wip

I have tested this with png and jpeg/jpg which both work but most other image types should work as well.
![image](/attachments/25318577-d48c-4902-93b3-9adbb8b954e7)

Co-authored-by: Jan Klattenhoff <j.klattenhoff@neusta.de>
Reviewed-on: sites/file-explorer#12
Co-authored-by: jank1619 <jan@kjan.email>
Co-committed-by: jank1619 <jan@kjan.email>

.ddev/config.yaml

@@ -7,8 +7,8 @@ xdebug_enabled: false
 additional_hostnames: []
 additional_fqdns: []
 database:
-    type: mariadb
-    version: "10.11"
+    type: postgres
+    version: "17"
 use_dns_when_possible: true
 composer_version: "2"
 web_environment: []

.gitea/workflows/build.yaml

@@ -7,10 +7,10 @@ on:
       - main
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: remote
     steps:
-      - uses: actions/checkout@v4
-      - uses: docker/login-action@v1
+      - uses: https://git.simonis.lol/actions/checkout@v4
+      - uses: https://git.simonis.lol/actions/login@v1
         with:
           registry: git.simonis.lol
           username: ${{ vars.DOCKER_USER }}

composer.json

@@ -16,6 +16,7 @@
         "symfony/flex": "^2",
         "symfony/form": "^7.1",
         "symfony/framework-bundle": "7.1.*",
+        "symfony/mime": "7.1.*",
         "symfony/runtime": "7.1.*",
         "symfony/security-bundle": "7.1.*",
         "symfony/stimulus-bundle": "^2.22",
@@ -24,7 +25,8 @@
         "symfony/yaml": "7.1.*",
         "symfonycasts/tailwind-bundle": "^0.6.1",
         "twig/extra-bundle": "^2.12|^3.0",
-        "twig/twig": "^2.12|^3.0"
+        "twig/twig": "^2.12|^3.0",
+        "ext-fileinfo": "*"
     },
     "config": {
         "allow-plugins": {
@@ -77,6 +79,7 @@
         }
     },
     "require-dev": {
+        "symfony/maker-bundle": "^1.61",
         "symfony/stopwatch": "7.1.*",
         "symfony/web-profiler-bundle": "7.1.*"
     }

config/bundles.php

@@ -10,4 +10,5 @@ return [
     Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
     KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
     Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
+    Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
 ];

config/packages/knpu_oauth2_client.yaml

@@ -2,8 +2,7 @@ knpu_oauth2_client:
     clients:
         auth:
             type: generic
-            provider_class: App\Service\Security\Provider
-
+            provider_class: App\Security\UserProvider
             client_id: '%env(AUTHENTIK_CLIENT_ID)%'
             client_secret: '%env(AUTHENTIK_CLIENT_SECRET)%'
             redirect_route: auth_callback

config/packages/security.yaml

@@ -4,10 +4,10 @@ security:
         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
     # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
+        # used to reload user from session & other features (e.g. switch_user)
         app_user_provider:
-            entity:
-                class: App\Entity\User
-                property: email
+            id: App\Security\UserProvider
+
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -17,6 +17,8 @@ security:
             provider: app_user_provider
             custom_authenticators:
                 - App\Security\Authenticator
+            form_login:
+                login_path: auth_entrypoint
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
@@ -29,6 +31,7 @@ security:
     access_control:
         # - { path: ^/admin, roles: ROLE_ADMIN }
         # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/auth, roles: PUBLIC_ACCESS }
         - { path: /, roles: ROLE_USER }
 
 when@test:

src/Controller/AuthenticationController.php

@@ -14,6 +14,12 @@ class AuthenticationController extends AbstractController
     #[Route(path: '/auth/callback', name: 'auth_callback', methods: Request::METHOD_GET)]
     public function __invoke(ClientRegistry $clientRegistry): Response
     {
-        $clientRegistry->getClient('auth')->fetchUser();
+        dd($clientRegistry->getClient('auth')->fetchUser());
+    }
+
+    #[Route(path: '/auth/sso', name: 'auth_entrypoint', methods: Request::METHOD_GET)]
+    public function entrypoint(ClientRegistry $clientRegistry): Response
+    {
+        return $clientRegistry->getClient('auth')->redirect();
     }
 }

src/Controller/ServeFileController.php

@@ -0,0 +1,28 @@
+<?php declare(strict_types=1);
+
+namespace App\Controller;
+
+use App\Service\FileSystemService;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
+use Symfony\Component\HttpFoundation\ResponseHeaderBag;
+use Symfony\Component\Routing\Attribute\Route;
+
+class ServeFileController extends AbstractController
+{
+    public function __construct(private FileSystemService $fileSystemService)
+    {
+    }
+
+    #[Route("/serve/{filePath}", name: "serve_file")]
+    public function __invoke(string $filePath): BinaryFileResponse
+    {
+        $file = $this->fileSystemService->getFile($filePath);
+        $path = $file->getPath() . '/' . $file->getName();
+
+        $response = new BinaryFileResponse($path);
+        $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $file->getName());
+
+        return $response;
+    }
+}

src/Entity/User.php

@@ -1,21 +0,0 @@
-<?php
-declare(strict_types=1);
-
-namespace App\Entity;
-
-use League\OAuth2\Client\Provider\ResourceOwnerInterface;
-
-class User implements ResourceOwnerInterface
-{
-    private int $id;
-
-    public function getId(): int
-    {
-        return $this->id;
-    }
-
-    public function toArray(): array
-    {
-        return ['id' => $this->id];
-    }
-}

src/Objects/DirContent.php

@@ -14,6 +14,7 @@ readonly class DirContent
         private string $type,
         private string $path,
         private string $content,
+        private string $mimeType,
     ) {
     }
 
@@ -24,7 +25,8 @@ readonly class DirContent
             $fileInfo->getSize() ?? 0,
             $fileInfo->getType() ?? 'N/A',
             $fileInfo->getPath(),
-            $content
+            $content,
+            mime_content_type($fileInfo->getPath() . '/' . $fileInfo->getFilename()),
         );
     }
 
@@ -57,6 +59,11 @@ readonly class DirContent
         return $this->content;
     }
 
+    public function getMimeType(): string
+    {
+        return $this->mimeType;
+    }
+
     private function getHumanReadableSize(): string
     {
         $bytes = $this->size;

src/Security/Authenticator.php

@@ -3,15 +3,22 @@ declare(strict_types=1);
 
 namespace App\Security;
 
+use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
 
 class Authenticator extends AbstractAuthenticator
 {
+    public function __construct(private ClientRegistry $clientRegistry)
+    {
+    }
+
     public function supports(Request $request): ?bool
     {
         return $request->attributes->get('_route') === 'auth_callback';
@@ -19,15 +26,18 @@ class Authenticator extends AbstractAuthenticator
 
     public function authenticate(Request $request): Passport
     {
+        dd($this->clientRegistry->getClient('auth')->getAccessToken());
+
+        return new SelfValidatingPassport(new UserBadge(''));
     }
 
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
     {
-        // TODO: Implement onAuthenticationSuccess() method.
+        return null;
     }
 
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
-        // TODO: Implement onAuthenticationFailure() method.
+        dd($request );
     }
 }

src/Security/User.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Security;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class User implements UserInterface
+{
+    private string $email;
+
+    /**
+     * @var string[]
+     */
+    private array $roles = [];
+
+    public function getEmail(): ?string
+    {
+        return $this->email;
+    }
+
+    public function setEmail(string $email): static
+    {
+        $this->email = $email;
+
+        return $this;
+    }
+
+    public function getUserIdentifier(): string
+    {
+        return $this->email;
+    }
+
+    public function getRoles(): array
+    {
+        $roles = $this->roles;
+        $roles[] = 'ROLE_USER';
+
+        return array_unique($roles);
+    }
+
+    public function setRoles(array $roles): static
+    {
+        $this->roles = $roles;
+
+        return $this;
+    }
+
+    public function eraseCredentials(): void
+    {
+    }
+}

src/Security/UserProvider.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Security;
+
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use Psr\Http\Message\ResponseInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+
+class UserProvider extends AbstractProvider implements UserProviderInterface
+{
+    public function loadUserByIdentifier($identifier): UserInterface
+    {
+        return new User();
+    }
+
+    public function refreshUser(UserInterface $user): UserInterface
+    {
+        return $user;
+    }
+
+    public function supportsClass(string $class): bool
+    {
+        return User::class === $class || is_subclass_of($class, User::class);
+    }
+
+    public function getBaseAuthorizationUrl(): string
+    {
+        return 'https://oauth.simonis.lol/application/o/authorize/';
+    }
+
+    public function getBaseAccessTokenUrl(array $params): string
+    {
+        return 'https://oauth.simonis.lol/application/o/token/';
+    }
+
+    public function getResourceOwnerDetailsUrl(AccessToken $token): string
+    {
+        return 'https://oauth.simonis.lol/application/o/userinfo/';
+    }
+
+    protected function getDefaultScopes(): array
+    {
+        return ['profile', 'email', 'openid'];
+    }
+
+    protected function checkResponse(ResponseInterface $response, $data): void
+    {
+        if (isset($data['error'])) {
+            throw new IdentityProviderException($data['error'], $response->getStatusCode(), $response);
+        }
+    }
+
+    protected function createResourceOwner(array $response, AccessToken $token)
+    {
+        dd($response);
+    }
+}

src/Service/Security/Provider.php

@@ -1,43 +0,0 @@
-<?php
-declare(strict_types=1);
-
-namespace App\Service\Security;
-
-use League\OAuth2\Client\Provider\AbstractProvider;
-use League\OAuth2\Client\Provider\GenericResourceOwner;
-use League\OAuth2\Client\Token\AccessToken;
-use Psr\Http\Message\ResponseInterface;
-
-class Provider extends AbstractProvider
-{
-
-    public function getBaseAuthorizationUrl(): string
-    {
-        return 'https://oauth.simonis.lol/application/o/authorize/';
-    }
-
-    public function getBaseAccessTokenUrl(array $params): string
-    {
-        return 'https://oauth.simonis.lol/application/o/token/';
-    }
-
-    public function getResourceOwnerDetailsUrl(AccessToken $token)
-    {
-        return 'https://oauth.simonis.lol/application/o/userinfo/';
-    }
-
-    protected function getDefaultScopes(): array
-    {
-        return ['email', 'profile', 'openid'];
-    }
-
-    protected function checkResponse(ResponseInterface $response, $data)
-    {
-
-    }
-
-    protected function createResourceOwner(array $response, AccessToken $token)
-    {
-        dd($response);
-    }
-}

symfony.lock

@@ -81,6 +81,15 @@
             "src/Kernel.php"
         ]
     },
+    "symfony/maker-bundle": {
+        "version": "1.61",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "1.0",
+            "ref": "fadbfe33303a76e25cb63401050439aa9b1a9c7f"
+        }
+    },
     "symfony/routing": {
         "version": "7.1",
         "recipe": {

templates/file.html.twig

@@ -15,7 +15,11 @@
         </a>
 
         <div class="mt-6 text-gray-700 overflow-auto max-h-96">
-            <p class="whitespace-pre-wrap leading-relaxed break-all text-balance">{{ file.content|raw }}</p>
+            {% if file.mimeType starts with 'image' %}
+                <img src="{{ path('serve_file', {filePath: file.name}) }}" alt="">
+            {% else %}
+                <p class="whitespace-pre-wrap leading-relaxed break-all text-balance">{{ file.content|raw }}</p>
+            {% endif %}
         </div>
     </div>
 {% endblock %}

templates/home.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Home{% endblock %}
 
 {% block body %}
-    <center class="container mt-5">
+    <center class="container mt-5 mx-auto">
         {% include '_partials/_table.html.twig' %}
     </center>
 {% endblock %}