To manage login, you can use the Basic Authentication protocol (RFC 7617) which is supported by Vapor 3 by default
you have a username and a password that you combined like so:
admin:passwordthen, you base64-encode them:
YWRtaW46cGFzc3dvcmQK==and you submit it in your HTTP Header like so:
Authorization: Basic YWRtaW46cGFzc3dvcmQK==First, you need to add the Authentication package in your SPM config (github: vapor/auth)
.package(url: "https://github.com/vapor/auth.git",
from: "2.0.0-rc")dependencies: [...,
"Authentication"]In your configure.swift file, add the following line:
try services.register(AuthenticationProvider())And in any file where you add some auth code, don't forget to import the module:
import AuthenticationAssuming you have a User model object with at least two properties username and password, you need to make this model conforms to BasicAuthenticatable protocol by defining the keypath of the two properties:
extension User: BasicAuthenticatable {
static let usernameKey: UsernameKey = \User.username
static let passwordKey: PasswordKey = \User.password
}In your routing code, you need to create two middlewares that will be responsible for intercepting each request and check if it is correctly authorized:
let basicAuthMiddleware =
User.basicAuthMiddleware(using: BCryptDigest())
let guardAuthMiddleware = User.guardAuthMiddleware()Note: the basic auth middleware will using BCrypt hashing to verify the password. These lines can be added directly next to your routes definitions.
Then you need to create a group of routes managed by those two middlewares:
let protectedRoutes = router.grouped(
basicAuthMiddleware,
guardAuthMiddleware)
// you can now use protectedRoutes to manage your routes that require authentication with basic Auth
protectedRoutes.post("login", use: loginHandler)When creating your user, you need to hash your password. You can simple use the standard BCrypt hashing like that:
import Crypto
let user = getUser(...)
user.password = try BCrypt.hash(user.password)
user.save(on: dbconnection)