Hi all,
I wanted to create a React web app, where users could join Rooms (WebSockets), and all have access to all the files uploaded to the rooms.
Upon loading of the rooms, when a new user joins in, they could have access to the files (CIDs), and thus download them.
I wanted to know whether this idea makes sense in theory, or whether there are inherent security flaws which I might have overlooked due to my limited understandingđŸ˜…
What would be the right way of approaching this technically too?
Welcome to the IPFS forum,
While it’s possible to do something like your idea, the details of how you do this can affect the implementation significantly.
Some pointers/open questions to think about:
- CIDs are public by default in the IPFS network. How important is access control? You could achieve this by adding a layer of encryption but that would increase the complexity significantly
- Where do you store the files and application state?
- Do you intend on rely on a long running IPFS node, i.e. Kubo, for file storage? For browsers to connect to Kubo nodes using Websockets you will need to ensure you have a TLS certificate for your Kubo node.
I’d recommend checking out the following guide Create a simple chat app | IPFS Docs to get some inspiration (source: GitHub - TheDiscordian/browser-ipfs-chat: Simple demo showing off browser js-ipfs capabilites.).
Thanks a lot for the quick reply!
I wanted to store the files on web3.storage
Access Control is important, and I think I can achieve this by using a layer of AES Encryption before uploading it to the storage, but it increases the complexity, like you mentioned.
Another idea I had is to implement verification using tokens from session storage in the browser
So if the user’s have the tokens with values matching the room, they would be allowed to view the content in the room.
The token could be set by the link shared by the uploader in this case.
The idea is for users to join the room, and then allow a file transfer to take place using web3.storage, the file can be accessible from the IPFS via a gateway, but I’m not sure how to connect my room to the storage.
Does this sound right?
Will I need a TLS certificate if I use a HTTP gateway?
What would the recommended technical approach to create rooms and connect them with the storage be if I use web3.storage?
I wanted to store the files on web3.storage
If you rely on web3.storage, that means the encryption has to happen client-side meaning that you’ll hold the encryption key in the browser. If you wanna share that with other peers you’ll need a secure direct connection to other peers. This should be possible with WebRTC and libp2p but requires a signalling server to establish the WebRTC connection.
Will I need a TLS certificate if I use a HTTP gateway?
If you’re hosting your own gateway and you make it public, you will need a TLS certificate. You can get a free one with Let’s Encrypt. Public gateways like dweb.link are already served over TLS with a certificate.
Since there’s a lot of prior art on this topic I would recommend taking a look at:
- WNFS by the Fission team https://guide.fission.codes/developers/webnative/file-system-wnfs and Fission Drive
- Privy
I am currently doing something similar, and i would like to get you guys though, my idea is; i would be tweaking my ipfs gateway to make it possible for it to accept encrypted files or resources that would be stored on ipfs. For the access control implementation, when another user request access to the file or resource or I am giving a user access to the file or resource I would re-encrypt using the users public key, so said resource would be retrieved from my ipfs node, but this access would only last for a specified amount time by the creator, as it would be deleted from the node after the specified time