Install the latest version with
$ composer require lotashinski/apikey-security-classes
## ./config/service/api_keys.yaml or other
users:
- user_name: api_admin
roles: [ 'ROLE_USER', 'ROLE_ADMIN' ]
api_key: qwerty123
ips:
- 127.0.0.1
- user_name: api_user
roles: [ 'ROLE_USER' ]
api_key: bbb123
# if the directive 'ips' is not specified, then it is available from any
## ./config/services.yaml
services:
Grsu\ApiKeySecurity\ApiKeyAuthentication:
# arguments:
# $strictVerification: false # if there is no need to check every request
# $header: X-AUTH-KEY # if you need to change secure header
# for create logger tag
tags:
- { name: monolog.logger, channel: ApiKeyAuthenticator }
Grsu\ApiKeySecurity\ApiKeyUserProvider:
arguments:
# path to users file
$pathToUsersConfig: '%kernel.project_dir%/config/service/api_keys.yaml'
tags:
- { name: monolog.logger, channel: ApiKeyUserProvider }
### ./config/packages/security.yaml
security:
# ...
providers:
# ...
api_key_user_provider:
id: Grsu\ApiKeySecurity\ApiKeyUserProvider
# ...
firewalls:
# ...
api_key:
pattern: ^/api/int
lazy: true
provider: api_key_user_provider
custom_authenticator: Grsu\ApiKeySecurity\ApiKeyAuthentication
# ...
access_control:
- { path: ^/api/int, roles: IS_AUTHENTICATED_FULLY }
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
class UserController extends AbstractController
{
#[Route('/api/int/users/me', name: 'api_user_info', methods:['GET'])]
public function index(NormalizerInterface $normalizer): Response
{
$user = $this->getUser();
return $this->json(
$normalizer->normalize([
'class' => get_class($user),
'object' => $user
])
);
}
}
For request use X-AUTH-KEY
header with api_key
from api_users.yaml
.