From 35edcd59ab010488963366ec179f778bc9f99801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Mouton?= Date: Fri, 13 Mar 2026 18:35:41 +0100 Subject: [PATCH 1/5] Add test to verify AuthErrorHandler does not disable validation or OpenAPI docs --- custom_validation_error_test.go | 41 +++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/custom_validation_error_test.go b/custom_validation_error_test.go index 0346a04..e10fd6e 100644 --- a/custom_validation_error_test.go +++ b/custom_validation_error_test.go @@ -255,3 +255,44 @@ func TestValidationErrorHandlerImpliesValidationEnabled(t *testing.T) { assert.NoError(t, err) assert.Equal(t, fiber.StatusOK, resp.StatusCode, "OpenAPI docs should be enabled by default when only ValidationErrorHandler is configured") } + +// TestAuthErrorHandlerOnlyDoesNotDisableDefaults verifies that setting only AuthErrorHandler +// does not accidentally disable EnableValidation or EnableOpenAPIDocs (both default to true). +func TestAuthErrorHandlerOnlyDoesNotDisableDefaults(t *testing.T) { + app := fiber.New() + + oapi := New(app, Config{ + AuthErrorHandler: func(c *fiber.Ctx, err *AuthError) error { + return c.Status(err.StatusCode).JSON(fiber.Map{"custom": true}) + }, + }) + + type TestInput struct { + Name string `json:"name" validate:"required"` + } + type TestOutput struct { + Message string `json:"message"` + } + + Post[TestInput, TestOutput, struct{}]( + oapi, + "/test", + func(c *fiber.Ctx, input TestInput) (TestOutput, struct{}) { + return TestOutput{Message: "ok"}, struct{}{} + }, + OpenAPIOptions{}, + ) + + // Validation should still be enabled (default true) + req := httptest.NewRequest("POST", "/test", bytes.NewReader([]byte(`{}`))) + req.Header.Set("Content-Type", "application/json") + resp, err := app.Test(req) + assert.NoError(t, err) + assert.Equal(t, fiber.StatusBadRequest, resp.StatusCode, "Validation should be enabled when only AuthErrorHandler is configured") + + // OpenAPI docs should still be enabled (default true) + req = httptest.NewRequest("GET", "/docs", nil) + resp, err = app.Test(req) + assert.NoError(t, err) + assert.Equal(t, fiber.StatusOK, resp.StatusCode, "OpenAPI docs should be enabled when only AuthErrorHandler is configured") +} From 255016bf10e4520b631d496a56e17bb4c63bd66a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Mouton?= Date: Fri, 13 Mar 2026 18:35:45 +0100 Subject: [PATCH 2/5] Fix logic for restoring defaults in New function when only error handlers are set --- fiberoapi.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fiberoapi.go b/fiberoapi.go index 80d88dc..0bdf619 100644 --- a/fiberoapi.go +++ b/fiberoapi.go @@ -52,8 +52,8 @@ func New(app *fiber.App, config ...Config) *OApiApp { } // If no explicit config, keep the defaults (true, true, false) - // Special case: if ValidationErrorHandler is set and boolean fields seem to be using zero values, - // restore defaults since it makes no sense to have a validation error handler without validation + // Special case: if only handler(s) are set and boolean fields seem to be using zero values, + // restore defaults since it makes no sense to have error handlers without validation/docs otherExplicitConfig := provided.EnableAuthorization || provided.AuthService != nil || provided.SecuritySchemes != nil || @@ -63,9 +63,10 @@ func New(app *fiber.App, config ...Config) *OApiApp { // Only restore defaults if ALL boolean fields are false (suggesting they weren't explicitly set) allBooleansAreFalse := !provided.EnableValidation && !provided.EnableOpenAPIDocs && !provided.EnableAuthorization + hasOnlyHandlers := (provided.ValidationErrorHandler != nil || provided.AuthErrorHandler != nil) && !otherExplicitConfig - if provided.ValidationErrorHandler != nil && !otherExplicitConfig && allBooleansAreFalse { - // ValidationErrorHandler is the only explicit config, so restore defaults for boolean fields + if hasOnlyHandlers && allBooleansAreFalse { + // Only handler(s) are set, so restore defaults for boolean fields cfg.EnableValidation = true // Keep validation enabled - the handler needs it cfg.EnableOpenAPIDocs = true // Keep docs enabled - default behavior } From 234824948a207ba7e019d50fecda76425e395eb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Mouton?= Date: Fri, 13 Mar 2026 18:35:51 +0100 Subject: [PATCH 3/5] Update AuthErrorHandler comment to include 5xx errors in configuration --- types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types.go b/types.go index 99045a8..738ce71 100644 --- a/types.go +++ b/types.go @@ -73,7 +73,7 @@ type Config struct { SecuritySchemes map[string]SecurityScheme // OpenAPI security schemes DefaultSecurity []map[string][]string // Default security requirements ValidationErrorHandler ValidationErrorHandler // Custom handler for validation errors - AuthErrorHandler AuthErrorHandler // Custom handler for auth errors (401/403) + AuthErrorHandler AuthErrorHandler // Custom handler for auth errors (401/403/5xx) } // OpenAPIOptions represents options for OpenAPI operations From 26c99172eddc91e83768045a07a3b1b5358852af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Mouton?= Date: Fri, 13 Mar 2026 18:46:20 +0100 Subject: [PATCH 4/5] Clarify comment in New function regarding default restoration for error handlers --- fiberoapi.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fiberoapi.go b/fiberoapi.go index 0bdf619..a7319bb 100644 --- a/fiberoapi.go +++ b/fiberoapi.go @@ -52,8 +52,8 @@ func New(app *fiber.App, config ...Config) *OApiApp { } // If no explicit config, keep the defaults (true, true, false) - // Special case: if only handler(s) are set and boolean fields seem to be using zero values, - // restore defaults since it makes no sense to have error handlers without validation/docs + // Heuristic: when only handler(s) are provided and all booleans are at zero value, + // assume the caller didn't intend to disable validation/docs — restore defaults. otherExplicitConfig := provided.EnableAuthorization || provided.AuthService != nil || provided.SecuritySchemes != nil || From a1bf963ab3d90c661e5287deb0c0268139403bde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Mouton?= Date: Fri, 13 Mar 2026 18:46:24 +0100 Subject: [PATCH 5/5] Update AuthErrorHandler comment to clarify handling of 5xx errors --- types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types.go b/types.go index 738ce71..8e28d49 100644 --- a/types.go +++ b/types.go @@ -73,7 +73,7 @@ type Config struct { SecuritySchemes map[string]SecurityScheme // OpenAPI security schemes DefaultSecurity []map[string][]string // Default security requirements ValidationErrorHandler ValidationErrorHandler // Custom handler for validation errors - AuthErrorHandler AuthErrorHandler // Custom handler for auth errors (401/403/5xx) + AuthErrorHandler AuthErrorHandler // Custom handler for auth errors (401/403/5xx) } // OpenAPIOptions represents options for OpenAPI operations