feat(api) : configuration API Platform avec JWT

- Configuration security.yaml avec firewalls JWT - Routes API Platform avec prefixe /api - Controller de test pour validation setup - htaccess pour mod_rewrite Apache - Access control pour routes publiques/protegees Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-10 19:41:48 +01:00
parent 50336694f6
commit fca3104a39
6 changed files with 128 additions and 11 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -2,30 +2,51 @@ security:
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
+        App\Entity\Profile:
+            algorithm: auto

    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
-        users_in_memory: { memory: null }
+        app_user_provider:
+            entity:
+                class: App\Entity\Profile
+                property: email

    firewalls:
        dev:
            # Ensure dev tools and static assets are always allowed
            pattern: ^/(_profiler|_wdt|assets|build)/
            security: false
+
+        login:
+            pattern: ^/api/login_check
+            stateless: true
+            provider: app_user_provider
+            json_login:
+                check_path: /api/login_check
+                username_path: email
+                password_path: password
+                success_handler: lexik_jwt_authentication.handler.authentication_success
+                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+
+        api:
+            pattern: ^/api
+            stateless: true
+            jwt: ~
+
        main:
            lazy: true
-            provider: users_in_memory
-
-            # Activate different ways to authenticate:
-            # https://symfony.com/doc/current/security.html#the-firewall
-
-            # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
+            provider: app_user_provider

    # Note: Only the *first* matching rule is applied
    access_control:
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api/docs, roles: PUBLIC_ACCESS }
+        - { path: ^/api/test, roles: PUBLIC_ACCESS }
+        - { path: ^/docs, roles: PUBLIC_ACCESS }
+        - { path: ^/contexts, roles: PUBLIC_ACCESS }
+        - { path: ^/\.well-known, roles: PUBLIC_ACCESS }
+        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

 when@test:
    security:
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -7,5 +7,8 @@
 # To list all registered routes, run the following command:
 #   bin/console debug:router

+api_login_check:
+    path: /api/login_check
+
 controllers:
    resource: routing.controllers
--- a/config/routes/api_platform.yaml
+++ b/config/routes/api_platform.yaml
@@ -1,4 +1,4 @@
 api_platform:
    resource: .
    type: api_platform
-    prefix: /
+    prefix: /api
--- a/config/routes/routing.controllers.yaml
+++ b/config/routes/routing.controllers.yaml
@@ -0,0 +1,5 @@
+controllers:
+    resource:
+        path: ../../src/Controller/
+        namespace: App\Controller
+    type: attribute