diff --git a/projet/db/data.sql b/projet/db/data.sql
index 072a7938fc9f9de27f2352648757c4ba3ccb5e3b..6ed4bbf3aef5c0b1eda5d7ea9275580b1c3e3790 100644
--- a/projet/db/data.sql
+++ b/projet/db/data.sql
@@ -6,7 +6,7 @@ VALUES
     ("b", "test"),
     ("c", "test"),
     ("d", "test"),
-    ("e", "test"); 
+    ("e", "test");
 
 INSERT INTO Paths
 VALUES
diff --git a/projet/db/hyperdrive.sql b/projet/db/hyperdrive.sql
index f1fbc9e2ac7221308b784ba09f5f8b06e7c562a0..e9cb9e17eb5a2fedaf2ec3e321e2f60594274120 100644
--- a/projet/db/hyperdrive.sql
+++ b/projet/db/hyperdrive.sql
@@ -47,7 +47,8 @@ VALUES
     ("b", "test"),
     ("c", "test"),
     ("d", "test"),
-    ("e", "test"); 
+    ("e", "test"),
+    ("noe", "prov");
 
 INSERT INTO Paths
 VALUES
@@ -57,7 +58,8 @@ VALUES
     ("/c", "c", NULL),
     ("/c/test", "c", "/c"),
     ("/d", "d", NULL),
-    ("/e", "e", NULL);
+    ("/e", "e", NULL),
+    ("/n", "noe", NULL);
 
 INSERT INTO Files
 VALUES
@@ -66,7 +68,8 @@ VALUES
     ("@dfsg", "trois", "/c/test", 46.2054, 6.1459),
     ("gbvaf", "quatre", "/b", 46.2054, 6.1459),
     ("dsfgh", "cinq", "/d", 46.2054, 6.1459),
-    ("sdfa", "six", "/e", 46.2054, 6.1459);
+    ("sdfa", "six", "/e", 46.2054, 6.1459),
+    ("liblb", "myfile", "/n", 46.2054, 6.1459);
 
 INSERT INTO Shares
 VALUES
diff --git a/projet/hyperdrive-rest.js b/projet/hyperdrive-rest.js
index 45b747e165c853cfffc39860b8bd4ba8e8d87116..23e3d54b4f93e1479f4d84c8b15f1715af2561c6 100644
--- a/projet/hyperdrive-rest.js
+++ b/projet/hyperdrive-rest.js
@@ -37,10 +37,11 @@ function Payload(user, pass_enc){
     this.pass_enc = pass_enc;
 
     this.toString = function(){ return "{" + this.user + "," + this.pass_enc + "}"};
+
 }
 
 function Signature(token){
-    const secret = "our super hyperdrive secret";
+    const secret = "our super hyperdrive secret" + new Date();
     return CryptoJS.HmacSHA512(token, secret);
 }
 
@@ -53,31 +54,47 @@ function JWT(pl_user, pl_pass){
 }
 
 
-function add_token(token) {
+function add_token(token, user) {
 
-    if (valid_tokens.indexOf(token) === -1) {
-        valid_tokens.push(token.toString());
-    }
-    else {
-        console.log("Unable to add token to valid_tokens. (token already present)");
+    for (let i = 0; i < valid_tokens.length; i++) {
+        if(Object.keys(valid_tokens[i])[0] == token){
+            valid_tokens.splice(i, 1);
+            console.log("Unable to add token. (token already present)");
+            break;
+        }
     }
+    obj = {}; obj[token.toString()] = user;
+    valid_tokens.push(obj);
+    console.log(valid_tokens)
+
+    console.log("Successfully added token.");
+
     
 }
 
 function remove_token(token) {
 
-    if (valid_tokens.indexOf(token) != -1) {
-        var index = valid_tokens.indexOf(token);
-        valid_tokens.splice(index, 1);
-    }
-    else {
-        console.log("Unable to remove token from valid_tokens. (Token not present)");
+    for (let i = 0; i < valid_tokens.length; i++) {
+        if(Object.keys(valid_tokens[i])[0] == token){
+            valid_tokens.splice(i, 1);
+            console.log("Successfully removed token from valid_tokens.");
+            return true;
+        }
     }
 
+    console.log("Unable to remove token from valid_tokens. (Token not present)");
+
+
 }
 
+// verify the token
+// return : user if exist
 function verify_token(token) {
-    return (valid_tokens.indexOf(token) !== -1);
+    for (let i = 0; i < valid_tokens.length; i++) {
+        if(Object.keys(valid_tokens[i])[0] == token)
+            return valid_tokens[i][token];
+    }
+    return false;
 }
 
 
@@ -97,7 +114,7 @@ app.get('/login', (req, res) => {
 
     const user = req.query['user'];
     const pass = req.query['pass'];
-    userObject = sql.userExist(user, pass);
+    // userObject = sql.userExist(user, pass);
 
     if (!user || !pass) {
         res.send({
@@ -133,7 +150,7 @@ app.get('/login', (req, res) => {
                     "comment": `Password for user '${ user }' true.`
                 })
 
-                add_token(jwt.signedToken);
+                add_token(jwt.signedToken, user);
 
             }
             else {
@@ -233,8 +250,27 @@ app.get('/register/', (req, res) => {
  * param : user2
  * user1 share a file_id with user2
  */
-app.get('/share/:file_id', (req, res) => {
-    res.send(`Request for a file sharing (id: ${req.params['file_id']})`)
+app.get('/share/:file_id/:to_user', (req, res) => {
+
+    token = req.query["token"]
+    user = verify_token(token);
+    console.log("user : " + user)
+
+    if (req.params['to_user'] && req.params['file_id']){
+
+        to_user = req.params['to_user'];
+        file_id = req.params['file_id'];
+        sql.addSharing(user, to_user, file_id).then(function (r) {
+            res.send(r);
+        })
+
+    }
+
+    else{
+        res.send("Unable to share. Please provide a user to share with and a file_id.");
+    }
+    
+    
 })
 
 /**
diff --git a/projet/node_modules/crypto-js/package.json b/projet/node_modules/crypto-js/package.json
index fc50e6d5b823a91385321715a78ecd7608e4810c..960cebe46bb1f0be79a912f104aa1bb08d529224 100644
--- a/projet/node_modules/crypto-js/package.json
+++ b/projet/node_modules/crypto-js/package.json
@@ -3,7 +3,6 @@
     [
       "crypto-js@3.1.9-1",
       "/Users/nono/Documents/HEPIA/3ème année/WEB avancé/git/2019_tp2/projet"
-      // "/Users/klaus/Documents/Web/Back/2019_tp2/projet"
     ]
   ],
   "_from": "crypto-js@3.1.9-1",
@@ -28,7 +27,6 @@
   "_resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-3.1.9-1.tgz",
   "_spec": "3.1.9-1",
   "_where": "/Users/nono/Documents/HEPIA/3ème année/WEB avancé/git/2019_tp2/projet",
-  // "_where": "/Users/klaus/Documents/Web/Back/2019_tp2/projet",
   "author": {
     "name": "Evan Vosberg",
     "url": "http://github.com/evanvosberg"
diff --git a/projet/sql-request.js b/projet/sql-request.js
index ebcabf28eb775b12624396310a0df7952580e130..c2d295f92c945d2b484d10f8ee8dc659815d0b48 100644
--- a/projet/sql-request.js
+++ b/projet/sql-request.js
@@ -123,6 +123,54 @@ async function changeDirectory(login, path, callback){
     });
 }
 
+// verify if a file_id is at a user
+function verify_user_file_id(file_id, login){
+
+    return new Promise(resolve => {
+        let q = `SELECT (login) FROM Files as F LEFT JOIN Paths as P ON F.paths = P.paths WHERE F.file_id = '${file_id}';`
+        con.query(q, function(err, res) {
+            if (err) {
+                console.log("Error while veryfing file_id for user");
+                console.log(err);
+                resolve(false);
+            }
+            console.log(res.length)
+            // return new Promise(resolve => resolve("resolved"));
+            if (res.length > 0){
+                if (res[0].login == login)
+                    resolve(true);
+                resolve(false);
+            }
+            resolve(false);
+        });
+    });
+}
+
+async function addSharing(login, to_user, file_id){
+
+    verif = await verify_user_file_id(file_id, login);
+
+    if (verif){
+        let q = `INSERT INTO Shares VALUES ('${login}', '${to_user}', '${file_id}');`;
+        con.query(q, function(err, res) {
+            if (err) {
+                console.log("Error while adding a share path");
+                console.log(err);
+                return "Error sharing - (DB error)";
+            }
+        });
+        // return "New sharing (", login, " --> " + to_user + "( - file_id : " + file_id + ")) added succesfully !";
+        return "Sharing ok."
+    }
+    else{
+        return "Unable to share, this is not your file.";
+    }
+    
+
+}
+
+exports.userExist = userExist;
 exports.addUser = addUser;
 exports.addPath = addPath;
-exports.changeDirectory = changeDirectory;
\ No newline at end of file
+exports.addSharing = addSharing;
+exports.changeDirectory = changeDirectory;