1
<?php
2

3
namespace Pterodactyl\Http;
4

5
use Illuminate\Auth\Middleware\Authorize;
6
use Illuminate\Http\Middleware\HandleCors;
7
use Illuminate\Auth\Middleware\Authenticate;
8
use Illuminate\Http\Middleware\TrustProxies;
9
use Pterodactyl\Http\Middleware\TrimStrings;
10
use Illuminate\Session\Middleware\StartSession;
11
use Pterodactyl\Http\Middleware\EncryptCookies;
12
use Pterodactyl\Http\Middleware\Api\IsValidJson;
13
use Pterodactyl\Http\Middleware\VerifyCsrfToken;
14
use Pterodactyl\Http\Middleware\VerifyReCaptcha;
15
use Illuminate\Routing\Middleware\ThrottleRequests;
16
use Pterodactyl\Http\Middleware\LanguageMiddleware;
17
use Illuminate\Foundation\Http\Kernel as HttpKernel;
18
use Illuminate\Routing\Middleware\SubstituteBindings;
19
use Pterodactyl\Http\Middleware\Activity\TrackAPIKey;
20
use Illuminate\Session\Middleware\AuthenticateSession;
21
use Illuminate\View\Middleware\ShareErrorsFromSession;
22
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
23
use Pterodactyl\Http\Middleware\EnsureStatefulRequests;
24
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
25
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
26
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
27
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
28
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
29
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
30
use Pterodactyl\Http\Middleware\Api\Client\RequireClientApiKey;
31
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
32
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
33
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientBindings;
34
use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
35
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;
36

37
class Kernel extends HttpKernel
38
{
39
    /**
40
     * The application's global HTTP middleware stack.
41
     */
42
    protected $middleware = [
43
        TrustProxies::class,
44
        HandleCors::class,
45
        PreventRequestsDuringMaintenance::class,
46
        ValidatePostSize::class,
47
        TrimStrings::class,
48
        ConvertEmptyStringsToNull::class,
49
    ];
50

51
    /**
52
     * The application's route middleware groups.
53
     */
54
    protected $middlewareGroups = [
55
        'web' => [
56
            EncryptCookies::class,
57
            AddQueuedCookiesToResponse::class,
58
            StartSession::class,
59
            ShareErrorsFromSession::class,
60
            VerifyCsrfToken::class,
61
            SubstituteBindings::class,
62
            LanguageMiddleware::class,
63
        ],
64
        'api' => [
65
            EnsureStatefulRequests::class,
66
            'auth:sanctum',
67
            IsValidJson::class,
68
            TrackAPIKey::class,
69
            RequireTwoFactorAuthentication::class,
70
            AuthenticateIPAccess::class,
71
        ],
72
        'application-api' => [
73
            SubstituteBindings::class,
74
            AuthenticateApplicationUser::class,
75
        ],
76
        'client-api' => [
77
            SubstituteClientBindings::class,
78
            RequireClientApiKey::class,
79
        ],
80
        'daemon' => [
81
            SubstituteBindings::class,
82
            DaemonAuthenticate::class,
83
        ],
84
    ];
85

86
    /**
87
     * The application's route middleware.
88
     */
89
    protected $middlewareAliases = [
90
        'auth' => Authenticate::class,
91
        'auth.basic' => AuthenticateWithBasicAuth::class,
92
        'auth.session' => AuthenticateSession::class,
93
        'guest' => RedirectIfAuthenticated::class,
94
        'csrf' => VerifyCsrfToken::class,
95
        'throttle' => ThrottleRequests::class,
96
        'can' => Authorize::class,
97
        'bindings' => SubstituteBindings::class,
98
        'recaptcha' => VerifyReCaptcha::class,
99
        'node.maintenance' => MaintenanceMiddleware::class,
100
    ];
101
}
102

103