misc_pterodactyl-panel/app/Http/Middleware/Api/Client/RequireClientApiKey.php

<?php

namespace Pterodactyl\Http\Middleware\Api\Client;

use Illuminate\Http\Request;
use Pterodactyl\Models\ApiKey;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

class RequireClientApiKey
{
    /**
     * Blocks a request to the Client API endpoints if the user is providing an API token
     * that was created for the application API.
     *
     * @return mixed
     */
    public function handle(Request $request, \Closure $next)
    {
        $token = $request->user()->currentAccessToken();

        if ($token instanceof ApiKey && $token->key_type === ApiKey::TYPE_APPLICATION) {
            throw new AccessDeniedHttpException('You are attempting to use an application API key on an endpoint that requires a client API key.');
        }

        return $next($request);
    }
}
Fix up API handling logic for keys and set a prefix on all keys 2022-05-22 23:03:51 +00:00			`<?php`

			`namespace Pterodactyl\Http\Middleware\Api\Client;`

			`use Illuminate\Http\Request;`
			`use Pterodactyl\Models\ApiKey;`
			`use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;`

			`class RequireClientApiKey`
			`{`
			`/**`
			`* Blocks a request to the Client API endpoints if the user is providing an API token`
			`* that was created for the application API.`
			`*`
			`* @return mixed`
			`*/`
			`public function handle(Request $request, \Closure $next)`
			`{`
			`$token = $request->user()->currentAccessToken();`

			`if ($token instanceof ApiKey && $token->key_type === ApiKey::TYPE_APPLICATION) {`
			`throw new AccessDeniedHttpException('You are attempting to use an application API key on an endpoint that requires a client API key.');`
			`}`

			`return $next($request);`
			`}`
			`}`