Change how API keys are validated (#771)
This commit is contained in:
Dane Everitt
GitHub
parent
df7a857929
commit
285485d7b0
24 changed files with 774 additions and 383 deletions
|
|
@ -11,17 +11,20 @@ use Pterodactyl\Http\Middleware\EncryptCookies;
|
|||
use Pterodactyl\Http\Middleware\VerifyCsrfToken;
|
||||
use Pterodactyl\Http\Middleware\VerifyReCaptcha;
|
||||
use Pterodactyl\Http\Middleware\AdminAuthenticate;
|
||||
use Pterodactyl\Http\Middleware\HMACAuthorization;
|
||||
use Illuminate\Routing\Middleware\ThrottleRequests;
|
||||
use Pterodactyl\Http\Middleware\LanguageMiddleware;
|
||||
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
||||
use Pterodactyl\Http\Middleware\API\AuthenticateKey;
|
||||
use Illuminate\Routing\Middleware\SubstituteBindings;
|
||||
use Pterodactyl\Http\Middleware\AccessingValidServer;
|
||||
use Pterodactyl\Http\Middleware\API\SetSessionDriver;
|
||||
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
||||
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
|
||||
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
|
||||
use Pterodactyl\Http\Middleware\API\AuthenticateIPAccess;
|
||||
use Pterodactyl\Http\Middleware\Daemon\DaemonAuthenticate;
|
||||
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
||||
use Pterodactyl\Http\Middleware\API\HasPermissionToResource;
|
||||
use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;
|
||||
use Pterodactyl\Http\Middleware\Server\SubuserBelongsToServer;
|
||||
use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
|
||||
|
|
@ -42,10 +45,6 @@ class Kernel extends HttpKernel
|
|||
EncryptCookies::class,
|
||||
AddQueuedCookiesToResponse::class,
|
||||
TrimStrings::class,
|
||||
|
||||
/*
|
||||
* Custom middleware applied to all routes.
|
||||
*/
|
||||
TrustProxies::class,
|
||||
];
|
||||
|
||||
|
|
@ -66,9 +65,11 @@ class Kernel extends HttpKernel
|
|||
RequireTwoFactorAuthentication::class,
|
||||
],
|
||||
'api' => [
|
||||
HMACAuthorization::class,
|
||||
'throttle:60,1',
|
||||
'bindings',
|
||||
SubstituteBindings::class,
|
||||
SetSessionDriver::class,
|
||||
AuthenticateKey::class,
|
||||
AuthenticateIPAccess::class,
|
||||
],
|
||||
'daemon' => [
|
||||
SubstituteBindings::class,
|
||||
|
|
@ -95,6 +96,9 @@ class Kernel extends HttpKernel
|
|||
'bindings' => SubstituteBindings::class,
|
||||
'recaptcha' => VerifyReCaptcha::class,
|
||||
|
||||
// API specific middleware.
|
||||
'api..user_level' => HasPermissionToResource::class,
|
||||
|
||||
// Server specific middleware (used for authenticating access to resources)
|
||||
//
|
||||
// These are only used for individual server authentication, and not gloabl
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue