Initial pass at deleting as much removed logic as possible; still need to migrate old keys and permissions over

app/Http/Kernel.php

@@ -2,7 +2,6 @@
 
 namespace Pterodactyl\Http;
 
-use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Auth\Middleware\Authenticate;
 use Pterodactyl\Http\Middleware\TrimStrings;
@@ -16,21 +15,17 @@ use Pterodactyl\Http\Middleware\AdminAuthenticate;
 use Illuminate\Routing\Middleware\ThrottleRequests;
 use Pterodactyl\Http\Middleware\LanguageMiddleware;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
-use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
 use Illuminate\Routing\Middleware\SubstituteBindings;
-use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
 use Illuminate\Session\Middleware\AuthenticateSession;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
 use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
 use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
-use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
 use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
 use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
-use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
 use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
 use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
 use Pterodactyl\Http\Middleware\Api\Client\SubstituteClientApiBindings;
@@ -71,24 +66,16 @@ class Kernel extends HttpKernel
         ],
         'api' => [
             IsValidJson::class,
-            ApiSubstituteBindings::class,
             EnsureFrontendRequestsAreStateful::class,
-            // SetSessionDriver::class,
-            // 'api..key:' . ApiKey::TYPE_APPLICATION,
+            'auth:sanctum',
+            ApiSubstituteBindings::class,
             AuthenticateApplicationUser::class,
-            // AuthenticateIPAccess::class,
         ],
         'client-api' => [
-            // StartSession::class,
-            // SetSessionDriver::class,
-            // AuthenticateSession::class,
             IsValidJson::class,
             EnsureFrontendRequestsAreStateful::class,
             'auth:sanctum',
-            // 'throttle:api',
             SubstituteClientApiBindings::class,
-            // 'api..key:' . ApiKey::TYPE_ACCOUNT,
-            // AuthenticateIPAccess::class,
             // This is perhaps a little backwards with the Client API, but logically you'd be unable
             // to create/get an API key without first enabling 2FA on the account, so I suppose in the
             // end it makes sense.
@@ -118,8 +105,5 @@ class Kernel extends HttpKernel
         'bindings' => SubstituteBindings::class,
         'recaptcha' => VerifyReCaptcha::class,
         'node.maintenance' => MaintenanceMiddleware::class,
-
-        // API Specific Middleware
-        'api..key' => AuthenticateKey::class,
     ];
 }