How one can use middlewares in Vapor 4?


Learn to create middlewares for a Vapor based mostly server aspect Swift utility to deal with widespread routing functionalities.


What’s a middleware?

A middleware is principally a operate that might be executed each time earlier than the request handler. This fashion you possibly can hook up particular functionalities, akin to altering the request earlier than your handler will get the prospect to answer it. Let me present you a real-world instance actual fast.

import Vapor

remaining class ExtendPathMiddleware: Middleware {

    public func reply(to request: Request, chainingTo subsequent: Responder) -> EventLoopFuture<Response> {
        if !request.url.path.hasSuffix("") {
            let response = request.redirect(to: request.url.path + "", sort: .everlasting)
            return request.eventLoop.makeSucceededFuture(response)
        return subsequent.reply(to: request)

I am utilizing this middleware to at all times prolong my paths with a trailing slash character. Simply attempt to delete the final char from the URL right here on my web site & press enter, you will be redirected to the unique path with a “” suffix, for the reason that middleware is doing its job. 👨‍💻

A middleware operate has two enter parameters. The primary one is the Request object that you could test and even alter its properties. The second is the subsequent reference within the Responder chain, so you possibly can reply as common (together with your route handlers) if the middleware has nothing to do with the incoming request. It is best to at all times name the subsequent.reply(to: request) methodology.

Utilizing a middleware

With the intention to use the middleware from above it’s important to register it first. It’s potential to make use of a middleware globally, you possibly can hook up your middleware utilizing the app.middleware.use(_) methodology. This fashion the registered middleware might be applided for each single route in your Vapor server.

import Vapor

public func configure(_ app: Utility) throws {

The opposite possibility is to use a middleware to particular subset of routes.

let middlewareRoutes = app.grouped(ExtendPathMiddleware())
middlewareRoutes.get("howdy") { req in
    return "howdy"

You possibly can learn extra about routing within the official Vapor 4 docs. I additionally choose to have a devoted router class for my modules (I am utilizing sort of a VIPER structure on the server aspect). 😜

remaining class MyRouter: RouteCollection {

    func boot(routes: RoutesBuilder) throws {
        routes.grouped(ExtendPathMiddleware()).get("howdy", use: self.howdy)
    func howdy(req: Request) -> String {
        return "howdy"

strive app.routes.register(assortment: routes)

That is how I make the most of middlewares in my Vapor apps. Truthfully I haven’t got that a lot customized middlewares, however the ones I carried out helps me so much to resolve widespread issues.

Constructed-in middlewares

There are some helpful middlewares constructed proper into Vapor.

File middleware

The FileMiddleware permits you to serve static belongings from a given folder. This comes useful if you’re utilizing Vapor with out an nginx server, so you possibly can serve photographs, stylesheets, javascript recordsdata with the consumer (browser). You possibly can setup the middleware like this:

import Vapor

public func configure(_ app: Utility) throws {

    app.middleware.use(FileMiddleware(publicDirectory: app.listing.publicDirectory))

You possibly can configure the trail of your assets by passing the publicDirectory enter parameter.

CORS middleware

Briefly, CORS permits you to share assets between a number of domains.

Cross-origin useful resource sharing (CORS) is a mechanism that permits restricted assets on an online web page to be requested from one other area outdoors the area from which the primary useful resource was served.

This comes useful if you’re creating frontend apps by utilizing Leaf & Vapor. This middleware will substitute or add the mandatory CORS headerss to the response. You should utilize the default config or initialize a customized one, right here is the Swift code for utilizing the CORS middleware:

import Vapor

public func configure(_ app: Utility) throws {
    app.middleware.use(CORSMiddleware(configuration: .default()))
    app.middleware.use(CORSMiddleware(configuration: .init(
        allowedOrigin: .originBased,
        allowedMethods: [.GET, .POST, .PUT, .OPTIONS, .DELETE, .PATCH],
        allowedHeaders: [.accept, .authorization, .contentType, .origin, .xRequestedWith]

If you wish to be taught extra about how these middlewares work you must possibility+click on on the identify of the middleware in Xcode. This fashion you possibly can browse the supply recordsdata immediately. 🔍

Error middleware

Route handlers can throw erros. You possibly can catch these by utilizing the ErrorMiddlware and switch them into correct HTTP responses if mandatory. Right here is learn how to setup the middleware:

import Vapor

public func configure(_ app: Utility) throws {
    app.middleware.use(ErrorMiddleware.default(setting: app.setting))
    app.middleware.use(ErrorMiddleware { req, error -> Response in
        .init(standing: .internalServerError, model: req.model, headers: .init(), physique: .empty)

If you’re creating an API service, this middleware is sort of a vital part. 💥

Auth associated middlewares

The Authenticator protocol conforms to the Middleware protocol, so we are able to register something that implements any of the Authenticator protocols. You possibly can learn extra about how the auth layer works in Vapor 4 from my authentication tutorial.

The Authenticatable protocol has two static strategies, they returns middlewares too. The primary one is the guard middleware, which is able to throw an error if the person will not be logged in. The second is the redirect middleware, that redirects unauthenticated requests to the equipped path.


    UserModel.redirectMiddleware(path: ""),

A number of middlewares may be registered directly utilizing an array.

Middlewares vs route handlers

Typically it is helpful to put in writing a middleware, however in different instances a easy route handler may be greater than sufficient. I am not in opposition to middlewares in any respect, however you must contemplate which strategy is one of the best to your wants. I often go together with easy handlers and blocks in 95% of the instances.

Middlwares are good for fixing international issues, for instance if you wish to add a brand new header to each request it is secure to make use of a middleware. Checking person permission ranges? Not mandatory, however yeah if you wish to simplify issues a middleware may work right here as effectively. 🤔

Enjoyable reality

This URL: nonetheless works, although it accommodates 5 slashes, query marks and ampersands. I do not know why, however many of the web sites will not be checking for duplicates. Strive with different domains as effectively.

If you wish to learn to construct a customized middleware I feel it is a good follow to resolve this concern. Write one which removes the pointless characters and redirects to the “proper” URL.


Please enter your comment!
Please enter your name here