keboola / api-bundle
Keboola API Bundle
Installs: 6 096
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 17
Forks: 0
Type:symfony-bundle
Requires
- php: >=8.1
- cuyz/valinor-bundle: ^0.2.3
- keboola/permission-checker: ^2.0
- keboola/service-client: ^1.0
- monolog/monolog: ^2.0
- symfony/dependency-injection: ^6.0
- symfony/monolog-bundle: ^3.8
- symfony/security-bundle: ^6.1
Requires (Dev)
- keboola/api-error-control: ^4.1
- keboola/coding-standard: ^15.0
- keboola/kbc-manage-api-php-client: ^7.0
- keboola/storage-api-php-client-branch-wrapper: ^5.1
- phpstan/phpstan: ^1.8
- phpstan/phpstan-phpunit: ^1.1
- phpstan/phpstan-symfony: ^1.3
- phpunit/phpunit: ^9.5
- sempro/phpunit-pretty-print: ^1.4
- symfony/framework-bundle: ^6.1
- symfony/yaml: ^6.1
README
Symfony bundle providing common functionality for Keboola API applications.
Installation
Install the package with Composer:
composer require keboola/api-bundle
Configuration
The bundle expects having %app_name%
parameter defined in your Symfony configuration.
Default configuration
keboola_api: app_name: '%app_name%' # application name to use in user agent default_service_dns_type: public # default service DNS type to use in ServiceClient, can be 'public' or 'private'
Features
Preconfigured ServiceClient
The bundle provides a preconfigured ServiceClient
that can be used to resolve Keboola API URLs. By default, it is
configured to use public hostnames, but it can be reconfigured to use internal ones.
keboola_api: default_service_dns_type: internal
Using ENV variables
If you need to use ENV variable to configure the default_service_dns_type
, make sure you provide some default value,
otherwise the validation will fail with error The value "" is not allowed for path "keboola_api.default_service_dns_type".
parameters: env(API_DNS_TYPE): internal keboola_api: default_service_dns_type: '%env(API_DNS_TYPE)%'
Controller authentication using attributes
To use authentication using attributes, configure firewall to use the keboola.api_bundle.security.attribute_authenticator
:
security: firewalls: attribute: lazy: true stateless: true custom_authenticators: - keboola.api_bundle.security.attribute_authenticator
Then add any combination of authentication attributes to your controller:
use Keboola\ApiBundle\Attribute\StorageApiTokenAuth; use Keboola\ApiBundle\Security\StorageApiToken\SecurityApiToken; use Symfony\Component\Security\Http\Attribute\CurrentUser; #[StorageApiTokenAuth] class Controller { public function __invoke(#[CurrentUser] StorageApiToken $token) { // only requests with valid X-StorageApi-Token will be allowed } } #[StorageApiTokenAuth(features: ['feat-a', 'feat-b'])] class Controller { public function __invoke(#[CurrentUser] StorageApiToken $token) { // only requests with valid X-StorageApi-Token and project features 'feat-a' AND 'feat-b' is allowed } } #[StorageApiTokenAuth(features: ['feat-a'])] #[StorageApiTokenAuth(features: ['feat-b'])] class Controller { public function __invoke(#[CurrentUser] StorageApiToken $token) { // only requests with valid X-StorageApi-Token and any of project features 'feat-a' OR 'feat-b' ise allowed } } #[ManageApiTokenAuth(scopes: ['something:manage'])] #[StorageApiTokenAuth] class Controller { public function __invoke( string $entityId, #[CurrentUser] TokenInterface $token, ) { // allows request with either valid X-KBC-ManageApiToken with 'something:manage' scope OR any valid X-StorageApi-Token // but with additional checks in controller $entity = $this->fetchEntity($entityId); if ($token instanceof StorageApiToken && $token->getProjectId() !== $entity->getProjectId()) { throw new AccessDeniedHttpException('...'); } } }
To use individual authentication attributes, you need to install appropriate client package:
- to use
StorageApiTokenAuth
, installkeboola/storage-api-client
- to use
ManageApiTokenAuth
, installkeboola/kbc-manage-api-php-client
Note
If you forget to install appropriate client, you will get exception like
Service "Keboola\ApiBundle\Attribute\ManageApiTokenAuth" not found: the container inside "Symfony\Component\DependencyInjection\Argument\ServiceLocator" is a smaller service locator
License
MIT licensed, see LICENSE file.