C2PA Node.js example
This repository is an example of a very simple app that uses Express and the CAI Node.js library to upload images and add a C2PA manifest to each image. It is written in TypeScript, HTML, and CSS to be as generic as possible.
The client JavaScript code simply displays information from the manifests.
NOTE: We may want to move to plain JavaScript to make it as accessible as possible.
Install and build
Follow these steps:
Install Node.js and npm from https://nodejs.org/en/download. NOTE: This app requires at least Node.js v20.x.
Clone this repo by entering this command in a terminal window:
git clone https://github.com/contentauth/c2pa-node-example.git
Open a terminal window and install the required packages:
cd <path_where_you_cloned_repo>/c2pa-node-example
npm installStart the Node.js app by entering this command:
npm start
You'll see this in your terminal:
c2pa-node-example-v2@1.0.0 start
> node --loader ts-node/esm src/server.ts
...
Load in your browser: http://localhost:3000
NOTE: You can ignore the warning.
Try the web app
- Open a browser to http://localhost:3000.
- Click the first Choose File button:
- Select a JPEG or PNG image file using the native file chooser dialog.
- When you click Upload, the app calls the
/upload
route, which attaches the manifest and signs the file using the test certificate while the image is in memory, then saves the file with Content Credentials to theuploaded_images
directory.
- Click the second Choose File button:
- Select an image file using the native file chooser dialog.
- When you click Upload, the app calls the
/upload_file_sign
route, which uploads the selected image to theuploaded_images
directory, attaches the manifest and signs the file using the test certificate, saving the signed file. - This results in two files: the original file without Content Credentials and the signed file with Content Credentials.
Overview of the app
The code in server.ts
uses Express to define the routes described below. It calls functions defined in c2pa.ts
that use the C2PA Node library.
WARNING: This application illustrates how to sign an asset using the Node library's built-in test certificate and key for demonstration purposes. For a production application, you must purchase a valid security certificate and key; and best practice is to access them securely by using a hardware security module (HSM) or Key Management Service (KMS); for example as show in the C2PA Python Example.
GET /
The default route, which serves client/index.html
, the app's web page that enables the user to call the other routes by submitting forms or clicking a link.
POST /upload
- Uploads the selected image using
multer
middleware withMemoryStorage
storage engine. - Calls
signAssetBuffer
to attach the manifest to the image in the memory buffer and then sign the image in the buffer with the test certificate. - Saves the buffer to a file in the
uploaded_images
directory, prepending the original file name with a unique number based on the current date/time; for example,1713507142037_foo.jpeg
. - Displays in the console the URL to inspect the signed image using Verify.
- On Mac OS, Cmd-double-click to open the URL in your default browser. Or copy/paste the URL into your browser location bar.
POST /upload_file_sign
- Uploads the selected image using
multer
middleware withDiskStorage
storage engine and saves it to theuploaded_images
directory, prepending the original file name with a unique number based on the current date/time; for example,1713507142037_foo.jpeg
. - Displays in the console the URL to inspect the unsigned image using Verify.
- Calls
signFile
to attach the manifest to the file, sign the image with the test certificate, and save the signed image to theuploaded_images
directory, prepending the original file name withsigned
and then a unique number based on the current date/time; for example,signed_1713507142037_foo.jpeg
. - Displays in the console the URL to inspect the signed image using Verify.
- On Mac OS, Cmd-double-click to open the URL in your default browser. Or copy/paste the URL into your browser location bar.
GET /assets
Serves a generic listing of all files in the uploaded_assets
directory, using serveIndex
middleware.
Manifest
The manifest store file is manifest1.json
in the manifests
folder. Both routes attach this manifest to the uploaded asset before signing it with the test certificate.