**Course Title:** Mastering Symfony: Building Enterprise-Level PHP Applications **Section Title:** Building RESTful APIs with Symfony **Topic:** Develop a RESTful API for managing blog posts with token-based authentication (JWT).(Lab topic) **Objective:** In this lab, we will develop a RESTful API for managing blog posts using Symfony. We will implement CRUD (Create, Read, Update, Delete) operations and secure our API using token-based authentication with JWT (JSON Web Tokens). **Prerequisites:** * Familiarity with Symfony routing, controllers, and entities * Understanding of REST principles and API development * Knowledge of Doctrine ORM and database integration * Experience with Symfony Form component for building forms * Understanding of Symfony's security component and implementation of user authentication **Creating the Blog Post Entity:** We will start by creating the `BlogPost` entity. This entity will have the following properties: * `id` (primary key) * `title` * `content` * `author` * `createdAt` * `updatedAt` Create a new file `src/Entity/BlogPost.php` with the following code: ```php // src/Entity/BlogPost.php namespace App\Entity; use Doctrine\ORM\Mapping as ORM; use Symfony\Component\Validator\Constraints as Assert; /** * @ORM\Entity(repositoryClass="App\Repository\BlogPostRepository") */ class BlogPost { /** * @ORM\Id() * @ORM\GeneratedValue() * @ORM\Column(type="integer") */ private $id; /** * @ORM\Column(type="string", length=255) * @Assert\NotBlank() */ private $title; /** * @ORM\Column(type="text") * @Assert\NotBlank() */ private $content; /** * @ORM\Column(type="string", length=255) * @Assert\NotBlank() */ private $author; /** * @ORM\Column(type="datetime") */ private $createdAt; /** * @ORM\Column(type="datetime") */ private $updatedAt; // Getters and setters } ``` **Creating the Blog Post Controller:** Create a new file `src/Controller/BlogPostController.php` with the following code: ```php // src/Controller/BlogPostController.php namespace App\Controller; use App\Entity\BlogPost; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Serializer\SerializerInterface; use Symfony\Component\Validator\Validator\ValidatorInterface; /** * @Route("/api/blog-posts") */ class BlogPostController extends ControllerBase { /** * @Route("", methods={"GET"}) */ public function getAllBlogPosts() { $blogPosts = $this->getDoctrine()->getRepository(BlogPost::class)->findAll(); return $this->json($blogPosts); } /** * @Route("", methods={"POST"}) */ public function createBlogPost(Request $request) { $blogPost = new BlogPost(); $blogPost->setTitle($request->get('title')); $blogPost->setContent($request->get('content')); $blogPost->setAuthor($request->get('author')); $this->getDoctrine()->getRepository(BlogPost::class)->save($blogPost); return $this->json($blogPost); } /** * @Route("/{id}", methods={"GET"}) */ public function getBlogPost(BlogPost $blogPost) { return $this->json($blogPost); } /** * @Route("/{id}", methods={"PUT"}) */ public function updateBlogPost(BlogPost $blogPost, Request $request) { $blogPost->setTitle($request->get('title')); $blogPost->setContent($request->get('content')); $blogPost->setAuthor($request->get('author')); $this->getDoctrine()->getRepository(BlogPost::class)->update($blogPost); return $this->json($blogPost); } /** * @Route("/{id}", methods={"DELETE"}) */ public function deleteBlogPost(BlogPost $blogPost) { $this->getDoctrine()->getRepository(BlogPost::class)->delete($blogPost); return new Response(null, 204); } } ``` **Implementing JWT Authentication:** We will use the `LexikJWTAuthenticationBundle` to implement JWT authentication. Add the following dependencies to your `composer.json` file: ```json "lexik/jwt-authentication-bundle": "^2.7", "namshi/jose": "^7.0" ``` Then run the following command to install the dependencies: ```bash composer update ``` Create a new file `config/lexik_jwt_authentication.yaml` with the following code: ```yaml # config/lexik_jwt_authentication.yaml lexik_jwt_authentication: secret_key: '%kernel.project_dir%/config/jwt/private_key' public_key: '%kernel.project_dir%/config/jwt/public_key' pass_phrase: 'your_pass_phrase' token_ttl: 3600 token_extractor: cookies: true ``` **Securing the API:** Create a new file `config/security.yaml` with the following code: ```yaml # config/security.yaml security: providers: app: id: 'security.authentication.user_provider' firewalls: login: pattern: ^/api/login$ stateless: true provider: app guard: authenticators: - App\Security\TokenAuthenticator api: pattern: ^/api stateless: true provider: app guard: authenticators: - App\Security\TokenAuthenticator jwt: use_forward_listener: guard jwt_provider: lexik_jwt_authentication.security.jwt_provider.service access_control: - { path: ^/api, roles: [IS_AUTHENTICATED_FULLY] } ``` **Testing the API:** You can test the API using Postman or cURL. To obtain a JWT token, send a POST request to the `/api/login` endpoint with the following JSON payload: ```json { "username": "your_username", "password": "your_password" } ``` In response, you should receive a JWT token. Use this token to authenticate your subsequent requests. This is just a basic example to get you started. You may want to add additional features such as user registration, password reset, and role-based access control. **Leave a comment/ask for help:** If you have any questions or need further assistance, feel free to leave a comment below. **Next topic:** Introduction to Symfony Services and the Service Container In the next topic, we will cover the basics of Symfony services and the service container. We will learn how to create and use services to organize and structure our code. Please let us know if you have any questions or need further clarification on any of the topics covered in this lab.