diff --git a/README.md b/README.md
index 8acf3cf59..4189d01c5 100644
--- a/README.md
+++ b/README.md
@@ -108,13 +108,6 @@ to list all the options for the plugin run:
All CLI options are optional:
-#### apiKey
-
-_This option is deprecated and will be removed in the next major version. If you want to specify the apiKey value yourself, please define it under 'provider.apiGateway.apiKeys' in the serverless config._
-
-Defines the API key value to be used for endpoints marked as private.
-Defaults to a random value.
-
#### corsAllowHeaders
Used as default Access-Control-Allow-Headers header value for responses. Delimit multiple values with commas.
@@ -478,7 +471,7 @@ By default layers are downloaded on a per-project basis, however, if you want to
As defined in the [Serverless Documentation](https://serverless.com/framework/docs/providers/aws/events/apigateway/#setting-api-keys-for-your-rest-api) you can use API Keys as a simple authentication method.
-Serverless-offline will emulate the behaviour of APIG and create a random token that's printed on the screen. With this token you can access your private methods adding `x-api-key: generatedToken` to your request header. All api keys will share the same token. To specify a custom token use the `--apiKey` cli option.
+Serverless-offline will emulate the behaviour of APIG and create a random token that's printed on the screen. With this token you can access your private methods adding `x-api-key: generatedToken` to your request header. All api keys will share the same token.
### Custom authorizers
diff --git a/src/config/commandOptions.js b/src/config/commandOptions.js
index 80ba2528f..9a4e785e6 100644
--- a/src/config/commandOptions.js
+++ b/src/config/commandOptions.js
@@ -1,9 +1,4 @@
export default {
- apiKey: {
- type: 'string',
- usage:
- '[This option is deprecated] Defines the API key value to be used for endpoints marked as private. Defaults to a random hash.',
- },
corsAllowHeaders: {
type: 'string',
usage:
diff --git a/src/config/defaultOptions.js b/src/config/defaultOptions.js
index 3de77e8b0..fc06d276a 100644
--- a/src/config/defaultOptions.js
+++ b/src/config/defaultOptions.js
@@ -1,5 +1,4 @@
export default {
- apiKey: null,
corsAllowHeaders: 'accept,content-type,x-api-key,authorization',
corsAllowOrigin: '*',
corsDisallowCredentials: true,
diff --git a/src/events/http/HttpServer.js b/src/events/http/HttpServer.js
index 91b0c3606..cd93b9b6e 100644
--- a/src/events/http/HttpServer.js
+++ b/src/events/http/HttpServer.js
@@ -20,7 +20,6 @@ import {
import LambdaProxyIntegrationEventV2 from './lambda-events/LambdaProxyIntegrationEventV2.js'
import parseResources from './parseResources.js'
import payloadSchemaValidator from './payloadSchemaValidator.js'
-import { orange } from '../../config/colors.js'
import logRoutes from '../../utils/logRoutes.js'
import {
createApiKey,
@@ -895,16 +894,6 @@ export default class HttpServer {
if (!this.#hasPrivateHttpEvent && httpEvent.private) {
this.#hasPrivateHttpEvent = true
- if (this.#options.apiKey) {
- log.notice()
- log.warning(
- orange(`'--apiKey' is deprecated and will be removed in the next major version.
- Please define the apiKey value in the 'provider.apiGateway.apiKeys' section of the serverless config.
- If you are experiencing any issues please let us know: https://github.com/dherault/serverless-offline/issues`),
- )
- log.notice()
- }
-
if (this.#options.noAuth) {
log.notice(
`Authorizers are turned off. You do not need to use 'x-api-key' header.`,
@@ -914,15 +903,13 @@ export default class HttpServer {
}
if (this.#apiKeysValues == null) {
- const apiKey = this.#options.apiKey ?? createApiKey()
-
- log.notice(`Key with token: ${apiKey}`)
+ const apiKey = createApiKey()
this.#apiKeysValues = getApiKeysValues(
- this.#serverless.service.provider.apiGateway?.apiKeys ?? [],
+ this.#serverless.service.provider.apiGateway?.apiKeys ?? [apiKey],
)
- this.#apiKeysValues.add(apiKey)
+ log.notice(`Key with token: ${apiKey}`)
}
}
diff --git a/tests/old-unit/offline.test.js b/tests/old-unit/offline.test.js
index 71421c7b8..20eeb5c82 100644
--- a/tests/old-unit/offline.test.js
+++ b/tests/old-unit/offline.test.js
@@ -30,88 +30,6 @@ describe('Offline', () => {
})
})
- describe('with private function', () => {
- let offline
- let server
- const validToken = 'valid-token'
-
- beforeEach(async () => {
- offline = new OfflineBuilder(new ServerlessBuilder(), {
- apiKey: validToken,
- }).addFunctionConfig('fn2', {
- events: [
- {
- http: {
- method: 'GET',
- path: 'fn2',
- private: true,
- },
- },
- ],
- handler: 'tests/old-unit/fixtures/handler.basicAuthentication1',
- })
-
- server = await offline.toObject()
- })
-
- afterEach(async () => {
- await offline.end(true)
- })
-
- it('should return bad request with no token', async () => {
- const res = await server.inject({
- method: 'GET',
- url: '/dev/fn2',
- })
-
- assert.strictEqual(res.statusCode, 403)
- assert.strictEqual(
- res.payload,
- stringify({
- message: 'Forbidden',
- }),
- )
- assert.strictEqual(res.headers['x-amzn-errortype'], 'ForbiddenException')
- })
-
- it('should return forbidden if token is wrong', async () => {
- const res = await server.inject({
- headers: {
- 'x-api-key': 'random string',
- },
- method: 'GET',
- url: '/dev/fn2',
- })
-
- assert.strictEqual(res.statusCode, 403)
- assert.strictEqual(
- res.payload,
- stringify({
- message: 'Forbidden',
- }),
- )
- assert.strictEqual(res.headers['x-amzn-errortype'], 'ForbiddenException')
- })
-
- it('should return the function executed correctly', async () => {
- const res = await server.inject({
- headers: {
- 'x-api-key': validToken,
- },
- method: 'GET',
- url: '/dev/fn2',
- })
-
- assert.strictEqual(res.statusCode, 200)
- assert.strictEqual(
- res.payload,
- stringify({
- message: 'Private Function Executed Correctly',
- }),
- )
- })
- })
-
describe('with private function and noAuth option set', () => {
let offline
let server