1
<?php
2

3
namespace Pterodactyl\Http\Middleware\Api\Client;
4

5
use Illuminate\Http\Request;
6
use Pterodactyl\Models\ApiKey;
7
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
8

9
class RequireClientApiKey
10
{
11
    /**
12
     * Blocks a request to the Client API endpoints if the user is providing an API token
13
     * that was created for the application API.
14
     */
15
    public function handle(Request $request, \Closure $next): mixed
16
    {
17
        $token = $request->user()->currentAccessToken();
18

19
        if ($token instanceof ApiKey && $token->key_type === ApiKey::TYPE_APPLICATION) { // @phpstan-ignore instanceof.alwaysTrue
20
            throw new AccessDeniedHttpException('You are attempting to use an application API key on an endpoint that requires a client API key.');
21
        }
22

23
        return $next($request);
24
    }
25
}
26

27