@devtion/backend 0.0.0-101d43f → 0.0.0-2ed8e18

package/README.md

@@ -102,10 +102,10 @@ yarn firebase:init
 
 #### AWS Infrastructure
 
-0. Login or create a [new AWS Account](https://portal.aws.amazon.com/billing/signup?nc2=h_ct&src=header_signup&redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start/email). 
+0. Login or create a [new AWS Account](https://portal.aws.amazon.com/billing/signup?nc2=h_ct&src=header_signup&redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start/email).
     - The AWS free tier account will cover a good number of requests for ceremonies but there could be some costs based on your ceremony circuits size.
-1. Create an access key for a user with Admin privileges (__NOT ROOT USER__)
-2. Setup the `awscli` ([docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)) and add the keys for this user. 
+1. Create an access key for a user with Admin privileges (**NOT ROOT USER**)
+2. Setup the `awscli` ([docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)) and add the keys for this user.
 3. Install `terraform` ([docs](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli))
 4. Decide on an AWS region (by default this is **us-east-1**) - if you want to change you will need to do the following:
     1. update **aws/lambda/index.mjs** ([exact line](https://github.com/privacy-scaling-explorations/p0tion/blob/dev/packages/backend/aws/lambda/index.mjs#L3)) to the new region
@@ -117,9 +117,9 @@ yarn firebase:init
     1. `terraform init`
     2. `terraform plan`
     3. `terraform apply`
-    4. `terraform output secret_key` 
+    4. `terraform output secret_key`
         - To print the secret access key for the IAM user
-    6. Store the other values (sns_topic_arn etc.)
+    5. Store the other values (sns_topic_arn etc.)
         - These will be needed for the .env file configuration
 
 The IAM user created with the steps above can be used for all p0tion's features.

package/dist/src/functions/index.js

@@ -1,6 +1,6 @@
 /**
- * @module @p0tion/backend
- * @version 1.0.6
+ * @module @devtion/backend
+ * @version 1.0.9
  * @file MPC Phase 2 backend for Firebase services management
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -11,7 +11,7 @@
 var admin = require('firebase-admin');
 var functions = require('firebase-functions');
 var dotenv = require('dotenv');
-var actions = require('@p0tion/actions');
+var actions = require('@devtion/actions');
 var htmlEntities = require('html-entities');
 var firestore = require('firebase-admin/firestore');
 var clientS3 = require('@aws-sdk/client-s3');
@@ -144,7 +144,8 @@ const SPECIFIC_ERRORS = {
     SE_VM_FAILED_COMMAND_EXECUTION: makeError("failed-precondition", "VM command execution failed", "Please, contact the coordinator if this error persists."),
     SE_VM_TIMEDOUT_COMMAND_EXECUTION: makeError("deadline-exceeded", "VM command execution took too long and has been timed-out", "Please, contact the coordinator if this error persists."),
     SE_VM_CANCELLED_COMMAND_EXECUTION: makeError("cancelled", "VM command execution has been cancelled", "Please, contact the coordinator if this error persists."),
-    SE_VM_DELAYED_COMMAND_EXECUTION: makeError("unavailable", "VM command execution has been delayed since there were no available instance at the moment", "Please, contact the coordinator if this error persists.")
+    SE_VM_DELAYED_COMMAND_EXECUTION: makeError("unavailable", "VM command execution has been delayed since there were no available instance at the moment", "Please, contact the coordinator if this error persists."),
+    SE_VM_UNKNOWN_COMMAND_STATUS: makeError("unavailable", "VM command execution has failed due to an unknown status code", "Please, contact the coordinator if this error persists.")
 };
 /**
  * A set of common errors.
@@ -328,7 +329,7 @@ const downloadArtifactFromS3Bucket = async (bucketName, objectKey, localFilePath
     const writeStream = node_fs.createWriteStream(localFilePath);
     const streamPipeline = node_util.promisify(node_stream.pipeline);
     await streamPipeline(response.body, writeStream);
-    writeStream.on('finish', () => {
+    writeStream.on("finish", () => {
         writeStream.end();
     });
 };
@@ -562,7 +563,9 @@ const registerAuthUser = functions__namespace
                     // Delete user
                     await auth.deleteUser(user.uid);
                     // Throw error
-                    logAndThrowError(makeError("permission-denied", "The user is not allowed to sign up because their Github reputation is not high enough.", `The user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`));
+                    logAndThrowError(makeError("permission-denied", "The user is not allowed to sign up because their Github reputation is not high enough.", `The user ${user.displayName === "Null" || user.displayName === null
+                        ? user.uid
+                        : user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`));
                 }
                 // store locally
                 avatarUrl = avatarURL;
@@ -577,7 +580,7 @@ const registerAuthUser = functions__namespace
     }
     // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
     // In future releases we might want to loop through the providerData array as we support
-    // more providers. 
+    // more providers.
     await userRef.set({
         name: encodedDisplayName,
         encodedDisplayName,
@@ -593,7 +596,7 @@ const registerAuthUser = functions__namespace
     // we want to create a new collection for the users to store the avatars
     const avatarRef = firestore.collection(actions.commonTerms.collections.avatars.name).doc(uid);
     await avatarRef.set({
-        avatarUrl: avatarUrl || "",
+        avatarUrl: avatarUrl || ""
     });
     printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG);
     printLog(`Authenticated user avatar with identifier ${uid} has been correctly stored`, LogLevel.DEBUG);
@@ -733,7 +736,7 @@ const setupCeremony = functions__namespace
         // Check if using the VM approach for contribution verification.
         if (circuit.verification.cfOrVm === "VM" /* CircuitContributionVerificationMechanism.VM */) {
             // VM command to be run at the startup.
-            const startupCommand = actions.vmBootstrapCommand(bucketName);
+            const startupCommand = actions.vmBootstrapCommand(`${bucketName}/circuits/${circuit.name}`);
             // Get EC2 client.
             const ec2Client = await createEC2Client();
             // Get AWS variables.
@@ -742,7 +745,8 @@ const setupCeremony = functions__namespace
             const vmCommands = actions.vmDependenciesAndCacheArtifactsCommand(`${bucketName}/${circuit.files?.initialZkeyStoragePath}`, `${bucketName}/${circuit.files?.potStoragePath}`, snsTopic, region);
             printLog(`Check VM dependencies and cache artifacts commands ${vmCommands.join("\n")}`, LogLevel.DEBUG);
             // Upload the post-startup commands script file.
-            await uploadFileToBucketNoFile(bucketName, actions.vmBootstrapScriptFilename, vmCommands.join("\n"));
+            printLog(`Uploading VM post-startup commands script file ${actions.vmBootstrapScriptFilename}`, LogLevel.DEBUG);
+            await uploadFileToBucketNoFile(bucketName, `circuits/${circuit.name}/${actions.vmBootstrapScriptFilename}`, vmCommands.join("\n"));
             // Compute the VM disk space requirement (in GB).
             const vmDiskSize = actions.computeDiskSizeForVM(circuit.zKeySizeInBytes, circuit.metadata?.pot);
             printLog(`Check VM startup commands ${startupCommand.join("\n")}`, LogLevel.DEBUG);
@@ -889,7 +893,7 @@ dotenv.config();
  * @dev true when the participant can participate (1.A, 3.B, 1.D); otherwise false.
  */
 const checkParticipantForCeremony = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -993,7 +997,7 @@ const checkParticipantForCeremony = functions__namespace
  * 2) the participant has just finished the contribution for a circuit (contributionProgress != 0 && status = CONTRIBUTED && contributionStep = COMPLETED).
  */
 const progressToNextCircuitForContribution = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1040,7 +1044,7 @@ const progressToNextCircuitForContribution = functions__namespace
  * 5) Completed contribution computation and verification.
  */
 const progressToNextContributionStep = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1091,7 +1095,7 @@ const progressToNextContributionStep = functions__namespace
  * @dev enable the current contributor to resume a contribution from where it had left off.
  */
 const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1133,7 +1137,7 @@ const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
  * @dev enable the current contributor to resume a multi-part upload from where it had left off.
  */
 const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1171,7 +1175,7 @@ const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
  * @dev enable the current contributor to resume a multi-part upload from where it had left off.
  */
 const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1213,7 +1217,7 @@ const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
  * contributed to every selected ceremony circuits (= DONE).
  */
 const checkAndPrepareCoordinatorForFinalization = functions__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1365,39 +1369,54 @@ const coordinate = async (participant, circuit, isSingleParticipantCoordination,
  * Wait until the command has completed its execution inside the VM.
  * @dev this method implements a custom interval to check 5 times after 1 minute if the command execution
  * has been completed or not by calling the `retrieveCommandStatus` method.
- * @param {any} resolve the promise.
- * @param {any} reject the promise.
  * @param {SSMClient} ssm the SSM client.
  * @param {string} vmInstanceId the unique identifier of the VM instance.
  * @param {string} commandId the unique identifier of the VM command.
  * @returns <Promise<void>> true when the command execution succeed; otherwise false.
  */
-const waitForVMCommandExecution = (resolve, reject, ssm, vmInstanceId, commandId) => {
-    const interval = setInterval(async () => {
+const waitForVMCommandExecution = (ssm, vmInstanceId, commandId) => new Promise((resolve, reject) => {
+    const poll = async () => {
         try {
             // Get command status.
             const cmdStatus = await actions.retrieveCommandStatus(ssm, vmInstanceId, commandId);
             printLog(`Checking command ${commandId} status => ${cmdStatus}`, LogLevel.DEBUG);
-            if (cmdStatus === clientSsm.CommandInvocationStatus.SUCCESS) {
-                printLog(`Command ${commandId} successfully completed`, LogLevel.DEBUG);
-                // Resolve the promise.
-                resolve();
-            }
-            else if (cmdStatus === clientSsm.CommandInvocationStatus.FAILED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_FAILED_COMMAND_EXECUTION);
-                reject();
-            }
-            else if (cmdStatus === clientSsm.CommandInvocationStatus.TIMED_OUT) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_TIMEDOUT_COMMAND_EXECUTION);
-                reject();
-            }
-            else if (cmdStatus === clientSsm.CommandInvocationStatus.CANCELLED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_CANCELLED_COMMAND_EXECUTION);
-                reject();
+            let error;
+            switch (cmdStatus) {
+                case clientSsm.CommandInvocationStatus.CANCELLING:
+                case clientSsm.CommandInvocationStatus.CANCELLED: {
+                    error = SPECIFIC_ERRORS.SE_VM_CANCELLED_COMMAND_EXECUTION;
+                    break;
+                }
+                case clientSsm.CommandInvocationStatus.DELAYED: {
+                    error = SPECIFIC_ERRORS.SE_VM_DELAYED_COMMAND_EXECUTION;
+                    break;
+                }
+                case clientSsm.CommandInvocationStatus.FAILED: {
+                    error = SPECIFIC_ERRORS.SE_VM_FAILED_COMMAND_EXECUTION;
+                    break;
+                }
+                case clientSsm.CommandInvocationStatus.TIMED_OUT: {
+                    error = SPECIFIC_ERRORS.SE_VM_TIMEDOUT_COMMAND_EXECUTION;
+                    break;
+                }
+                case clientSsm.CommandInvocationStatus.IN_PROGRESS:
+                case clientSsm.CommandInvocationStatus.PENDING: {
+                    // wait a minute and poll again
+                    setTimeout(poll, 60000);
+                    return;
+                }
+                case clientSsm.CommandInvocationStatus.SUCCESS: {
+                    printLog(`Command ${commandId} successfully completed`, LogLevel.DEBUG);
+                    // Resolve the promise.
+                    resolve();
+                    return;
+                }
+                default: {
+                    logAndThrowError(SPECIFIC_ERRORS.SE_VM_UNKNOWN_COMMAND_STATUS);
+                }
             }
-            else if (cmdStatus === clientSsm.CommandInvocationStatus.DELAYED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_DELAYED_COMMAND_EXECUTION);
-                reject();
+            if (error) {
+                logAndThrowError(error);
             }
         }
         catch (error) {
@@ -1407,12 +1426,9 @@ const waitForVMCommandExecution = (resolve, reject, ssm, vmInstanceId, commandId
             // Reject the promise.
             reject();
         }
-        finally {
-            // Clear the interval.
-            clearInterval(interval);
-        }
-    }, 60000); // 1 minute.
-};
+    };
+    setTimeout(poll, 60000);
+});
 /**
  * This method is used to coordinate the waiting queues of ceremony circuits.
  * @dev this cloud function is triggered whenever an update of a document related to a participant of a ceremony occurs.
@@ -1433,7 +1449,7 @@ const waitForVMCommandExecution = (resolve, reject, ssm, vmInstanceId, commandId
  * - Just completed a contribution or all contributions for each circuit. If yes, coordinate (multi-participant scenario).
  */
 const coordinateCeremonyParticipant = functionsV1__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1536,7 +1552,7 @@ const checkIfVMRunning = async (ec2, vmInstanceId, attempts = 5) => {
  *       1.A.4.C.1) If true, update circuit waiting for queue and average timings accordingly to contribution verification results;
  * 2) Send all updates atomically to the Firestore database.
  */
-const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB", timeoutSeconds: 3600, region: 'europe-west1' }, async (request) => {
+const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB", timeoutSeconds: 3600, region: "europe-west1" }, async (request) => {
     if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
         logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER);
     if (!request.data.ceremonyId ||
@@ -1647,8 +1663,6 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
                 lastZkeyBlake2bHash = match.at(0);
                 // re upload the formatted verification transcript
                 await uploadFileToBucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath, true);
-                // Stop VM instance.
-                await actions.stopEC2Instance(ec2, vmInstanceId);
             }
             else {
                 // Upload verification transcript.
@@ -1709,6 +1723,9 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
                 lastUpdated: getCurrentServerTimestampInMillis()
             });
         }
+        // Stop VM instance
+        if (isUsingVM)
+            await actions.stopEC2Instance(ec2, vmInstanceId);
         // Step (1.A.4.C)
         if (!isFinalizing) {
             // Step (1.A.4.C.1)
@@ -1723,7 +1740,7 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
             const newAvgVerifyCloudFunctionTime = avgVerifyCloudFunctionTime > 0
                 ? (avgVerifyCloudFunctionTime + verifyCloudFunctionTime) / 2
                 : verifyCloudFunctionTime;
-            // Prepare tx to update circuit average contribution/verification time.    
+            // Prepare tx to update circuit average contribution/verification time.
             const updatedCircuitDoc = await getDocumentById(actions.getCircuitsCollectionPath(ceremonyId), circuitId);
             const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data();
             /// @dev this must happen only for valid contributions.
@@ -1773,7 +1790,7 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
             commandId = await actions.runCommandUsingSSM(ssm, vmInstanceId, verificationCommand);
             printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG);
             // Step (1.A.3.3).
-            return new Promise((resolve, reject) => waitForVMCommandExecution(resolve, reject, ssm, vmInstanceId, commandId))
+            return waitForVMCommandExecution(ssm, vmInstanceId, commandId)
                 .then(async () => {
                 // Command execution successfully completed.
                 printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG);
@@ -1785,40 +1802,38 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
                 logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION);
             });
         }
-        else {
-            // CF approach.
-            printLog(`CF mechanism`, LogLevel.DEBUG);
-            const potStoragePath = actions.getPotStorageFilePath(files.potFilename);
-            const firstZkeyStoragePath = actions.getZkeyStorageFilePath(prefix, `${prefix}_${actions.genesisZkeyIndex}.zkey`);
-            // Prepare temporary file paths.
-            // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
-            verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename);
-            const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`);
-            const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`);
-            const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`);
-            // Create and populate transcript.
-            const transcriptLogger = actions.createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath);
-            transcriptLogger.info(`${isFinalizing ? `Final verification` : `Verification`} transcript for ${prefix} circuit Phase 2 contribution.\n${isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`} (${contributorOrCoordinatorIdentifier})\n`);
-            // Step (1.A.2).
-            await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath);
-            await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath);
-            await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath);
-            // Step (1.A.4).
-            isContributionValid = await snarkjs.zKey.verifyFromInit(firstZkeyTempFilePath, potTempFilePath, lastZkeyTempFilePath, transcriptLogger);
-            // Compute contribution hash.
-            lastZkeyBlake2bHash = await actions.blake512FromPath(lastZkeyTempFilePath);
-            // Free resources by unlinking temporary folders.
-            // Do not free-up verification transcript path here.
-            try {
-                fs.unlinkSync(potTempFilePath);
-                fs.unlinkSync(firstZkeyTempFilePath);
-                fs.unlinkSync(lastZkeyTempFilePath);
-            }
-            catch (error) {
-                printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN);
-            }
-            await completeVerification();
+        // CF approach.
+        printLog(`CF mechanism`, LogLevel.DEBUG);
+        const potStoragePath = actions.getPotStorageFilePath(files.potFilename);
+        const firstZkeyStoragePath = actions.getZkeyStorageFilePath(prefix, `${prefix}_${actions.genesisZkeyIndex}.zkey`);
+        // Prepare temporary file paths.
+        // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
+        verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename);
+        const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`);
+        const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`);
+        const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`);
+        // Create and populate transcript.
+        const transcriptLogger = actions.createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath);
+        transcriptLogger.info(`${isFinalizing ? `Final verification` : `Verification`} transcript for ${prefix} circuit Phase 2 contribution.\n${isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`} (${contributorOrCoordinatorIdentifier})\n`);
+        // Step (1.A.2).
+        await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath);
+        await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath);
+        await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath);
+        // Step (1.A.4).
+        isContributionValid = await snarkjs.zKey.verifyFromInit(firstZkeyTempFilePath, potTempFilePath, lastZkeyTempFilePath, transcriptLogger);
+        // Compute contribution hash.
+        lastZkeyBlake2bHash = await actions.blake512FromPath(lastZkeyTempFilePath);
+        // Free resources by unlinking temporary folders.
+        // Do not free-up verification transcript path here.
+        try {
+            fs.unlinkSync(potTempFilePath);
+            fs.unlinkSync(firstZkeyTempFilePath);
+            fs.unlinkSync(lastZkeyTempFilePath);
+        }
+        catch (error) {
+            printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN);
         }
+        await completeVerification();
     }
 });
 /**
@@ -1827,7 +1842,7 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
  * this does not happen if the participant is actually the coordinator who is finalizing the ceremony.
  */
 const refreshParticipantAfterContributionVerification = functionsV1__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -1888,7 +1903,7 @@ const refreshParticipantAfterContributionVerification = functionsV1__namespace
  * and verification key extracted from the circuit final contribution (as part of the ceremony finalization process).
  */
 const finalizeCircuit = functionsV1__namespace
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
     memory: "512MB"
 })
@@ -2085,8 +2100,10 @@ const createBucket = functions__namespace
                     CORSConfiguration: {
                         CORSRules: [
                             {
-                                AllowedMethods: ["GET"],
-                                AllowedOrigins: ["*"]
+                                AllowedMethods: ["GET", "PUT"],
+                                AllowedOrigins: ["*"],
+                                ExposeHeaders: ["ETag", "Content-Length"],
+                                AllowedHeaders: ["*"]
                             }
                         ]
                     }
@@ -2563,7 +2580,8 @@ const resumeContributionAfterTimeoutExpiration = functions__namespace
     if (status === "EXHUMED" /* ParticipantStatus.EXHUMED */)
         await participantDoc.ref.update({
             status: "READY" /* ParticipantStatus.READY */,
-            lastUpdated: getCurrentServerTimestampInMillis()
+            lastUpdated: getCurrentServerTimestampInMillis(),
+            tempContributionData: {}
         });
     else
         logAndThrowError(SPECIFIC_ERRORS.SE_CONTRIBUTE_CANNOT_PROGRESS_TO_NEXT_CIRCUIT);