Add documentation about KiCad self-signed certificate issues

Co-authored-by: jbtronics <5410681+jbtronics@users.noreply.github.com>

config/reference.php

@@ -474,7 +474,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  *         max_host_connections?: int, // The maximum number of connections to a single host.
  *         default_options?: array{
  *             headers?: array<string, mixed>,
- *             vars?: list<mixed>,
+ *             vars?: array<string, mixed>,
  *             max_redirects?: int, // The maximum number of redirects to follow.
  *             http_version?: scalar|null, // The default HTTP version, typically 1.1 or 2.0, leave to null for the best version.
  *             resolve?: array<string, scalar|null>,
@@ -497,7 +497,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  *                 md5?: mixed,
  *             },
  *             crypto_method?: scalar|null, // The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.
- *             extra?: list<mixed>,
+ *             extra?: array<string, mixed>,
  *             rate_limiter?: scalar|null, // Rate limiter name to use for throttling requests. // Default: null
  *             caching?: bool|array{ // Caching configuration.
  *                 enabled?: bool, // Default: false
@@ -550,7 +550,7 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  *                 md5?: mixed,
  *             },
  *             crypto_method?: scalar|null, // The minimum version of TLS to accept; must be one of STREAM_CRYPTO_METHOD_TLSv*_CLIENT constants.
- *             extra?: list<mixed>,
+ *             extra?: array<string, mixed>,
  *             rate_limiter?: scalar|null, // Rate limiter name to use for throttling requests. // Default: null
  *             caching?: bool|array{ // Caching configuration.
  *                 enabled?: bool, // Default: false
@@ -1677,6 +1677,12 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  *         post_processors?: array<string, array<string, mixed>>,
  *     },
  * }
+ * @psalm-type DamaDoctrineTestConfig = array{
+ *     enable_static_connection?: mixed, // Default: true
+ *     enable_static_meta_data_cache?: bool, // Default: true
+ *     enable_static_query_cache?: bool, // Default: true
+ *     connection_keys?: list<mixed>,
+ * }
  * @psalm-type TwigExtraConfig = array{
  *     cache?: bool|array{
  *         enabled?: bool, // Default: false
@@ -2244,9 +2250,9 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  *             destinationStrictlyMatches?: bool,
  *             allowRepeatAttributeName?: bool,
  *             rejectUnsolicitedResponsesWithInResponseTo?: bool,
- *             signatureAlgorithm?: "http:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1"|"http:\/\/www.w3.org\/2000\/09\/xmldsig#dsa-sha1"|"http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256"|"http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha384"|"http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha512",
- *             digestAlgorithm?: "http:\/\/www.w3.org\/2000\/09\/xmldsig#sha1"|"http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256"|"http:\/\/www.w3.org\/2001\/04\/xmldsig-more#sha384"|"http:\/\/www.w3.org\/2001\/04\/xmlenc#sha512",
- *             encryption_algorithm?: "http:\/\/www.w3.org\/2001\/04\/xmlenc#tripledes-cbc"|"http:\/\/www.w3.org\/2001\/04\/xmlenc#aes128-cbc"|"http:\/\/www.w3.org\/2001\/04\/xmlenc#aes192-cbc"|"http:\/\/www.w3.org\/2001\/04\/xmlenc#aes256-cbc"|"http:\/\/www.w3.org\/2009\/xmlenc11#aes128-gcm"|"http:\/\/www.w3.org\/2009\/xmlenc11#aes192-gcm"|"http:\/\/www.w3.org\/2009\/xmlenc11#aes256-gcm",
+ *             signatureAlgorithm?: "http://www.w3.org/2000/09/xmldsig#rsa-sha1"|"http://www.w3.org/2000/09/xmldsig#dsa-sha1"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"|"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
+ *             digestAlgorithm?: "http://www.w3.org/2000/09/xmldsig#sha1"|"http://www.w3.org/2001/04/xmlenc#sha256"|"http://www.w3.org/2001/04/xmldsig-more#sha384"|"http://www.w3.org/2001/04/xmlenc#sha512",
+ *             encryption_algorithm?: "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"|"http://www.w3.org/2001/04/xmlenc#aes128-cbc"|"http://www.w3.org/2001/04/xmlenc#aes192-cbc"|"http://www.w3.org/2001/04/xmlenc#aes256-cbc"|"http://www.w3.org/2009/xmlenc11#aes128-gcm"|"http://www.w3.org/2009/xmlenc11#aes192-gcm"|"http://www.w3.org/2009/xmlenc11#aes256-gcm",
  *             lowercaseUrlencoding?: bool,
  *         },
  *         contactPerson?: array{
@@ -2634,12 +2640,6 @@ namespace Symfony\Component\DependencyInjection\Loader\Configurator;
  *         ...<mixed>
  *     },
  * }
- * @psalm-type DamaDoctrineTestConfig = array{
- *     enable_static_connection?: mixed, // Default: true
- *     enable_static_meta_data_cache?: bool, // Default: true
- *     enable_static_query_cache?: bool, // Default: true
- *     connection_keys?: list<mixed>,
- * }
  * @psalm-type ConfigType = array{
  *     imports?: ImportsConfig,
  *     parameters?: ParametersConfig,

config/services.yaml

@@ -33,8 +33,8 @@ services:
     App\:
         resource: '../src/'
         exclude:
-            - '../src/DataFixtures/'
-            - '../src/Doctrine/Purger/'
+            - '../src/Entity/'
+            - '../src/Helpers/'
 
     # controllers are imported separately to make sure services can be injected
     # as action arguments even if you don't extend any base controller class
@@ -274,21 +274,12 @@ services:
         tags:
             - { name: monolog.processor }
 
+    App\Doctrine\Purger\ResetAutoIncrementPurgerFactory:
+        tags:
+            - { name: 'doctrine.fixtures.purger_factory', alias: 'reset_autoincrement_purger' }
+
 when@test: &test
     services:
-
-        App\DataFixtures\:
-            resource: '../src/DataFixtures/'
-            autoconfigure: true
-            autowire: true
-
-        App\Doctrine\Purger\:
-            resource: '../src/Doctrine/Purger/'
-
-        App\Doctrine\Purger\ResetAutoIncrementPurgerFactory:
-            tags:
-                - { name: 'doctrine.fixtures.purger_factory', alias: 'reset_autoincrement_purger' }
-
         # Decorate the doctrine fixtures load command to use our custom purger by default
         doctrine.fixtures_load_command.custom:
             decorates: doctrine.fixtures_load_command
@@ -297,6 +288,3 @@ when@test: &test
                 - '@doctrine.fixtures.loader'
                 - '@doctrine'
                 - { default: '@App\Doctrine\Purger\DoNotUsePurgerFactory' }
-
-when@dev:
-    *test

docs/troubleshooting.md

@@ -50,6 +50,21 @@ docker-compose logs -f
 
 Please include the error logs in your issue on GitHub, if you open an issue.
 
+## KiCad Integration Issues
+
+### "API responded with error code: 0: Unknown"
+
+If you get this error when trying to connect KiCad to Part-DB, it is most likely caused by KiCad not trusting your SSL/TLS certificate.
+
+**Cause:** KiCad does not trust self-signed SSL/TLS certificates.
+
+**Solutions:**
+- Use HTTP instead of HTTPS for the `root_url` in your KiCad library configuration (only recommended for local networks)
+- Use a certificate from a trusted Certificate Authority (CA) like [Let's Encrypt](https://letsencrypt.org/)
+- Add your self-signed certificate to the system's trusted certificate store on the computer running KiCad (the exact steps depend on your operating system)
+
+For more information about KiCad integration, see the [EDA / KiCad integration](../usage/eda_integration.md) documentation.
+
 ## Report Issue
 
 If an error occurs, or you found a bug, please [open an issue on GitHub](https://github.com/Part-DB/Part-DB-server).

docs/usage/eda_integration.md

@@ -22,6 +22,16 @@ This also allows to configure available and usable parts and their properties in
 Part-DB should be accessible from the PCs with KiCad. The URL should be stable (so no dynamically changing IP).
 You require a user account in Part-DB, which has permission to access the Part-DB API and create API tokens. Every user can have their own account, or you set up a shared read-only account.
 
+{: .warning }
+> **HTTPS with Self-Signed Certificates**
+> 
+> KiCad does not trust self-signed SSL/TLS certificates. If your Part-DB instance uses HTTPS with a self-signed certificate, KiCad will fail to connect and show an error like: `API responded with error code: 0: Unknown`.
+> 
+> To resolve this issue, you have the following options:
+> - Use HTTP instead of HTTPS for the `root_url` (only recommended for local networks)
+> - Use a certificate from a trusted Certificate Authority (CA) like [Let's Encrypt](https://letsencrypt.org/)
+> - Add your self-signed certificate to the system's trusted certificate store on the computer running KiCad (the exact steps depend on your operating system)
+
 To connect KiCad with Part-DB do the following steps:
 
 1. Create an API token on the user settings page for the KiCad application and copy/save it when it is shown. Currently, KiCad can only read the Part-DB database, so a token with a read-only scope is enough.