Files
panel-pelican-dev/app/Http/Middleware/Api/Client/RequireClientApiKey.php
Lance Pioch 4ff5adc2a6 Monthly Shift: July 2026 (#2433)
Co-authored-by: Shift <shift@laravelshift.com>
2026-07-09 09:55:11 -04:00

25 lines
764 B
PHP

<?php
namespace App\Http\Middleware\Api\Client;
use App\Models\ApiKey;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class RequireClientApiKey
{
/**
* Blocks a request to the Client API endpoints if the user is providing an API token
* that was created for the application API.
*/
public function handle(Request $request, Closure $next): mixed
{
$token = $request->user()->currentAccessToken();
throw_if($token instanceof ApiKey && $token->key_type === ApiKey::TYPE_APPLICATION, new AccessDeniedHttpException('You are attempting to use an application API key on an endpoint that requires a client API key.'));
return $next($request);
}
}