[ AddQueuedCookiesToResponse::class, StartSession::class, AuthenticateSession::class, ShareErrorsFromSession::class, VerifyCsrfToken::class, SubstituteBindings::class, LanguageMiddleware::class, RequireTwoFactorAuthentication::class, ], 'api' => [ EnsureStatefulRequests::class, 'auth:sanctum', IsValidJson::class, RequireTwoFactorAuthentication::class, AuthenticateIPAccess::class, ], 'application-api' => [ SubstituteBindings::class, AuthenticateApplicationUser::class, ], // TODO: don't allow an application key to use the client API, but do allow a client // api key to access the application API. 'client-api' => [SubstituteClientBindings::class], 'daemon' => [ SubstituteBindings::class, DaemonAuthenticate::class, ], ]; /** * The application's route middleware. * * @var array */ protected $routeMiddleware = [ 'auth' => Authenticate::class, 'auth.basic' => AuthenticateWithBasicAuth::class, 'guest' => RedirectIfAuthenticated::class, 'csrf' => VerifyCsrfToken::class, 'throttle' => ThrottleRequests::class, 'can' => Authorize::class, 'bindings' => SubstituteBindings::class, 'recaptcha' => VerifyReCaptcha::class, 'node.maintenance' => MaintenanceMiddleware::class, ]; }