Moralis - building Web3 dApps made simple
Finally, I had some time to dive into Moralis. I've wanted to play with it for some time, and lately, I built something simple and tested it. So what is Moralis? They describe this project as a set of tools and services which helps to build serverless, decentralized apps. Worth mentioning is that the face of Moralis is a well-known YouTuber Ivan on Tech.
What tools and APIs it incorporates
Moralis is a service that aggregates many different tools and APIs and works as a glue for them all. All that is needed when developing a decentralized app that requires access to the blockchain, like Ethereum or Binance Smart Chain. So, what will we find there? First of all, it isn't just about blockchain. You'll get full-featured user management, standard authentication using password and email, and crypto authentication using Metamask. You'll also find data management tools, storage in the cloud, and file storage, including IPFS support with pinning services. Besides that, you'll get similar functionality to web3.js and even static site hosting. So there is a lot. I would also like to write about some of the small red flags, in my opinion, but first, let's go through what I've tested and what is great.
My simple demo
Before we start digging into Moralis, let's see what I have in the repository. I built a simple, a little bit messy website with only one JavaScript file, one HTML, and one CSS. Without any additional libraries etc. To see how much functionality I'll be able to get with such little code.
You can find it here:
The demo shows three main areas:
- Authentication and interactions with Ethereum blockchain.
- Interaction with Moralis data storage.
- Files upload handling and IPFS usage.
Here is a quick walk-through video:
How to start with Moralis
Your first step should be the documentation: docs.moralis.io. You'll find how to create your account there and your first Moralis server. When you get it running, what you need is to get your API Id and your server URL and initialize Moralis in your app. See how I've done it here. You'll also need to include Moralis SDK. In our case, for a simple website, it is enough to include libraries in the head of the HTML document, like here (you need web3.js and moralis.js). When you need to work with Moralis on the Node backend or in React Native app, you can use the npm package for such use cases. You'll find it here: www.npmjs.com/package/moralis.
In my example, my webpage will expose the API Id, and anyone can use it. But there are many different ways to secure that. This is just a simple demo, and the topic is another article.
After configuring the Moralis server and basic app scaffold, the next step is to look at the authentication tools and flow.
Authenticate with Metamask
Moralis gives you standard authentication flow with username and password, but we will focus on crypto auth. To test that, you will need to have Metamask with configured wallet address for the Ethereum testnet. It can also be Binance Smart Chain or even Polygon. I used Ethereum Goerli testnet.
Moralis gives three functions that will be helpful here. They will handle three processes:
We will need to check if user is already logged in to adjust our UI. This is done by using:
Moralis.User.currentAsync()
.then(function(user) {
if (user) {
// do something with the user or/and UI state
} else {
// user is not logged in
}
})
.catch(function (error) {
// catch any errors
});
For authenticating the user we can use:
Moralis.authenticate()
.then(function (user) {
// do something with the user or/and UI state
})
.catch(function (error) {
// catch any errors
});
For logging out the user:
Moralis.User.logOut()
.then(function () {
// user is not logged in do something with UI state
})
.catch(function (error) {
// catch any errors
});
You can check how it is implemented in my small demo here.
Get blockchain data
When you are logged in, you can do a couple of things on the chain using the Moralis.Web3API.account instance. For example, to be able to list all transactions, you can use:
Moralis.Web3API.account.getTransactions({ chain: CHAIN_ID, address: user.get('ethAddress') })
.then(function (transactions) {
// do something with transactions
})
.catch(function (error) {
// catch any errors
})
You can provide the chain id here and the address of the logged-in user.
Besides this one, you can also list tokens, including NFTs. For more info on these functions, check the docs here. Moralis utilizes web3.js. This is why this library is included as a dependency. So the best would also be to check web3.js docs. I am sure that not all functions are mapped but probably more than in the Moralis docs.
If you want to check how it is implemented in my small demo. Here is an implementation for listing my transactions: Get transactions.
Data storage and queries system
Moralis integrates Parse SDK to handle all queries for stored data. Basically this is very extensive platform. Moralis introduced Moralis.Object concept. Every object with key-value pairs can be treated as collection of data. So every such instance represents real place in the storage. For example if you need to save some data, you'll use:
const Notes = Moralis.Object.extend("Notes");
const notes = new Notes();
notes.save({ note: 'Some note' })
.then(function (note) {
// do something with newly created note
})
.catch(function (error) {
// catch any errors
});
You can also query and find all or some of the notes.
const Notes = Moralis.Object.extend("Notes");
const notesQuery = new Moralis.Query(Notes);
notesQuery.find()
.then(function (notes) {
// do something with newly created note
})
.catch(function () {
// catch any errors
});
notesQuery.get('{note id}')
.then(function (note) {
note.destroy(); // delete note
})
.catch(function () {
// catch any errors
});
Check how it is implemented in my demo:
File storage and IPFS
With Moralis, you can also handle file uploads. There is a concept of Moralis.File, which gives you a couple of functions to handle uploads and get the files back. What is most interesting they give you the possibility to use IPFS with auto pinning, so you don't have to worry about that.
IPFS is very important in the blockchain area because it is a distributed P2P network that hosts the files without any centralized authority. I will probably write some more about it in separate articles.
In my demo I used IPFS and Moralis.File to be able to send images and then list them back for logged in users. For doing that you will use couple of functions:
const data = event.target.files[0];
const file = new Moralis.File(data.name, data);
file.saveIPFS()
.then(function (file) {
// do something with the file, for example:
const Files = Moralis.Object.extend("Files");
const files = new Files();
files.save({ file: file });
})
.catch(function (error) {
// catch any errors
})
To get the IPFS gateway URL to the file, you will need to call fileObject.ipfs(). Of course, you can always take the IPFS CID and use it with other gateway or even in Brave browser, which supports IPFS protocol.
Missing in the docs?
Moralis looks very promising, and building with it is speedy and convenient. So from the developer perspective, I would say that it is a good set of tools, especially for quick prototyping, hackathons, and projects where the time of development is everything (so, almost all in the crypto space ;)).
Unfortunately, there are some red flags for me, although maybe some of them are my lack of info:
- I couldn't find any firm information about the future and how much it will cost to use it. Because if I would like to build something real now, I would need to know the overall cost in the long run.
☝️ Update ☝️ The information on this one could be found in the Discord server:
Our mission is to make this infrastructure available to as many developers as possible. No matter the budget, you can use Moralis to build your dapp and go to market quickly. Therefore Moralis will always have a very generous free plan. Exact pricing for dApps requiring bigger infrastructure will be released in the coming weeks.
It is satisfactory for me. I imagine it as something like Netlify when it comes to pricing plans. They also have a very generous free plan, and if someone needs something more, prices are still affordable.
- I also couldn't find more info about the architecture behind it. So, for example, which cloud services providers are responsible for whole DevOps processes and stuff. Or on how many third-party companies it depends, etc.
- Also, with my little current knowledge and experience with Moralis, I am unsure about security and all that API keys stuff. All examples show how to expose these keys to the public in the browser etc. Maybe using Moralis on the server-side should be a better solution, but you'll need to have a server, so the narration about serverless is not accurate then. I don't know. There is, of course, an ACL mechanism, and it probably solves a lot, but I still have some uncertainty about this topic here.
☝️ Update ☝️ Moralis Docs FAQ
The App ID is meant to be public and is included in all requests to Moralis. It's ok to include the App ID in a public code repository like Github. With the App ID a user can create accounts and call any Cloud Functions. To control when new users can sign up use a beforeSave trigger on the User collection. To learn more about how to lock down your app see the Security docs. What you want to protect is the Master Key as that can override all permissions and has full access to read, write, and delete. It's best use the Master Key only on the server (i.e. Cloud Functions), never use the Master Key in the front end.
It is an excellent use case for server-side hooks for cloud functions to check and validate the data operations. So before any operation, you can fire your validation and approve or reject the process.
- I also wonder what if Moralis will someday disappear. Is there a way to export all my data and configuration and reuse it in some custom setup? Will we get such instructions somewhere?
Summary
Despite a couple of inconveniences, I am sure that Moralis has strong fundamentals to be an excellent developer service for blockchain integrations and overall apps, not only dApps.
I love how simple it is to use a couple of functions and make the app fully functional. I spend a little time writing a tiny amount of code and achieving a fully functional application that connects with blockchain data, sends files to IPFS, and adds/removes items in the data store.