Swiftpack.co - Package - vapor/vapor

Documentation Team Chat MIT License Continuous Integration Swift 5.2 Twitter

Vapor is a web framework for Swift. It provides a beautifully expressive and easy to use foundation for your next website, API, or cloud project.

Take a look at some of the awesome stuff created with Vapor.

💧 Community

Join the welcoming community of fellow Vapor developers on Discord.

🚀 Contributing

To contribute a feature or idea to Vapor, create an issue explaining your idea or bring it up on Discord.

If you find a bug, please create an issue.

If you find a security vulnerability, please contact security@vapor.codes as soon as possible.

💛 Sponsors

Support Vapor's development by becoming a sponsor.

Nodes Skelpo Gwynne Raskind Autimatisering Kyle Browning

💚 Backers

Support Vapor's development by becoming a backer.



Stars: 18351


URL-encode dates using unix timestamp - 2020-03-30 17:33:55

This patch was authored by @thecheatah and released by @tanner0101.

Changes default Date url-encoding to use unix timestamps instead of Apple-specific reference (#2276).

Support underscore in HTTP header directive key - 2020-03-26 15:58:05

This patch was authored and released by @tanner0101.

Adds support for underscores in HTTP header directive keys. This fixes an issue with cookie names like _ga and _gid not being parsed correctly (#2266, fixes #2264).

Improve debugging - 2020-03-24 21:18:22

This patch was authored and released by @tanner0101.

Improves error debugging including eintroduction of DebuggableError type and introduction of capturable stacktraces (#2239, #2219).

HTTP forwarded and contentDisposition + parsing improvements - 2020-03-24 20:50:06

This patch was authored and released by @tanner0101.

Adds support for parsing HTTP forwarded header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded

req.headers.forwarded.first?.for // String?

This includes support for:

  • Forwarded
  • Via
  • X-Forwarded-For
  • X-Forwarded-Host
  • X-Forwarded-Proto

Adds support for parsing HTTP content disposition headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

req.headers.contentDisposition?.filename // String?

These are implemented by a new HTTPHeaders.DirectiveParser for handling the complexities of HTTP header parsing like quoted strings, whitespace, etc. The new HTTPHeaders.DirectiveSerializer handles serialization. HTTPHeaderValue has been deprecated.

Use non-deprecated configureHTTP2SecureUpgrade. - 2020-03-24 17:33:39

This patch was authored by @jshier and released by @tanner0101.

Fixes a deprecation warning from swift-nio-http2 requiring version 1.11.0 (#2261).

Close Request.BodyStream on malformed request - 2020-03-20 21:34:58

This patch was authored and released by @tanner0101.

Request.BodyStream is now closed correctly when an error is caught while decoding streaming requests (#2258, fixes #2253).

Use .output close mode for non-keepalive requests - 2020-03-20 19:28:59

This patch was authored and released by @tanner0101.

Changes the close mode to .output when closing a non-keepalive connection after the response is sent (#2257, fixes #2252).

Provide the hex encoding utilities on Sequences - 2020-03-17 19:55:17

This patch was authored and released by @gwynne.
  • Might as well let Sequences have them as well as Collections
  • Make hexEncodedBytes() public, why wouldn't it be?
  • Specialize hexEncodedBytes() on Collection to use a (theoretically) more efficient method. It's probably a completely unmeasurable difference in practice.
  • Add unit test to make sure it works on Sequences properly. (Sure, it crashes if you try something like sequence(0) { $0 + 1 }.hex, but that's to be expected. Maybe at some point a length limit check can be added.)

Allow WebSocket maxFrameSize to be configured - 2020-03-12 17:39:19

This patch was authored by @bridger and released by @tanner0101.

The maximum frame size of an incoming WebSocket packet can be configured. This fixes issues for apps that were running into the limit (#2195, fixes #2194).

let maxFrameSize: Int = 1024 * 1024 * 2 // 2mb
app.webSocket("api", "ws", maxFrameSize: .override(maxFrameSize)) { (request, ws) in
    websocketController.connected(request: request, connection: ws)

Expose initializer of Validator - 2020-03-12 16:47:07

This patch was authored by @seeppp and released by @tanner0101.

The initializer of Validator is now public for creating custom validators (#2232, fixes #2231).

Remove double quotes from cooke value - 2020-03-11 15:38:39

This patch was authored and released by @tanner0101.

Automatically removes double-quotes from HTTP cookie values after trimming whitespace (#2215, fixes #2207).

Fix .env parsing with no trailing newline - 2020-03-06 18:29:25

This patch was authored and released by @tanner0101.

Fixes a parsing error caused by .env files with no trailing newline (#2225, fixes #2220).

Update to Metrics 2.0 - 2020-03-06 17:58:11

This patch was authored and released by @tanner0101.

Updates to SwiftMetrics 2.0 which adds a new case the TimeUnit enum (#2224, fixes #2213).

⚠️ Metrics is no longer @_exported by Vapor. Add import Metrics to any files you use SwiftMetrics in.

Percent decode FileMiddleware path + Response.Body.collect - 2020-03-06 17:44:33

This patch was authored and released by @tanner0101.

Adds support for percent-decoding paths supplied to FileMiddleware (#2223, fixes #2212).

Adds Response.Body.collect method for asynchronously collecting streaming response bodies (#2223).

Collected request body drain .end - 2020-03-06 17:23:16

This patch was authored and released by @tanner0101.

Correctly sends .end when draining a body with collected buffer (#2222, fixes #2210).

improve HTTP server compression configuration - 2020-03-06 16:46:10

This patch was authored and released by @tanner0101.

Improves HTTP server compression configuration APIs.

app.server.configuration.responseCompression = .disabled
app.server.configuration.requestDecompression = .enabled(
    limit: .ratio(15)

Remove unused Validator.Valid type - 2020-03-06 04:09:24

This patch was authored by @tonyarnold and released by @tanner0101.

Fixes a compile error introduced by #2103.

add Storage to Request + Response, deprecate userInfo - 2020-03-06 03:35:25

This patch was authored and released by @tanner0101.

Adds Request.storage and Response.storage for storing user-defined values. userInfo has been deprecated since Storage is more type-safe and performant (#2216).

Remove unused Validations code - 2020-03-06 02:46:44

This patch was authored by @siemensikkema and released by @tanner0101.

This is technically a breaking change since some public API is being removed, but it is not being used anywhere.

  • Remove unused ValidatorType
  • Avoid force unwrap.
  • Avoid illegal count and range operators by not exposing .range() and .count().

AbortError identifier fix - 2020-03-04 01:59:27

AbortError's constructor no longer ignores the supplied identifier (#2205).

Add Base32 APIs from Vapor 3's Crypto - 2020-03-03 23:32:53

Ports Base32 APIs from Vapor 3's Crypto library to Vapor 4 now that we rely on SwiftCrypto.

let data = Data([1, 2, 3, 4])
XCTAssertEqual(data.base32EncodedString(), "AEBAGBA")
XCTAssertEqual(Data(base32Encoded: "AEBAGBA"), data)

This patch was authored and released by @tanner0101.

Add ByteBuffer.string helper to XCTVapor - 2020-03-02 16:41:12

Adds ByteBuffer.string helper for converting a ByteBuffer's readable bytes view to a String (#2206).

This patch was authored and released by @tanner0101.

Release Candidate 1 - 2020-03-01 21:30:02

  • Adds new configuration options for URLEncodedFormDecoder / Encoder. This includes support for encoding and decoding arrays using brackets, separate values, or character-separated values (#2180, #2204).

  • Adds the ability to use the Content API with XCTVapor's request and response (#2204).

  • Brings vapor/multipart-kit into the Vapor module (#2204).

  • Updates to Swift 5.2 (#2204).

Release candidates represent the final shift toward focusing on bug fixes and documentation. Breaking changes will only be accepted for critical issues. We expect a final release of this package shortly after Swift 5.2's release date.

Improve error handling and timeouts for WebSockets - 2020-02-27 17:14:52

Improves error handling on WebSocket connections. Improvements to WebSocket-Kit intercept errors or timeouts at the ChannelHandler level and expose them to the WebSocket class.

Now, when an error occurs (such as a malformed WebSocket frame) the error is available via the closeCode on WebSocket. Example:

func connected(request: Request, connection: WebSocket) {
  _ = connection.onClose.always { (result) in
      let closeReason = connectionInfo.connection.closeCode ?? .unknown(0)
      // Application-specific cleanup code here


This patch was authored by @bridger and released by @tanner0101.

Make HTTP decompression limit configurable - 2020-02-27 16:04:38

  • When using HTTP compression (gzip, deflate), the decompression limit was hardcoded at a ratio of 1:10 (#2192). It is now possible to specify a custom limit. The default remains unchanged.

This patch was authored by @gwynne and released by @tanner0101.

Migrate the crypto library to Swift Crypto - 2020-02-26 20:28:53

Migrate from Vapor's OpenCrypto library to Apple's new Swift Crypto library. This reduces the burden on Vapor on having to maintain a crypto library and completely removes OpenSSL as a dependency 🎉

The downside of this is that Vapor 4 will require macOS 10.15, but the tradeoff is worth it.

Add missing RoutesBuilder overload - 2020-02-26 08:32:30

Adds missing overloaded get method with [PathComponent] for the path parameter in the RoutesBuilder. (Fixes #2147)

set HTTP request decompression ratio limit - 2020-02-19 16:26:21

Sets a ratio limit of 10x for decompressed HTTP requests.

Load Environment variables from files - 2020-02-19 16:07:16

Adds support to load Environment variables content's from files (#2190, fixes #2006).

This functionality can be useful when dealing with Docker and Docker secrets or Kubernetes Secrets.

For example, if you have a file which includes the password for your database you can load this much easier from disk than previously.

let databasePasswordOnAppBoot = Environment
    .secret(path: "<Path to your file>", fileIO: app.fileio, on: app.eventLoopGroup.next())
    .unwrap(or: Abort(.badRequest))

Example from inside a request:

let secretPasswordUsedInARequest = Environment
    .secret(path: "<Path to your file>", fileIO: req.application.fileio, on: req.eventLoop)
    .unwrap(or: Abort(.badRequest))

It also supports loading the path from an existing Environment variable:

let passwordSecret = Environment
    .secret(key: "PASSWORD_SECRET_FILE = ", fileIO: app.fileio, on: app.eventLoopGroup.next())
    .unwrap(or: Abort(.badRequest))

Adds case(of:) Validation - 2020-02-19 16:00:57

Added Enum validation for RawRepresentable enums. Checks to see if a value can be represented as a specific enum, and if enum is CaseIterable, reports the possible values too.


final class TestModel: Content, Validatable {
  enum CustomEnum: String, Content, CaseIterable {
    case test, ok

  let type: CustomEnum

  static func validations(_ validations: inout Validations) {
    validations.add("type", as: String.self, is: .case(of: CustomEnum.self))