The markdown parsing is broken/disabled for release notes. Sorry about that, I'm chasing the source of a crash that's been bringing this website down for the last couple of days.
Update dependencies for Vapor 4.
Release Candidate 1
4 years ago
- Fully ready for Vapor 4
- Has tests now
- Switching to the Vapor style of semver
- CI enabled
- Repo cleaned up
v0.10.0 Dependencies Updated
4 years ago
# Type Less, Type Less
Removed the `Status` generic type from `PermissionsMiddleware` because we can get that type information from the `Payload` generic type.
We also create a static `String.payloadKey` value so the key where the JWT payload is stored is type safe.
In the `JWTVerificationMiddleware`, if an `Authorization` header is not found, status code 402 (Unauthorized) is returned instead of 400 (Bad Request).
Adjusting usernameKey to now be a `WritableKeyPath`
Thanks @Joebayld
# Back to Where it Came From
In the `JWTStorageMiddleware`, we where pulling the payload from the request's private container, saving it back again, and continuing. Yeah, not point in doing that!
So now we get the JWT from the auth header, verify it, and store the payload in the request's private container. A _much_ better idea.
# The Middleware Became Agnostic
`RouteRestrictionMiddleware` was deemed to restrictive and relied to heavily on the parent route path. It has been replaced with `PermissionsMiddleware` and any route registered with the middleware is protected by it, making it agnostic to the route path it is on.
# This Route is Rather Restricting
And it should be, considering admins should be the only ones supposed to access the data. And you can add this functionality yourself, with `RouteRestrictionMiddeware`:
```swift
route.group(RouteRestrictionMiddleware(
restrictions: [
RouteRestriction(.DELETE, at: "users", User.parameter, allowed: [.admin, .moderator]),
...
],
parameters: [User.routingSlug: User.resolveParameter]
))
```
# If They Break it, You Must Unbreak it.
The Auth package's `Authenticatable` protocol no longer requires conformance to `Model`, so we add it ourselves to `JWTAuthenticatable`: https://github.com/skelpo/JWTMiddleware/pull/9
# Vapor Things: Season 3
Lets get away from the strangness of betas for a while. We now use the official Vapor 3.0 release.