SiaShare

SiaShare is an end-to-end encrypted file sharing service that uses the Sia decentralized storage network to store files.

How to run SiaShare

renterd running and ready to upload data (blockchain sync'd, autopilot configured, contracts formed, etc).
A reverse proxy (e.g. Caddy) is required and must be configured with an SSL certificate.

docker pull ghcr.io/mjmay08/siashare:main.
Run docker run -p 8081:8080 -v C:\\temp:/siashare-data siashare:0.0.21.
- 8081 or whatever port you want to bind to on you local host.
- C:\\temp or whatever local volume you want to mount into the container to persist the SiaShare db and cache of uploaded files.
Configure reverse proxy to expose and point to whatever port you specified in place of 8081 in the example above.
Open browser to whatever host/port the reverse proxy is listening on.

User selects some files to share.
A main secret key and salt is generated using https://github.com/SocketDev/wormhole-crypto.
Additional keys are dervied using HKDF SHA-256.
1. An encryption key and salt for each file.
2. An encryption key for the file metadata.
3. A token which will be used for read access to the room.
A new room is created on the server. The server creates a room id and a write access token for the room. Both are returned to the client.
The shareable link given to the user. The format of the link is https://<domain_here>/{roomId}#{mainSecretKey} Since the mainSecretKey is a URL fragment it will never be sent to the server.
The client encrypts each file
A .torrent file is created per file being uploaded. This file is encrypted using a metadata key.
The encrypted .torrent files are uploaded to the server.
The client starts seeding the torrents using WebTorrent. This is what enables downloaders to start downloading a file before the uploader has even finished uploading it to the server.
All encrypted files are uploaded to the server using TUS.
1. Once a file is uploaded to the server it will then be uploaded to the Sia network using renterd.

The client takes the roomId and mainSecretKey from the URL.
The client asks the server for the salt corresponding to that room.
The client uses the mainSecretKey and salt to derive the same keys that were used for encrypting the files and metadata as well as the token for read access to the room.
The client then asks the server for all of the enrypted .torrent files and then decrypts them.
The list of files uploaded to the room is then shown to the user.
When the user selects a file to download WebTorrent is then used to coordinate the download.
1. WebTorrent will check for peers (the uploader) if they are still seeding the file.
2. It will also simultaneously use a WebSeed url to download the file from the server if the file has finished uploading. The download from the server will either serve the file from the local filesystem if it is still present, otherwise it will fetch the file from the Sia network using renterd.
WebTorrent verifies all pieces of the file match the expected hashes as it receives them.
The file is then decrypted.

Clone or download the repo.
Run npm install to install the required node modules.
Set all configuration values needed in config/default.json
Run npm start. This will start the express server which will serve both the static content used for the UI as well as the server.
Open browser and go to https://: where host and port are the values from config/default.json

This work is supported by a Sia Foundation grant.