diff --git a/projet/db/hyperdrive.sql b/projet/db/hyperdrive.sql
index e9cb9e17eb5a2fedaf2ec3e321e2f60594274120..7e5e895da08c8b48600251f4f80d52a9bc55b0c9 100644
--- a/projet/db/hyperdrive.sql
+++ b/projet/db/hyperdrive.sql
@@ -68,8 +68,8 @@ VALUES
     ("@dfsg", "trois", "/c/test", 46.2054, 6.1459),
     ("gbvaf", "quatre", "/b", 46.2054, 6.1459),
     ("dsfgh", "cinq", "/d", 46.2054, 6.1459),
-    ("sdfa", "six", "/e", 46.2054, 6.1459),
-    ("liblb", "myfile", "/n", 46.2054, 6.1459);
+    ("sdfa", "six.txt", "/e", 46.2054, 6.1459),
+    ("liblb", "myfile.txt", "/n", 46.2054, 6.1459);
 
 INSERT INTO Shares
 VALUES
diff --git a/projet/files/liblb b/projet/files/liblb
new file mode 100644
index 0000000000000000000000000000000000000000..1eeed5e1a05994123e53abde0ae6c403280b924c
--- /dev/null
+++ b/projet/files/liblb
@@ -0,0 +1 @@
+coucou nicolas
diff --git a/projet/files/sdfa b/projet/files/sdfa
new file mode 100644
index 0000000000000000000000000000000000000000..d17bdc93dca60df6e12ed15dd4516f93b9fe844c
--- /dev/null
+++ b/projet/files/sdfa
@@ -0,0 +1 @@
+nothing to see here..
diff --git a/projet/hyperdrive-rest.js b/projet/hyperdrive-rest.js
index ec568e8aef6254cdd74e9bda0d7d4d119407d077..2274d39be832a7039b00869696d4c1b5c4b28c57 100644
--- a/projet/hyperdrive-rest.js
+++ b/projet/hyperdrive-rest.js
@@ -281,7 +281,28 @@ app.get('/upload/', (req, res) => {
 })
 
 app.get('/download/:file_id', (req, res) => {
-    res.send(`Request for a download (${req.params['file_id']})`)
+    // res.send(`Request for a download (${req.params['file_id']})`)
+
+    token = req.query["token"]
+    file_id = req.params["file_id"]
+
+    user = verify_token(token);
+    if (user){
+        sql.verifyFileID(user, file_id, (filename) => {
+            console.log(filename)
+            if (filename){
+                res.download("files/" + file_id, filename);
+            }
+            else{
+                res.send("Can't download (not your file).")
+            }
+        })
+    }
+    else{
+        res.send("Can't download (please be connected).")
+    }
+    
+    
 })
 
 /**
diff --git a/projet/sql-request.js b/projet/sql-request.js
index e6ca52e6406acdecaa5d7725727d45b66ed663d3..e4120b736e867663da26609fe983edd2245c325a 100644
--- a/projet/sql-request.js
+++ b/projet/sql-request.js
@@ -193,7 +193,25 @@ async function addSharing(login, to_user, file_id){
     else{
         return "Unable to share, this is not your file.";
     }
-    
+}
+
+async function verifyFileID(login, file_id, callback){
+    let q = `SELECT (file_name) FROM Files as F LEFT JOIN Paths as P ON F.paths = P.paths WHERE F.file_id = '${file_id}' AND P.login = '${login}';`
+
+    con.query(q, (err, res) => {
+        if (err) { 
+            console.log("Error while verifying file_id");
+            return callback(false);
+        }
+
+        console.log(res)
+        if (res.length > 0)
+            filename = res[0].file_name;
+        else
+            filename = false;
+
+        return callback(filename);
+    });
 
 }
 
@@ -202,3 +220,4 @@ exports.addUser = addUser;
 exports.addPath = addPath;
 exports.addSharing = addSharing;
 exports.changeDirectory = changeDirectory;
+exports.verifyFileID = verifyFileID;