misc_pterodactyl-panel/app/Http/Middleware/Api/PreventUnboundModels.php

<?php

namespace Pterodactyl\Http\Middleware\Api;

use Closure;
use Exception;
use Illuminate\Support\Reflector;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Contracts\Routing\UrlRoutable;

class PreventUnboundModels
{
    /**
     * Prevents a request from making it to a controller action if there is a model
     * injection on the controller that has not been explicitly bound by the request.
     * This prevents empty models from being valid in scenarios where a new model is
     * added but not properly defined in the substitution middleware.
     *
     * @param \Illuminate\Http\Request $request
     *
     * @return mixed
     *
     * @throws \Exception
     */
    public function handle($request, Closure $next)
    {
        $route = $request->route();
        $parameters = $route->parameters() ?? [];

        /** @var \ReflectionParameter[] $signatures */
        $signatures = $route->signatureParameters(UrlRoutable::class);
        foreach ($signatures as $signature) {
            $class = Reflector::getParameterClassName($signature);
            if (is_null($class) || !is_subclass_of($class, Model::class)) {
                continue;
            }

            if (!$parameters[$signature->getName()] instanceof Model) {
                throw new Exception(sprintf('No parameter binding has been defined for model [%s] using route parameter key "%s".', $class, $signature->getName()));
            }
        }

        return $next($request);
    }
}
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`<?php`

			`namespace Pterodactyl\Http\Middleware\Api;`

			`use Closure;`
Simplify logic for checking for missing unbound models 2021-08-07 18:15:30 +00:00			`use Exception;`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`use Illuminate\Support\Reflector;`
			`use Illuminate\Database\Eloquent\Model;`
			`use Illuminate\Contracts\Routing\UrlRoutable;`

			`class PreventUnboundModels`
			`{`
			`/**`
			`* Prevents a request from making it to a controller action if there is a model`
			`* injection on the controller that has not been explicitly bound by the request.`
			`* This prevents empty models from being valid in scenarios where a new model is`
			`* added but not properly defined in the substitution middleware.`
			`*`
			`* @param \Illuminate\Http\Request $request`
Apply php-cs-fixer changes 2021-08-07 23:10:24 +00:00			`*`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`* @return mixed`
Simplify logic for checking for missing unbound models 2021-08-07 18:15:30 +00:00			`*`
			`* @throws \Exception`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`*/`
			`public function handle($request, Closure $next)`
			`{`
			`$route = $request->route();`
Simplify logic for checking for missing unbound models 2021-08-07 18:15:30 +00:00			`$parameters = $route->parameters() ?? [];`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00
Simplify logic for checking for missing unbound models 2021-08-07 18:15:30 +00:00			`/** @var \ReflectionParameter[] $signatures */`
			`$signatures = $route->signatureParameters(UrlRoutable::class);`
			`foreach ($signatures as $signature) {`
			`$class = Reflector::getParameterClassName($signature);`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`if (is_null($class) \|\| !is_subclass_of($class, Model::class)) {`
			`continue;`
			`}`

Simplify logic for checking for missing unbound models 2021-08-07 18:15:30 +00:00			`if (!$parameters[$signature->getName()] instanceof Model) {`
Apply php-cs-fixer changes 2021-08-07 23:10:24 +00:00			`throw new Exception(sprintf('No parameter binding has been defined for model [%s] using route parameter key "%s".', $class, $signature->getName()));`
Improve client API route model binding and prevent accidental route access without valid model binds 2021-08-05 05:20:43 +00:00			`}`
			`}`

			`return $next($request);`
			`}`
			`}`