Swiftpack.co - Package - vapor/vapor

Documentation Team Chat MIT License Continuous Integration Swift 5.2 Twitter

Vapor is a web framework for Swift. It provides a beautifully expressive and easy to use foundation for your next website, API, or cloud project.

Take a look at some of the awesome stuff created with Vapor.

💧 Community

Join the welcoming community of fellow Vapor developers on Discord.

🚀 Contributing

To contribute a feature or idea to Vapor, create an issue explaining your idea or bring it up on Discord.

If you find a bug, please create an issue.

If you find a security vulnerability, please contact security@vapor.codes as soon as possible.

💛 Sponsors

Support Vapor's development by becoming a sponsor.

Nodes Skelpo Gwynne Raskind Autimatisering Kyle Browning Jari

💚 Backers

Support Vapor's development by becoming a backer.



Stars: 18770


Support periods in cookie names - 2020-05-28 16:28:26

This patch was authored and released by @tanner0101.

Adds support for . in HTTP header value directive keys, like cookie names (#2372, fixes #2359).

Refactor request body streaming state handling - 2020-05-27 19:37:18

This patch was authored and released by @tanner0101.
  • Implements new state machine for handling streaming request bodies (#2357).

This new state machine ensures that calls to req.body.drain will only ever happen after the previously returned future has completed. This makes it easier to correctly implement streaming file writes. Addresses https://forums.swift.org/t/how-to-use-nonblockingfileio-for-repeated-writes/36206.

  • Request bodies are now automatically drained after sending a response (#2357, fixes #2356).

This change ensures that streaming requests will be read completely even if a route ignores their body.

  • Adds a streaming file upload example to the Development executable (#2357).

  • Improves BodyStreamResult's normal and debug descriptions (#2357).

  • Fixed a reference cycle if Request was captured strongly within the body.drain closure (#2357).

`Environment` cleanups - 2020-05-26 17:27:32

This patch was authored and released by @gwynne.
  • Clean up Environment's implementation.

  • Add the ability to specify the application environment using the environment variable VAPOR_ENV (partial implementation of #2333). If both VAPOR_ENV and --env are provided, the latter always takes precedence.

  • Environment now recognizes and strips the spurious arguments Xcode passes to test runners when a scheme doesn't specify any arguments of its own. It will do this especially specifically for the testing environment, which is often explicitly specified to Application's initializers instead of .detect() in unit tests. This behavior is only enabled when building in Xcode or with xcodebuild. This negates the need to explicitly override the input arguments in the non-production presets, meaning command line arguments no longer occasionally seem to vanish into thin air in certain cases.

  • Redo the documentation comments for both versions of Environment.secret() and significantly simplify the implementation. Important: This is an interim cleanup step pending a complete revamp of the secret() API.

Note: Pains have been taken not to change the observable behavior of any public APIs and to remain otherwise behaviorally consistent. The addition of VAPOR_ENV counts as new public API and thus drives this being a semver-minor change, but in all other respects it should have no visible effect.

Fix invalid session ID handling - 2020-05-06 16:38:06

This patch was authored and released by @tanner0101.

Requests containing unrecognized session IDs will now result in a new session being created (#2347, fixes #2339).

This fixes a problem where clearing browser cookies would be required after changing Vapor's session driver.

Default max body size for streaming request body collection - 2020-05-01 20:39:09

This patch was authored by @calebkleveter and released by @tanner0101.

Adds app.routes.defaultMaxBodySize for configuring default maximum body size for streaming body collection (#2312).

A ByteCount type has been added for easily expressing byte counts as strings like "1mb", "200GB", or "42 kb". This type is now usable where maximum body size integers were previously accepted (#2312).

Vapor collects streaming bodies up to 16KB in size automatically before calling route closures. This makes it easier to decode content from requests since you can assume the entire request is already available in memory.

To increase the maximum allowable size for streaming body collection, you can pass an arbitrary maxSize to the collect case of the body parameter in RouteBuilder.on.

app.on(.POST, "upload", body: .collect(maxSize: "1mb")) { req in
    // Handle request. 

For more information on this API, visit https://docs.vapor.codes/4.0/routing/#body-streaming.

Now, in addition to setting this parameter for each route, you can change the global default Vapor uses.

app.routes.defaultMaxBodySize = "10mb"

Route specific maximum size will always take precedence over the application default.

Note: This maximum size only affects streaming request bodies. Non-streaming request bodies (request bodies that arrive in a single buffer from SwiftNIO) will not be subject to the maximum size restriction.

⚠️ Using .collect(maxSize: nil) will now result in the application's default maximum body size being used.

Use runIfActive instead of submit in async passwords - 2020-04-30 17:32:11

This patch was authored by @mcdappdev and released by @0xTim.

Replaces the use of threadPool.submit { _ in with threadPool.runIfActive as detailed in https://github.com/vapor/docs/pull/478

URLEncodedForm date encoding strategy - 2020-04-21 18:21:44

Adds ability to configure the date encoding and decoding strategy for the URLEncodedFormDecoder and URLEncodedFormEncoder (#2273).

HTTPMediaType comparisons should be case insensitive - 2020-04-21 16:26:57

This patch was authored and released by @grosch.

Updates HTTPMediaType equality checks so that the values are no longer case sensitive.

Fix CORSMiddleware configuration initializer parameter - 2020-04-17 15:18:46

This patch was authored by @grosch and released by @tanner0101.

Updates CORSMiddleware.Configuration's exposedHeaders parameter to accept [HTTPHeader.Name] instead of [String] like the other parameters do (#2314).

Support numbers in header directive keys - 2020-04-16 17:41:03

This patch was authored and released by @tanner0101.

HTTP header directive keys now support numbers. This fixes an issue with cookies not being parsed correctly when the key included a number in the name (#2317, fixes #2316).

Support numbers in header directive keys - 2020-04-16 17:41:03

This patch was authored and released by @tanner0101.

HTTP header directive keys now support numbers. This fixes an issue with cookies not being parsed correctly when the key included a number in the name (#2317, fixes #2316).

Add Content hooks - 2020-04-15 20:20:35

This patch was authored by @grosch and released by @tanner0101.

Adds optional beforeEncode and afterDecode methods to Content protocol (#2267).

Docs: https://docs.vapor.codes/4.0/content/#hooks

Make Request.route publicly settable - 2020-04-14 20:01:21

This patch was authored and released by @mcdappdev.

Makes Request.route publicly settable (#2315). This makes it easier to build and use custom Responder types.

Improve body handling for HEAD responses - 2020-04-14 18:16:09

This patch was authored and released by @tanner0101.

Improves logic for handling HEAD responses (#2310).

Previously when HEAD requests were detected, the response body would be replaced with an empty body and the content-length header would be re-added. This caused problems with responses that don't use the content-length header, even for non-HEAD requests.

Now, when HEAD requests are detected, the response body is not changed. Instead, a flag is set signaling the serializer to skip serialization of the body.

Change async password verifier to non-throwing - 2020-04-09 18:34:33

This patch was authored by @madsodgaard and released by @tanner0101.

Changed AsyncPasswordVerifier methods to be non-throwing, since it is async.

Vapor 4.0.0 - 2020-04-09 17:49:55

New Docs:

  • https://docs.vapor.codes/4.0/environment/
  • https://docs.vapor.codes/4.0/errors/
  • https://docs.vapor.codes/4.0/middleware/
  • https://docs.vapor.codes/4.0/testing/
  • https://docs.vapor.codes/4.0/server/
  • https://docs.vapor.codes/4.0/sessions/
  • https://docs.vapor.codes/4.0/services/
  • https://docs.vapor.codes/4.0/passwords/

More information on Vapor 4 official release: https://forums.swift.org/t/vapor-4-official-release-begins/34802

Changes since last pre-release. Breaking changes have a warning symbol.

  • ⚠️ Authenticators now return Void and have no associated User type.

Authenticators should now use req.auth.login internally to login the user instead of returning it. This change allows for authenticators to login one or more user types and prevents the need for associated types.

  • ⚠️ HTTP client and server configuration are now prefixed with app.http.
// Configure HTTP server.
app.http.server.configuration.hostname = ...

// Configure HTTP client.
app.http.client.configuration.followRedirects = ...
  • ⚠️ Shared HTTP client and server are now accessible via app.http.
print(app.http.client.shared) // AsyncHTTPClient.HTTPClient
  • Client is now configurable.
app.clients.use { app in
  • Server is now configurable.
app.servers.use { app in
  • New configurable password hashing API added.
let digest = try app.password.hash("vapor")
try app.password.verify("vapor", created: digest)

Async password hashing support included.

req.password.async.hash("vapor").map { digest in
    // Handle digest.
  • Unused HTTPServer configuration options were removed.

  • Tests have been broken out into separate files.

URL-encode dates using unix timestamp - 2020-03-30 17:33:55

This patch was authored by @thecheatah and released by @tanner0101.

Changes default Date url-encoding to use unix timestamps instead of Apple-specific reference (#2276).

Support underscore in HTTP header directive key - 2020-03-26 15:58:05

This patch was authored and released by @tanner0101.

Adds support for underscores in HTTP header directive keys. This fixes an issue with cookie names like _ga and _gid not being parsed correctly (#2266, fixes #2264).

Improve debugging - 2020-03-24 21:18:22

This patch was authored and released by @tanner0101.

Improves error debugging including eintroduction of DebuggableError type and introduction of capturable stacktraces (#2239, #2219).

HTTP forwarded and contentDisposition + parsing improvements - 2020-03-24 20:50:06

This patch was authored and released by @tanner0101.

Adds support for parsing HTTP forwarded header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded

req.headers.forwarded.first?.for // String?

This includes support for:

  • Forwarded
  • Via
  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Proto

Adds support for parsing HTTP content disposition headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

req.headers.contentDisposition?.filename // String?

These are implemented by a new HTTPHeaders.DirectiveParser for handling the complexities of HTTP header parsing like quoted strings, whitespace, etc. The new HTTPHeaders.DirectiveSerializer handles serialization. HTTPHeaderValue has been deprecated.

Use non-deprecated configureHTTP2SecureUpgrade. - 2020-03-24 17:33:39

This patch was authored by @jshier and released by @tanner0101.

Fixes a deprecation warning from swift-nio-http2 requiring version 1.11.0 (#2261).

Close Request.BodyStream on malformed request - 2020-03-20 21:34:58

This patch was authored and released by @tanner0101.

Request.BodyStream is now closed correctly when an error is caught while decoding streaming requests (#2258, fixes #2253).

Use .output close mode for non-keepalive requests - 2020-03-20 19:28:59

This patch was authored and released by @tanner0101.

Changes the close mode to .output when closing a non-keepalive connection after the response is sent (#2257, fixes #2252).

Provide the hex encoding utilities on Sequences - 2020-03-17 19:55:17

This patch was authored and released by @gwynne.
  • Might as well let Sequences have them as well as Collections
  • Make hexEncodedBytes() public, why wouldn't it be?
  • Specialize hexEncodedBytes() on Collection to use a (theoretically) more efficient method. It's probably a completely unmeasurable difference in practice.
  • Add unit test to make sure it works on Sequences properly. (Sure, it crashes if you try something like sequence(0) { $0 + 1 }.hex, but that's to be expected. Maybe at some point a length limit check can be added.)

Allow WebSocket maxFrameSize to be configured - 2020-03-12 17:39:19

This patch was authored by @bridger and released by @tanner0101.

The maximum frame size of an incoming WebSocket packet can be configured. This fixes issues for apps that were running into the limit (#2195, fixes #2194).

let maxFrameSize: Int = 1024 * 1024 * 2 // 2mb
app.webSocket("api", "ws", maxFrameSize: .override(maxFrameSize)) { (request, ws) in
    websocketController.connected(request: request, connection: ws)

Expose initializer of Validator - 2020-03-12 16:47:07

This patch was authored by @seeppp and released by @tanner0101.

The initializer of Validator is now public for creating custom validators (#2232, fixes #2231).

Remove double quotes from cooke value - 2020-03-11 15:38:39

This patch was authored and released by @tanner0101.

Automatically removes double-quotes from HTTP cookie values after trimming whitespace (#2215, fixes #2207).

Fix .env parsing with no trailing newline - 2020-03-06 18:29:25

This patch was authored and released by @tanner0101.

Fixes a parsing error caused by .env files with no trailing newline (#2225, fixes #2220).

Update to Metrics 2.0 - 2020-03-06 17:58:11

This patch was authored and released by @tanner0101.

Updates to SwiftMetrics 2.0 which adds a new case the TimeUnit enum (#2224, fixes #2213).

⚠️ Metrics is no longer @_exported by Vapor. Add import Metrics to any files you use SwiftMetrics in.

Percent decode FileMiddleware path + Response.Body.collect - 2020-03-06 17:44:33

This patch was authored and released by @tanner0101.

Adds support for percent-decoding paths supplied to FileMiddleware (#2223, fixes #2212).

Adds Response.Body.collect method for asynchronously collecting streaming response bodies (#2223).