<?phpdeclare(strict_types=1);namespace App\Program\Security\Authenticator;use App\Program\Gateway\ProgramGateway;use Symfony\Component\HttpFoundation\JsonResponse;use Symfony\Component\HttpFoundation\Request;use Symfony\Component\HttpFoundation\Response;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Exception\AuthenticationException;use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;use Symfony\Component\Security\Http\Authenticator\Passport\Passport;use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;final class ApiAuthenticator extends AbstractAuthenticator{ public function __construct(private ProgramGateway $userLoader) { } public function supports(Request $request): ?bool { return $request->headers->has('X-AUTH-TOKEN'); } public function authenticate(Request $request): Passport { $apiKey = $request->headers->get('X-AUTH-TOKEN'); if (null === $apiKey) { throw new CustomUserMessageAuthenticationException('No API key provided'); } return new SelfValidatingPassport(new UserBadge($apiKey, [$this->userLoader, 'loadUserByIdentifier'])); } public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response { return null; } public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { $data = [ 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()), ]; return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); }}