Merge pull request #111 from teohhanhui/feat/add-jwt-auth

Add JWT authentication

Author: teohhanhui

.editorconfig

@@ -38,6 +38,10 @@ indent_size = 4
 indent_style = tab
 indent_size = 4
 
+[*.vcl]
+indent_style = space
+indent_size = 2
+
 [*.xml]
 indent_style = space
 indent_size = 4

api/.dockerignore

@@ -1,13 +1,23 @@
 **/*.log
+**/*.md
+**/*.php~
 **/._*
+**/.dockerignore
 **/.DS_Store
-**/.gitignore
+**/.git/
 **/.gitattributes
+**/.gitignore
+**/.gitmodules
+**/Dockerfile
 **/Thumbs.db
-**/*.md
-**/.dockerignore
-Dockerfile*
+.editorconfig
 .env*
-!var/.gitignore
-var/*
-helm/*
+.php_cs.cache
+bin/*
+!bin/console
+config/jwt/
+docker/db/data/
+helm/
+public/bundles/
+var/
+vendor/

api/.env

@@ -13,6 +13,9 @@
 # Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
 # https://symfony.com/doc/current/best_practices/configuration.html#infrastructure-related-configuration
 
+MERCURE_SUBSCRIBE_URL=https://localhost:1338/hub
+VARNISH_URL=http://cache-proxy
+
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=!ChangeMe!
@@ -36,5 +39,8 @@ MERCURE_PUBLISH_URL=http://mercure/hub
 MERCURE_JWT_SECRET=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InN1YnNjcmliZSI6WyJmb28iLCJiYXIiXSwicHVibGlzaCI6WyJmb28iXX19.qOwClmp3euDLhEQ2lOB0TLUHsobaAoe-nZ1iU3h_Eas
 ###< symfony/mercure-bundle ###
 
-MERCURE_SUBSCRIBE_URL=https://localhost:1338/hub
-VARNISH_URL=http://cache-proxy
+###> lexik/jwt-authentication-bundle ###
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=7bda7ed689c1b2ed0ebd5c43d6914e47
+###< lexik/jwt-authentication-bundle ###

api/.gitignore

@@ -14,3 +14,7 @@ behat.yml
 /helm/api/charts
 /helm/api/requirements.lock
 /coverage
+
+###> lexik/jwt-authentication-bundle ###
+/config/jwt/*.pem
+###< lexik/jwt-authentication-bundle ###

api/Dockerfile

@@ -1,10 +1,13 @@
 # the different stages of this Dockerfile are meant to be built into separate images
+# https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
 # https://docs.docker.com/compose/compose-file/#target
 
-ARG PHP_VERSION=7.2
+ARG PHP_VERSION=7.3
 ARG NGINX_VERSION=1.15
-ARG VARNISH_VERSION=6.0
+ARG VARNISH_VERSION=6.2
 
+
+# "php" stage
 FROM php:${PHP_VERSION}-fpm-alpine AS api_platform_php
 
 # persistent / runtime deps
@@ -13,10 +16,10 @@ RUN apk add --no-cache \
 		file \
 		gettext \
 		git \
-		postgresql-client \
+		openssl \
 	;
 
-ARG APCU_VERSION=5.1.11
+ARG APCU_VERSION=5.1.17
 RUN set -eux; \
 	apk add --no-cache --virtual .build-deps \
 		$PHPIZE_DEPS \
@@ -64,8 +67,9 @@ COPY docker/php/php.ini /usr/local/etc/php/php.ini
 
 # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
 ENV COMPOSER_ALLOW_SUPERUSER=1
+# install Symfony Flex globally to speed up download of Composer packages (parallelized prefetching)
 RUN set -eux; \
-	composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --classmap-authoritative; \
+	composer global require "symfony/flex" --prefer-dist --no-progress --no-suggest --classmap-authoritative; \
 	composer clear-cache
 ENV PATH="${PATH}:/root/.composer/vendor/bin"
 
@@ -82,7 +86,11 @@ RUN set -eux; \
 	composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress --no-suggest; \
 	composer clear-cache
 
-COPY . ./
+# copy only specifically what we need
+COPY bin bin/
+COPY config config/
+COPY public public/
+COPY src src/
 
 RUN set -eux; \
 	mkdir -p var/cache var/log; \
@@ -97,6 +105,9 @@ RUN chmod +x /usr/local/bin/docker-entrypoint
 ENTRYPOINT ["docker-entrypoint"]
 CMD ["php-fpm"]
 
+
+# "nginx" stage
+# depends on the "php" stage above
 FROM nginx:${NGINX_VERSION}-alpine AS api_platform_nginx
 
 COPY docker/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
@@ -105,6 +116,9 @@ WORKDIR /srv/api
 
 COPY --from=api_platform_php /srv/api/public public/
 
+
+# "varnish" stage
+# does not depend on any of the above stages, but placed here to keep everything in one Dockerfile
 FROM cooptilleuls/varnish:${VARNISH_VERSION} AS api_platform_varnish
 
 COPY docker/varnish/conf/default.vcl /usr/local/etc/varnish/default.vcl

api/composer.json

@@ -2,19 +2,21 @@
     "type": "project",
     "license": "MIT",
     "require": {
-        "php": "^7.1.3",
+        "php": "^7.2",
+        "ext-ctype": "*",
         "ext-iconv": "*",
         "api-platform/api-pack": "^1.1",
-        "api-platform/core": "^2.4@dev",
+        "api-platform/core": "2.4.x-dev",
         "doctrine/doctrine-migrations-bundle": "^2.0",
         "guzzlehttp/guzzle": "^6.3",
+        "lexik/jwt-authentication-bundle": "^2.6",
         "ramsey/uuid-doctrine": "^1.5",
         "sensiolabs/security-checker": "^5.0",
         "symfony/console": "4.2.*",
         "symfony/dotenv": "4.2.*",
         "symfony/flex": "^1.1",
         "symfony/framework-bundle": "4.2.*",
-        "symfony/mercure-bundle": "*",
+        "symfony/mercure-bundle": "^0.1.1",
         "symfony/yaml": "4.2.*",
         "webonyx/graphql-php": "^0.13"
     },
@@ -27,6 +29,7 @@
         "behatch/contexts": "^3.0",
         "hautelook/alice-bundle": "^2.3",
         "symfony/dotenv": "4.2.*",
+        "symfony/maker-bundle": "^1.11",
         "symfony/profiler-pack": "^1.0",
         "symfony/var-dumper": "4.2.*"
     },
@@ -50,9 +53,10 @@
         "paragonie/random_compat": "2.*",
         "symfony/polyfill-ctype": "*",
         "symfony/polyfill-iconv": "*",
-        "symfony/polyfill-php71": "*",
+        "symfony/polyfill-php56": "*",
         "symfony/polyfill-php70": "*",
-        "symfony/polyfill-php56": "*"
+        "symfony/polyfill-php71": "*",
+        "symfony/polyfill-php72": "*"
     },
     "scripts": {
         "auto-scripts": {