HapiJS scopes: Custom error message instead of "Insufficient scope"

Question

I'm using HapiJS for my REST API. I'm also using scopes functionality to implement simple role-based access to resources. Example route configuration objects looks like this:

{
    method: 'GET',
    path: '/users/{userID}',
    config: {
        auth: {
            access: {
                scope: ['user-{params.userID}']
            }
        },
        handler: getUserHandler
    }
}

By default when currently authenticated user doesn't have scope required to access given endpoint (eg. scope: 'user-1' when trying to GET /users/1), there's an error response returned:

{"statusCode":403,"error":"Forbidden","message":"Insufficient scope"}

What I want is to replace this 403 error with a custom status code and error message – I want to return 404 Not Found instead. And I want to do this only for certain endpoints. Is this possible?

Answer 1

You can do it through server.ext('onPostHandler', (request, reply) => {...

You can get the route and response object inside request.

The response object contains isBoom, if it is true, you should get the response.output.statusCode which you may validate if it is 403.

The route object contains the path which you may validate if it is the endpoint you want.

Something like this:

server.ext('onPostHandler', (request, reply) => {

  const response = request.response;

  if (response.isBoom &&
     response.output.statusCode === 403 &&
     request.route.path === 'your_endpoint') {
    
    // your code here
  }

  return reply.continue();
});