28.
Middleware
Written by Tanner Nelson
Heads up... You're reading this book for free, with parts of this chapter shown beyond this point as text.
Note: This update is an early-access release. This chapter has not yet been updated to Vapor 4.
In the course of building your application, you’ll often find it necessary to integrate your own steps into the request pipeline. The most common mechanism for accomplishing this is to use one or more pieces of middleware. They allow you to do things like:
- Log incoming requests.
- Catch errors and display messages.
- Rate-limit traffic to particular routes.
Middleware instances sit between your router and the client connected to your server. This allows them to view, and potentially mutate, incoming requests before they reach your controllers. A middleware instance may choose to return early by generating its own response, or it can forward the request to the next responder in the chain. The final responder is always your router. When the response from the next responder is generated, the middleware can make any modifications it deems necessary, or choose to forward it back to the client as is. This means each middleware instance has control over both incoming requests and outgoing responses.
As you can see in the diagram above, the first middleware instance in your application — Middleware A — receives incoming requests from the client first. The first middleware may then choose to pass this request on to the next middleware — Middleware B — and so on.
Eventually, some component generates a response, which then traverses back through the middleware in the opposite direction. Take note that this means the first middleware receives responses last.
The protocol for Middleware is fairly simple, and should help you better understand the previous diagram:
public protocol Middleware {
func respond(
to request: Request,
chainingTo next: Responder) throws -> Future<Response>
}
In the case of Middleware A, request is the incoming data from the client, while next is Middleware B. The async response returned by Middleware A goes directly to the client.
For Middleware B, request is the request passed on from Middleware A. next is the router. The future response returned by Middleware B goes to Middleware A.
Vapor’s middleware
Vapor includes some middleware out of the box. This section introduces you to the available options to give you an idea of what middleware is commonly used for.
Error middleware
The most commonly used middleware in Vapor is ErrorMiddleware. It’s responsible for converting both synchronous and asynchronous Swift errors into HTTP responses. Uncaught errors cause the HTTP server to immediately close the connection and print an internal error log.
throw Abort(.badRequest, "Something's not quite right.")
File middleware
Another common type of middleware is FileMiddleware. This middleware serves files from the Public folder in your application directory. This is useful when you’re using Vapor to create a front-end website that may require static files like images or stylesheets.
Other Middleware
Vapor also provides a SessionsMiddleware, responsible for tracking sessions with connected clients. Other packages may provide middleware to help them integrate into your application. For example, Vapor’s Authentication package contains middleware for protecting your routes using basic passwords, simple bearer tokens, and even JWTs (JSON Web Tokens).
Example: Todo API
Now that you have an understanding of how various types of middleware function, you’re ready to learn how to configure them and how to create your own custom middleware types.
$ swift run Run routes
+--------+--------------+
| GET | /todos |
+--------+--------------+
| POST | /todos |
+--------+--------------+
| DELETE | /todos/:todo |
+--------+--------------+
Log middleware
The first middleware you’ll create will log incoming requests. It will display the following information for each request:
vapor xcode -y
final class LogMiddleware: Middleware {
// 1
let logger: Logger
init(logger: Logger) {
self.logger = logger
}
// 2
func respond(
to req: Request,
chainingTo next: Responder) throws -> Future<Response> {
// 3
logger.info(req.description)
// 4
return try next.respond(to: req)
}
}
// 5
extension LogMiddleware: ServiceType {
static func makeService(
for container: Container) throws -> LogMiddleware {
// 6
return try .init(logger: container.make())
}
}
services.register(LogMiddleware.self)
middleware.use(LogMiddleware.self)
curl localhost:8080/todos
[ INFO ] GET /todos HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.54.0
Accept: */*
<no body> (LogMiddleware.swift:15)
func respond(
to req: Request,
chainingTo next: Responder) throws -> Future<Response> {
// 1
let start = Date()
return try next.respond(to: req).map { res in
// 2
self.log(res, start: start, for: req)
return res
}
}
// 3
func log(_ res: Response, start: Date, for req: Request) {
let reqInfo = "\(req.http.method.string) \(req.http.url.path)"
let resInfo = "\(res.http.status.code) " +
"\(res.http.status.reasonPhrase)"
// 4
let time = Date()
.timeIntervalSince(start)
.readableMilliseconds
// 5
logger.info("\(reqInfo) -> \(resInfo) [\(time)]")
}
curl localhost:8080/todos
[ INFO ] GET /todos -> 200 OK [1.9ms] (LogMiddleware.swift:32)
Secret middleware
Now that you’ve learned how to create middleware and apply it globally, you’ll learn how to apply middleware to specific routes.
final class SecretMiddleware: Middleware {
// 1
let secret: String
init(secret: String) {
self.secret = secret
}
// 2
func respond(
to request: Request,
chainingTo next: Responder) throws -> Future<Response> {
// 3
guard
request.http.headers.firstValue(name: .xSecret) == secret
else {
// 4
throw Abort(
.unauthorized,
reason: "Incorrect X-Secret header.")
}
// 5
return try next.respond(to: request)
}
}
extension SecretMiddleware: ServiceType {
static func makeService(
for worker: Container) throws -> SecretMiddleware {
// 1
let secret: String
switch worker.environment {
// 2
case .development: secret = "foo"
default:
// 3
guard let envSecret = Environment.get("SECRET") else {
let reason = """
No $SECRET set on environment. \
Use "export SECRET=<secret>"
"""
throw Abort(
.internalServerError,
reason: reason)
}
secret = envSecret
}
// 4
return SecretMiddleware(secret: secret)
}
}
services.register(SecretMiddleware.self)
// 1
router.group(SecretMiddleware.self) { secretGroup in
// 2
secretGroup.post("todos", use: todoController.create)
secretGroup.delete(
"todos",
Todo.parameter,
use: todoController.delete)
}
{
"error": true,
"reason": "Incorrect X-Secret header."
}
Where to go from here?
Middleware is extremely useful for creating large web applications. It allows you to apply restrictions and transformations globally or to just a few routes using discrete, re-usable components. In this chapter, you learned how to create a global LogMiddleware that displayed information about all incoming requests to your app. You then created SecretMiddleware, which could protect select routes from public access.