I am working on a project that is on expansion and needs to support multi-domain and multi-language.
I find that the way the standard routing is managed does not cover in an efficient way the project needs.
I found this: https://github.com/alexandresalome/multisite-bundle
It's find it good but I see the following drawbacks:
1) The bundle has not really much movement
2) The routing is set up at Controller/annotation level instead of yml file, what makes project hard to maintain.
Do you know any bundle/strategy based on symfony2 for this need? thanks a lot !!!
That doesn't solve the problem.
This is my scenario:
I have a parameter where I set up several hosts: landing_hosts, separated by “|”
I have some landings, that are only valid for those hosts, routing: landings
When a request comes, I can’t see any way to dynamically set the current host for the default => hosts entry.
I am forced to specify one, that is %domain%. This works this way because there is a cached file appDevUrlGenerator.php that is created at first time website is visited or ran the command app/cache cache:clear.
If I visit a landing page as host2, the urls and paths created inside twig templates will follow the hosts1 instead hosts2, and this is not valid.
// parameters.yml
parameters:
landing_hosts: host1|host2
main_host: host1
// routing.yml
landings:
host: "{hosts}"
path: /
defaults: { _controller: FrontendBundle:Landings:index }
requirements:
hosts: %landing_hosts%
defaults:
hosts: %main_host%
Related
I want to write a script that send notification mails to users and execute it every hour and I want it to match the server name that host the symfony site. I've already tried with $_SERVER but it's not defined and the solution on this post but there is no request with the console so it's does work.
Since there is no traditional 'web request/response' thing in console command, all URLs you generate with {{ path('...') }} in twig or $this->generateUrl('...') or similar controllers/services´, will be probablyhttp://localhost/...
To fix that, simply add: (if you're on symfony 5.1+)
# config/packages/routing.yaml
framework:
router:
# but you should move it to your .env file and user two differen env-variables for host and scheme
default_uri: 'https://you-site-hostname.com/'
or if you are using older version, put
router.request_context.scheme and router.request_context.host to you parameters. Like
# config/services.yaml
parameters:
router.request_context.scheme: 'https'
asset.request_context.host: 'you-site-hostname.com'
Take a look here: https://symfony.com/doc/current/routing.html#generating-urls-in-commands
And here (my personal advice) https://symfonycasts.com/screencast/mailer/route-context
I try to set up security per folder under src/ in Symfony. But I want a different set of security rules per main folder "General" and "Intranet" without having to prefix the routes... So I only have to prefix "Extranet"
Is that possible? I know that with a prefix in routing.yml it is very easy to do but that is not an option since the visible urls will suddenly change
The problem arises when we have to allow External users to our platform. For years it was only available for the companies' employees only but now external people must have access to certain pages. And some general routes (ajax calls etc) must be available for all
src/
Intranet/ => Open routes for internal users
SomeBundle
...
General/ => Open routes for all users
AnotherBundle
...
Extranet/ => Open routes for external users
TheBestBundle
...
Then the Extranet routes all get an extra prefix /extranet/. But I would like to have the other 2 (General and Intranet) without any prefix
# routing.yml
extranet:
resource: "#ExtranetBundle/Controller/"
prefix: /extranet/
Then with access control I take care of the /extranet routes
access_control:
# Login and the base_route "/" is always available
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# External users + Super admins + server IP's can only access urls starting with /extranet/
-
path: ^/extranet/*
roles: [ROLE_EXTERNAL_USER, ROLE_SUPER_ADMIN]
ips: !php/const:SomeBundle\SomeClass\ConstantProvider::ALLOWED_SERVER_IPS
# Some routes need to be available for both internal and external users
# but hopefully without having to prefix them
...
# All other routes are only for internal users and the right ip addresses
-
path: ^/*
role: ROLE_INTERNAL_USER
ips: !php/const:SomeBundle\SomeClass\ConstantProvider::ALLOWED_SERVER_IPS
Or maybe an idea of approaching this problem differently?
I Think the best approche is to use voter external user need to have a unique ROLE (EXTERNAL_ROLE) then you can use voter to deney resources you want to protect https://symfony.com/doc/current/security/voters.html so this way you can protect a resource based on a the logic not on the folder
I'm hoping someone can provide some ideas here. I'm playing around with some of the sample apps for the spring cloud gateway and going through the docs but I'm not seeing any way to route to self or do a global ignore. The idea here is that there are some paths that ALWAYS need to point to self, like for the actuator, and other that may need a global block (maybe for security reasons like you've found a severe vulnerability and need to disable access to a specific resource). Right now from what I can tell there is no way to do this, but I hope I'm wrong!
I've set up the app with the actuator running on port 8081 and the server on 8080.
I've got two simple rules:
- id: local_test_1
uri: http://localhost:80
order: 9000
predicates:
- Path=/echo
# =====================================
- id: local_test_2
uri: ${test.uri}
order: 10000
predicates:
- Path=/**
But the universal /** makes sure that any call to localhost:8081/actuator/* also gets routed to the uri. How can I exempt the management port from routing rules so the server itself will deal with the request?
I thought a default filter like - Path!=${management.server.port}/* might work, but it seems that != isn't supported.
I ran into this same problem when using a default route, but also needing to serve a custom post-logout page from the classpath. The default route would handle the request instead of the gateway itself. Without the default route the logout.html was served correctly.
I ended up moving the default route to a Java bean and used the fluent API like this:
#Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder) {
return builder.routes()
.route("default", r -> r
.order(Ordered.LOWEST_PRECEDENCE)
.path("/**")
.and().not(p -> p.path("/logout.html", "/logout.css"))
.uri("http://localhost:8080")
)
.build();
}
If someone knows of a way to do negation in the .yml configuration files that would be ideal, but I have yet to find an example of that in any docs.
You can use no://op as value for uri:.
The only disadvantage, that I see, is that any endpoint, which is not supposed to be found (like /actuator/foo) would still return 200 OK.
- id: local_test_1
uri: http://localhost:80
order: 9000
predicates:
- Path=/echo
# =====================================
- id: local_test_2
uri: ${test.uri}
order: 10000
predicates:
- Path=/**
Try add two space before - Path, the problem may be you config is not working.
maybe you can use - Path=/** and - setStatus=404 for its filter and for actuator route - Path=/actuator/** and - setStatus=ACCEPTED don't forget to uri: no://op for both
I am trying to configure HWIOAuth bundle to use dynamic client id. I have a service that can figure out what variable value to use depending on some request conditions.
Here's an expression in my HWI configuration, but can't seem to get it work:
hwi_oauth:
firewall_names:
- main
resource_owners:
auth:
client_id: "#=service('host.configmgr').GetClientIdParameter()"
client_secret: '%client_secret%'
The issue us with #=service('host.configmgr').GetClientIdParameter(). Can that even execute evaluate? The service is properly executes an used by another class somewhere else with success.
The %client_secret% parameter replacement works fine.
For more context, this part of the configuration lives in a dedicated file that is included in config.yml via { resource: hwiconfig.yml }
After some research looks like expressions are only supported for service definitions. This functionality is not supported for configurations outside services like the HWI bundle config.
I am applying this tutorial into symfony 2.4, I've finished the setup in the config.yml and everything, I managed to visit the admin/google/analytics page, but the problem is when I tried to authenticate with the parameters I've created in the config.yml file, it is searching for the scope, here is the parameters.
happy_r_google_analytics:
host: www.example.com
profile_id: MyProfileId
tracker_id: UA-TRACKER-ID
token_file_path: %kernel.root_dir%/var/storage
happy_r_google_api:
application_name: Project Default Service Account
oauth2_client_id: OAuthClientID
oauth2_client_secret: OAuthClientSecret
oauth2_redirect_uri: http://www.example.com/app_local.php/admin/google/analytics/oauth2callback
developer_key: DevelopperKey
site_name: http://www.example.com
I think there's no problem here, I've got no idea where I can set the scope so the google Api client can set it to https://www.googleapis.com/auth/analytics.readonly
You need to define a scope. If you use Google Auth, check Authorization scopes for it.
You must do something like:
$googleClient = new \Google_Client();
$googleClient->setScopes(array(
'https://www.googleapis.com/auth/plus.me',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
));