21.
Validation
Written by Tim Condon
Heads up... You're reading this book for free, with parts of this chapter shown beyond this point as text.
In the previous chapters, you built a fully-functional API and website. Users can send requests and fill in forms to create acronyms, categories and other users. In this chapter, you’ll learn how to use Vapor’s Validation library to verify some of the information users send the application. You’ll create a registration page on the website for users to sign up. You’ll then validate the data from this form and display an error message if the data isn’t correct.
The registration page
Create a new file in Resources/Views called register.leaf. This is the template for the registration page. Open register.leaf and replace its contents with the following:
#extend("base"):
#export("content"):
<h1>#(title)</h1>
<form method="post">
<div class="form-group">
<label for="name">Name</label>
<input type="text" name="name" class="form-control"
id="name"/>
</div>
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" class="form-control"
id="username"/>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password"
class="form-control" id="password"/>
</div>
<div class="form-group">
<label for="confirmPassword">Confirm Password</label>
<input type="password" name="confirmPassword"
class="form-control" id="confirmPassword"/>
</div>
<button type="submit" class="btn btn-primary">
Register
</button>
</form>
#endexport
#endextend
This is very similar to the templates for creating an acronym and logging in. The template contains four input fields for:
- name
- username
- password
- password confirmation
Save the file. Next, in Xcode, open WebsiteController.swift and, at the bottom of the file, add the following context for the registration page:
struct RegisterContext: Encodable {
let title = "Register"
}
Next, below logoutHandler(_:), add the following route handler for the registration page:
func registerHandler(_ req: Request) -> EventLoopFuture<View> {
let context = RegisterContext()
return req.view.render("register", context)
}
Like the other routes handlers, this creates a context then calls render(_:_:) to render register.leaf.
Next, create the Content for the POST request for registration, add the following to the end of WebsiteController.swift:
struct RegisterData: Content {
let name: String
let username: String
let password: String
let confirmPassword: String
}
This Content type matches the expected data received from the registration POST request. The variables match the names of the inputs in register.leaf. Next, create a route handler for this POST request, add the following after registerHandler(_:):
// 1
func registerPostHandler(
_ req: Request
) throws -> EventLoopFuture<Response> {
// 2
let data = try req.content.decode(RegisterData.self)
// 3
let password = try Bcrypt.hash(data.password)
// 4
let user = User(
name: data.name,
username: data.username,
password: password)
// 5
return user.save(on: req.db).map {
// 6
req.auth.login(user)
// 7
return req.redirect(to: "/")
}
}
Here’s what’s going on in the route handler:
-
Define a route handler that accepts a request and returns
EventLoopFuture<Response>. -
Decode the request body to
RegisterData. -
Hash the password submitted to the form.
-
Create a new
User, using the data from the form and the hashed password. -
Save the new user and unwrap the returned future.
-
Authenticate the session for the new user. This automatically logs users in when they register, thereby providing a nice user experience when signing up with the site.
-
Return a redirect back to the home page.
Next, in boot(routes:) add the following below authSessionsRoutes.post("logout", use: logoutHandler):
// 1
authSessionsRoutes.get("register", use: registerHandler)
// 2
authSessionsRoutes.post("register", use: registerPostHandler)
Here’s what this does:
- Connect a GET request for /register to
registerHandler(_:). - Connect a POST request for /register to
registerPostHandler(_:data:).
Finally, open base.leaf. Before the closing </ul> in the navigation bar, add the following:
<!-- 1 -->
#if(!userLoggedIn):
<!-- 2 -->
<li class="nav-item #if(title == "Register"): active #endif">
<!-- 3 -->
<a href="/register" class="nav-link">Register</a>
</li>
#endif
Here’s what the new Leaf code does:
- Check to see if there’s a logged in user. You only want to display the register link if there’s no user logged in.
- Add a new navigation link to the navigation bar. Set the
activeclass if the current page is the Register page. - Add a link to the new /register route.
Save the template then build and run the project in Xcode. Visit http://localhost:8080 in your browser. You’ll see the new navigation link:
Click Register and you’ll see the new register page:
If you fill out the form and click Register, the app takes you to the home page. Notice the Log out button in the top right; this confirms that registration automatically logged you in.
Basic validation
Vapor provides a validation module to help you check data and models. Open WebsiteController.swift and add the following at the bottom:
// 1
extension RegisterData: Validatable {
// 2
public static func validations(
_ validations: inout Validations
) {
// 3
validations.add("name", as: String.self, is: .ascii)
// 4
validations.add(
"username",
as: String.self,
is: .alphanumeric && .count(3...))
// 5
validations.add(
"password",
as: String.self,
is: .count(8...))
}
}
do {
try RegisterData.validate(content: req)
} catch {
return req.eventLoop.future(req.redirect(to: "/register"))
}
Custom validation
Vapor allows you to write expressive and complex validations, but sometimes you need more than the built-in options offer. For example, you may want to validate a US Zip code. To demonstrate this, at the bottom of WebsiteController.swift, add the following:
// 1
extension ValidatorResults {
// 2
struct ZipCode {
let isValidZipCode: Bool
}
}
// 3
extension ValidatorResults.ZipCode: ValidatorResult {
// 4
var isFailure: Bool {
!isValidZipCode
}
// 5
var successDescription: String? {
"is a valid zip code"
}
// 6
var failureDescription: String? {
"is not a valid zip code"
}
}
// 1
extension Validator where T == String {
// 2
private static var zipCodeRegex: String {
"^\\d{5}(?:[-\\s]\\d{4})?$"
}
// 3
public static var zipCode: Validator<T> {
// 4
Validator { input -> ValidatorResult in
// 5
guard
let range = input.range(
of: zipCodeRegex,
options: [.regularExpression]),
range.lowerBound == input.startIndex
&& range.upperBound == input.endIndex
else {
// 6
return ValidatorResults.ZipCode(isValidZipCode: false)
}
// 7
return ValidatorResults.ZipCode(isValidZipCode: true)
}
}
}
validations.add(
"zipCode",
as: String.self,
is: .zipCode,
required: false)
Displaying an error
Currently, when a user fills out the form incorrectly, the application redirects back to the form with no indication of what went wrong. Open register.leaf and add the following under <h1>#(title)</h1>:
#if(message):
<div class="alert alert-danger" role="alert">
Please fix the following errors:<br />
#(message)
</div>
#endif
let message: String?
init(message: String? = nil) {
self.message = message
}
let context = RegisterContext()
let context: RegisterContext
if let message = req.query[String.self, at: "message"] {
context = RegisterContext(message: message)
} else {
context = RegisterContext()
}
catch let error as ValidationsError {
let message =
error.description
.addingPercentEncoding(
withAllowedCharacters: .urlQueryAllowed
) ?? "Unknown error"
let redirect =
req.redirect(to: "/register?message=\(message)")
return req.eventLoop.future(redirect)
}
Where to go from here?
In this chapter, you learned how to use Vapor’s validation library to check a request’s data. You can apply validation to models and other types as well.