Middleware Reference
Blocklet SDK provides a comprehensive suite of Express.js middleware, designed to streamline common web development tasks within your Blocklet applications. These middlewares facilitate crucial functionalities such as user session management, authentication, protection against common web vulnerabilities like CSRF, verification of inter-Blocklet and inter-component communications, dynamic sitemap generation for SEO, and robust fallback HTML serving for single-page applications.
Each middleware is designed to integrate seamlessly into your Express.js application, providing a modular approach to adding powerful features. For detailed information on specific middlewares, please refer to their dedicated sections:
Overview of Middlewares#
The following table provides a quick overview of the middlewares available in the Blocklet SDK:
Middleware | Description | Detailed Documentation |
|---|---|---|
| Manages user sessions, login tokens, and access keys for request authentication. | |
| Enforces authorization based on user roles, permissions, KYC status, and authentication methods. | |
| Protects your web application against Cross-Site Request Forgery (CSRF) attacks. | |
| Verifies digital signatures on requests originating from other Blocklets or components within the Blocklet Server ecosystem. | |
| Generates dynamic sitemap XML files to improve search engine optimization for your Blocklet. | |
| Serves a fallback HTML page for single-page applications, ensuring proper SEO and initial page load. |
Integrating Middlewares#
Integrating Blocklet SDK middlewares into your Express.js application is straightforward. You can apply them globally or to specific routes, depending on your application's needs.
Here is a basic example demonstrating how to set up some of the key middlewares in an Express.js application:
import express from 'express';
import { auth, session, csrf, fallback } from '@blocklet/sdk/middlewares';
import { resolve } from 'path';
const app = express();
// Use session middleware to authenticate incoming requests based on various tokens
app.use(session());
// Use CSRF protection for POST, PUT, PATCH, DELETE requests
app.use(csrf());
// Example route protected by auth middleware, requiring an 'admin' role
app.get('/admin', auth({ roles: ['admin'] }), (req, res) => {
res.send('Welcome to the admin dashboard!');
});
// Serve static assets from the 'dist' directory
app.use(express.static(resolve(__dirname, '../dist')));
// Use fallback middleware to serve index.html for all unhandled routes,
// injecting dynamic page data for SEO purposes.
app.use(fallback(resolve(__dirname, '../dist/index.html'), {
getPageData: async (req) => ({
title: 'My Blocklet Application',
description: 'A decentralized application powered by ArcBlock Blocklet Server.',
ogImage: 'https://your-blocklet-url.com/blocklet/og.png' // Example Open Graph image
}),
// Optional: configure cache TTL for the fallback response
cacheTtl: 5 * 60 * 1000 // Cache for 5 minutes
}));
const port = process.env.PORT || 3000;
app.listen(port, () => {
console.log(`Blocklet application listening on port ${port}`);
});This example demonstrates how to apply session and csrf globally, apply auth to a specific route, and use fallback to handle single-page application routing and SEO.
This section provided an overview of the Express.js middlewares available in the Blocklet SDK. You can now proceed to explore each middleware in detail to understand its specific functionalities and configuration options. Continue your journey by diving into Authentication middleware details.