2017-12-16 19:20:09 +01:00
|
|
|
ConvertEmptyStringsToNull::class,
|
2017-10-29 21:57:43 +01:00
|
|
|
TrustProxies::class,
|
2015-12-06 19:58:49 +01:00
|
|
|
];
|
|
|
|
|
2016-09-03 23:09:00 +02:00
|
|
|
/**
|
|
|
|
* The application's route middleware groups.
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $middlewareGroups = [
|
|
|
|
'web' => [
|
2017-10-29 21:57:43 +01:00
|
|
|
AddQueuedCookiesToResponse::class,
|
|
|
|
StartSession::class,
|
2018-07-01 02:50:58 +02:00
|
|
|
AuthenticateSession::class,
|
2017-10-29 21:57:43 +01:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
VerifyCsrfToken::class,
|
|
|
|
SubstituteBindings::class,
|
|
|
|
LanguageMiddleware::class,
|
|
|
|
RequireTwoFactorAuthentication::class,
|
2016-09-03 23:09:00 +02:00
|
|
|
],
|
|
|
|
'api' => [
|
2021-11-04 04:51:18 +01:00
|
|
|
HandleStatelessRequest::class,
|
2020-07-01 05:05:11 +02:00
|
|
|
IsValidJson::class,
|
2021-11-04 05:33:21 +01:00
|
|
|
StartSession::class,
|
|
|
|
AuthenticateSession::class,
|
2018-01-20 22:33:04 +01:00
|
|
|
ApiSubstituteBindings::class,
|
2018-02-25 22:30:56 +01:00
|
|
|
'api..key:' . ApiKey::TYPE_APPLICATION,
|
|
|
|
AuthenticateApplicationUser::class,
|
2021-11-17 05:02:18 +01:00
|
|
|
VerifyCsrfToken::class,
|
2018-02-25 22:30:56 +01:00
|
|
|
AuthenticateIPAccess::class,
|
|
|
|
],
|
|
|
|
'client-api' => [
|
2021-11-04 04:51:18 +01:00
|
|
|
HandleStatelessRequest::class,
|
|
|
|
IsValidJson::class,
|
2018-07-15 07:42:58 +02:00
|
|
|
StartSession::class,
|
|
|
|
AuthenticateSession::class,
|
|
|
|
SubstituteClientApiBindings::class,
|
2018-02-25 22:30:56 +01:00
|
|
|
'api..key:' . ApiKey::TYPE_ACCOUNT,
|
2017-12-03 21:29:14 +01:00
|
|
|
AuthenticateIPAccess::class,
|
2021-11-17 05:02:18 +01:00
|
|
|
VerifyCsrfToken::class,
|
2020-12-06 22:56:14 +01:00
|
|
|
// This is perhaps a little backwards with the Client API, but logically you'd be unable
|
|
|
|
// to create/get an API key without first enabling 2FA on the account, so I suppose in the
|
|
|
|
// end it makes sense.
|
|
|
|
//
|
|
|
|
// You just wouldn't be authenticating with the API by providing a 2FA token.
|
|
|
|
RequireTwoFactorAuthentication::class,
|
2016-09-03 23:09:00 +02:00
|
|
|
],
|
2017-09-24 03:45:25 +02:00
|
|
|
'daemon' => [
|
|
|
|
SubstituteBindings::class,
|
2017-11-04 23:16:44 +01:00
|
|
|
DaemonAuthenticate::class,
|
2017-09-24 03:45:25 +02:00
|
|
|
],
|
2016-09-03 23:09:00 +02:00
|
|
|
];
|
|
|
|
|
2015-12-06 19:58:49 +01:00
|
|
|
/**
|
|
|
|
* The application's route middleware.
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $routeMiddleware = [
|
2017-10-29 21:57:43 +01:00
|
|
|
'auth' => Authenticate::class,
|
|
|
|
'auth.basic' => AuthenticateWithBasicAuth::class,
|
|
|
|
'guest' => RedirectIfAuthenticated::class,
|
|
|
|
'admin' => AdminAuthenticate::class,
|
|
|
|
'csrf' => VerifyCsrfToken::class,
|
|
|
|
'throttle' => ThrottleRequests::class,
|
|
|
|
'can' => Authorize::class,
|
|
|
|
'bindings' => SubstituteBindings::class,
|
|
|
|
'recaptcha' => VerifyReCaptcha::class,
|
2018-05-31 16:40:18 +02:00
|
|
|
'node.maintenance' => MaintenanceMiddleware::class,
|
2018-02-25 22:30:56 +01:00
|
|
|
// API Specific Middleware
|
|
|
|
'api..key' => AuthenticateKey::class,
|
2015-12-06 19:58:49 +01:00
|
|
|
];
|
|
|
|
}
|