route()->getName(), $this->except)) { return $next($request); } throw_if(is_null($bearer = $request->bearerToken()), new HttpException(401, 'Access to this endpoint must include an Authorization header.', null, ['WWW-Authenticate' => 'Bearer'])); $parts = explode('.', $bearer); // Ensure that all the correct parts are provided in the header. throw_if(count($parts) !== 2 || empty($parts[0]) || empty($parts[1]), new BadRequestHttpException('The Authorization header provided was not in a valid format.')); /** @var Node $node */ $node = Node::query()->where('daemon_token_id', $parts[0])->firstOrFail(); if (hash_equals((string) $node->daemon_token, $parts[1])) { $request->attributes->set('node', $node); return $next($request); } throw new AccessDeniedHttpException('You are not authorized to access this resource.'); } }