lotashinski/apikey-security-classes

Maintainers

Details

github.com/Lotashinski/apikey-classes

Homepage

Source

Issues

Installs: 63

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

6.0.7 2022-05-15 18:24 UTC

Requires

proprietary 0dc0bd6cd20b6c00527744f739497a6881ab7293

  • Yanka Kupala State University of Grodno <soft.woop@grsu.by>
  • Alexander Lotashinsky <allotashinsky.woop@yandex.by>

This package is auto-updated.

Last update: 2024-05-15 23:15:12 UTC

README

Install the latest version with

$ composer require lotashinski/apikey-security-classes

Usage

1. Create users file:

## ./config/service/api_keys.yaml or other

users:

  - user_name: api_admin
    roles: [ 'ROLE_USER', 'ROLE_ADMIN' ]
    api_key: qwerty123
    ips:
      - 127.0.0.1

  - user_name: api_user
    roles: [ 'ROLE_USER' ]
    api_key: bbb123
    # if the directive 'ips' is not specified, then it is available from any

2. Configure dependency injection

## ./config/services.yaml

services:

  Grsu\ApiKeySecurity\ApiKeyAuthentication:
    # arguments:
    #   $strictVerification: false # if there is no need to check every request
    #   $header: X-AUTH-KEY        # if you need to change secure header
    # for create logger tag
    tags:
      - { name: monolog.logger, channel: ApiKeyAuthenticator }

  Grsu\ApiKeySecurity\ApiKeyUserProvider:
    arguments:
      # path to users file
      $pathToUsersConfig: '%kernel.project_dir%/config/service/api_keys.yaml'
    tags:
      - { name: monolog.logger, channel: ApiKeyUserProvider }

3. Configure security

### ./config/packages/security.yaml

security:

  # ...
  providers:
    # ...
    api_key_user_provider:
      id: Grsu\ApiKeySecurity\ApiKeyUserProvider

  # ...
  firewalls:
    # ...
    api_key:
      pattern: ^/api/int  
      lazy: true
      provider: api_key_user_provider
      custom_authenticator: Grsu\ApiKeySecurity\ApiKeyAuthentication
  
  # ...
  access_control:
    - { path: ^/api/int, roles: IS_AUTHENTICATED_FULLY }

Example

    
<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Serializer\Normalizer\NormalizerInterface;


class UserController extends AbstractController
{

    #[Route('/api/int/users/me', name: 'api_user_info', methods:['GET'])]
    public function index(NormalizerInterface $normalizer): Response
    {
        $user = $this->getUser();
        return $this->json(
            $normalizer->normalize([
                'class' => get_class($user),
                'object' => $user
            ])
        );
    }
}

For request use X-AUTH-KEY header with api_key from api_users.yaml.

img.png