1
<?php
2

3
namespace Pterodactyl\Http\Middleware;
4

5
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
6

7
class EnsureStatefulRequests extends EnsureFrontendRequestsAreStateful
8
{
9
    /**
10
     * Determines if a request is stateful or not. This is determined using the default
11
     * Sanctum "fromFrontend" helper method. However, we also check if the request includes
12
     * a cookie value for the Pterodactyl session. If so, we assume this is a stateful
13
     * request.
14
     *
15
     * We don't want to support API usage using the cookies, except for requests stemming
16
     * from the front-end we control.
17
     */
18
    public static function fromFrontend($request)
19
    {
20
        if (parent::fromFrontend($request)) {
21
            return true;
22
        }
23

24
        return $request->hasCookie(config('session.cookie'));
25
    }
26
}
27

28