Links

Share a Private File

In this guide, you will use Lightstreams node to share a file in a peer-to-peer manner with another node. No intermediary server will be used.

Create a test file

echo "SmartVault is awesome." > smart_vault.txt

Add the file to your node

curl -X POST \
http://localhost:9091/storage/add \
-H 'multipart/form-data; boundary="===============1648430772=="' \
-F owner=YOUR_ACCT \
-F password=YOUR_PWD \
-F file=@smart_vault.txt
Where:
  • file the absolute path to the file you want to share
  • owner the address of the file owner. This address needs to have a positive PHT balance to pay for the smart contract transaction fees
  • password the password to unlock owner account
Output:
{
"meta":"QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz",
"acl":"0x7000f85C4065643435E8A350655F3153c7dd030E"
}
Note:
  • "meta" a public file describing the file meta information. The protected content is stored in a secure manner. You can share this address with everyone. They won't be able to access the protected content. Only read the file metadata.
  • "acl" a smart contract address for controlling all the file access permissions and rules for the .

Grant permission to another device

Create a new account for node 2:
curl --location --request POST 'http://localhost:9092/user/signup' \
--header 'Content-Type: application/json' \
--data-raw '{
"password": "PWD_Node2"
}'
> {"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0"}
Generate the token for node 2 account 0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0:
curl --location --request POST 'http://localhost:9092/user/signin' \
--header 'Content-Type: application/json' \
--data-raw '{
"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0",
"password": "PWD_Node2"
}'
> { "token": "eyJibG9DB9...hUh4yICLseCD5ejRs" }
Attempt to read the protected file with node 2 account credentials (token): Note: Replace [meta] and [token] in the query string with the meta hash and token string you generated.
curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]'
Where:
  • meta is the protected's file public meta address: QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz
  • token is your auth token generated by /user/signin request
Output:
{"error":{
"message": "no READ access. Account '0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0' is unable to access Smart Vault protected file 'QmXT5yfwk9zpVHZZ9WYzAFiSV3N2YAx8nFqd5w3t2jrsvo' with public meta 'QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz'.",
"code":"TOKEN_DENIED"
}
This error is expected because the file owner never actually granted permission to Lightstreams node 2 account: 0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0.
Let's grant Leth node 2 a read permission.

Granting a READ permission

From Node 1 account run:
curl --location --request POST 'http://localhost:9091/acl/grant' \
--header 'Content-Type: application/json' \
--data-raw '{
"acl": "0x7000f85C4065643435E8A350655F3153c7dd030E",
"owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07",
"password": "PWD_Node2",
"to": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0",
"permission": "read"
}'
> { "is_granted": "true" }
Where:
  • acl corresponds to the smart contract address provided after we published the file
  • to is the account we are granting access to
  • permission is the permission to grant, it may be: ['read', 'write', 'admin', 'noaccess']

Try to access the file again

curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]' > ./sv.txt
vim ./sv.txt
> Smart Vault is awesome.

Reading the meta file

In case you want to get information about the privately stored file, you can do so using the /storage/meta route.
This returns public information about the file, without revealing its content.
curl --request GET 'http://localhost:9092/storage/meta?meta=QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz
Output:
{
"filename": "smart_vault.txt",
"ext": "txt",
"owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07",
"hash": "QmPVKAWBPzZVgGU1yVZuBhRWkePYbWLYrwetme1wNn2JQ8",
"acl": "0x7000f85C4065643435E8A350655F3153c7dd030E"
}
Note:
  • filename is the original filename when file was uploaded
  • ext is the original file extension
  • owner who uploaded the file
  • hash the hash of the protected file stored in IPFS (not the public Meta file hash)
  • acl address of the contract handling file permissions
Congratulations! You just shared a private file over the internet in a peer-to-peer manner.