Initial pass at implementing Laravel Sanctum for authorization on the API

app/Http/Middleware/Api/AuthenticateIPAccess.php

@@ -6,6 +6,7 @@ use Closure;
 use IPTools\IP;
 use IPTools\Range;
 use Illuminate\Http\Request;
+use Laravel\Sanctum\TransientToken;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 class AuthenticateIPAccess
@@ -20,14 +21,19 @@ class AuthenticateIPAccess
      */
     public function handle(Request $request, Closure $next)
     {
-        $model = $request->attributes->get('api_key');
+        /** @var \Laravel\Sanctum\TransientToken|\Pterodactyl\Models\ApiKey $token */
+        $token = $request->user()->currentAccessToken();
 
-        if (is_null($model->allowed_ips) || empty($model->allowed_ips)) {
+        // If this is a stateful request just push the request through to the next
+        // middleware in the stack, there is nothing we need to explicitly check. If
+        // this is a valid API Key, but there is no allowed IP restriction, also pass
+        // the request through.
+        if ($token instanceof TransientToken || empty($token->allowed_ips)) {
             return $next($request);
         }
 
         $find = new IP($request->ip());
-        foreach ($model->allowed_ips as $ip) {
+        foreach ($token->allowed_ips as $ip) {
             if (Range::parse($ip)->contains($find)) {
                 return $next($request);
             }