How to use custom error settings for JWT middleware

Question

I have followed the cook books guide to the letter, found here https://echo.labstack.com/cookbook/jwt

But when using the JWT middleware I am having some issues with adding custom error messages. Login works fine, even to the point of not giving details (username & password) that returns a 404.

But when the JWT is missing it returns a 400, I want it to also return a 404.

So in my research I found this, https://forum.labstack.com/t/custom-error-message-in-jwt-middleware/325/3 which lists the following middleware.ErrJWTMissing & middleware.ErrJWTInvalid But is very unclear on how to set these?

I have tried setting them as vars on the router file, like so

var (
  ErrJWTInvalid = echo.NewHTTPError(http.StatusTeapot, "test 104")
  ErrJWTMissing = echo.NewHTTPError(http.StatusTeapot, "test 103")
)

But the error that sill comes back to me is a 400 and not a 418 (as this is just a test). So what am I doing wrong?

Answer 1

First, a point on your statement that you want to return a 400 and also a 404 error - you cannot do this. You're sending one response from the server so it gets exactly one response code. You could send a 207, but we're not really talking about multiple resources here, so don't do that. In my opinion, a 400 error is indeed the correct response for a missing JWT as that constitutes a bad request. A 404 "Not Found" means that the requested resource (the thing on the server side) could not be found. It does not mean that something in the request could not be found.

As for setting your custom error message, you're likely to be out of luck without altering the source code for Echo. That specific response is coming from within the middleware handlers of the package itself (you can see it here). This is mostly abstracted away from you, so without looking at the inner workings of the package, there would be no way to tell where this was coming from, and frankly there's not a lot that you can easily do about it. ErrJWTMissing is indeed the variable that the package uses internally for this error message, but Echo does not appear to provide an exported setter method for you to change this value, so you're stuck with what it is.

If you truly wanted to set a custom error method for this case I think your options would be to:

• Write your own middleware to intercept the request before it was handled by Echo's middleware, where you could handle the request however you wanted.
• Edit the Echo source to work how you wanted it to work -- specifically, all you would have to do is edit ErrJWTMissing.

Basically, Echo is trying to do you favors by handling all of this middleware processing for you, and it's a lot of work or hackery to un-do that work while still using Echo.

Answer 2

You can change the HTTP code and message this way.

func init() {
    middleware.ErrJWTMissing.Code = 401
    middleware.ErrJWTMissing.Message = "Unauthorized"
}