fix!: remove apiKey option (#1585)

README.md

@@ -108,13 +108,6 @@ to list all the options for the plugin run:
 
 All CLI options are optional:
 
-#### apiKey
-
-_This option is deprecated and will be removed in the next major version. If you want to specify the apiKey value yourself, please define it under 'provider.apiGateway.apiKeys' in the serverless config._
-
-Defines the API key value to be used for endpoints marked as private.<br />
-Defaults to a random value.
-
 #### corsAllowHeaders
 
 Used as default Access-Control-Allow-Headers header value for responses. Delimit multiple values with commas.<br />
@@ -478,7 +471,7 @@ By default layers are downloaded on a per-project basis, however, if you want to
 
 As defined in the [Serverless Documentation](https://serverless.com/framework/docs/providers/aws/events/apigateway/#setting-api-keys-for-your-rest-api) you can use API Keys as a simple authentication method.
 
-Serverless-offline will emulate the behaviour of APIG and create a random token that's printed on the screen. With this token you can access your private methods adding `x-api-key: generatedToken` to your request header. All api keys will share the same token. To specify a custom token use the `--apiKey` cli option.
+Serverless-offline will emulate the behaviour of APIG and create a random token that's printed on the screen. With this token you can access your private methods adding `x-api-key: generatedToken` to your request header. All api keys will share the same token.
 
 ### Custom authorizers
 

src/config/commandOptions.js

@@ -1,9 +1,4 @@
 export default {
-  apiKey: {
-    type: 'string',
-    usage:
-      '[This option is deprecated] Defines the API key value to be used for endpoints marked as private. Defaults to a random hash.',
-  },
   corsAllowHeaders: {
     type: 'string',
     usage:

src/config/defaultOptions.js

@@ -1,5 +1,4 @@
 export default {
-  apiKey: null,
   corsAllowHeaders: 'accept,content-type,x-api-key,authorization',
   corsAllowOrigin: '*',
   corsDisallowCredentials: true,

src/events/http/HttpServer.js

@@ -20,7 +20,6 @@ import {
 import LambdaProxyIntegrationEventV2 from './lambda-events/LambdaProxyIntegrationEventV2.js'
 import parseResources from './parseResources.js'
 import payloadSchemaValidator from './payloadSchemaValidator.js'
-import { orange } from '../../config/colors.js'
 import logRoutes from '../../utils/logRoutes.js'
 import {
   createApiKey,
@@ -895,16 +894,6 @@ export default class HttpServer {
     if (!this.#hasPrivateHttpEvent && httpEvent.private) {
       this.#hasPrivateHttpEvent = true
 
-      if (this.#options.apiKey) {
-        log.notice()
-        log.warning(
-          orange(`'--apiKey' is deprecated and will be removed in the next major version.
-  Please define the apiKey value in the 'provider.apiGateway.apiKeys' section of the serverless config.
-  If you are experiencing any issues please let us know: https://github.com/dherault/serverless-offline/issues`),
-        )
-        log.notice()
-      }
-
       if (this.#options.noAuth) {
         log.notice(
           `Authorizers are turned off. You do not need to use 'x-api-key' header.`,
@@ -914,15 +903,13 @@ export default class HttpServer {
       }
 
       if (this.#apiKeysValues == null) {
-        const apiKey = this.#options.apiKey ?? createApiKey()
-
-        log.notice(`Key with token: ${apiKey}`)
+        const apiKey = createApiKey()
 
         this.#apiKeysValues = getApiKeysValues(
-          this.#serverless.service.provider.apiGateway?.apiKeys ?? [],
+          this.#serverless.service.provider.apiGateway?.apiKeys ?? [apiKey],
         )
 
-        this.#apiKeysValues.add(apiKey)
+        log.notice(`Key with token: ${apiKey}`)
       }
     }
 

tests/old-unit/offline.test.js

@@ -30,88 +30,6 @@ describe('Offline', () => {
     })
   })
 
-  describe('with private function', () => {
-    let offline
-    let server
-    const validToken = 'valid-token'
-
-    beforeEach(async () => {
-      offline = new OfflineBuilder(new ServerlessBuilder(), {
-        apiKey: validToken,
-      }).addFunctionConfig('fn2', {
-        events: [
-          {
-            http: {
-              method: 'GET',
-              path: 'fn2',
-              private: true,
-            },
-          },
-        ],
-        handler: 'tests/old-unit/fixtures/handler.basicAuthentication1',
-      })
-
-      server = await offline.toObject()
-    })
-
-    afterEach(async () => {
-      await offline.end(true)
-    })
-
-    it('should return bad request with no token', async () => {
-      const res = await server.inject({
-        method: 'GET',
-        url: '/dev/fn2',
-      })
-
-      assert.strictEqual(res.statusCode, 403)
-      assert.strictEqual(
-        res.payload,
-        stringify({
-          message: 'Forbidden',
-        }),
-      )
-      assert.strictEqual(res.headers['x-amzn-errortype'], 'ForbiddenException')
-    })
-
-    it('should return forbidden if token is wrong', async () => {
-      const res = await server.inject({
-        headers: {
-          'x-api-key': 'random string',
-        },
-        method: 'GET',
-        url: '/dev/fn2',
-      })
-
-      assert.strictEqual(res.statusCode, 403)
-      assert.strictEqual(
-        res.payload,
-        stringify({
-          message: 'Forbidden',
-        }),
-      )
-      assert.strictEqual(res.headers['x-amzn-errortype'], 'ForbiddenException')
-    })
-
-    it('should return the function executed correctly', async () => {
-      const res = await server.inject({
-        headers: {
-          'x-api-key': validToken,
-        },
-        method: 'GET',
-        url: '/dev/fn2',
-      })
-
-      assert.strictEqual(res.statusCode, 200)
-      assert.strictEqual(
-        res.payload,
-        stringify({
-          message: 'Private Function Executed Correctly',
-        }),
-      )
-    })
-  })
-
   describe('with private function and noAuth option set', () => {
     let offline
     let server