2022-05-22 19:03:51 -04:00
< ? php
2024-03-12 22:39:16 -04:00
namespace App\Http\Middleware\Api\Client ;
2022-05-22 19:03:51 -04:00
2025-09-24 13:34:19 +02:00
use App\Models\ApiKey ;
2025-09-08 13:12:33 -04:00
use Closure ;
2022-05-22 19:03:51 -04:00
use Illuminate\Http\Request ;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException ;
class RequireClientApiKey
{
/**
* Blocks a request to the Client API endpoints if the user is providing an API token
* that was created for the application API .
*/
2025-09-08 13:12:33 -04:00
public function handle ( Request $request , Closure $next ) : mixed
2022-05-22 19:03:51 -04:00
{
$token = $request -> user () -> currentAccessToken ();
2026-07-09 09:55:11 -04:00
throw_if ( $token instanceof ApiKey && $token -> key_type === ApiKey :: TYPE_APPLICATION , new AccessDeniedHttpException ( 'You are attempting to use an application API key on an endpoint that requires a client API key.' ));
2022-05-22 19:03:51 -04:00
return $next ( $request );
}
}