feat: add security recipe

sitepark · May 22, 2024 · e004f90 · e004f90
1 parent c4e1bb9
commit e004f90
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 3 deletions.
diff --git a/...ql-bundle/0.12/config/routes/graphql.yaml → ...rch-bundle/1.0/config/routes/graphql.yaml b/...ql-bundle/0.12/config/routes/graphql.yaml → ...rch-bundle/1.0/config/routes/graphql.yaml
diff --git a/atoolo/security-bundle/1.0/config/routes/packages/security.yaml b/atoolo/security-bundle/1.0/config/routes/packages/security.yaml
@@ -0,0 +1,63 @@
+security:
+
+    # https://locastic.com/blog/symfony-access-control/
+
+    # https://symfony.com/doc/current/security.html#c-hashing-passwords
+    password_hashers:
+        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
+    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    providers:
+       webnode_users:
+            id: atoolo_security.user.provider.ies_webnode
+       sitekit_users:
+            id: atoolo_security.user.provider
+
+       all_users:
+            chain:
+                providers: ['webnode_users', 'sitekit_users']
+
+    firewalls:
+
+      login:
+        pattern:  ^/api/login
+        stateless: true
+        provider: all_users
+        json_login:
+          check_path:               /api/login_check
+          success_handler:          lexik_jwt_authentication.handler.authentication_success
+          failure_handler:          lexik_jwt_authentication.handler.authentication_failure
+
+      api:
+        pattern:   ^/api
+        stateless: true
+        provider: all_users
+        jwt: ~
+
+      dev:
+        pattern: ^/(_(profiler|wdt)|css|images|js)/
+        security: false
+
+      sitekit_protected:
+        lazy: true
+        request_matcher: Atoolo\Security\SiteKit\ProtectedPathMatcher
+        provider: all_users
+        http_basic:
+            realm: Geschützter Bereich
+
+      main:
+          lazy: true
+          provider: all_users
+
+            # activate different ways to authenticate
+            # https://symfony.com/doc/current/security.html#firewalls-authentication
+
+            # https://symfony.com/doc/current/security/impersonating_user.html
+            # switch_user: true
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+      - { path: ^/api/login,    roles: IS_AUTHENTICATED_ANONYMOUSLY }
+      - { path: ^/api/admin/.*, roles: [ROLE_ADMIN, ROLE_API] }
+      - { path: ^/,             roles: SITEKIT_PUBLICATION }
+
diff --git a/overblog/README.md b/overblog/README.md
@@ -0,0 +1 @@
+Files cannot be overwritten with the recipes. However, Atoolo requires other configuration files. Therefore, a reciep is used here that does not create any files.
diff --git a/overblog/graphql-bundle/0.12/manifest.json b/overblog/graphql-bundle/0.12/manifest.json
@@ -1,8 +1,5 @@
 {
     "bundles": {
         "Overblog\\GraphQLBundle\\OverblogGraphQLBundle": ["all"]
-    },
-    "copy-from-recipe": {
-        "config/": "%CONFIG_DIR%/"
     }
 }
diff --git a/symfony/README.md b/symfony/README.md
@@ -0,0 +1 @@
+Files cannot be overwritten with the recipes. However, Atoolo requires other configuration files. Therefore, a reciep is used here that does not create any files.
diff --git a/symfony/security-bundle/6.4/manifest.json b/symfony/security-bundle/6.4/manifest.json
@@ -0,0 +1,9 @@
+{
+    "bundles": {
+        "Symfony\\Bundle\\SecurityBundle\\SecurityBundle": ["all"]
+    },
+    "aliases": ["security"],
+    "conflict": {
+        "symfony/framework-bundle": "<5.3"
+    }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Files cannot be overwritten with the recipes. However, Atoolo requires other configuration files. Therefore, a reciep is used here that does not create any files.