Share a Private File

In this guide, you will use Lightstreams node to share a file in a peer-to-peer manner with another node. No intermediary server will be used.

Create a test file

echo "SmartVault is awesome." > smart_vault.txt

Add the file to your node

curl -X POST \
  http://localhost:9091/storage/add \
  -H 'multipart/form-data; boundary="===============1648430772=="' \
  -F owner=YOUR_ACCT \
  -F password=YOUR_PWD \
  -F file=@smart_vault.txt

Where:

file the absolute path to the file you want to share
owner the address of the file owner. This address needs to have a positive PHT balance to pay for the smart contract transaction fees
password the password to unlock owner account

Output:

{
   "meta":"QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz",
   "acl":"0x7000f85C4065643435E8A350655F3153c7dd030E"
}

Note:

"meta" a public file describing the file meta information. The protected content is stored in a secure manner. You can share this address with everyone. They won't be able to access the protected content. Only read the file metadata.
"acl" a smart contract address for controlling all the file access permissions and rules for the .

Grant permission to another device

Create a new account for node 2:

curl --location --request POST 'http://localhost:9092/user/signup' \
--header 'Content-Type: application/json' \
--data-raw '{
	"password": "PWD_Node2"
}'

> {"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0"}

Generate the token for node 2 account 0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0:

curl --location --request POST 'http://localhost:9092/user/signin' \
--header 'Content-Type: application/json' \
--data-raw '{
	"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0",
	"password": "PWD_Node2"
}'

> { "token": "eyJibG9DB9...hUh4yICLseCD5ejRs" }

Attempt to read the protected file with node 2 account credentials (token): Note: Replace [meta] and [token] in the query string with the meta hash and token string you generated.

curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]'

Where:

meta is the protected's file public meta address: QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz
token is your auth token generated by /user/signin request

Output:

{"error":{
    "message": "no READ access. Account '0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0' is unable to access Smart Vault protected file 'QmXT5yfwk9zpVHZZ9WYzAFiSV3N2YAx8nFqd5w3t2jrsvo' with public meta 'QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz'.",
    "code":"TOKEN_DENIED"
}

This error is expected because the file owner never actually granted permission to Lightstreams node 2 account: 0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0.

Let's grant Leth node 2 a read permission.

Granting a READ permission

From Node 1 account run:

curl --location --request POST 'http://localhost:9091/acl/grant' \
--header 'Content-Type: application/json' \
--data-raw '{
  "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E",
  "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07",
  "password": "PWD_Node2",
  "to": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0",
  "permission": "read"
}'

> { "is_granted": "true" }

Where:

acl corresponds to the smart contract address provided after we published the file
to is the account we are granting access to
permission is the permission to grant, it may be: ['read', 'write', 'admin', 'noaccess']

Try to access the file again

curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]' > ./sv.txt

vim ./sv.txt
> Smart Vault is awesome.

Reading the meta file

In case you want to get information about the privately stored file, you can do so using the /storage/meta route.

This returns public information about the file, without revealing its content.

curl --request GET 'http://localhost:9092/storage/meta?meta=QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz

Output:

{
    "filename": "smart_vault.txt",
    "ext": "txt",
    "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07",
    "hash": "QmPVKAWBPzZVgGU1yVZuBhRWkePYbWLYrwetme1wNn2JQ8",
    "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E"
}

Note:

filename is the original filename when file was uploaded
ext is the original file extension
owner who uploaded the file
hash the hash of the protected file stored in IPFS (not the public Meta file hash)
acl address of the contract handling file permissions

Congratulations! You just shared a private file over the internet in a peer-to-peer manner.

PreviousRun a Smart Vault Node NextSmart Vault SDK

Last updated 10 months ago

Was this helpful?

curl --location --request POST 'http://localhost:9092/user/signup' \ --header 'Content-Type: application/json' \ --data-raw '{ "password": "PWD_Node2" }' > {"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0"}

curl --location --request POST 'http://localhost:9092/user/signin' \ --header 'Content-Type: application/json' \ --data-raw '{ "account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0", "password": "PWD_Node2" }' > { "token": "eyJibG9DB9...hUh4yICLseCD5ejRs" }

{"error":{ "message": "no READ access. Account '0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0' is unable to access Smart Vault protected file 'QmXT5yfwk9zpVHZZ9WYzAFiSV3N2YAx8nFqd5w3t2jrsvo' with public meta 'QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz'.", "code":"TOKEN_DENIED" }

curl --location --request POST 'http://localhost:9091/acl/grant' \ --header 'Content-Type: application/json' \ --data-raw '{ "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E", "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07", "password": "PWD_Node2", "to": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0", "permission": "read" }' > { "is_granted": "true" }

{ "filename": "smart_vault.txt", "ext": "txt", "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07", "hash": "QmPVKAWBPzZVgGU1yVZuBhRWkePYbWLYrwetme1wNn2JQ8", "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E" }