Created
December 1, 2024 21:28
-
-
Save evgeniy123/d8a96e6546fe46ef99432cb3b2c559ef to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| security: | |
| password_hashers: | |
| Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'native' | |
| # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers | |
| providers: | |
| fetcher: | |
| id: App\Http\Security\UserProvider | |
| firewalls: | |
| google_my: | |
| pattern: /api/oauth/google | |
| stateless: true | |
| custom_authenticators: | |
| - App\Http\Security\Authenticator\Front\GoogleAuthenticator | |
| dev: | |
| pattern: ^/(_(profiler|wdt)|css|images|js)/ | |
| security: false | |
| api_token: # OAuth authentication (bundle league/oauth2-server-bundle) | |
| pattern: ^/token$ | |
| security: false | |
| login: | |
| pattern: ^/api/login | |
| stateless: true | |
| custom_authenticators: | |
| - App\Http\Security\Authenticator\LoginAuthenticator | |
| json_login: | |
| check_path: /api/login | |
| success_handler: lexik_jwt_authentication.handler.authentication_success | |
| failure_handler: lexik_jwt_authentication.handler.authentication_failure | |
| api: | |
| pattern: ^/api | |
| stateless: true | |
| entry_point: jwt | |
| jwt: ~ | |
| refresh_jwt: | |
| check_path: /api/token/refresh # or, you may use the `api_refresh_token` route name | |
| logout: | |
| path: api_token_invalidate | |
| main_no_api: | |
| lazy: true | |
| provider: fetcher | |
| custom_authenticator: | |
| - App\Http\Security\LoginFormAuthenticator | |
| logout: | |
| target: /login # redirect on page login (set up for OAuth Swagger) | |
| # facebook_my: | |
| # pattern: /api/oauth/facebook | |
| # stateless: true | |
| # user_checker: App\Security\UserChecker | |
| #custom_authenticators: | |
| #- App\Security\OAuth\FacebookAuthenticator | |
| # google_my: | |
| # pattern: /api/oauth/google | |
| # stateless: true | |
| # user_checker: App\Security\UserChecker | |
| # custom_authenticators: | |
| # - App\Http\Security\Authenticator\Back\GoogleAuthenticator | |
| role_hierarchy: | |
| ROLE_ADMIN: [ ROLE_USER, ROLE_MANAGER, ROLE_DELIVERY_MAN ] | |
| # Easy way to control access for large sections of your site | |
| # Note: Only the *first* access control that matches will be used | |
| access_control: | |
| - { path: ^/account, roles: ROLE_USER } | |
| # - { path: ^/_profiler, roles: PUBLIC_ACCESS } # //__ @TODO remove this line for open access to debug panel in DEV env | |
| - { path: ^/api$, roles: PUBLIC_ACCESS } | |
| - { path: ^/api/playground, roles: PUBLIC_ACCESS } | |
| - { path: ^/api/contact-us$, roles: PUBLIC_ACCESS } | |
| - { path: ^/api/login$, roles: PUBLIC_ACCESS } | |
| - { path: ^/api/token/refresh$, roles: PUBLIC_ACCESS } | |
| - { path: ^/api/auth/signup$, roles: PUBLIC_ACCESS } # SignUp for users | |
| # - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED } ### oauth2-server-bundle (OAuth authentication) | |
| - { path: "^/api/password/reset", roles: PUBLIC_ACCESS } ### Request & Reset password. Without $ !!! | |
| - { path: ^/api/auth/signup/confirm, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
| - { path: /api/oauth/google, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
| - { path: /logout, roles: IS_AUTHENTICATED_FULLY } # //__ @TODO remove this line for open access to debug panel in DEV env | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment