From 60e36dc7df5c271cd51ab27b4853a844828f4117 Mon Sep 17 00:00:00 2001
From: Ilya Vasilenko <i.vasilenko@iqdev.digital>
Date: Tue, 2 Jul 2024 11:20:47 +0500
Subject: [PATCH 1/2] roles & swagger

---
 app/config/packages/security.yaml             | 13 +---
 app/src/Controller/AuthController.php         | 76 ++++++++++++++++---
 app/src/Controller/ProfileController.php      |  5 +-
 app/src/Entity/User.php                       |  5 +-
 app/src/Service/Dto/Classes/LoginDto.php      | 12 +++
 app/src/Service/Dto/Classes/TokenDto.php      | 12 +++
 .../Response/Classes/TokenResponse.php        | 11 ++-
 7 files changed, 105 insertions(+), 29 deletions(-)
 create mode 100644 app/src/Service/Dto/Classes/LoginDto.php
 create mode 100644 app/src/Service/Dto/Classes/TokenDto.php

diff --git a/app/config/packages/security.yaml b/app/config/packages/security.yaml
index ffde54b..b456202 100644
--- a/app/config/packages/security.yaml
+++ b/app/config/packages/security.yaml
@@ -46,22 +46,13 @@ security:
         - { path: ^/api/doc, roles: PUBLIC_ACCESS }
 
         - { path: ^/api/register, roles: PUBLIC_ACCESS }
-        - { path: ^/api/register/send, roles: ROLE_USER }
-        - { path: ^/api/register/check, roles: ROLE_USER }
-
         - { path: ^/api/password/reset/check, roles: PUBLIC_ACCESS }
-        - { path: ^/api/password/reset, roles: ROLE_USER }
         - { path: ^/api/password/send, roles: PUBLIC_ACCESS }
-
         - { path: ^/api/profile/recovery, roles: PUBLIC_ACCESS }
         - { path: ^/api/profile/recovery/check, roles: PUBLIC_ACCESS }
-        - { path: ^/api/profile/reset/email, roles: ROLE_USER }
-        - { path: ^/api/profile/reset/field, roles: ROLE_USER }
-        - { path: ^/api/profile/change, roles: ROLE_USER }
-        - { path: ^/api/profile, roles: ROLE_USER }
-        - { path: ^/api,       roles: ROLE_CONFIRMED }
+
+        - { path: ^/api,       roles: ROLE_USER }
         # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
 
 when@test:
     security:
diff --git a/app/src/Controller/AuthController.php b/app/src/Controller/AuthController.php
index cc257a8..7805307 100644
--- a/app/src/Controller/AuthController.php
+++ b/app/src/Controller/AuthController.php
@@ -4,12 +4,15 @@ namespace App\Controller;
 
 use App\Service\Action\ActionServiceInterface;
 use App\Service\Dto\Classes\ChangePasswordDto;
+use App\Service\Dto\Classes\LoginDto;
 use App\Service\Dto\Classes\RecoveryDto;
 use App\Service\Dto\Classes\RegisterCodeDto;
 use App\Service\Dto\Classes\RegisterDto;
 use App\Service\Dto\Classes\ResetPasswordCodeDto;
 use App\Service\Response\Classes\Response;
+use App\Service\Response\Classes\TokenResponse;
 use Nelmio\ApiDocBundle\Annotation\Model;
+use Nelmio\ApiDocBundle\Annotation\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -18,19 +21,37 @@ use OpenApi\Attributes as OA;
 
 #[Route('/api', name: 'api_')]
 #[OA\Tag(name: 'Авторизация')]
-#[OA\Response(
-    response: 200,
-    description: 'Ответ',
-    content: new OA\JsonContent(
-        ref: new Model(type: Response::class, groups: ["message"])
-    )
-)]
 class AuthController extends AbstractController
 {
+    #[Route('/login', name: 'get_token', methods: ['POST'])]
+    #[OA\RequestBody(
+        content: new OA\JsonContent(ref: new Model(type: LoginDto::class))
+    )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: TokenResponse::class, groups: ["message", "data"])
+        )
+    )]
+    #[Security(name: null)]
+    public function getToken()
+    {
+        // Заглушка для Swagger
+    }
+
     #[Route('/register', name: 'register', methods: ['POST'])]
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: RegisterDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
+    #[Security(name: null)]
     public function register(
         #[Autowire(service: 'action.register')]
         ActionServiceInterface $actionService
@@ -39,7 +60,14 @@ class AuthController extends AbstractController
         return $actionService->getResponse();
     }
 
-    #[Route('/register/send', name: 'register_send', methods: ['GET'])]
+    #[Route('/email/send', name: 'email_send', methods: ['GET'])]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
     public function sendRegisterCode(
         #[Autowire(service: 'action.register.send')]
         ActionServiceInterface $actionService,
@@ -48,10 +76,17 @@ class AuthController extends AbstractController
         return $actionService->getResponse();
     }
 
-    #[Route('/register/check', name: 'register_check', methods: ['POST'])]
+    #[Route('/email/check', name: 'email_check', methods: ['POST'])]
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: RegisterCodeDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
     public function checkRegisterCode(
         #[Autowire(service: 'action.register.code')]
         ActionServiceInterface $actionService
@@ -64,6 +99,13 @@ class AuthController extends AbstractController
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: ChangePasswordDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
     public function resetPassword(
         #[Autowire(service: 'action.reset.password.change')]
         ActionServiceInterface $actionService
@@ -76,6 +118,14 @@ class AuthController extends AbstractController
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: RecoveryDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
+    #[Security(name: null)]
     public function sendResetPassword(
         #[Autowire(service: 'action.reset.password.send')]
         ActionServiceInterface $actionService
@@ -88,6 +138,14 @@ class AuthController extends AbstractController
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: ResetPasswordCodeDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
+    #[Security(name: null)]
     public function resetCheckPassword(
         #[Autowire(service: 'action.reset.password.code')]
         ActionServiceInterface $actionService
diff --git a/app/src/Controller/ProfileController.php b/app/src/Controller/ProfileController.php
index 8386604..d4a2e26 100644
--- a/app/src/Controller/ProfileController.php
+++ b/app/src/Controller/ProfileController.php
@@ -13,6 +13,7 @@ use App\Service\Response\Classes\QuestsResponse;
 use App\Service\Response\Classes\Response;
 use App\Service\Response\Classes\ReviewsResponse;
 use Nelmio\ApiDocBundle\Annotation\Model;
+use Nelmio\ApiDocBundle\Annotation\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -114,6 +115,7 @@ class ProfileController extends AbstractController
             ref: new Model(type: Response::class, groups: ["message"])
         )
     )]
+    #[Security(name: null)]
     public function recoveryProfile(
         #[Autowire(service: 'action.recovery.send')]
         ActionServiceInterface $actionService,
@@ -133,6 +135,7 @@ class ProfileController extends AbstractController
             ref: new Model(type: Response::class, groups: ["message"])
         )
     )]
+    #[Security(name: null)]
     public function recoveryCodeProfile(
         #[Autowire(service: 'action.recovery.code')]
         ActionServiceInterface $actionService,
@@ -160,7 +163,7 @@ class ProfileController extends AbstractController
         return $actionService->getResponse();
     }
 
-    #[Route('/profile/reset/email', name: 'profile_reset_email', methods: ['GET'])]
+    #[Route('/profile/email/reset', name: 'profile_email_reset', methods: ['GET'])]
     #[OA\Response(
         response: 200,
         description: 'Ответ',
diff --git a/app/src/Entity/User.php b/app/src/Entity/User.php
index 89d0897..811175c 100644
--- a/app/src/Entity/User.php
+++ b/app/src/Entity/User.php
@@ -149,13 +149,10 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     {
         $roles = $this->roles;
         // guarantee every user at least has ROLE_USER
-        $roles[] = 'ROLE_USER';
         if ($this->isDeleted()) {
             $roles[] = 'ROLE_DELETED';
-        } else if ($this->isConfirm()) {
-            $roles[] = 'ROLE_CONFIRMED';
         } else {
-            $roles[] = 'ROLE_NOT_CONFIRMED';
+            $roles[] = 'ROLE_USER';
         }
 
         return array_unique($roles);
diff --git a/app/src/Service/Dto/Classes/LoginDto.php b/app/src/Service/Dto/Classes/LoginDto.php
new file mode 100644
index 0000000..e86800c
--- /dev/null
+++ b/app/src/Service/Dto/Classes/LoginDto.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Service\Dto\Classes;
+
+use App\Service\Dto\BaseDto;
+
+class LoginDto extends BaseDto
+{
+    public ?string $email = null;
+
+    public ?string $password = null;
+}
\ No newline at end of file
diff --git a/app/src/Service/Dto/Classes/TokenDto.php b/app/src/Service/Dto/Classes/TokenDto.php
new file mode 100644
index 0000000..59d98cc
--- /dev/null
+++ b/app/src/Service/Dto/Classes/TokenDto.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Service\Dto\Classes;
+
+use App\Service\Dto\BaseDto;
+use Symfony\Component\Serializer\Annotation\Groups;
+
+class TokenDto extends BaseDto
+{
+    #[Groups(['data'])]
+    public string $token;
+}
\ No newline at end of file
diff --git a/app/src/Service/Response/Classes/TokenResponse.php b/app/src/Service/Response/Classes/TokenResponse.php
index c97b562..937e1d6 100644
--- a/app/src/Service/Response/Classes/TokenResponse.php
+++ b/app/src/Service/Response/Classes/TokenResponse.php
@@ -2,6 +2,7 @@
 
 namespace App\Service\Response\Classes;
 
+use App\Service\Dto\Classes\TokenDto;
 use Symfony\Component\DependencyInjection\Attribute\AsAlias;
 use Symfony\Component\Serializer\Annotation\Groups;
 
@@ -9,13 +10,15 @@ use Symfony\Component\Serializer\Annotation\Groups;
 class TokenResponse extends Response
 {
     /**
-     * @var array
+     * @var TokenDto
      */
     #[Groups(["data"])]
-    public array $data;
+    public TokenDto $data;
 
-    public function setToken(string $token)
+    public function setToken(string $token): void
     {
-        $this->data = ['token' => $token];
+        $dto = new TokenDto();
+        $dto->token = $token;
+        $this->data = $dto;
     }
 }
\ No newline at end of file
-- 
GitLab


From fe33ef9b0a251138ecd6cf87a2c27fb4f32a3824 Mon Sep 17 00:00:00 2001
From: Ilya Vasilenko <i.vasilenko@iqdev.digital>
Date: Tue, 2 Jul 2024 11:26:00 +0500
Subject: [PATCH 2/2] README

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index a6a08a1..aeae18f 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,10 @@
 
 </details>
 
+## Postman
+
+Импортировать в Postman `{URL}/api/doc.json`
+
 ## Настройка Xdebug (PHPStorm)
 <details>
 <summary>Инструкция</summary>
-- 
GitLab