Sweepline: Authenticated Control Events for Swift Servers
I've been building Sweepline, an iOS application that sends small Ed25519-signed control messages to endpoints via HTTP POST.
The goal is to provide a simple way to trigger server-side actions from a phone without requiring a custom admin UI stack via a login page and cookies or a third party account system.
The first time a message is sent to an endpoint, Sweepline generates an Ed25519 private key and stores it to sign future messages. Each message is signed and the new signature and public key is included in the request header. Signing keys are siloed by domain; one key pair is used per registrable domain and can be reset any time.
A request arrives as ordinary JSON over HTTPS, and can be decoded as a Swift struct in your routing code:
import SweeplineElements
import Vapor
app.post("control") { request async throws -> Response in
let body = request.body.data ?? ByteBuffer()
let bodyData = Data(buffer: body)
let headers = Dictionary(
uniqueKeysWithValues: request.headers.map { ($0.name, $0.value) }
)
let signedMessage = try SweeplineSignedMessage(headers: headers)
let verifier = SweeplineVerifier()
guard try verifier.verify(body: bodyData, signedMessage: signedMessage) else {
throw Abort(.unauthorized)
}
let decoder = JSONDecoder()
decoder.dateDecodingStrategy = .iso8601
let sweeplineRequest = try decoder.decode(SweeplineRequest.self, from: bodyData)
switch sweeplineRequest.contact {
case .tap:
// perform tap action
case .yes(let isYes):
// perform yes/no action
case .down(let isDown):
// perform down/up action
}
return Response(status: .ok)
}
The Sweepline app stores the public key used for the endpoint, so you, the server operator, can request it from clients if you need to differentiate an exact installation of the app.
For anyone interested in using Sweepline in their projects, the controller app is available here ( Sweepline App - App Store ), and I've published a minimal NIO-based example endpoint server (on POST /ep/hello — GitHub - christopherweems/sweepline-hello: Your first Sweepline endpoint server · GitHub ). Data types needed for integrating with an existing or new service can be found in sweepline-elements: GitHub - christopherweems/sweepline-elements: Data types useful for Sweepline endpoint developers · GitHub
The example endpoint demonstrates receiving requests, verifying signatures, and responding to the client with status or redirect url.
Further interaction modes are planned but the protocol's handshake and core gestures will remain stable. Taps, yes/no and up/down gestures can all drive actions today, and the API contract won’t be broken by a future Sweepline release.