security:
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        default_provider:
            entity:
                class: App\Entity\User
                property: username
                manager_name: default
        api_token_provider:
            id: App\Security\ApiTokenUserProvider
    encoders:
        App\Entity\User:
            algorithm: 'argon2i'
            memory_cost:    16384
            time_cost:      2
            threads:        4
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        api:
            pattern: ^/api/
            anonymous: ~
            stateless: true
            simple_preauth:
                authenticator: App\Security\ApiTokenAuthenticator
            provider: api_token_provider
        main:
            pattern: ^/
            anonymous: ~
            provider: default_provider
            form_login:
                login_path: user_login
                check_path: user_login
            logout:
                path: user_logout
                target: /
            remember_me:
                secret: '%kernel.secret%'
                lifetime: 604800
                path: /
                always_remember_me: true


    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/api/v1/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api/, roles: ROLE_USER }
        - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }