feat: deprecate api keys option (#1571)

dherault · Sep 15, 2022 · 7b03efe · 7b03efe
1 parent 654cdab
commit 7b03efe
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -109,7 +109,7 @@ to list all the options for the plugin run:
 All CLI options are optional:
 
 ```
---apiKey                    Defines the API key value to be used for endpoints marked as private Defaults to a random hash.
+--apiKey                    [This option is deprecated] Defines the API key value to be used for endpoints marked as private. Defaults to a random hash.
 --corsAllowHeaders          Used as default Access-Control-Allow-Headers header value for responses. Delimit multiple values with commas. Default: 'accept,content-type,x-api-key'
 --corsAllowOrigin           Used as default Access-Control-Allow-Origin header value for responses. Delimit multiple values with commas. Default: '*'
 --corsDisallowCredentials   When provided, the default Access-Control-Allow-Credentials header value will be passed as 'false'. Default: true

diff --git a/src/ServerlessOffline.js b/src/ServerlessOffline.js
@@ -6,7 +6,8 @@ import {
   defaultOptions,
   SERVER_SHUTDOWN_TIMEOUT,
 } from './config/index.js'
-import { gray } from './config/colors.js'
+import { gray, orange } from './config/colors.js'
+import { createApiKey } from './utils/index.js'
 
 export default class ServerlessOffline {
   #cliOptions = null
@@ -359,6 +360,18 @@ export default class ServerlessOffline {
 
     // for simple API Key authentication model
     if (hasPrivateHttpEvent) {
+      if (this.#options.apiKey) {
+        log.notice()
+        log.warning(
+          orange(`'--apiKey' is deprecated and will be removed in the next major version.
+  Please define the apiKey value in the 'provider.apiGateway.apiKeys' section of the serverless config.
+  If you are experiencing any issues please let us know: https://github.com/dherault/serverless-offline/issues`),
+        )
+        log.notice()
+      } else {
+        this.#options.apiKey = createApiKey()
+      }
+
       log.notice(`Key with token: ${this.#options.apiKey}`)
 
       if (this.#options.noAuth) {

diff --git a/src/config/commandOptions.js b/src/config/commandOptions.js
@@ -2,7 +2,7 @@ export default {
   apiKey: {
     type: 'string',
     usage:
-      'Defines the API key value to be used for endpoints marked as private. Defaults to a random hash.',
+      '[This option is deprecated] Defines the API key value to be used for endpoints marked as private. Defaults to a random hash.',
   },
   corsAllowHeaders: {
     type: 'string',

diff --git a/src/config/defaultOptions.js b/src/config/defaultOptions.js
@@ -1,7 +1,5 @@
-import { createApiKey } from '../utils/index.js'
-
 export default {
-  apiKey: createApiKey(),
+  apiKey: null,
   corsAllowHeaders: 'accept,content-type,x-api-key,authorization',
   corsAllowOrigin: '*',
   corsDisallowCredentials: true,