1
<?php
2

3
namespace Pterodactyl\Http\Middleware\Api\Application;
4

5
use Illuminate\Http\Request;
6
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
7

8
class AuthenticateApplicationUser
9
{
10
    /**
11
     * Authenticate that the currently authenticated user is an administrator
12
     * and should be allowed to proceed through the application API.
13
     */
14
    public function handle(Request $request, \Closure $next): mixed
15
    {
16
        /** @var \Pterodactyl\Models\User|null $user */
17
        $user = $request->user();
18
        if (!$user || !$user->root_admin) {
19
            throw new AccessDeniedHttpException('This account does not have permission to access the API.');
20
        }
21

22
        return $next($request);
23
    }
24
}
25

26