misc_pterodactyl-panel/app/Http/Kernel.php

<?php

namespace Pterodactyl\Http;

use Pterodactyl\Models\ApiKey;
use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Auth\Middleware\Authenticate;
use Pterodactyl\Http\Middleware\TrimStrings;
use Pterodactyl\Http\Middleware\TrustProxies;
use Illuminate\Session\Middleware\StartSession;
use Pterodactyl\Http\Middleware\EncryptCookies;
use Pterodactyl\Http\Middleware\VerifyCsrfToken;
use Pterodactyl\Http\Middleware\VerifyReCaptcha;
use Pterodactyl\Http\Middleware\AdminAuthenticate;
use Illuminate\Routing\Middleware\ThrottleRequests;
use Pterodactyl\Http\Middleware\LanguageMiddleware;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
use Illuminate\Session\Middleware\AuthenticateSession;
use Illuminate\View\Middleware\ShareErrorsFromSession;
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Pterodactyl\Http\Middleware\Server\AccessingValidServer;
use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;
use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
use Pterodactyl\Http\Middleware\Server\SubuserBelongsToServer;
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
use Pterodactyl\Http\Middleware\Server\DatabaseBelongsToServer;
use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer;
use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * @var array
     */
    protected $middleware = [
        CheckForMaintenanceMode::class,
        EncryptCookies::class,
        ValidatePostSize::class,
        TrimStrings::class,
        ConvertEmptyStringsToNull::class,
        TrustProxies::class,
    ];

    /**
     * The application's route middleware groups.
     *
     * @var array
     */
    protected $middlewareGroups = [
        'web' => [
            AddQueuedCookiesToResponse::class,
            StartSession::class,
            AuthenticateSession::class,
            ShareErrorsFromSession::class,
            VerifyCsrfToken::class,
            SubstituteBindings::class,
            LanguageMiddleware::class,
            RequireTwoFactorAuthentication::class,
        ],
        'api' => [
            'throttle:240,1',
            ApiSubstituteBindings::class,
            SetSessionDriver::class,
            'api..key:' . ApiKey::TYPE_APPLICATION,
            AuthenticateApplicationUser::class,
            AuthenticateIPAccess::class,
        ],
        'client-api' => [
            'throttle:240,1',
            StartSession::class,
            SetSessionDriver::class,
            AuthenticateSession::class,
            SubstituteClientApiBindings::class,
            'api..key:' . ApiKey::TYPE_ACCOUNT,
            AuthenticateIPAccess::class,
        ],
        'daemon' => [
            SubstituteBindings::class,
            DaemonAuthenticate::class,
        ],
    ];

    /**
     * The application's route middleware.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => Authenticate::class,
        'auth.basic' => AuthenticateWithBasicAuth::class,
        'guest' => RedirectIfAuthenticated::class,
        'server' => AccessingValidServer::class,
        'subuser.auth' => AuthenticateAsSubuser::class,
        'admin' => AdminAuthenticate::class,
        'csrf' => VerifyCsrfToken::class,
        'throttle' => ThrottleRequests::class,
        'can' => Authorize::class,
        'bindings' => SubstituteBindings::class,
        'recaptcha' => VerifyReCaptcha::class,
        'node.maintenance' => MaintenanceMiddleware::class,

        // Server specific middleware (used for authenticating access to resources)
        //
        // These are only used for individual server authentication, and not global
        // actions from other resources. They are defined in the route files.
        'server..database' => DatabaseBelongsToServer::class,
        'server..subuser' => SubuserBelongsToServer::class,
        'server..schedule' => ScheduleBelongsToServer::class,

        // API Specific Middleware
        'api..key' => AuthenticateKey::class,
    ];
}
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`<?php`

			`namespace Pterodactyl\Http;`

Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`use Pterodactyl\Models\ApiKey;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Illuminate\Auth\Middleware\Authorize;`
			`use Illuminate\Auth\Middleware\Authenticate;`
			`use Pterodactyl\Http\Middleware\TrimStrings;`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 18:20:09 +00:00			`use Pterodactyl\Http\Middleware\TrustProxies;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Illuminate\Session\Middleware\StartSession;`
			`use Pterodactyl\Http\Middleware\EncryptCookies;`
			`use Pterodactyl\Http\Middleware\VerifyCsrfToken;`
			`use Pterodactyl\Http\Middleware\VerifyReCaptcha;`
			`use Pterodactyl\Http\Middleware\AdminAuthenticate;`
			`use Illuminate\Routing\Middleware\ThrottleRequests;`
			`use Pterodactyl\Http\Middleware\LanguageMiddleware;`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`use Illuminate\Foundation\Http\Kernel as HttpKernel;`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`use Pterodactyl\Http\Middleware\Api\AuthenticateKey;`
Begin implementation of new daemon authentication scheme 2017-09-24 01:45:25 +00:00			`use Illuminate\Routing\Middleware\SubstituteBindings;`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`use Pterodactyl\Http\Middleware\Api\SetSessionDriver;`
Logout other sessions when password is changed closes #1222 2018-07-01 00:50:58 +00:00			`use Illuminate\Session\Middleware\AuthenticateSession;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Illuminate\View\Middleware\ShareErrorsFromSession;`
Get dashboard in a more working state 2018-06-06 06:42:34 +00:00			`use Pterodactyl\Http\Middleware\MaintenanceMiddleware;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;`
			`use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;`
Use more logical route binding to not reveal resources on the API unless authenticated. 2018-01-20 21:33:04 +00:00			`use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 18:20:09 +00:00			`use Illuminate\Foundation\Http\Middleware\ValidatePostSize;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;`
Fix broken unit tests 2018-07-15 04:49:49 +00:00			`use Pterodactyl\Http\Middleware\Server\AccessingValidServer;`
Update all the middlewares 2017-10-29 17:37:25 +00:00			`use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;`
Change the way API keys are stored and validated; clarify API namespacing Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison. 2018-01-13 22:06:19 +00:00			`use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;`
Add database management back to front-end and begin some refactoring Here we go again boys... 2017-10-19 03:32:19 +00:00			`use Pterodactyl\Http\Middleware\Server\SubuserBelongsToServer;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;`
Add database management back to front-end and begin some refactoring Here we go again boys... 2017-10-19 03:32:19 +00:00			`use Pterodactyl\Http\Middleware\Server\DatabaseBelongsToServer;`
			`use Pterodactyl\Http\Middleware\Server\ScheduleBelongsToServer;`
Shorten imports 2017-10-29 20:57:43 +00:00			`use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 18:20:09 +00:00			`use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;`
Add base routes for managing servers as a client 2018-02-28 03:28:43 +00:00			`use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`use Pterodactyl\Http\Middleware\Api\Application\AuthenticateApplicationUser;`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00
			`class Kernel extends HttpKernel`
			`{`
			`/**`
			`* The application's global HTTP middleware stack.`
			`*`
			`* @var array`
			`*/`
			`protected $middleware = [`
Shorten imports 2017-10-29 20:57:43 +00:00			`CheckForMaintenanceMode::class,`
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-15 05:42:58 +00:00			`EncryptCookies::class,`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 18:20:09 +00:00			`ValidatePostSize::class,`
Shorten imports 2017-10-29 20:57:43 +00:00			`TrimStrings::class,`
Inital upgrade to 5.5 This simply updates dependencies and gets all of the providers and config files updated based on what the laravel/laravel currently ships with 2017-12-16 18:20:09 +00:00			`ConvertEmptyStringsToNull::class,`
Shorten imports 2017-10-29 20:57:43 +00:00			`TrustProxies::class,`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`];`

Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 21:09:00 +00:00			`/**`
			`* The application's route middleware groups.`
			`*`
			`* @var array`
			`*/`
			`protected $middlewareGroups = [`
			`'web' => [`
Shorten imports 2017-10-29 20:57:43 +00:00			`AddQueuedCookiesToResponse::class,`
			`StartSession::class,`
Logout other sessions when password is changed closes #1222 2018-07-01 00:50:58 +00:00			`AuthenticateSession::class,`
Shorten imports 2017-10-29 20:57:43 +00:00			`ShareErrorsFromSession::class,`
			`VerifyCsrfToken::class,`
			`SubstituteBindings::class,`
			`LanguageMiddleware::class,`
			`RequireTwoFactorAuthentication::class,`
Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 21:09:00 +00:00			`],`
			`'api' => [`
Get dashboard in a more working state 2018-06-06 06:42:34 +00:00			`'throttle:240,1',`
Use more logical route binding to not reveal resources on the API unless authenticated. 2018-01-20 21:33:04 +00:00			`ApiSubstituteBindings::class,`
Change how API keys are validated (#771) 2017-12-03 20:29:14 +00:00			`SetSessionDriver::class,`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`'api..key:' . ApiKey::TYPE_APPLICATION,`
			`AuthenticateApplicationUser::class,`
			`AuthenticateIPAccess::class,`
			`],`
			`'client-api' => [`
Get dashboard in a more working state 2018-06-06 06:42:34 +00:00			`'throttle:240,1',`
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-15 05:42:58 +00:00			`StartSession::class,`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`SetSessionDriver::class,`
Strip out JWT usage and use cookies to track the currently logged in user 2018-07-15 05:42:58 +00:00			`AuthenticateSession::class,`
			`SubstituteClientApiBindings::class,`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00			`'api..key:' . ApiKey::TYPE_ACCOUNT,`
Change how API keys are validated (#771) 2017-12-03 20:29:14 +00:00			`AuthenticateIPAccess::class,`
Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 21:09:00 +00:00			`],`
Begin implementation of new daemon authentication scheme 2017-09-24 01:45:25 +00:00			`'daemon' => [`
			`SubstituteBindings::class,`
Fix daemon auth 2017-11-04 22:16:44 +00:00			`DaemonAuthenticate::class,`
Begin implementation of new daemon authentication scheme 2017-09-24 01:45:25 +00:00			`],`
Update to Laravel 5.3 [BREAKING] — REMOVES REMOTE API A new API will need to be implemented properly using the new Laravel Passport OAuth2 system. DingoAPI was becoming too unstable and development wasn’t really moving along enough to continue to rely on it. 2016-09-03 21:09:00 +00:00			`];`

Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`/**`
			`* The application's route middleware.`
			`*`
			`* @var array`
			`*/`
			`protected $routeMiddleware = [`
Shorten imports 2017-10-29 20:57:43 +00:00			`'auth' => Authenticate::class,`
			`'auth.basic' => AuthenticateWithBasicAuth::class,`
			`'guest' => RedirectIfAuthenticated::class,`
Cleanup frontend controllers and middleware 2017-10-28 02:42:53 +00:00			`'server' => AccessingValidServer::class,`
Update all the middlewares 2017-10-29 17:37:25 +00:00			`'subuser.auth' => AuthenticateAsSubuser::class,`
Shorten imports 2017-10-29 20:57:43 +00:00			`'admin' => AdminAuthenticate::class,`
			`'csrf' => VerifyCsrfToken::class,`
			`'throttle' => ThrottleRequests::class,`
			`'can' => Authorize::class,`
			`'bindings' => SubstituteBindings::class,`
			`'recaptcha' => VerifyReCaptcha::class,`
Renamed middleware, and fixed the test 2018-05-31 14:40:18 +00:00			`'node.maintenance' => MaintenanceMiddleware::class,`
Add database management back to front-end and begin some refactoring Here we go again boys... 2017-10-19 03:32:19 +00:00
			`// Server specific middleware (used for authenticating access to resources)`
			`//`
Fix app/ spelling errors 2018-05-13 14:50:56 +00:00			`// These are only used for individual server authentication, and not global`
Add database management back to front-end and begin some refactoring Here we go again boys... 2017-10-19 03:32:19 +00:00			`// actions from other resources. They are defined in the route files.`
			`'server..database' => DatabaseBelongsToServer::class,`
			`'server..subuser' => SubuserBelongsToServer::class,`
			`'server..schedule' => ScheduleBelongsToServer::class,`
Move everything around as needed to get things setup for the client API 2018-02-25 21:30:56 +00:00
			`// API Specific Middleware`
			`'api..key' => AuthenticateKey::class,`
Initial Commit of Files PufferPanel v0.9 (Laravel) is now Pterodactyl 1.0 2015-12-06 18:58:49 +00:00			`];`
			`}`