Closed ansidev closed 1 year ago
I think it's best to only apply this middleware to certain endpoints then, like this:
app.Use("/api/v1/protected", keyauth.New(keyauth.Config{
KeyLookup: "cookie:access_token",
ContextKey: "my_token",
}))
Or define a custom ErrorHandler
and handle ErrMissingOrMalformedAPIKey
by yourself.
@ansidev Does the suggestion from @leonklingele fixes your issue?
You can also skip the middleware by defining a custom Filter
func, which when returning true
, will not call the middleware: https://github.com/gofiber/keyauth/blob/725ab4a5e604a1f637c2c80583eb792f5d7c7694/main.go#L21-L23
Currently, if the key is missing, the ErrorHandler will be called.
In some cases, I want to apply this middleware globally, so with this behaviour, some public endpoint that does not need authentication will be failed.
I think it would be better if we can skip this middleware if the client does not submit the key (only call error handler if the key is malformed).