add authentication

2023-11-02 14:39:37 +01:00 · 2023-11-02 14:39:37 +01:00 · ae7c9df246
commit ae7c9df246
parent e8a531b407
4 changed files with 82 additions and 8 deletions
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@ -8,13 +8,13 @@
      <jdbc-url>jdbc:mysql://127.0.0.1:3306</jdbc-url>
      <working-dir>$ProjectFileDir$</working-dir>
    </data-source>
-    <data-source source="LOCAL" name="DDEV" uuid="ac04e527-2f9a-49a3-9321-8e4d0cb5d115">
+    <data-source source="LOCAL" name="DDEV" uuid="5ac23057-b782-421b-8d88-fecc4d3386ee">
      <driver-ref>mariadb</driver-ref>
      <synchronize>true</synchronize>
      <configured-by-url>true</configured-by-url>
      <remarks>DDEV generated data source</remarks>
      <jdbc-driver>org.mariadb.jdbc.Driver</jdbc-driver>
-      <jdbc-url>jdbc:mariadb://127.0.0.1:60799/db?user=db&amp;password=db</jdbc-url>
+      <jdbc-url>jdbc:mariadb://127.0.0.1:55619/db?user=db&amp;password=db</jdbc-url>
      <working-dir>$ProjectFileDir$</working-dir>
    </data-source>
  </component>
--- a/config/packages/monolog.yaml
+++ b/config/packages/monolog.yaml
@ -41,10 +41,14 @@ when@prod:
    monolog:
        handlers:
            main:
-                type: fingers_crossed
+                type: stream
+                path: "%kernel.logs_dir%/%kernel.environment%.log"
+                level: debug
+                channels: [ "!event" ]
+                #type: fingers_crossed
                action_level: error
                handler: nested
-                excluded_http_codes: [404, 405]
+                #excluded_http_codes: [404, 405]
                buffer_size: 50 # How many messages should be saved? Prevent memory leaks
            nested:
                type: stream
@ -58,4 +62,4 @@ when@prod:
            deprecation:
                type: stream
                channels: [deprecation]
-                path: php://stderr
+                path: php://stderr
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -4,14 +4,20 @@ security:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
-        users_in_memory: { memory: null }
+        users_in_memory: { memory: {
+            users: [
+                { identifier: "ahch0joh9ahthoh6xiew9Eer5aevieR1", roles: ["ROLE_USER"] }
+            ]
+        } }
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
-            lazy: true
+            #lazy: true
            provider: users_in_memory
+            custom_authenticators:
+                - App\Security\ApiKeyAuthenticator

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall
@ -36,4 +42,4 @@ when@test:
                algorithm: auto
                cost: 4 # Lowest possible value for bcrypt
                time_cost: 3 # Lowest possible value for argon
-                memory_cost: 10 # Lowest possible value for argon
+                memory_cost: 10 # Lowest possible value for argon
--- a/src/Security/ApiKeyAuthenticator.php
+++ b/src/Security/ApiKeyAuthenticator.php
@ -0,0 +1,64 @@
+<?php
+
+namespace App\Security;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+
+class ApiKeyAuthenticator extends AbstractAuthenticator
+{
+
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning `false` will cause this authenticator
+     * to be skipped.
+     *
+     * @param Request $request
+     * @return bool|null
+     */
+    public function supports(Request $request): ?bool
+    {
+        return true;
+        //return $request->headers->has('X-AUTH-TOKEN');
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $apiKey = $request->headers->get('X-AUTH-TOKEN');
+
+        if (null === $apiKey) {
+            // The token header was empty, authentication fails with HTTP Status
+            // Code 401 "Unauthorized"
+            throw new CustomUserMessageAuthenticationException('No API key found', [], Response::HTTP_UNAUTHORIZED);
+        }
+
+        return new SelfValidatingPassport(
+            new UserBadge($apiKey)
+        );
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        return null;
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+       # dump($exception);
+
+        $data = [
+            'message' => $exception->getMessage()
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+
+}