2022-05-22 23:03:51 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Pterodactyl\Http\Middleware\Api\Client;
|
|
|
|
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
use Pterodactyl\Models\ApiKey;
|
|
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
|
|
|
|
|
|
class RequireClientApiKey
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Blocks a request to the Client API endpoints if the user is providing an API token
|
|
|
|
* that was created for the application API.
|
|
|
|
*/
|
2022-10-14 16:59:20 +00:00
|
|
|
public function handle(Request $request, \Closure $next): mixed
|
2022-05-22 23:03:51 +00:00
|
|
|
{
|
|
|
|
$token = $request->user()->currentAccessToken();
|
|
|
|
|
|
|
|
if ($token instanceof ApiKey && $token->key_type === ApiKey::TYPE_APPLICATION) {
|
|
|
|
throw new AccessDeniedHttpException('You are attempting to use an application API key on an endpoint that requires a client API key.');
|
|
|
|
}
|
|
|
|
|
|
|
|
return $next($request);
|
|
|
|
}
|
|
|
|
}
|