Basic IPFS User Stories

In order for IPFS to be successful not just with people who are already committed to a decentralization agenda but in a wider community that might simply want to try something and see if it can do useful work, there is a number of very basic user stories that need to work flawlessly and to be easy to find in the documentation. These basically involve people in common development exploration contexts attempting very simple operations: serve, get, verify, and maybe sync.

On my command line

I am reasonably proficient with a command line and wish to interact with IPFS using simple command line tools that are sufficiently similar to other commands in that environment.

Serve

I have a directory of content (that may have subdirectories) and I want it to be available on IPFS.

The HTTP equivalent is: http-server .. There are other options that are just as simple, http-server is widely available (from npm, from brew, runnable with npx if it isn't installed, etc.). When you kill it, it stops serving the content.

In IPFS, that's: XXX (break it up by serve directory and serve single file)

Get

Someone gave me an ipfs: or ipns: URL and I want to download it. I don't know what it is, I just want to get it, save it, poke at it, and do something with it if it's useful.

The HTTP equivalent is curl --ouput file.foo URL. There are options other than curl and many ways in which this command can fail, but this will usually work.

In IPFS, that's: XXX.

Verify

We can break this user story into two cases:

I am downloading from a URL and once downloaded I want to verify that I got the right thing.
I already have a file and I want to verify that it's the same as a remote resource.

The HTTP implementation of these two requires that some other party has published a hash of the resource and made it available in redundant places (i.e. location that presumably won't be compromised if the resource has been compromised). Assuming you obtained a SHA-256 de4db33f, you can verify a download by running shasum -a 256 downloaded.file and checking that it matches the hash you have.

If you already have a file and wish to check that it is the same as a remote one, your best bet is also to compare a locally-generated hash to one provided by another part. Otherwise, HTTP lacks a reliable way to verify that a local file is the same as a remote one without downloading it. The Digest/Want-Digest pair is deprecated and would require trusting the remote server anyway.

In IPFS, that's: XXX.

Modify/Patch

We can think of two applicable substories:

I want to update a remote directory by adding or replacing a file in it.
I want to modify a remote JSON resource.

The JSON resource is:

{
    "questions": {
        "life": 41
    }
}

And the update is intended to set the correct answer.

For HTTP (assuming no access control), PUTting a file remotely can be invoked with curl --upload-file kitten.jpg https://berjon.com/cats/.

HTTP also has a PATCH method, though it is rarely used. It can be paired with JSON Patch like so: curl -X PATCH --data '[{"op": "replace", "path": "/questions/life", "value": 42}]' https://berjon.com/deep-philosophy.json

In IPFS, that's: XXX.

In my Node app

I am writing a simple Node.js application and wish to interact with IPFS without needing to understand much if anything about it. I want a solution that I can grab off of npm and can paste code for from StackOverflow, I don't want to need to stop working on my app because I need to learn about a whole new thing.

Serve

We can break this story up between serving a single resource and serving a directory. In Node, serving up a single resource is:

import express from 'express';
const app = express();

app.get('/cat.txt', (req, res) => res.send('meow'));

app.listen(1337, () => console.warn(`Listening at http://localhost:1337/…`));

And serving a directory is:

import express from 'express';
const app = express();

app.use(express.static('./cats'));

app.listen(1337, () => console.warn(`Listening at http://localhost:1337/…`));

In IPFS, that's: XXX.

Get

In Node, fetching a URL (assuming you just want the binary data) is:

const res = await fetch(url);
const data = await res.arrayBuffer();

In IPFS, that's: XXX.

Verify

In Node, fetching and verifying a URL assumes that you also have the hash already:

import { createHash } from 'node:crypto';

export function trustButVerify (url, hash) {
  const res = await fetch(url);
  const data = await res.arrayBuffer();
  const dataHash = createHash('sha256').update(data).digest('hex');
  return dataHash === hash;
}

In IPFS, that's: XXX.

Modify/Patch

In Node, PUTting a file is:

import { readFile } from 'node:fs';

await fetch(
  'https://berjon.com/cats/kittens.jpg',
  {
    method: 'put',
    headers: { 'content-type': 'image/jpeg' },
    body: await readFile('./kittens.jpg'),
  }
);

And sending a PATCH is:

await fetch(
  'https://berjon.com/deep-philosophy.json',
  {
    method: 'patch',
    headers: { 'content-type': 'application/json' },
    body: JSON.stringify([{
        op: "replace", 
        path: "/questions/life", 
        value: 42
    }]),
  }
);

Of course, this assumes that the server will expose support for PATCH, which as usual is unlikely unless it was specifically coded to support it.

In IPFS, that's: XXX.

In my browser JS

I am tinkering with a web page, which I'm testing on localhost and deploying on https, and wish to interact with IPFS without needing to understand much if anything about it. I want a solution that I can grab off of npm and can paste code for from StackOverflow, I don't want to need to stop working on my app because I need to learn about a whole new thing.

Serve

There isn't really an HTTP way to serve from the browser. One could considering PUTting to a remote server, but that's cheating.

In IPFS, that's: XXX.

Get

For HTTP, this is the same as in Node.

In IPFS, that's: XXX.

Verify

Verifying that a URL matches a provided hash in the browser:

function trustButVerify (url, hash) {
  const res = await fetch(url);
  const data = await res.arrayBuffer();
  const buf = await crypto.subtle.digest("SHA-256", data);
  const dataHash = Array.from(new Uint8Array(buf))
    .map((b) => b.toString(16).padStart(2, "0"))
    .join("")
  ;
  return dataHash === hash;
}

In IPFS, that's: XXX.

Modify/Patch

These work the same way they do in Node, except that readFile() has to be replaced with another way to get at the data (e.g. an uploaded Blob).

In IPFS, that's: XXX.

On my server

I have a server running some kind of Linux and I want to put an IPFS thing on it. I'm admin, I can install things and change configurations, including opening ports, but I don't want to have to spend the day doing it — whatever I need to do, I need to have a clear and straightforward way to set it up.

This just considers serving because that's the one that's different from accomplishing the same on the a personal device's command line.

Serve

For HTTP, that's typically done by running nginx or Apache. These are available pre-packaged.

This is where we explain serve, provide, pin

From DN: From my understanding, there’s a subtle difference between the two.

With a local node, pinning results in the CID kept locally, but not necessarily provided to the network
If your node is not running, are the CIDs still pinned? My guess would be yes.
Providing on the other hand is what makes the CID available to the network and it requires “work” to publish/advertrise the CIDs.
In https://docs.ipfs.tech/concepts/lifecycle/ we treat advertising/providing as a subset of Pinning.

In IPFS, that's: XXX.

Daniel Norman

2024/02/15 10:26:52

verify

From a user perspective, when do you actually want to verify? As I understand it, verification is a "cost/tax" you pay so as to fetch/get from anyone.

Robin Berjon

2024/02/20 22:34:15

As a user, I would like verification to just always happen. However, not all IPFS retrieval methods verify… I don't think it's a tax, it's a valuable feature and sometimes you explicitly want it (did I get the right thing?).

aschmahmann

2024/02/21 18:27:17

What are some example IPFS retrieval methods that don't verify? Deserialized responses via public gateways? Are consumers of these things "IPFS" https://specs.ipfs.tech/architecture/principles/#verification-matters seems to indicate the answer is no "A JS code snippet that fetches data from an IPFS HTTP gateway without verifying it is not an IPFS implementation."

2024/02/20 22:32:47

Mosh asks: Can we call this “Developer User Stories” or “Basic Developer Commands” or “Developer Common Commands”? To me “IPFS User Stories” broadens the scope to end-user apps.

lidel

2024/02/21 20:50:57

Maybe call it "IPFS Cheatsheet"? (half-joking) I've been asked a few times if "IPFS Cheatsheet" exists because too many projects with special-snowflake names exist, not sure what to use for what.

2024/02/20 22:38:04

get

Mosh asks: For retrieve, what flags or inputs should be available? Or maybe the real question is, how efficiently can we do this only transferring the parts of the DAG you don’t already have?

2024/02/21 21:11:20

In my mind configuration knobs users or devs may want, are around - Controlling complexity of dependencies. Namely, is client HTTP-only, or libp2p transports and protocols is used. Client can do either, or both. - Download smarts. Client can be naive and fetch entire DAG from same source, or smarter, and parallelize, leveraging affinity information (IPIP-462), or define fallback order, track reputation/performance etc.

2024/02/21 18:49:23

I already have a file and I want to verify that it’s the same as a remote resource.

This is not something you can do in the general case. For example, the combination a jpeg + a CID is insufficient for validation in all but the case of the `raw` (or 0x55 within the hex representation of the CID) IPLD codec. We can push people this way by basically telling everyone to use "raw" or by trying yet again to make the one-true-standard for encoding things like files or even worse directories https://xkcd.com/927/. This is unlike serving the data where choosing a specific encoding is viable because if you don't like it you just choose another (and sure all the links might break, but that's the tradeoff you're making at the moment)

2024/02/21 21:16:57

To be more clear, CID can't be confirmed without additional DAG metadata, or prior knowledge about how DAG was generated. If person that requires CID verification is aware of the cost, and the CID is retrievable from IPFS, and they are ok with additional storage/IO, it can be done. We can build an IPFS-enabled tool that takes a file or a directory, and a CID, and then downloads minimal subset of CID's DAG from IPFS to confirm the file/directory matches the data in DAG. In case of CIDv1 amount of metadata should be relatively small, we would skip raw leaves (IPIP-445) And like Adin noted, if we create a standard/convention for representing how DAG is created, the network IO step can be skipped. (Edited)

2024/02/21 19:00:34

FWIW in a lot of cases "pinning" is not a real thing it's just a default behavior. Pinning is a concept that was needed because kubo has the ability where data can be added to it such that it's available for easy deletion later while still being useful in the meanwhile. The easiest example is running a local gateway and caching + serving all the websites you load but without the need to manage/hold the data forever. Nothing in what you've covered in this document (which has a very specific HTTP-centric lens) requires understanding the idea of a cache of local data which is different than data stored longer term, so why bother other than to maybe mention that "pinning services" are an IPFS ecosystem word for companies that will host your data.

2024/02/21 21:22:15

that’s: XXX.

https://www.npmjs.com/package/@helia/verified-fetch#example :-)

Basic IPFS User Stories

On my command line

Serve

Get

Verify

Modify/Patch

In my Node app

Serve

Get

Verify

Modify/Patch

In my browser JS

Serve

Get

Verify

Modify/Patch

On my server

Serve

Read more

Supplemental Minutes

Data-Addressed Structures and Links (DASL)

Web Apps Gathering

HTTP Governance Code