Hide chapters

Server-Side Swift with Vapor

Third Edition · iOS 13 · Swift 5.2 - Vapor 4 Framework · Xcode 11.4

Before You Begin

Section 0: 3 chapters
Show chapters Hide chapters

Section I: Creating a Simple Web API

Section 1: 13 chapters
Show chapters Hide chapters

21. Validation
Written by Tim Condon

Heads up... You're reading this book for free, with parts of this chapter shown beyond this point as scrambled text.

In the previous chapters, you built a fully-functional API and website. Users can send requests and fill in forms to create acronyms, categories and other users. In this chapter, you’ll learn how to use Vapor’s Validation library to verify some of the information users send the application. You’ll create a registration page on the website for users to sign up. You’ll then validate the data from this form and display an error message if the data isn’t correct.

The registration page

Create a new file in Resources/Views called register.leaf. This is the template for the registration page. Open register.leaf and replace its contents with the following:


    <form method="post">
        <div class="form-group">
        <label for="name">Name</label>
        <input type="text" name="name" class="form-control"

        <div class="form-group">
        <label for="username">Username</label>
        <input type="text" name="username" class="form-control"

        <div class="form-group">
        <label for="password">Password</label>
        <input type="password" name="password"
        class="form-control" id="password"/>

        <div class="form-group">
        <label for="confirmPassword">Confirm Password</label>
        <input type="password" name="confirmPassword"
        class="form-control" id="confirmPassword"/>

        <button type="submit" class="btn btn-primary">

This is very similar to the templates for creating an acronym and logging in. The template contains four input fields for:

  • name
  • username
  • password
  • password confirmation

Save the file. Next, in Xcode, open WebsiteController.swift and, at the bottom of the file, add the following context for the registration page:

struct RegisterContext: Encodable {
  let title = "Register"

Next, below logoutHandler(_:), add the following route handler for the registration page:

func registerHandler(_ req: Request) -> EventLoopFuture<View> {
  let context = RegisterContext()
  return req.view.render("register", context)

Like the other routes handlers, this creates a context then calls render(_:_:) to render register.leaf.

Next, create the Content for the POST request for registration, add the following to the end of WebsiteController.swift:

struct RegisterData: Content {
  let name: String
  let username: String
  let password: String
  let confirmPassword: String

This Content type matches the expected data received from the registration POST request. The variables match the names of the inputs in register.leaf. Next, create a route handler for this POST request, add the following after registerHandler(_:):

// 1
func registerPostHandler(
  _ req: Request
) throws -> EventLoopFuture<Response> {
  // 2
  let data = try req.content.decode(RegisterData.self)
  // 3
  let password = try Bcrypt.hash(data.password)
  // 4
  let user = User(
    username: data.username,
    password: password)
  // 5
  return req.db).map {
    // 6 
    // 7
    return req.redirect(to: "/")

Here’s what’s going on in the route handler:

  1. Define a route handler that accepts a request and returns EventLoopFuture<Response>.

  2. Decode the request body to RegisterData.

  3. Hash the password submitted to the form.

  4. Create a new User, using the data from the form and the hashed password.

  5. Save the new user and unwrap the returned future.

  6. Authenticate the session for the new user. This automatically logs users in when they register, thereby providing a nice user experience when signing up with the site.

  7. Return a redirect back to the home page.

Next, in boot(routes:) add the following below"logout", use: logoutHandler):

// 1
authSessionsRoutes.get("register", use: registerHandler)
// 2"register", use: registerPostHandler)

Here’s what this does:

  1. Connect a GET request for /register to registerHandler(_:).
  2. Connect a POST request for /register to registerPostHandler(_:data:).

Finally, open base.leaf. Before the closing </ul> in the navigation bar, add the following:

<!-- 1 -->
  <!-- 2 -->
  <li class="nav-item #if(title == "Register"): active #endif">
    <!-- 3 -->
    <a href="/register" class="nav-link">Register</a>

Here’s what the new Leaf code does:

  1. Check to see if there’s a logged in user. You only want to display the register link if there’s no user logged in.
  2. Add a new navigation link to the navigation bar. Set the active class if the current page is the Register page.
  3. Add a link to the new /register route.

Save the template then build and run the project in Xcode. Visit http://localhost:8080 in your browser. You’ll see the new navigation link:

Click Register and you’ll see the new register page:

If you fill out the form and click Register, the app takes you to the home page. Notice the Log out button in the top right; this confirms that registration automatically logged you in.

Basic validation

Vapor provides a validation module to help you check data and models. Open WebsiteController.swift and add the following at the bottom:

// 1
extension RegisterData: Validatable {
  // 2
  public static func validations(
    _ validations: inout Validations
  ) {
    // 3
    validations.add("name", as: String.self, is: .ascii)
    // 4
      as: String.self, 
      is: .alphanumeric && .count(3...))
    // 5
      as: String.self, 
      is: .count(8...))
do {
  try RegisterData.validate(content: req)
} catch {
  return req.eventLoop.future(req.redirect(to: "/register"))

Custom validation

Vapor allows you to write expressive and complex validations, but sometimes you need more than the built-in options offer. For example, you may want to validate a US Zip code. To demonstrate this, at the bottom of WebsiteController.swift, add the following:

// 1
extension ValidatorResults {
  // 2
  struct ZipCode {
    let isValidZipCode: Bool

// 3
extension ValidatorResults.ZipCode: ValidatorResult {
  // 4
  var isFailure: Bool {

  // 5
  var successDescription: String? {
    "is a valid zip code"

  // 6
  var failureDescription: String? {
    "is not a valid zip code"
// 1
extension Validator where T == String {
  // 2
  private static var zipCodeRegex: String {

  // 3
  public static var zipCode: Validator<T> {
    // 4
    Validator { input -> ValidatorResult in
      // 5
        let range = input.range(
          of: zipCodeRegex, 
          options: [.regularExpression]), 
        range.lowerBound == input.startIndex 
          && range.upperBound == input.endIndex
      else {
        // 6
        return ValidatorResults.ZipCode(isValidZipCode: false)
      // 7
      return ValidatorResults.ZipCode(isValidZipCode: true)
  as: String.self, 
  is: .zipCode,
  required: false)

Displaying an error

Currently, when a user fills out the form incorrectly, the application redirects back to the form with no indication of what went wrong. Open register.leaf and add the following under <h1>#(title)</h1>:

  <div class="alert alert-danger" role="alert">
    Please fix the following errors:<br />
let message: String?

init(message: String? = nil) {
  self.message = message
let context = RegisterContext()
let context: RegisterContext
if let message = req.query[String.self, at: "message"] {
  context = RegisterContext(message: message)
} else {
  context = RegisterContext()
catch let error as ValidationsError {
  let message = 
      withAllowedCharacters: .urlQueryAllowed
    ) ?? "Unknown error"
  let redirect = 
    req.redirect(to: "/register?message=\(message)")
  return req.eventLoop.future(redirect)

Where to go from here?

In this chapter, you learned how to use Vapor’s validation library to check a request’s data. You can apply validation to models and other types as well.

Have a technical question? Want to report a bug? You can ask questions and report bugs to the book authors in our official book forum here.
© 2024 Kodeco Inc.

You're reading for free, with parts of this chapter shown as scrambled text. Unlock this book, and our entire catalogue of books and videos, with a Kodeco Personal Plan.

Unlock now