[ AddQueuedCookiesToResponse::class, StartSession::class, AuthenticateSession::class, ShareErrorsFromSession::class, VerifyCsrfToken::class, SubstituteBindings::class, LanguageMiddleware::class, RequireTwoFactorAuthentication::class, ], 'api' => [ HandleStatelessRequest::class, IsValidJson::class, ApiSubstituteBindings::class, 'api..key:' . ApiKey::TYPE_APPLICATION, AuthenticateApplicationUser::class, AuthenticateIPAccess::class, ], 'client-api' => [ HandleStatelessRequest::class, IsValidJson::class, StartSession::class, AuthenticateSession::class, SubstituteClientApiBindings::class, 'api..key:' . ApiKey::TYPE_ACCOUNT, AuthenticateIPAccess::class, // This is perhaps a little backwards with the Client API, but logically you'd be unable // to create/get an API key without first enabling 2FA on the account, so I suppose in the // end it makes sense. // // You just wouldn't be authenticating with the API by providing a 2FA token. RequireTwoFactorAuthentication::class, ], 'daemon' => [ SubstituteBindings::class, DaemonAuthenticate::class, ], ]; /** * The application's route middleware. * * @var array */ protected $routeMiddleware = [ 'auth' => Authenticate::class, 'auth.basic' => AuthenticateWithBasicAuth::class, 'guest' => RedirectIfAuthenticated::class, 'admin' => AdminAuthenticate::class, 'csrf' => VerifyCsrfToken::class, 'throttle' => ThrottleRequests::class, 'can' => Authorize::class, 'bindings' => SubstituteBindings::class, 'recaptcha' => VerifyReCaptcha::class, 'node.maintenance' => MaintenanceMiddleware::class, // API Specific Middleware 'api..key' => AuthenticateKey::class, ]; }