Различия

Показаны различия между двумя версиями страницы.

--- php:symfony:security [2024/04/15 21:03] – mirocow
+++ php:symfony:security [2024/04/15 23:51] (текущий) – mirocow
@@ Строка 2: / Строка 2: @@
 ====== Security ======
+config/packages/api_platform.yaml
+<code yaml>
+api_platform:
+    title: 'BilMo'
+    description: 'Main API for BilMo app.'
+    version: 1.0.0
+    formats:
+      jsonld: ['application/ld+json']
+    docs_formats:
+      jsonld: ['application/ld+json']
+      jsonopenapi: ['application/vnd.openapi+json']
+      html: ['text/html']
+    swagger:
+        api_keys:
+            JWT:
+                name: Authorization
+                type: header
+</code>
 security.yaml
@@ Строка 19: / Строка 38: @@
                 class: App\Entity\User
                 property: username
     firewalls:
-        login:
+        dev:
-            pattern: ^/api/login
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        signup:
+            pattern: ^/api/users
             stateless: true
-            provider: app_user_provider
+            anonymous: true
+            methods: [POST]
+        authentication:
+            pattern: ^/api/authentication_token
+            stateless: true
+            anonymous: true
             json_login:
-                check_path: /api/login
+              check_path: /api/authentication_token
-                success_handler: lexik_jwt_authentication.handler.authentication_success
+              username_path: username
-                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+              success_handler: lexik_jwt_authentication.handler.authentication_success
+              failure_handler: lexik_jwt_authentication.handler.authentication_failure
         api:
-            pattern:   ^/api
+          pattern: ^/api
-            stateless: true
+          stateless: true
-            jwt: ~
+          anonymous: true
+          guard:
+            authenticators:
+              - lexik_jwt_authentication.jwt_token_authenticator
     access_control:
-        - { path: ^/$, roles: PUBLIC_ACCESS }
+      - { path: ^/api/authentication_token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/docs, roles: PUBLIC_ACCESS }
+      - { path: ^/api/users, roles: IS_AUTHENTICATED_ANONYMOUSLY, methods: [GET] }
-        - { path: ^/api/login, roles: PUBLIC_ACCESS }
-        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
 </code>
   * app_user_provider - used to reload user from session & other features (e.g. switch_user)
+config/packages/lexik_jwt_authentication.yaml
+<code yaml>
+lexik_jwt_authentication:
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    pass_phrase: '%env(JWT_PASSPHRASE)%'
+    token_ttl: 3600
+    api_platform:
+        check_path: /login_check
+        username_path: email
+        password_path: password
+</code>
+config/routes.yaml
+<code yaml>
+auth:
+    path: /login_check
+    methods: ['POST']
+</code>
 ====== Symfony / API Platform ======
 {{topic>[symfony]}}