[ EncryptCookies::class, AddQueuedCookiesToResponse::class, StartSession::class, ShareErrorsFromSession::class, VerifyCsrfToken::class, SubstituteBindings::class, LanguageMiddleware::class, RequireTwoFactorAuthentication::class, ], 'api' => [ 'throttle:120,1', ApiSubstituteBindings::class, SetSessionDriver::class, 'api..key:' . ApiKey::TYPE_APPLICATION, AuthenticateApplicationUser::class, AuthenticateIPAccess::class, ], 'client-api' => [ 'throttle:60,1', ApiSubstituteBindings::class, SetSessionDriver::class, 'api..key:' . ApiKey::TYPE_ACCOUNT, AuthenticateIPAccess::class, ], 'daemon' => [ SubstituteBindings::class, DaemonAuthenticate::class, ], ]; /** * The application's route middleware. * * @var array */ protected $routeMiddleware = [ 'auth' => Authenticate::class, 'auth.basic' => AuthenticateWithBasicAuth::class, 'guest' => RedirectIfAuthenticated::class, 'server' => AccessingValidServer::class, 'subuser.auth' => AuthenticateAsSubuser::class, 'admin' => AdminAuthenticate::class, 'daemon-old' => OldDaemonAuthenticate::class, 'csrf' => VerifyCsrfToken::class, 'throttle' => ThrottleRequests::class, 'can' => Authorize::class, 'bindings' => SubstituteBindings::class, 'recaptcha' => VerifyReCaptcha::class, // Server specific middleware (used for authenticating access to resources) // // These are only used for individual server authentication, and not gloabl // actions from other resources. They are defined in the route files. 'server..database' => DatabaseBelongsToServer::class, 'server..subuser' => SubuserBelongsToServer::class, 'server..schedule' => ScheduleBelongsToServer::class, // API Specific Middleware 'api..key' => AuthenticateKey::class, ]; }