Skip to content
osvauld

Sharing a Folder with Users

The sequence diagram below shows how a user can share a folder with other users.

Sequence Diagram

Sequence diagram for sharing a folder with users

User Selection

  1. The user selects the folder and initiates the share process.
  2. The client sends a request to the server to fetch the credential fields for the folder.
  3. The server returns the required credential fields to the client.

User and Access Type Selection

  1. The user selects the required users to share the folder with.
  2. For each selected user, the user specifies the access type ( read, manager).

Background Service Processing

  1. The client sends the fetched credential fields,assoiciated credential id and users to the background service.
  2. The background service sends the credential fields to the WASM module for decryption.
[
    {
        "credentialId": "credential_id",
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "encrypted_field_value"
            }
    ]
    }
]
  1. The WASM module, which has the user’s private key loaded in memory, decrypts the credential fields.
  2. After decryption, the background service sends the decrypted fields to be encrypted using each user’s public key to the WASM module.
  3. The background service sends the encrypted credential fields back to the client.
[{
    "userId": "user_id",
    "credentials":[
    {
        "credentialId": "credential_id"
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "encrypted_field_value"
            }
        ]
    }
]
}]

Server Processing

  1. The client then sends the whole payload to hash and then sign
  2. The client sends the encrypted credential fields, user IDs, folder ID and signature in the header to the server.
{
    "folderId": "folder_id",
    "userData": [{
        "accessType": "access_type",
        "userId": "user_id",
        "credentials":[
            {
                "credentialId": "credential_id",
                "fields": [
                    {
                    "fieldId": "field_id",
                    "fieldValue": "encrypted_field_value"
                    }
                ]
            }
        ]
}]
}
  1. The server processes the sharing request after verifying the signature.
  2. The server adds access to the folder_access table for the shared folder and users.
  3. The server adds access to the access_list table for each credential in the folder and the shared users.
  4. The server adds the encrypted credential fields to the fields table for each user.
  5. The server returns the sharing response (success/failure) to the user.

Note: For every user the sharing is success when all the credentials of the folder are successfully shared with the user. So that is made into a single txn.

Note: From now on, when a new credential is added to the folder, it will be automatically shared with the users who have access to the folder.