Implement api with ability to read snips and profile

.gitignore

@@ -8,4 +8,6 @@
 /var/
 /vendor/
 ###< symfony/framework-bundle ###
+
 release.json
+http-client.private.env.json

.http

@@ -0,0 +1,9 @@
+### api me
+GET {{host}}/api/me
+Accept: application/json
+X-AUTH-TOKEN: {{apiKey}}
+
+### api snip
+GET {{host}}/api/snip/2
+Accept: application/json
+X-AUTH-TOKEN: {{apiKey}}

config/packages/security.yaml

@@ -24,6 +24,8 @@ security:
             remember_me:
                 secret: '%kernel.secret%' # required
                 lifetime: 2419200 # 4 weeks in seconds
+            custom_authenticators:
+                - App\Security\TokenAuthenticator
 
         secured_area:
             form_login:

http-client.env.json

@@ -0,0 +1,5 @@
+{
+  "dev": {
+    "host": "http://snips.local.loken.nl"
+  }
+}

migrations/Version20250427184240.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20250427184240 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql(<<<'SQL'
+            ALTER TABLE user ADD api_key VARCHAR(255) DEFAULT NULL
+        SQL);
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql(<<<'SQL'
+            ALTER TABLE `user` DROP api_key
+        SQL);
+    }
+}

src/Controller/Api/AbstractApiController.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Controller\Api;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Response;
+
+class AbstractApiController extends AbstractController
+{
+    private function apiResponse(bool $success, array|NormalizableInterface $data): Response
+    {
+        if ($data instanceof NormalizableInterface) {
+            $data = $data->normalize();
+        }
+        if (is_array($data)) {
+            foreach ($data as $key => $value) {
+                if ($value instanceof NormalizableInterface) {
+                    $data[$key] = $value->normalize();
+                }
+            }
+        }
+
+        return new JsonResponse([
+            'success' => $success,
+            'data' => $data,
+        ]);
+    }
+
+    final protected function errorResponse(string $message): Response
+    {
+        return $this->apiResponse(false, ['message' => $message]);
+    }
+
+    final protected function successResponse(array|NormalizableInterface $data = []): Response
+    {
+        return $this->apiResponse(true, $data);
+    }
+}

src/Controller/Api/ApiController.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Controller\Api;
+
+use App\Entity\Snip;
+use App\Entity\User;
+use App\Security\Voter\SnipVoter;
+use App\Service\SnipContent\SnipContentService;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+
+#[Route('/api')]
+class ApiController extends AbstractApiController
+{
+    #[Route('/me')]
+    public function me(): Response
+    {
+        /** @var User $user */
+        $user = $this->getUser();
+
+        return $this->successResponse([
+            'id' => $user->getId(),
+            'name' => $user->getName(),
+            'email' => $user->getEmail(),
+            'apiKey' => $user->getApiKey(),
+        ]);
+    }
+
+    #[Route('/snip/{snip}')]
+    public function getSnip(Snip $snip, SnipContentService $cs): Response
+    {
+        $this->denyAccessUnlessGranted(SnipVoter::VIEW, $snip);
+
+        return $this->successResponse([
+            'id' => $snip->getId(),
+            'content' => $cs->getActiveText($snip),
+            'createdBy' => [
+                'id' => $snip->getCreatedBy()->getId(),
+                'name' => $snip->getCreatedBy()->getName(),
+            ],
+        ]);
+    }
+}

src/Controller/Api/NormalizableInterface.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace App\Controller\Api;
+
+interface NormalizableInterface
+{
+    public function normalize(): array;
+}

src/Controller/UserController.php

@@ -2,8 +2,8 @@
 
 namespace App\Controller;
 
+use App\Entity\User;
 use App\Form\ProfileType;
-use App\Form\UserSettingsType;
 use App\Service\LastRelease;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -11,6 +11,7 @@ use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Uid\Uuid;
 
 #[Route('/user', name: 'user')]
 class UserController extends AbstractController
@@ -58,4 +59,20 @@ class UserController extends AbstractController
             'release' => $lastRelease,
         ]);
     }
+
+    #[Route('/apikey/generate', name: '_apikey_generate')]
+    public function apiKeyGenerate(): Response
+    {
+        /** @var User $user */
+        $user = $this->getUser();
+
+        $apiKey = Uuid::v4()->toBase58();
+        $user->setApiKey($apiKey);
+        $this->em->persist($user);
+        $this->em->flush();
+
+        $this->addFlash('success', sprintf('Successfully generated new api key: "%s"', $apiKey));
+
+        return $this->redirectToRoute('user_profile');
+    }
 }

src/Entity/User.php

@@ -34,6 +34,9 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     #[ORM\Column(length: 255)]
     private ?string $email = null;
 
+    #[ORM\Column(length: 255, nullable: true)]
+    private ?string $apiKey = null;
+
     public function __toString(): string
     {
         return $this->name ?? '';
@@ -132,4 +135,16 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
 
         return $this;
     }
+
+    public function getApiKey(): ?string
+    {
+        return $this->apiKey;
+    }
+
+    public function setApiKey(?string $apiKey): static
+    {
+        $this->apiKey = $apiKey;
+
+        return $this;
+    }
 }

src/Security/TokenAuthenticator.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace App\Security;
+
+use App\Entity\User;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+
+class TokenAuthenticator extends AbstractAuthenticator
+{
+    public function __construct(
+        private readonly EntityManagerInterface $em,
+    ) {}
+
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning false will cause this authenticator
+     * to be skipped.
+     */
+    public function supports(Request $request): ?bool
+    {
+        return $request->headers->has('X-AUTH-TOKEN');
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $apiToken = $request->headers->get('X-AUTH-TOKEN');
+        if (empty($apiToken)) {
+            // The token header was empty, authentication fails with HTTP Status
+            // Code 401 "Unauthorized"
+            throw new CustomUserMessageAuthenticationException('No API token provided');
+        }
+
+        return new SelfValidatingPassport(
+            new UserBadge($apiToken, function ($apiToken) {
+                return $this->em->getRepository(User::class)->findOneBy(['apiKey' => $apiToken]);
+            })
+        );
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        // on success, let the request continue
+        return null;
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        $data = [
+            // you may want to customize or obfuscate the message first
+            'message' => strtr($exception->getMessageKey(), $exception->getMessageData()),
+
+            // or to translate this message
+            // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+}

templates/user/profile.html.twig

@@ -1,9 +1,14 @@
 {% extends 'base/two.column.html.twig' %}
 
-{% block body %}
-    <div class="row">
-        <div class="col-sm">
-            <h3>{{ app.user.name }}</h3>
+{% set title = app.user.name %}
+
+{% block column1 %}
+    <div class="input-group mb-3">
+        <span class="input-group-text" id="api-key">Api Key</span>
+        <input type="text" class="form-control" aria-label="Username" aria-describedby="api-key"
+               value="{{ app.user.apiKey }}" readonly>
+        <a type="button" class="btn btn-outline-secondary" href="{{ path('user_apikey_generate') }}">Regenerate</a> <br/>
+    </div>
     <br/>
     {% if is_granted('ROLE_ADMIN') %}
         <br/><br/>
@@ -14,10 +19,9 @@
         Hash long: {{ release.commitHashLong }} <br/>
         Commit date: {{ release.commitDate }} <br/>
     {% endif %}
-        </div>
-        <div class="col-sm">
+{% endblock %}
+
+{% block column2 %}
     <h3>Change profile</h3>
     {{ form(form) }}
-        </div>
-    </div>
 {% endblock %}