wip

.ddev/config.yaml

@@ -7,8 +7,8 @@ xdebug_enabled: false
 additional_hostnames: []
 additional_fqdns: []
 database:
-    type: postgres
-    version: "17"
+    type: mariadb
+    version: "10.11"
 use_dns_when_possible: true
 composer_version: "2"
 web_environment: []

.gitea/workflows/build.yaml

@@ -7,14 +7,17 @@ on:
       - main
 jobs:
   build:
-    runs-on: remote
+    runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v1
+        with:
+          registry: git.simonis.lol
+          username: ${{ vars.DOCKER_USER }}
+          password: ${{ vars.DOCKER_PW }}
 
-      - name: Checkout
-        uses: https://git.simonis.lol/actions/checkout@v2
+      - name: build
+        run: docker build -t git.simonis.lol/sites/file-explorer:latest .
 
-      - name: Build
-        run: docker buildx build -t git.simonis.lol/projects/file-explorer:latest .
-
-      - name: Push
-        run: docker push git.simonis.lol/projects/file-explorer:latest
+      - name: push
+        run: docker push git.simonis.lol/sites/file-explorer:latest

composer.json

@@ -7,6 +7,7 @@
         "php": ">=8.2",
         "ext-ctype": "*",
         "ext-iconv": "*",
+        "knpuniversity/oauth2-client-bundle": "^2.18",
         "symfony/apache-pack": "^1.0",
         "symfony/asset-mapper": "^7.1",
         "symfony/console": "7.1.*",
@@ -15,16 +16,15 @@
         "symfony/flex": "^2",
         "symfony/form": "^7.1",
         "symfony/framework-bundle": "7.1.*",
-        "symfony/mime": "7.1.*",
         "symfony/runtime": "7.1.*",
+        "symfony/security-bundle": "7.1.*",
         "symfony/stimulus-bundle": "^2.22",
         "symfony/twig-bundle": "7.1.*",
         "symfony/ux-icons": "^2.22",
         "symfony/yaml": "7.1.*",
         "symfonycasts/tailwind-bundle": "^0.6.1",
         "twig/extra-bundle": "^2.12|^3.0",
-        "twig/twig": "^2.12|^3.0",
-        "ext-fileinfo": "*"
+        "twig/twig": "^2.12|^3.0"
     },
     "config": {
         "allow-plugins": {

config/bundles.php

@@ -8,4 +8,6 @@ return [
     Symfonycasts\TailwindBundle\SymfonycastsTailwindBundle::class => ['all' => true],
     Symfony\UX\StimulusBundle\StimulusBundle::class => ['all' => true],
     Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
+    KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
+    Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
 ];

config/packages/knpu_oauth2_client.yaml

@@ -0,0 +1,10 @@
+knpu_oauth2_client:
+    clients:
+        auth:
+            type: generic
+            provider_class: App\Service\Security\Provider
+
+            client_id: '%env(AUTHENTIK_CLIENT_ID)%'
+            client_secret: '%env(AUTHENTIK_CLIENT_SECRET)%'
+            redirect_route: auth_callback
+            redirect_params: {}

config/packages/security.yaml

@@ -0,0 +1,45 @@
+security:
+    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
+    password_hashers:
+        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
+    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
+    providers:
+        app_user_provider:
+            entity:
+                class: App\Entity\User
+                property: email
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        main:
+            lazy: true
+            provider: app_user_provider
+            custom_authenticators:
+                - App\Security\Authenticator
+
+            # activate different ways to authenticate
+            # https://symfony.com/doc/current/security.html#the-firewall
+
+            # https://symfony.com/doc/current/security/impersonating_user.html
+            # switch_user: true
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+        # - { path: ^/admin, roles: ROLE_ADMIN }
+        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: /, roles: ROLE_USER }
+
+when@test:
+    security:
+        password_hashers:
+            # By default, password hashers are resource intensive and take time. This is
+            # important to generate secure password hashes. In tests however, secure hashes
+            # are not important, waste resources and increase test times. The following
+            # reduces the work factor to the lowest possible values.
+            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
+                algorithm: auto
+                cost: 4 # Lowest possible value for bcrypt
+                time_cost: 3 # Lowest possible value for argon
+                memory_cost: 10 # Lowest possible value for argon

config/routes/security.yaml

@@ -0,0 +1,3 @@
+_security_logout:
+    resource: security.route_loader.logout
+    type: service

src/Controller/AuthenticationController.php

@@ -0,0 +1,19 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Controller;
+
+use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+
+class AuthenticationController extends AbstractController
+{
+    #[Route(path: '/auth/callback', name: 'auth_callback', methods: Request::METHOD_GET)]
+    public function __invoke(ClientRegistry $clientRegistry): Response
+    {
+        $clientRegistry->getClient('auth')->fetchUser();
+    }
+}

src/Controller/ServeFileController.php

@@ -1,28 +0,0 @@
-<?php declare(strict_types=1);
-
-namespace App\Controller;
-
-use App\Service\FileSystemService;
-use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\HttpFoundation\BinaryFileResponse;
-use Symfony\Component\HttpFoundation\ResponseHeaderBag;
-use Symfony\Component\Routing\Attribute\Route;
-
-class ServeFileController extends AbstractController
-{
-    public function __construct(private FileSystemService $fileSystemService)
-    {
-    }
-
-    #[Route("/serve/{filePath}", name: "serve_file")]
-    public function __invoke(string $filePath): BinaryFileResponse
-    {
-        $file = $this->fileSystemService->getFile($filePath);
-        $path = $file->getPath() . '/' . $file->getName();
-
-        $response = new BinaryFileResponse($path);
-        $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $file->getName());
-
-        return $response;
-    }
-}

src/Entity/User.php

@@ -0,0 +1,21 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Entity;
+
+use League\OAuth2\Client\Provider\ResourceOwnerInterface;
+
+class User implements ResourceOwnerInterface
+{
+    private int $id;
+
+    public function getId(): int
+    {
+        return $this->id;
+    }
+
+    public function toArray(): array
+    {
+        return ['id' => $this->id];
+    }
+}

src/Objects/DirContent.php

@@ -14,7 +14,6 @@ readonly class DirContent
         private string $type,
         private string $path,
         private string $content,
-        private string $mimeType,
     ) {
     }
 
@@ -25,8 +24,7 @@ readonly class DirContent
             $fileInfo->getSize() ?? 0,
             $fileInfo->getType() ?? 'N/A',
             $fileInfo->getPath(),
-            $content,
-            mime_content_type($fileInfo->getPath() . '/' . $fileInfo->getFilename()),
+            $content
         );
     }
 
@@ -59,11 +57,6 @@ readonly class DirContent
         return $this->content;
     }
 
-    public function getMimeType(): string
-    {
-        return $this->mimeType;
-    }
-
     private function getHumanReadableSize(): string
     {
         $bytes = $this->size;

src/Security/Authenticator.php

@@ -0,0 +1,33 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Security;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+
+class Authenticator extends AbstractAuthenticator
+{
+    public function supports(Request $request): ?bool
+    {
+        return $request->attributes->get('_route') === 'auth_callback';
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        // TODO: Implement onAuthenticationSuccess() method.
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        // TODO: Implement onAuthenticationFailure() method.
+    }
+}

src/Service/Security/Provider.php

@@ -0,0 +1,43 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Service\Security;
+
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\GenericResourceOwner;
+use League\OAuth2\Client\Token\AccessToken;
+use Psr\Http\Message\ResponseInterface;
+
+class Provider extends AbstractProvider
+{
+
+    public function getBaseAuthorizationUrl(): string
+    {
+        return 'https://oauth.simonis.lol/application/o/authorize/';
+    }
+
+    public function getBaseAccessTokenUrl(array $params): string
+    {
+        return 'https://oauth.simonis.lol/application/o/token/';
+    }
+
+    public function getResourceOwnerDetailsUrl(AccessToken $token)
+    {
+        return 'https://oauth.simonis.lol/application/o/userinfo/';
+    }
+
+    protected function getDefaultScopes(): array
+    {
+        return ['email', 'profile', 'openid'];
+    }
+
+    protected function checkResponse(ResponseInterface $response, $data)
+    {
+
+    }
+
+    protected function createResourceOwner(array $response, AccessToken $token)
+    {
+        dd($response);
+    }
+}

symfony.lock

@@ -1,4 +1,16 @@
 {
+    "knpuniversity/oauth2-client-bundle": {
+        "version": "2.18",
+        "recipe": {
+            "repo": "github.com/symfony/recipes-contrib",
+            "branch": "main",
+            "version": "1.20",
+            "ref": "1ff300d8c030f55c99219cc55050b97a695af3f6"
+        },
+        "files": [
+            "config/packages/knpu_oauth2_client.yaml"
+        ]
+    },
     "symfony/apache-pack": {
         "version": "1.0",
         "recipe": {
@@ -82,6 +94,19 @@
             "config/routes.yaml"
         ]
     },
+    "symfony/security-bundle": {
+        "version": "7.1",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "6.4",
+            "ref": "2ae08430db28c8eb4476605894296c82a642028f"
+        },
+        "files": [
+            "config/packages/security.yaml",
+            "config/routes/security.yaml"
+        ]
+    },
     "symfony/stimulus-bundle": {
         "version": "2.22",
         "recipe": {

templates/file.html.twig

@@ -15,11 +15,7 @@
         </a>
 
         <div class="mt-6 text-gray-700 overflow-auto max-h-96">
-            {% if file.mimeType starts with 'image' %}
-                <img src="{{ path('serve_file', {filePath: file.name}) }}" alt="">
-            {% else %}
-                <p class="whitespace-pre-wrap leading-relaxed break-all text-balance">{{ file.content|raw }}</p>
-            {% endif %}
+            <p class="whitespace-pre-wrap leading-relaxed break-all text-balance">{{ file.content|raw }}</p>
         </div>
     </div>
 {% endblock %}

templates/home.html.twig

@@ -3,7 +3,7 @@
 {% block title %}Home{% endblock %}
 
 {% block body %}
-    <center class="container mt-5 mx-auto">
+    <center class="container mt-5">
         {% include '_partials/_table.html.twig' %}
     </center>
 {% endblock %}