{"id":13635333,"url":"https://github.com/skelpo/JWTMiddleware","last_synced_at":"2025-04-19T03:34:52.444Z","repository":{"id":32207014,"uuid":"130247966","full_name":"skelpo/JWTMiddleware","owner":"skelpo","description":"Middleware to Authenticate and Authorize Requests in Vapor","archived":false,"fork":false,"pushed_at":"2021-10-20T18:16:31.000Z","size":117,"stargazers_count":35,"open_issues_count":3,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-23T07:19:21.642Z","etag":null,"topics":["authentication","hacktoberfest","jwt","swift","vapor"],"latest_commit_sha":null,"homepage":"","language":"Swift","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skelpo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-19T17:09:35.000Z","updated_at":"2025-02-15T12:48:57.000Z","dependencies_parsed_at":"2022-09-10T02:10:31.951Z","dependency_job_id":null,"html_url":"https://github.com/skelpo/JWTMiddleware","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelpo%2FJWTMiddleware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelpo%2FJWTMiddleware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelpo%2FJWTMiddleware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skelpo%2FJWTMiddleware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skelpo","download_url":"https://codeload.github.com/skelpo/JWTMiddleware/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249600553,"owners_count":21297716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","hacktoberfest","jwt","swift","vapor"],"created_at":"2024-08-02T00:00:44.117Z","updated_at":"2025-04-19T03:34:52.211Z","avatar_url":"https://github.com/skelpo.png","language":"Swift","readme":"# JWTMiddleware\n\nHandles authentication and authorization of models through JWT tokens by themselves or mixed with other authentication methods.\n\n## Install\n\nAdd this line to your manifest's `dependencies` array:\n\n```swift\n.package(url: \"https://github.com/skelpo/JWTMiddleware.git\", from: \"0.6.1\")\n```\n\nAnd add `JWTMiddleware` to all the target dependency arrays you want to access the package in.\n\nComplete the installation by running `vapor update` or `swift package update`.\n\n## Modules\n\nThere are currently 2 modules in the JWTMiddleware package; `JWTMiddleware` and `JWTAuthenticatable`.\n\nThe `JWTMiddleware` module contains middleware for request authentication/authorization and helpers for getting data stored in the request by the middleware.\n\nThe `JWTAuthenticatable` module holds protocols that allow a type to be authenticated/authorized in the middleware declared in the `JWTMiddleware` module.\n\n## JWTMiddleware\n\nThe JWTMiddleware module exports the following types:\n\n- `JWTAuthenticatableMiddlware`:\n\n\tHandles authenticating/authorizing a model conforming to `JWTAuthenticatable` using data pulled from a request. \n\t\n\tWhen a request is passed though the middleware, it will first check to see if the specified model is already authenticated. If it is not, it will try to get data to authenticate the model by calling the static `authBody(from:)` method. If it successfully authenticates, it will get the model's access token by calling `accessToken(on:)`, then store both the token and the authenticated model in the request for accessing later. If `nil` is return from `authBody(from:)`, then we try to authenticate using data from the `Authorization: Bearer ...` header. If authentication succeeds, we will store both the token fetched from the header and the authenticated model in the request.\n\t\n\tYou can register the middleware to a route group as shown below.\n\t\n\t```swift\n\tlet auth = route.group(JWTAuthenticatableMiddlware\u003cUser\u003e())\n\t```\n\n- `JWTVerificationMiddleware`:\n\n\t Gets the value from the `Authorization: Bearer ...` header, verifies it with the specified payload type, and stores it in the request for later.\n\t\n\t```swift\n\troute.group(JWTVerificationMiddleware\u003cUserPayload\u003e())\n\t```\n- `RouteRestrictionMiddleware`:\n\n   Restricts access to routes based on a user's permission level (i.e. Admin, Moderator, Standard, etc.)\n   \n   ```swift\n   route.group(RouteRestrictionMiddleware(\n   \t\trestrictions: [\n   \t\t\tRouteRestriction(.DELETE, at: \"users\", User.parameter, allowed: [.admin, .moderator]),\n   \t\t\t...\n   \t\t],\n   \t\tparameters: [User.routingSlug: User.resolveParameter]\n   ))\n   ```\n  \n   You must add custom parameter types used due to the way the request's URI and the restrictions path components are checked. Default parameter types are added by default.\n   \n   If a user is authenticated via middleware before `RouteRestrictionMiddleware`, the middleware will use that user's ID to check against the ID in the JWT payload we checking a request.\n   \n- `RouteRestriction`:\n\n   A restriction constraint for a `RouteRestrictionMiddleware` instance. The initializer takes in an optional method, a path, and valid permission levels for that path. If the method is `nil`, any method for the given path will be restricted.\n   \n   ```swift\n   RouteRestriction(.GET, at: \"dashboard\", \"user\", User.parameter, \"tickets\", allowed: [.admin])\n   ```\n\n- `PermissionedUserPayload`: \n\n   Extends `IdentifiableJWTPayload` adding a \n\n## JWTAuthenticatable\n\nThe JWTAuthenticatable module exports the following types:\n\n- `IdentifiableJWTPayload`:\n\t\n\tRepresents a JWT payload with an `id` value. This is used by the `BasicJWTAuthenticatable` to access a model from the database based on its `id` property.\n\t\n- `JWTAuthenticatable`:\n\t\n\tA model that can be authorized with a JWT payload and authenticated with an unspecified type that is defined by the implementing type.\n\t\n\tThis protocol requires the following types/properties/methods:\n\t\n\t- `associatedtype AuthBody`: Used for authentication of the model.\n\t- `associatedtype Payload: IdentifiableJWTPayload`: A type that the payload of a JWT token can be converted to. This type is used to authorize requests.\n\t\n\t- `accessToken(on request: Request) throws -\u003e Future\u003cPayload\u003e`: This method should create a payload for a JWT token that will later be used to authorize the model.\n\t- `static authBody(from request: Request)throws -\u003e AuthBody?`: Gets data from a request that can be used to authenticate a model\n\t- `static authenticate(from payload: Payload, on request: Request)throws -\u003e Future\u003cSelf\u003e`: Verifies the payload passed in and gets an instance of the model based on the payload's contents.\n\t- `static authenticate(from body: AuthBody, on request: Request)throws -\u003e Future\u003cSelf\u003e`: Gets a model and checks it against the contents of the `body` parameter passed in.\n\n- `BasicJWTAuthenticatable`:\n\n\tImplements `JWTAuthenticatable` methods for authenticating with an id/password combination. The ID should either be a username or email.\n\t\n\tThe `authBody` method implementation gets the name of the property referenced by the `usernameKey` key-path. It will then extract the values from the request body with the key from `usernameKey` and `\"password\"`.\n\t\n\tThe payload authorization method simply finds the instance of the model stored in the database with an ID equal to the `id` property in the payload.\n\t\n\tThe `AuthBody` authentication method fetches the first user from the database with a `usernameKey` property equal to the `body.username` value. It then checks to see if the model's password hash is equal to the `body.password` value, using BCrypt verification.\n\t\n\tThis protocols requires the following type/properties:\n\t\n\t- `associatedtype Payload: IdentifiableJWTPayload`: A type that the payload of a JWT token can be converted to. This type is used to authorize requests.\n\t- `usernameKey: KeyPath\u003cSelf, String\u003e`: The key-path for the property that will be checked against the `body.username` value during authentication. This will usually be either an email or username. This property can be either a variable or constant.\n\t- `var password: String` The hashed password of the model, used to verify the request'c credibility. This properties value _must_ be hash using BCrypt.\n\nThis module also adds some helper methods to the `Request` type:\n\n- `accessToken()throws -\u003e String`: Gets the value of the `Authorization: Bearer ...` header.\n- `payload\u003cPayload: Decodable\u003e(as payloadType: Payload.Type = Payload.self)throws -\u003e Payload`: Gets the payload of a JWT token the was previously stored in the request by a middleware.\n- `payloadData\u003cPayload, Object\u003e(storedAs stored: Payload.Type, convertedTo objectType: Object.Type = Object.self)throws -\u003e Object`: Gets the payload of a JWT token stored in the request and converts it to a different type.\n","funding_links":[],"categories":["Authentication"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskelpo%2FJWTMiddleware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskelpo%2FJWTMiddleware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskelpo%2FJWTMiddleware/lists"}