This is a image uploader that will allow users to store their files on IPFS, the interplantary file system (https://ipfs.io/). It uses React and a lot of code from a pre-built Truffle box, with custom components throughout. An updated version of this will have administrative capabilities to allow for unlimited file-size uploads.
• Ganache (CLI or GUI) • Truffle • React • Infura • node.js • ipfs-api • getweb3.js • Chrome with Metamask tied to Ganache
Have Ganache running and connected to Metamask via Custom RPC
- Git clone
- cd ipfs-file-upload
- truffle compile
- truffle migrate (use --reset if there are issues)
- truffle test
- npm run start
- Chrome should open. Make sure Metamask is set to the custom RPC account.
- Select choose file and browse for a test image file
- Click Sumbit and wait for Metamask to open
- Check payment amount and choose Submit
- Your image should appear in the window. To test that it is not stored locally, simply refresh the page.
A lot of this happens within the javascript components (App.js) wherein calls are made to IPFS via React to Infura, after the contract is initated files are stored on IPFS and the Ethereum Blockchain. I have had some issues getting Metamask to offer a nonce that is different than what is offered by Ganache, this remains a bit of a stumbling block. getweb3.js is a client-side app that connects to the blockchain via metamask. Metamask is a chrome plugin that allows you to transform your browser into a full web3 browser. This uses Infura as a means of connecting to IPFS.
While I realize there are limited tests, I have not found any vulnerabilities within the code itself, either the .sol contracts or within the .js code. Since it utilizes many outside resources (Infura, web3/metamask) I can't tell if there would be a vulnerability there, or during the handoff of communications. Ether is passed through metamask during the file upload process to pay for the gas required for the upload itself.
I wanted to offer administrative rights to allow unlimited file sizes for 'onlyOwner' (admins), whereas non-admin users would only be allowed to upload certain (<200k) files. This remains unimplemented in the project.