Share a Private File

In this guide, you will use Lightstreams node to share a file in a peer-to-peer manner with another node. No intermediary server will be used.

Create a test file

echo "SmartVault is awesome." > smart_vault.txt

Add the file to your node

curl -X POST \
  http://localhost:9091/storage/add \
  -H 'multipart/form-data; boundary="===============1648430772=="' \
  -F owner=YOUR_ACCT \
  -F password=YOUR_PWD \
  -F file=@smart_vault.txt

Where:

• file the absolute path to the file you want to share

• owner the address of the file owner. This address needs to have a positive PHT balance to pay for the smart contract transaction fees

• password the password to unlock owner account

Output:

{
   "meta":"QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz",
   "acl":"0x7000f85C4065643435E8A350655F3153c7dd030E"
}

Note:

• "meta" a public file describing the file meta information. The protected content is stored in a secure manner. You can share this address with everyone. They won't be able to access the protected content. Only read the file metadata.

• "acl" a smart contract address for controlling all the file access permissions and rules for the .

Grant permission to another device

Create a new account for node 2:

curl --location --request POST 'http://localhost:9092/user/signup' \
--header 'Content-Type: application/json' \
--data-raw '{
	"password": "PWD_Node2"
}'

> {"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0"}

Generate the token for node 2 account 0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0:

curl --location --request POST 'http://localhost:9092/user/signin' \
--header 'Content-Type: application/json' \
--data-raw '{
	"account": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0",
	"password": "PWD_Node2"
}'

> { "token": "eyJibG9DB9...hUh4yICLseCD5ejRs" }

Attempt to read the protected file with node 2 account credentials (token): Note: Replace [meta] and [token] in the query string with the meta hash and token string you generated.

curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]'

Where:

• meta is the protected's file public meta address: QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz

• token is your auth token generated by /user/signin request

Output:

{"error":{
    "message": "no READ access. Account '0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0' is unable to access Smart Vault protected file 'QmXT5yfwk9zpVHZZ9WYzAFiSV3N2YAx8nFqd5w3t2jrsvo' with public meta 'QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz'.",
    "code":"TOKEN_DENIED"
}

This error is expected because the file owner never actually granted permission to Lightstreams node 2 account: 0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0.

Let's grant Leth node 2 a read permission.

Granting a READ permission

From Node 1 account run:

curl --location --request POST 'http://localhost:9091/acl/grant' \
--header 'Content-Type: application/json' \
--data-raw '{
  "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E",
  "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07",
  "password": "PWD_Node2",
  "to": "0xFb0bC1AC4a627fcdd215b7eF9617172276a402d0",
  "permission": "read"
}'

> { "is_granted": "true" }

Where:

• acl corresponds to the smart contract address provided after we published the file

• to is the account we are granting access to

• permission is the permission to grant, it may be: ['read', 'write', 'admin', 'noaccess']

Try to access the file again

curl --request GET 'http://localhost:9092/storage/stream?meta=[meta]&token=[token]' > ./sv.txt

vim ./sv.txt
> Smart Vault is awesome.

Reading the meta file

In case you want to get information about the privately stored file, you can do so using the /storage/meta route.

This returns public information about the file, without revealing its content.

curl --request GET 'http://localhost:9092/storage/meta?meta=QmbVtvd1rD9pDHpx7AUqrsh3CoCMW3Na3g4fAwXJxyaawz

Output:

{
    "filename": "smart_vault.txt",
    "ext": "txt",
    "owner": "0xa92e3705e6d70cb45782bf055e41813060e4ce07",
    "hash": "QmPVKAWBPzZVgGU1yVZuBhRWkePYbWLYrwetme1wNn2JQ8",
    "acl": "0x7000f85C4065643435E8A350655F3153c7dd030E"
}

Note:

• filename is the original filename when file was uploaded

• ext is the original file extension

• owner who uploaded the file

• hash the hash of the protected file stored in IPFS (not the public Meta file hash)

• acl address of the contract handling file permissions

Congratulations! You just shared a private file over the internet in a peer-to-peer manner.