security:
    # https://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    encoders:
        App\Entity\User:
            algorithm: bcrypt
            cost: 12
    providers:
        user_provider:
            entity:
                class: App\Entity\User
                property: username
        api_provider:
            entity:
                class: App\Entity\CustomerUser
                property: api_key
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        new_rider_api_login:
            pattern: ^\/rider_api\/login$
            methods: [POST]
            security: false

        login:
            pattern: ^\/login$
            methods: [GET]
            security: false

        tracker:
            pattern: ^\/track\/
            methods: [GET]
            security: false

        api:
            pattern: ^\/api\/
            security: false

        sms:
            pattern: ^/sms\/
            security: false

        rider_api:
            pattern: ^\/rapi\/
            security: false

        test_capi:
            pattern: ^\/test_capi\/
            security: false

        cust_api_v2:
            pattern: ^\/apiv2\/(?!register|register\/|number_confirm|number_confirm\/|code_validate|code_validate\/)
            provider: api_provider
            access_denied_handler: Catalyst\ApiBundle\Service\AccessDeniedHandler
            stateless: true
            guard: 
                authenticators:
                    - Catalyst\ApiBundle\Security\Authenticator

        cust_api_v2_guest:
            pattern: ^\/apiv2\/(register|register\/|number_confirm|number_confirm\/|code_validate|code_validate\/)
            security: false

        warranty_api:
            pattern: ^\/capi\/
            provider: api_provider
            access_denied_handler: Catalyst\ApiBundle\Service\AccessDeniedHandler
            stateless: true
            guard: 
                authenticators:
                    - Catalyst\ApiBundle\Security\Authenticator

        new_rider_api:
            pattern: ^\/rider_api\/
            provider: api_provider
            access_denied_handler: Catalyst\ApiBundle\Service\AccessDeniedHandler
            stateless: true
            guard: 
                authenticators:
                    - Catalyst\ApiBundle\Security\Authenticator

        third_party_api:
            pattern: ^\/tapi\/
            provider: api_provider
            access_denied_handler: Catalyst\ApiBundle\Service\AccessDeniedHandler
            stateless: true
            guard: 
                authenticators:
                    - Catalyst\ApiBundle\Security\Authenticator

        main:
            provider: user_provider
            form_login:
                login_path: login
                check_path: login
            logout:
                path: logout
                target: /
            remember_me:
                secret: '%env(APP_SECRET)%'
                lifetime: 604800
                path: /
            user_checker: Catalyst\AuthBundle\Service\UserChecker
            switch_user: { role: ROLE_SUPER_ADMIN }

            # activate different ways to authenticate

            # http_basic: ~
            # https://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate

            # form_login: ~
            # https://symfony.com/doc/current/cookbook/security/form_login_setup.html

    access_decision_manager:
        strategy: unanimous