@devtion/backend 0.0.0-3c7b092 → 0.0.0-3df1645

package/src/functions/circuit.ts

@@ -58,6 +58,7 @@ import {
     uploadFileToBucket
 } from "../lib/utils"
 import { EC2Client } from "@aws-sdk/client-ec2"
+import { HttpsError } from "firebase-functions/v2/https"
 
 dotenv.config()
 
@@ -214,57 +215,80 @@ const coordinate = async (
  * Wait until the command has completed its execution inside the VM.
  * @dev this method implements a custom interval to check 5 times after 1 minute if the command execution
  * has been completed or not by calling the `retrieveCommandStatus` method.
- * @param {any} resolve the promise.
- * @param {any} reject the promise.
  * @param {SSMClient} ssm the SSM client.
  * @param {string} vmInstanceId the unique identifier of the VM instance.
  * @param {string} commandId the unique identifier of the VM command.
  * @returns <Promise<void>> true when the command execution succeed; otherwise false.
  */
-const waitForVMCommandExecution = (
-    resolve: any,
-    reject: any,
-    ssm: SSMClient,
-    vmInstanceId: string,
-    commandId: string
-) => {
-    const interval = setInterval(async () => {
-        try {
-            // Get command status.
-            const cmdStatus = await retrieveCommandStatus(ssm, vmInstanceId, commandId)
-            printLog(`Checking command ${commandId} status => ${cmdStatus}`, LogLevel.DEBUG)
-
-            if (cmdStatus === CommandInvocationStatus.SUCCESS) {
-                printLog(`Command ${commandId} successfully completed`, LogLevel.DEBUG)
-
-                // Resolve the promise.
-                resolve()
-            } else if (cmdStatus === CommandInvocationStatus.FAILED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_FAILED_COMMAND_EXECUTION)
-                reject()
-            } else if (cmdStatus === CommandInvocationStatus.TIMED_OUT) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_TIMEDOUT_COMMAND_EXECUTION)
-                reject()
-            } else if (cmdStatus === CommandInvocationStatus.CANCELLED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_CANCELLED_COMMAND_EXECUTION)
-                reject()
-            } else if (cmdStatus === CommandInvocationStatus.DELAYED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_DELAYED_COMMAND_EXECUTION)
-                reject()
-            }
-        } catch (error: any) {
-            printLog(`Invalid command ${commandId} execution`, LogLevel.DEBUG)
+const waitForVMCommandExecution = (ssm: SSMClient, vmInstanceId: string, commandId: string): Promise<void> =>
+    new Promise((resolve, reject) => {
+        const poll = async () => {
+            try {
+                // Get command status.
+                const cmdStatus = await retrieveCommandStatus(ssm, vmInstanceId, commandId)
+                printLog(`Checking command ${commandId} status => ${cmdStatus}`, LogLevel.DEBUG)
+
+                let error: HttpsError | undefined
+                switch (cmdStatus) {
+                    case CommandInvocationStatus.CANCELLING:
+                    case CommandInvocationStatus.CANCELLED: {
+                        error = SPECIFIC_ERRORS.SE_VM_CANCELLED_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.DELAYED: {
+                        error = SPECIFIC_ERRORS.SE_VM_DELAYED_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.FAILED: {
+                        error = SPECIFIC_ERRORS.SE_VM_FAILED_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.TIMED_OUT: {
+                        error = SPECIFIC_ERRORS.SE_VM_TIMEDOUT_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.IN_PROGRESS:
+                    case CommandInvocationStatus.PENDING: {
+                        // wait a minute and poll again
+                        setTimeout(poll, 60000)
+                        return
+                    }
+                    case CommandInvocationStatus.SUCCESS: {
+                        printLog(`Command ${commandId} successfully completed`, LogLevel.DEBUG)
+
+                        // Resolve the promise.
+                        resolve()
+                        return
+                    }
+                    default: {
+                        logAndThrowError(SPECIFIC_ERRORS.SE_VM_UNKNOWN_COMMAND_STATUS)
+                    }
+                }
+
+                if (error) {
+                    logAndThrowError(error)
+                }
+            } catch (error: any) {
+                printLog(`Invalid command ${commandId} execution`, LogLevel.DEBUG)
+
+                const ec2 = await createEC2Client()
 
-            if (!error.toString().includes(commandId)) logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
+                // if it errors out, let's just log it as a warning so the coordinator is aware
+                try {
+                    await stopEC2Instance(ec2, vmInstanceId)
+                } catch (error: any) {
+                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
+                }
 
-            // Reject the promise.
-            reject()
-        } finally {
-            // Clear the interval.
-            clearInterval(interval)
+                if (!error.toString().includes(commandId)) logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
+
+                // Reject the promise.
+                reject()
+            }
         }
-    }, 60000) // 1 minute.
-}
+
+        setTimeout(poll, 60000)
+    })
 
 /**
  * This method is used to coordinate the waiting queues of ceremony circuits.
@@ -286,7 +310,7 @@ const waitForVMCommandExecution = (
  * - Just completed a contribution or all contributions for each circuit. If yes, coordinate (multi-participant scenario).
  */
 export const coordinateCeremonyParticipant = functionsV1
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -387,7 +411,6 @@ export const coordinateCeremonyParticipant = functionsV1
         }
     })
 
-
 /**
  * Recursive function to check whether an EC2 is in a running state
  * @notice required step to run commands
@@ -396,16 +419,12 @@ export const coordinateCeremonyParticipant = functionsV1
  * @param attempts <number> - how many times to retry before failing
  * @returns <Promise<boolean>> - whether the VM was started
  */
-const checkIfVMRunning = async (
-    ec2: EC2Client, 
-    vmInstanceId: string, 
-    attempts = 5
-    ): Promise<boolean> => {
+const checkIfVMRunning = async (ec2: EC2Client, vmInstanceId: string, attempts = 5): Promise<boolean> => {
     // if we tried 5 times, then throw an error
     if (attempts <= 0) logAndThrowError(SPECIFIC_ERRORS.SE_VM_NOT_RUNNING)
 
-    await sleep(60000); // Wait for 1 min
-    const isVMRunning = await checkIfRunning(ec2, vmInstanceId) 
+    await sleep(60000) // Wait for 1 min
+    const isVMRunning = await checkIfRunning(ec2, vmInstanceId)
 
     if (!isVMRunning) {
         printLog(`VM not running, ${attempts - 1} attempts remaining. Retrying in 1 minute...`, LogLevel.DEBUG)
@@ -442,7 +461,7 @@ const checkIfVMRunning = async (
  * 2) Send all updates atomically to the Firestore database.
  */
 export const verifycontribution = functionsV2.https.onCall(
-    { memory: "16GiB", timeoutSeconds: 3600, region: 'europe-west1' },
+    { memory: "16GiB", timeoutSeconds: 3600, region: "europe-west1" },
     async (request: functionsV2.https.CallableRequest<VerifyContributionData>): Promise<any> => {
         if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
             logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER)
@@ -610,7 +629,6 @@ export const verifycontribution = functionsV2.https.onCall(
                         verificationTranscriptTemporaryLocalPath,
                         true
                     )
-
                 } else {
                     // Upload verification transcript.
                     /// nb. do not use multi-part upload here due to small file size.
@@ -688,8 +706,16 @@ export const verifycontribution = functionsV2.https.onCall(
             }
 
             // Stop VM instance
-            if (isUsingVM) await stopEC2Instance(ec2, vmInstanceId)
-
+            if (isUsingVM) {
+                // using try and catch as the VM stopping function can throw
+                // however we want to continue without stopping as the 
+                // verification was valid, and inform the coordinator
+                try {
+                    await stopEC2Instance(ec2, vmInstanceId)
+                } catch (error: any) {
+                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
+                }
+            }
             // Step (1.A.4.C)
             if (!isFinalizing) {
                 // Step (1.A.4.C.1)
@@ -709,7 +735,7 @@ export const verifycontribution = functionsV2.https.onCall(
                         ? (avgVerifyCloudFunctionTime + verifyCloudFunctionTime) / 2
                         : verifyCloudFunctionTime
 
-                // Prepare tx to update circuit average contribution/verification time.    
+                // Prepare tx to update circuit average contribution/verification time.
                 const updatedCircuitDoc = await getDocumentById(getCircuitsCollectionPath(ceremonyId), circuitId)
                 const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data()!
                 /// @dev this must happen only for valid contributions.
@@ -783,9 +809,7 @@ export const verifycontribution = functionsV2.https.onCall(
                 printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG)
 
                 // Step (1.A.3.3).
-                return new Promise<void>((resolve, reject) =>
-                    waitForVMCommandExecution(resolve, reject, ssm, vmInstanceId, commandId)
-                )
+                return waitForVMCommandExecution(ssm, vmInstanceId, commandId)
                     .then(async () => {
                         // Command execution successfully completed.
                         printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG)
@@ -797,59 +821,57 @@ export const verifycontribution = functionsV2.https.onCall(
 
                         logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
                     })
-            } else {
-                // CF approach.
-                printLog(`CF mechanism`, LogLevel.DEBUG)
+            }
 
-                const potStoragePath = getPotStorageFilePath(files.potFilename)
-                const firstZkeyStoragePath = getZkeyStorageFilePath(prefix, `${prefix}_${genesisZkeyIndex}.zkey`)
-                // Prepare temporary file paths.
-                // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
-                verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(
-                    verificationTranscriptCompleteFilename
-                )
-                const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`)
-                const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`)
-                const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`)
-
-                // Create and populate transcript.
-                const transcriptLogger = createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath)
-                transcriptLogger.info(
-                    `${
-                        isFinalizing ? `Final verification` : `Verification`
-                    } transcript for ${prefix} circuit Phase 2 contribution.\n${
-                        isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`
-                    } (${contributorOrCoordinatorIdentifier})\n`
-                )
+            // CF approach.
+            printLog(`CF mechanism`, LogLevel.DEBUG)
+
+            const potStoragePath = getPotStorageFilePath(files.potFilename)
+            const firstZkeyStoragePath = getZkeyStorageFilePath(prefix, `${prefix}_${genesisZkeyIndex}.zkey`)
+            // Prepare temporary file paths.
+            // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
+            verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename)
+            const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`)
+            const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`)
+            const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`)
+
+            // Create and populate transcript.
+            const transcriptLogger = createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath)
+            transcriptLogger.info(
+                `${
+                    isFinalizing ? `Final verification` : `Verification`
+                } transcript for ${prefix} circuit Phase 2 contribution.\n${
+                    isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`
+                } (${contributorOrCoordinatorIdentifier})\n`
+            )
 
-                // Step (1.A.2).
-                await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath)
-                await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath)
-                await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath)
-
-                // Step (1.A.4).
-                isContributionValid = await zKey.verifyFromInit(
-                    firstZkeyTempFilePath,
-                    potTempFilePath,
-                    lastZkeyTempFilePath,
-                    transcriptLogger
-                )
-                
-                // Compute contribution hash.
-                lastZkeyBlake2bHash = await blake512FromPath(lastZkeyTempFilePath)
+            // Step (1.A.2).
+            await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath)
+            await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath)
+            await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath)
 
-                // Free resources by unlinking temporary folders.
-                // Do not free-up verification transcript path here.
-                try {
-                    fs.unlinkSync(potTempFilePath)
-                    fs.unlinkSync(firstZkeyTempFilePath)
-                    fs.unlinkSync(lastZkeyTempFilePath)
-                } catch (error: any) {
-                    printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN)
-                }  
+            // Step (1.A.4).
+            isContributionValid = await zKey.verifyFromInit(
+                firstZkeyTempFilePath,
+                potTempFilePath,
+                lastZkeyTempFilePath,
+                transcriptLogger
+            )
 
-                await completeVerification()
+            // Compute contribution hash.
+            lastZkeyBlake2bHash = await blake512FromPath(lastZkeyTempFilePath)
+
+            // Free resources by unlinking temporary folders.
+            // Do not free-up verification transcript path here.
+            try {
+                fs.unlinkSync(potTempFilePath)
+                fs.unlinkSync(firstZkeyTempFilePath)
+                fs.unlinkSync(lastZkeyTempFilePath)
+            } catch (error: any) {
+                printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN)
             }
+
+            await completeVerification()
         }
     }
 )
@@ -860,7 +882,7 @@ export const verifycontribution = functionsV2.https.onCall(
  * this does not happen if the participant is actually the coordinator who is finalizing the ceremony.
  */
 export const refreshParticipantAfterContributionVerification = functionsV1
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -943,7 +965,7 @@ export const refreshParticipantAfterContributionVerification = functionsV1
  * and verification key extracted from the circuit final contribution (as part of the ceremony finalization process).
  */
 export const finalizeCircuit = functionsV1
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })

package/src/functions/participant.ts

@@ -44,7 +44,7 @@ dotenv.config()
  * @dev true when the participant can participate (1.A, 3.B, 1.D); otherwise false.
  */
 export const checkParticipantForCeremony = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -175,7 +175,7 @@ export const checkParticipantForCeremony = functions
  * 2) the participant has just finished the contribution for a circuit (contributionProgress != 0 && status = CONTRIBUTED && contributionStep = COMPLETED).
  */
 export const progressToNextCircuitForContribution = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -233,7 +233,7 @@ export const progressToNextCircuitForContribution = functions
  * 5) Completed contribution computation and verification.
  */
 export const progressToNextContributionStep = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -296,7 +296,7 @@ export const progressToNextContributionStep = functions
  * @dev enable the current contributor to resume a contribution from where it had left off.
  */
 export const permanentlyStoreCurrentContributionTimeAndHash = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -355,7 +355,7 @@ export const permanentlyStoreCurrentContributionTimeAndHash = functions
  * @dev enable the current contributor to resume a multi-part upload from where it had left off.
  */
 export const temporaryStoreCurrentContributionMultiPartUploadId = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -409,7 +409,7 @@ export const temporaryStoreCurrentContributionMultiPartUploadId = functions
  * @dev enable the current contributor to resume a multi-part upload from where it had left off.
  */
 export const temporaryStoreCurrentContributionUploadedChunkData = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -469,7 +469,7 @@ export const temporaryStoreCurrentContributionUploadedChunkData = functions
  * contributed to every selected ceremony circuits (= DONE).
  */
 export const checkAndPrepareCoordinatorForFinalization = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })

package/src/functions/storage.ts

@@ -193,8 +193,10 @@ export const createBucket = functions
                         CORSConfiguration: {
                             CORSRules: [
                                 {
-                                    AllowedMethods: ["GET"],
-                                    AllowedOrigins: ["*"]
+                                    AllowedMethods: ["GET", "PUT"],
+                                    AllowedOrigins: ["*"],
+                                    ExposeHeaders: ["ETag", "Content-Length"],
+                                    AllowedHeaders: ["*"]
                                 }
                             ]
                         }
@@ -407,7 +409,8 @@ export const startMultiPartUpload = functions
 export const generatePreSignedUrlsParts = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "512MB",
+        timeoutSeconds: 300
     })
     .https.onCall(
         async (

package/src/functions/user.ts

@@ -41,7 +41,8 @@ export const registerAuthUser = functions
         // Reference to a document using uid.
         const userRef = firestore.collection(commonTerms.collections.users.name).doc(uid)
         // html encode the display name (or put the ID if the name is not displayed)
-        const encodedDisplayName = user.displayName === "Null" || user.displayName === null ? user.uid : encode(displayName)
+        const encodedDisplayName =
+            user.displayName === "Null" || user.displayName === null ? user.uid : encode(displayName)
 
         // store the avatar URL of a contributor
         let avatarUrl: string = ""
@@ -73,13 +74,22 @@ export const registerAuthUser = functions
                             makeError(
                                 "permission-denied",
                                 "The user is not allowed to sign up because their Github reputation is not high enough.",
-                                `The user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName } is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`
+                                `The user ${
+                                    user.displayName === "Null" || user.displayName === null
+                                        ? user.uid
+                                        : user.displayName
+                                } is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`
                             )
                         )
-                    } 
+                    }
                     // store locally
                     avatarUrl = avatarURL
-                    printLog(`Github reputation check passed for user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName }`, LogLevel.DEBUG)
+                    printLog(
+                        `Github reputation check passed for user ${
+                            user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName
+                        }`,
+                        LogLevel.DEBUG
+                    )
                 } catch (error: any) {
                     // Delete user
                     await auth.deleteUser(user.uid)
@@ -95,7 +105,7 @@ export const registerAuthUser = functions
         }
         // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
         // In future releases we might want to loop through the providerData array as we support
-        // more providers. 
+        // more providers.
         await userRef.set({
             name: encodedDisplayName,
             encodedDisplayName,
@@ -112,7 +122,7 @@ export const registerAuthUser = functions
         // we want to create a new collection for the users to store the avatars
         const avatarRef = firestore.collection(commonTerms.collections.avatars.name).doc(uid)
         await avatarRef.set({
-            avatarUrl: avatarUrl || "",
+            avatarUrl: avatarUrl || ""
         })
         printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)
         printLog(`Authenticated user avatar with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)

package/src/lib/errors.ts

@@ -184,6 +184,11 @@ export const SPECIFIC_ERRORS = {
         "unavailable",
         "VM command execution has been delayed since there were no available instance at the moment",
         "Please, contact the coordinator if this error persists."
+    ),
+    SE_VM_UNKNOWN_COMMAND_STATUS: makeError(
+        "unavailable",
+        "VM command execution has failed due to an unknown status code",
+        "Please, contact the coordinator if this error persists."
     )
 }
 

package/src/lib/utils.ts

@@ -217,7 +217,7 @@ export const downloadArtifactFromS3Bucket = async (bucketName: string, objectKey
     const streamPipeline = promisify(pipeline)
     await streamPipeline(response.body, writeStream)
 
-    writeStream.on('finish', () => {
+    writeStream.on("finish", () => {
         writeStream.end()
     })
 }
@@ -305,7 +305,7 @@ export const deleteObject = async (bucketName: string, objectKey: string) => {
 
     // Prepare command.
     const command = new DeleteObjectCommand({ Bucket: bucketName, Key: objectKey })
-    
+
     // Execute command.
     const data = await client.send(command)