MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-18 14:23:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve client API route model binding and prevent accidental route access without valid model binds

Browse Source
This commit is contained in:
Dane Everitt
2021-08-04 22:20:43 -07:00
parent e1089e0b73
commit 4d1a7e6637
4 changed files with 119 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@@ -21,6 +21,7 @@ use Illuminate\View\Middleware\ShareErrorsFromSession;
use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Pterodactyl\Http\Middleware\Api\PreventUnboundModels;
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
@@ -76,6 +77,7 @@ class Kernel extends HttpKernel
EnsureFrontendRequestsAreStateful::class,
'auth:sanctum',
SubstituteClientApiBindings::class,
PreventUnboundModels::class,
// This is perhaps a little backwards with the Client API, but logically you'd be unable
// to create/get an API key without first enabling 2FA on the account, so I suppose in the
// end it makes sense.