2022-05-22 20:50:36 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Pterodactyl\Http\Middleware;
|
|
|
|
|
|
|
|
use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
|
|
|
|
|
|
|
|
class EnsureStatefulRequests extends EnsureFrontendRequestsAreStateful
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Determines if a request is stateful or not. This is determined using the default
|
|
|
|
* Sanctum "fromFrontend" helper method. However, we also check if the request includes
|
|
|
|
* a cookie value for the Pterodactyl session. If so, we assume this is a stateful
|
|
|
|
* request.
|
|
|
|
*
|
|
|
|
* We don't want to support API usage using the cookies, except for requests stemming
|
|
|
|
* from the front-end we control.
|
|
|
|
*/
|
2022-05-22 20:54:07 +00:00
|
|
|
public static function fromFrontend($request)
|
2022-05-22 20:50:36 +00:00
|
|
|
{
|
2022-05-22 20:54:07 +00:00
|
|
|
if (parent::fromFrontend($request)) {
|
|
|
|
return true;
|
|
|
|
}
|
2022-05-22 20:50:36 +00:00
|
|
|
|
2022-05-22 20:54:07 +00:00
|
|
|
return $request->hasCookie(config('session.cookie'));
|
2022-05-22 20:50:36 +00:00
|
|
|
}
|
|
|
|
}
|