chore(config): ajuster docker, cors et securite

config/packages/api_platform.yaml

@@ -2,6 +2,6 @@ api_platform:
     title: Hello API Platform
     version: 1.0.0
     defaults:
-        stateless: true
+        stateless: false
         cache_headers:
             vary: ['Content-Type', 'Authorization', 'Origin']

config/packages/lexik_jwt_authentication.yaml

@@ -0,0 +1,4 @@
+lexik_jwt_authentication:
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    pass_phrase: '%env(JWT_PASSPHRASE)%'

config/packages/nelmio_cors.yaml

@@ -4,7 +4,8 @@ nelmio_cors:
         allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
         allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
         allow_headers: ['Content-Type', 'Authorization']
+        allow_credentials: true
         expose_headers: ['Link']
         max_age: 3600
     paths:
-        '^/': null
+        '^/api/': ~

config/packages/security.yaml

@@ -29,10 +29,17 @@ security:
                 success_handler: lexik_jwt_authentication.handler.authentication_success
                 failure_handler: lexik_jwt_authentication.handler.authentication_failure
 
+        session_profile:
+            pattern: ^/api/session
+            stateless: false
+
+        session_api:
+            pattern: ^/api/(sites|machines|documents|profiles)
+            stateless: false
+
         api:
             pattern: ^/api
-            stateless: true
-            jwt: ~
+            stateless: false
 
         main:
             lazy: true
@@ -40,7 +47,9 @@ security:
 
     # Note: Only the *first* matching rule is applied
     access_control:
-        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api/session/profile, roles: PUBLIC_ACCESS }
+        - { path: ^/api/session/profiles, roles: PUBLIC_ACCESS }
+        - { path: ^/api, roles: PUBLIC_ACCESS }
         - { path: ^/api/docs, roles: PUBLIC_ACCESS }
         - { path: ^/api/test, roles: PUBLIC_ACCESS }
         - { path: ^/docs, roles: PUBLIC_ACCESS }

config/reference.php

@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 // This file is auto-generated and is for apps only. Bundles SHOULD NOT rely on its content.
 
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
@@ -1387,7 +1385,7 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
  *     mercure?: bool|array{
  *         enabled?: bool|Param, // Default: false
  *         hub_url?: scalar|null|Param, // The URL sent in the Link HTTP header. If not set, will default to the URL for MercureBundle's default hub. // Default: null
- *         include_type?: bool|Param, // Always include @var in updates (including delete ones). // Default: false
+ *         include_type?: bool|Param, // Always include @type in updates (including delete ones). // Default: false
  *     },
  *     messenger?: bool|array{
  *         enabled?: bool|Param, // Default: false

docker-compose.yml

@@ -14,6 +14,7 @@ services:
       XDEBUG_CLIENT_HOST: ${XDEBUG_CLIENT_HOST:-host.docker.internal}
       XDEBUG_CONFIG: client_host=${XDEBUG_CLIENT_HOST:-host.docker.internal} client_port=9003
       DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}?serverVersion=16&charset=utf8"
+      CORS_ALLOW_ORIGIN: ${CORS_ALLOW_ORIGIN}
     volumes:
       - ./:/var/www/html
       - ~/.cache:/var/www/.cache # Pour la cache de composer

docker/.env.docker.local

@@ -2,8 +2,34 @@ DOCKER_APP_NAME=inventory
 DOCKER_PHP_VERSION=8.4.6
 DOCKER_NODE_VERSION=24.12.0
 APP_USER=www-data
+CURRENT_UID=1000
+CURRENT_GID=1000
+
+# PostgreSQL
 POSTGRES_DB=inventory
 POSTGRES_USER=root
 POSTGRES_PASSWORD=root
+#
+# CORS
+CORS_ALLOW_ORIGIN=^https?://(localhost|127\\.0\\.0\\.1)(:[0-9]+)?$
 POSTGRES_PORT=5433
+
+# pgAdmin
+PGADMIN_EMAIL=admin@admin.com
+PGADMIN_PASSWORD=admin
+PGADMIN_PORT=5050
+
+# XDebug
 XDEBUG_CLIENT_HOST=host.docker.internal
+
+# Symfony (pour future migration)
+APP_ENV=dev
+APP_SECRET=changeme_super_secret_key_123456789
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=your_jwt_passphrase_change_me
+
+# NestJS
+NESTJS_PORT=3000
+SESSION_SECRET=changeme_session_secret
+CORS_ORIGIN=http://localhost:3001

docker/pgadmin/pgpass

@@ -0,0 +1,2 @@
+db:5432:inventory:root:root
+db:5432:*:root:root

docker/pgadmin/servers.json

@@ -0,0 +1,15 @@
+{
+  "Servers": {
+    "1": {
+      "Name": "Inventory PostgreSQL",
+      "Group": "Servers",
+      "Host": "db",
+      "Port": 5432,
+      "MaintenanceDB": "inventory",
+      "Username": "root",
+      "SSLMode": "prefer",
+      "PassFile": "/var/lib/pgadmin/pgpass",
+      "Comment": "Serveur PostgreSQL du projet Inventory"
+    }
+  }
+}

makefile

@@ -31,6 +31,11 @@ start: env-init
 	@echo "**** START CONTAINERS ****"
 	@cp --update=none docker/.env.docker docker/.env.docker.local
 	CURRENT_UID=$(shell id -u) CURRENT_GID=$(shell id -g) $(DOCKER_COMPOSE) up -d
+	@echo ""
+	@echo "URLs disponibles:"
+	@echo "- Symfony API: http://localhost:8081/api"
+	@echo "- Nuxt (Inventory_frontend): http://localhost:3001"
+	@echo "- pgAdmin: http://localhost:5050"
 
 # Éteint le container
 stop:
@@ -49,16 +54,16 @@ composer-install:
 	$(EXEC_PHP) composer install
 
 build-nuxtJS:
-#	$(EXEC_PHP) cp -n frontend/.env.dist frontend/.env.local
-	$(EXEC_PHP) sh -lc "cd frontend && npm install && npm run build:dist"
+#	$(EXEC_PHP) cp -n Inventory_frontend/.env.dist Inventory_frontend/.env.local
+	$(EXEC_PHP) sh -lc "cd Inventory_frontend && npm install && npm run build:dist"
 
 dev-nuxt:
-	$(EXEC_PHP) sh -c "cd frontend && npm run dev"
+	$(EXEC_PHP) sh -c "cd Inventory_frontend && npm run dev"
 
 delete_built_dir:
 	CURRENT_UID=$(shell id -u) CURRENT_GID=$(shell id -g) $(DOCKER_COMPOSE) up -d
 	$(DOCKER) exec -u root $(PHP_CONTAINER) rm -rf vendor/
-	$(DOCKER) exec -u root $(PHP_CONTAINER) rm -rf frontend/node_modules
+	$(DOCKER) exec -u root $(PHP_CONTAINER) rm -rf Inventory_frontend/node_modules
 
 remove_orphans:
 	$(DOCKER_COMPOSE) kill