PHPackages                             mortimer333/api-skeleton - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. mortimer333/api-skeleton

ActiveProject[API Development](/categories/api)

mortimer333/api-skeleton
========================

API Skeleton

022[1 PRs](https://github.com/Mortimer333/api-skeleton/pulls)PHP

Since Feb 19Pushed 2y ago1 watchersCompare

[ Source](https://github.com/Mortimer333/api-skeleton)[ Packagist](https://packagist.org/packages/mortimer333/api-skeleton)[ RSS](/packages/mortimer333-api-skeleton/feed)WikiDiscussions master Synced yesterday

READMEChangelog (1)DependenciesVersions (2)Used By (0)

Internal
========

[](#internal)

Security Cheat Sheet
--------------------

[](#security-cheat-sheet)

- check leaked passwords -

Swagger
-------

[](#swagger)

- routes will show on swagger only if name starts with `api.`

[nelmio/NelmioApiDocBundle#1990](https://github.com/nelmio/NelmioApiDocBundle/issues/1990)

Security
--------

[](#security)

- \#\[CurrentUser\] attribute doesn't work, use `Symfony\Component\Security\Core\Security::getUser()`instead - [symfony/symfony#40333](https://github.com/symfony/symfony/issues/40333)

CSRF Token
----------

[](#csrf-token)

if we have api platform the csrf token should be generated from FE and added to headers. Let's create it when user logs in, save in the cookie and reuse. It will have few infromation set in:

- browser
- system
- ip

This should be enough to determinate when user suddenly changed and log him out. We will be also adding salted app secret for csrf.

Email validation
----------------

[](#email-validation)

SECRETS
=======

[](#secrets)

We will be using symfony vault -

- can commit keys from config/secrets/dev/ on dev
- never commit private key - config/secrets/dev/dev.decrypt.private.php on PROD
    - run prod with `APP_RUNTIME_ENV=prod php bin/console secrets:generate-keys`
    - script to periodically change security keys by `secrets:generate-keys --rotate`
- To set new env: `php bin/console secrets:set [name]`

Fixtures
========

[](#fixtures)

To reset test DB and populate it new data use fixtures:

```
APP_ENV=test php bin/console doctrine:fixtures:load
```

or

```
make reset-test-env
```

TESTS
=====

[](#tests)

We are using [codeception](https://codeception.com/docs/Introduction) (which is base on [PHPUint](https://phpunit.readthedocs.io/en/9.5/index.html))

- Verify for BDD assertions (you will probably have to go to the entity class because codeception changed names of the functions - `vendor/codeception/verify/src/Codeception/Verify/Verifiers/VerifyAny.php`) - [https://github.com/Codeception/Verify/blob/master/docs/supported\_verifiers.md](https://github.com/Codeception/Verify/blob/master/docs/supported_verifiers.md)
- `php vendor/bin/codecept build` to generate methods after changing settings
-
- create Api suit and replace url with your local url:

```
actor: ApiTester
modules:
  enabled:
    - REST:
        url: http://api.boardmeister.local/ #
