# Share a Private File In this guide, you will use Lightstreams node to share a file in a peer-to-peer manner with another node. No intermediary server will be used. ### Create a test file ```bash echo "SmartVault is awesome." > smart_vault.txt ``` ### Add the file to your node ```bash curl -X POST \ http://localhost:9091/storage/add \ -H 'multipart/form-data; boundary="===============1648430772=="' \ -F owner=YOUR_ACCT \ -F password=YOUR_PWD \ -F file=@smart_vault.txt ``` Where: * `file` the absolute path to the file you want to share * `owner` the address of the file owner. This address needs to have a positive PHT balance to pay for the smart contract transaction fees * `password` the password to unlock owner account Output: ```javascript { "meta":"QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz", "acl":"0x7000f85C4065643435E8A350655F3153c7dd030E" } ``` Note: * `"meta"` a public file describing the file meta information. The protected content is stored in a secure manner. You can share this address with everyone. They won't be able to access the protected content. Only read the file metadata. * `"acl"` a smart contract address for controlling all the file access permissions and rules for the . ### Grant permission to another device Create a new account for node 2: ``` curl --location --request POST 'http://localhost:9092/user/signup' \ --header 'Content-Type: application/json' \ --data-raw '{ "password": "PWD_Node2" }' > {"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0"} ``` Generate the token for node 2 account `0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0`: ```bash curl --location --request POST 'http://localhost:9092/user/signin' \ --header 'Content-Type: application/json' \ --data-raw '{ "account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0", "password": "PWD_Node2" }' > { "token": "eyJibG9DB9...hUh4yICLseCD5ejRs" } ``` Attempt to read the protected file with node 2 account credentials (token):\ **Note:** Replace \[meta] and \[token] in the query string with the meta hash and token string you generated. ``` curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]' ``` Where: * `meta` is the protected's file public meta address: `QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz` * `token` is your auth token generated by `/user/signin` request Output: ```javascript {"error":{ "message": "no READ access. Account '0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0' is unable to access Smart Vault protected file 'QmXT5yfwk9zpVHZZ9WYzAFiSV3N2YAx8nFqd5w3t2jrsvo' with public meta 'QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz'.", "code":"TOKEN_DENIED" } ``` This error is expected because the file owner never actually granted permission to Lightstreams node 2 account: `0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0`. Let's grant Leth node 2 a read permission. ### Granting a READ permission From Node 1 account run: ```bash curl --location --request POST 'http://localhost:9091/acl/grant' \ --header 'Content-Type: application/json' \ --data-raw '{ "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E", "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07", "password": "PWD_Node2", "to": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0", "permission": "read" }' > { "is_granted": "true" } ``` Where: * `acl` corresponds to the smart contract address provided after we published the file * `to` is the account we are granting access to * `permission` is the permission to grant, it may be: `['read', 'write', 'admin', 'noaccess']` ### Try to access the file again ```bash curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]' > ./sv.txt vim ./sv.txt > Smart Vault is awesome. ``` ### Reading the meta file In case you want to get information about the privately stored file, you can do so using the `/storage/meta` route. This returns public information about the file, without revealing its content. ```bash curl --request GET 'http://localhost:9092/storage/meta?meta=QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz ``` Output: ```javascript { "filename": "smart_vault.txt", "ext": "txt", "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07", "hash": "QmPVKAWBPzZVgGU1yVZuBhRWkePYbWLYrwetme1wNn2JQ8", "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E" } ``` Note: * `filename` is the original filename when file was uploaded * `ext` is the original file extension * `owner` who uploaded the file * `hash` the hash of the protected file stored in IPFS (not the public Meta file hash) * `acl` address of the contract handling file permissions **Congratulations!** You just shared a private file over the internet in a peer-to-peer manner.