diff --git a/projet/db/hyperdrive.sql b/projet/db/hyperdrive.sql
index e9cb9e17eb5a2fedaf2ec3e321e2f60594274120..7e5e895da08c8b48600251f4f80d52a9bc55b0c9 100644
--- a/projet/db/hyperdrive.sql
+++ b/projet/db/hyperdrive.sql
@@ -68,8 +68,8 @@ VALUES
     ("@dfsg", "trois", "/c/test", 46.2054, 6.1459),
     ("gbvaf", "quatre", "/b", 46.2054, 6.1459),
     ("dsfgh", "cinq", "/d", 46.2054, 6.1459),
-    ("sdfa", "six", "/e", 46.2054, 6.1459),
-    ("liblb", "myfile", "/n", 46.2054, 6.1459);
+    ("sdfa", "six.txt", "/e", 46.2054, 6.1459),
+    ("liblb", "myfile.txt", "/n", 46.2054, 6.1459);
 
 INSERT INTO Shares
 VALUES
diff --git a/projet/files/liblb b/projet/files/liblb
new file mode 100644
index 0000000000000000000000000000000000000000..1eeed5e1a05994123e53abde0ae6c403280b924c
--- /dev/null
+++ b/projet/files/liblb
@@ -0,0 +1 @@
+coucou nicolas
diff --git a/projet/files/sdfa b/projet/files/sdfa
new file mode 100644
index 0000000000000000000000000000000000000000..d17bdc93dca60df6e12ed15dd4516f93b9fe844c
--- /dev/null
+++ b/projet/files/sdfa
@@ -0,0 +1 @@
+nothing to see here..
diff --git a/projet/hyperdrive-rest.js b/projet/hyperdrive-rest.js
index 07162ba1bb09060a4efb4756395c40619a6c43bb..9b80930bd5d13afc650d6e911426a0def3b19546 100644
--- a/projet/hyperdrive-rest.js
+++ b/projet/hyperdrive-rest.js
@@ -263,7 +263,28 @@ app.get('/upload/', (req, res) => {
 })
 
 app.get('/download/:file_id', (req, res) => {
-    res.send(`Request for a download (${req.params['file_id']})`)
+    // res.send(`Request for a download (${req.params['file_id']})`)
+
+    token = req.query["token"]
+    file_id = req.params["file_id"]
+
+    user = verify_token(token);
+    if (user){
+        sql.verifyFileID(user, file_id, (filename) => {
+            console.log(filename)
+            if (filename){
+                res.download("files/" + file_id, filename);
+            }
+            else{
+                res.send("Can't download (not your file).")
+            }
+        })
+    }
+    else{
+        res.send("Can't download (please be connected).")
+    }
+    
+    
 })
 
 /**
diff --git a/projet/sql-request.js b/projet/sql-request.js
index 5bbb29f3dc3795538334b2a071ae3a62e74ba78c..74f9e2362bea24585885432c5eb7f6142fbc675f 100644
--- a/projet/sql-request.js
+++ b/projet/sql-request.js
@@ -167,6 +167,25 @@ async function addSharing(login, to_user, file_id){
     }
 }
 
+async function verifyFileID(login, file_id, callback){
+    let q = `SELECT (file_name) FROM Files as F LEFT JOIN Paths as P ON F.paths = P.paths WHERE F.file_id = '${file_id}' AND P.login = '${login}';`
+
+    con.query(q, (err, res) => {
+        if (err) { 
+            console.log("Error while verifying file_id");
+            return callback(false);
+        }
+
+        console.log(res)
+        if (res.length > 0)
+            filename = res[0].file_name;
+        else
+            filename = false;
+
+        return callback(filename);
+    });
+}
+
 function createPath(path, user, callback) {
     let parent = path.split("/");
     parent.pop();
@@ -185,3 +204,4 @@ exports.addPath = addPath;
 exports.addSharing = addSharing;
 exports.changeDirectory = changeDirectory;
 exports.createPath = createPath;
+exports.verifyFileID = verifyFileID;