A standalone Express.js server for managing file uploads, downloads, and searches on the Irys decentralized storage network with encryption support for private files and group-based permissions.
- User Management: Registration, authentication, and profile management
- Group Management: Create public/private groups with member management
- File Operations: Upload, download, and manage files on Irys
- Encryption: AES-256-GCM encryption for private files
- Search: Advanced search capabilities with filters and suggestions
- Permissions: User and group-level access control
- Security: JWT authentication, rate limiting, input validation
-
Authentication Service (
middleware/auth.js)- JWT-based authentication
- User and group management
- Access control middleware
-
Encryption Service (
utils/encryption.js)- AES-256-GCM symmetric encryption
- RSA asymmetric encryption
- Password hashing with PBKDF2
-
Irys Service (
utils/irys.js)- Irys network integration
- File upload/download operations
- Transaction metadata management
-
API Routes
/api/auth- Authentication endpoints/api/files- File management endpoints/api/groups- Group management endpoints/api/search- Search and discovery endpoints
- Clone the repository and navigate to the irys_server directory:
cd irys_server- Install dependencies:
npm install- Copy environment configuration:
cp .env.example .env- Configure environment variables in
.env:
PORT=7711
IRYS_PRIVATE_KEY=your_irys_private_key_here
JWT_SECRET=your_super_secret_jwt_key_here
MASTER_ENCRYPTION_KEY=your_32_byte_master_encryption_key_hereStart the development server with auto-reload:
npm run devStart the production server:
npm startRun the test suite:
npm testRun tests in watch mode:
npm run test:watchPOST /api/auth/register
Content-Type: application/json
{
"username": "johndoe",
"email": "john@example.com",
"password": "SecurePassword123!"
}POST /api/auth/login
Content-Type: application/json
{
"username": "johndoe",
"password": "SecurePassword123!"
}GET /api/auth/profile
Authorization: Bearer <jwt_token>POST /api/files/upload
Authorization: Bearer <jwt_token>
Content-Type: multipart/form-data
file: <file_data>
fileName: "document.pdf"
description: "Important document"
isPrivate: "true"
groupId: "group_123"
tags: ["document", "important"]GET /api/files/download/:txId
Authorization: Bearer <jwt_token>GET /api/files/my?limit=20&offset=0&groupId=group_123&isPrivate=true
Authorization: Bearer <jwt_token>POST /api/groups
Authorization: Bearer <jwt_token>
Content-Type: application/json
{
"name": "Research Team",
"description": "Collaborative research group",
"isPrivate": false
}POST /api/groups/:groupId/join
Authorization: Bearer <jwt_token>GET /api/groups/public
Authorization: Bearer <jwt_token>GET /api/search?query=research&tags=science&limit=20&offset=0
Authorization: Bearer <jwt_token>POST /api/search/advanced
Authorization: Bearer <jwt_token>
Content-Type: application/json
{
"query": "machine learning",
"filters": {
"contentType": "application/pdf",
"isPrivate": false,
"groupId": "group_123"
},
"dateRange": {
"from": "2023-01-01T00:00:00Z",
"to": "2023-12-31T23:59:59Z"
},
"sortBy": "uploadedAt",
"sortOrder": "desc",
"limit": 20,
"offset": 0
}- Private Files: Encrypted using AES-256-GCM with user/group-specific keys
- Key Management: RSA key pairs for secure key exchange
- Password Security: PBKDF2 hashing with salt
- Authentication: JWT tokens with configurable expiration
- Authorization: Role-based access (user, group member, group admin)
- Rate Limiting: Configurable request limits per IP
- Input Validation: Joi schema validation for all inputs
- HTTPS: Enforced in production
- CORS: Configurable cross-origin policies
- Helmet: Security headers middleware
- File Validation: Type and size restrictions
| Variable | Description | Default |
|---|---|---|
PORT |
Server port | 7711 |
NODE_ENV |
Environment mode | development |
IRYS_NODE_URL |
Irys node URL | https://node2.irys.xyz |
IRYS_PRIVATE_KEY |
Irys wallet private key | Required |
IRYS_CURRENCY |
Irys currency | ethereum |
JWT_SECRET |
JWT signing secret | Required |
JWT_EXPIRES_IN |
JWT expiration time | 24h |
MASTER_ENCRYPTION_KEY |
Master encryption key (32 bytes hex) | Required |
MAX_FILE_SIZE |
Maximum file size | 50MB |
RATE_LIMIT_WINDOW_MS |
Rate limit window | 15 minutes |
RATE_LIMIT_MAX_REQUESTS |
Max requests per window | 100 |
- Maximum file size: 50MB (configurable)
- Maximum files per request: 10
- Supported file types: Images, PDFs, text files, archives, videos, audio
The server implements comprehensive error handling:
- Validation Errors: 400 Bad Request with detailed messages
- Authentication Errors: 401 Unauthorized
- Authorization Errors: 403 Forbidden
- Not Found Errors: 404 Not Found
- Server Errors: 500 Internal Server Error
All errors include:
- Error type and message
- Timestamp
- Request context (in development mode)
Structured logging with configurable levels:
- Error: Critical errors and exceptions
- Warn: Warning conditions
- Info: General information
- Debug: Detailed debugging information
Logs are written to:
- Console (with colors)
- Files (
logs/error.log,logs/all.log)
Comprehensive test suite covering:
- Authentication flows
- File operations
- Group management
- Search functionality
- Encryption/decryption
- Error scenarios
- Security features
Test coverage includes unit tests and integration tests with mocked Irys service.
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
EXPOSE 7711
CMD ["npm", "start"]- Set up Irys wallet with sufficient balance
- Configure secure JWT secret (32+ characters)
- Generate master encryption key (32 bytes hex)
- Set up reverse proxy (nginx/Apache) for HTTPS
- Configure firewall rules
- Set up monitoring and logging
- Fork the repository
- Create a feature branch
- Write tests for new functionality
- Ensure all tests pass
- Submit a pull request
MIT License - see LICENSE file for details.