fastify-xauth-local
isExcluded
Check whether a given URL and HTTP method are excluded from authentication for this config.
isExcluded
Checks whether a URL + method combination is excluded from JWT authentication for this config, based on the excludedPaths rules registered at plugin startup. Useful for debugging, building conditional logic, or testing exclusion rules.
Signature
const api = fastify.xauthlocal.get(name: string)
api.isExcluded(url: string, method: string): boolean
Params
| Name | Type | Required | Description |
|---|---|---|---|
url | string | Yes | The request URL path (e.g. '/api/public/health') |
method | string | Yes | The HTTP method (e.g. 'GET', 'POST') — case-insensitive |
Returns
true if the URL+method match any exclusion rule; false otherwise.
Throws
Does not throw.
Examples
Basic: introspect which routes skip auth
const api = fastify.xauthlocal.get("api");
fastify.get("/api/debug/exclusions", async (request) => ({
healthExcluded: api.isExcluded("/api/health", "GET"), // true
loginExcluded: api.isExcluded("/api/local", "POST"), // true (auto-added)
profileExcluded: api.isExcluded("/api/profile", "GET"), // false
}));
Advanced: conditional logic based on exclusion status
const api = fastify.xauthlocal.get("api");
// Custom hook that adds extra logging only for protected routes
fastify.addHook("onRequest", async (request) => {
if (!api.isExcluded(request.url, request.method)) {
request.log.info({ url: request.url }, "Protected route accessed");
}
});
See Also
- createMiddleware — create middleware with custom exclusion rules
- requireRole — enforce role membership on protected routes
AI Context
package: "@xenterprises/fastify-xauth-local"
method: fastify.xauthlocal.get('name').isExcluded(url, method?)
use-when: Check whether a URL (and optional HTTP method) is in the excludedPaths list for this config
returns: boolean