- Domain entity unique

- Domain controller re-written to be completely API driven
- API Auth is now stateless and required on all ^/api routes
- Deleted DomainApiController
- API Auth failure code is now 401

config/packages/security.yaml

@@ -41,6 +41,7 @@ security:
             pattern: ^/api/
             provider: app_user_provider
             access_denied_handler: App\Security\AccessTokenDeniedHandler
+            stateless: true
 
             access_token:
                 token_handler: App\Security\AccessTokenHandler
@@ -71,8 +72,8 @@ security:
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
+        - { path: ^/api/login, roles: PUBLIC_ACCESS }
 
 when@test:
     security:

config/services.yaml

@@ -32,3 +32,4 @@ services:
     Symfony\Component\Uid\Command\GenerateUuidCommand: ~
     Symfony\Component\Uid\Command\InspectUlidCommand: ~
     Symfony\Component\Uid\Command\InspectUuidCommand: ~
+    Symfony\Component\Serializer\Normalizer\FormErrorNormalizer: ~