@devtion/backend 0.0.0-56ecf35 → 0.0.0-57a8ab9

package/dist/src/functions/index.js

@@ -31,6 +31,8 @@ var functionsV1 = require('firebase-functions/v1');
 var functionsV2 = require('firebase-functions/v2');
 var timerNode = require('timer-node');
 var snarkjs = require('snarkjs');
+var apiSdk = require('@bandada/api-sdk');
+var auth = require('firebase-admin/auth');
 
 function _interopNamespaceDefault(e) {
     var n = Object.create(null);
@@ -556,7 +558,7 @@ const registerAuthUser = functions__namespace
         email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)) {
         const auth = admin.auth();
         // if provider == github.com let's use our functions to check the user's reputation
-        if (user.providerData[0].providerId === "github.com") {
+        if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
             const vars = getGitHubVariables();
             // this return true or false
             try {
@@ -588,7 +590,7 @@ const registerAuthUser = functions__namespace
         encodedDisplayName,
         // Metadata.
         creationTime,
-        lastSignInTime,
+        lastSignInTime: lastSignInTime || creationTime,
         // Optional.
         email: email || "",
         emailVerified: emailVerified || false,
@@ -2407,6 +2409,148 @@ const completeMultiPartUpload = functions__namespace
     }
 });
 
+const VKEY_DATA = {
+    protocol: "groth16",
+    curve: "bn128",
+    nPublic: 3,
+    vk_alpha_1: [
+        "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+        "9383485363053290200918347156157836566562967994039712273449902621266178545958",
+        "1"
+    ],
+    vk_beta_2: [
+        [
+            "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+        ],
+        [
+            "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+        ],
+        ["1", "0"]
+    ],
+    vk_gamma_2: [
+        [
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+        ],
+        [
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+        ],
+        ["1", "0"]
+    ],
+    vk_delta_2: [
+        [
+            "3697618915467790705869942236922063775466274665053173890632463796679068973252",
+            "14948341351907992175709156460547989243732741534604949238422596319735704165658"
+        ],
+        [
+            "3028459181652799888716942141752307629938889957960373621898607910203491239368",
+            "11380736494786911280692284374675752681598754560757720296073023058533044108340"
+        ],
+        ["1", "0"]
+    ],
+    vk_alphabeta_12: [
+        [
+            [
+                "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+                "21072700047562757817161031222997517981543347628379360635925549008442030252106"
+            ],
+            [
+                "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+                "12156638873931618554171829126792193045421052652279363021382169897324752428276"
+            ],
+            [
+                "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+                "7074218545237549455313236346927434013100842096812539264420499035217050630853"
+            ]
+        ],
+        [
+            [
+                "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+                "10093483419865920389913245021038182291233451549023025229112148274109565435465"
+            ],
+            [
+                "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+                "19831328484489333784475432780421641293929726139240675179672856274388269393268"
+            ],
+            [
+                "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+                "8037395052364110730298837004334506829870972346962140206007064471173334027475"
+            ]
+        ]
+    ],
+    IC: [
+        [
+            "12951059800758687233303204819298121944551181861362200875212570257618182506154",
+            "5751958719396509176593242305268064754837298673622815112953832050159760501392",
+            "1"
+        ],
+        [
+            "9561588427935871983444704959674198910445823619407211599507208879011862515257",
+            "14576201570478094842467636169770180675293504492823217349086195663150934064643",
+            "1"
+        ],
+        [
+            "4811967233483727873912563574622036989372099129165459921963463310078093941559",
+            "1874883809855039536107616044787862082553628089593740724610117059083415551067",
+            "1"
+        ],
+        [
+            "12252730267779308452229639835051322390696643456253768618882001876621526827161",
+            "7899194018737016222260328309937800777948677569409898603827268776967707173231",
+            "1"
+        ]
+    ]
+};
+dotenv.config();
+const { BANDADA_API_URL, BANDADA_GROUP_ID } = process.env;
+const bandadaApi = new apiSdk.ApiSdk(BANDADA_API_URL);
+const bandadaValidateProof = functions__namespace
+    .region("europe-west1")
+    .runWith({
+    memory: "512MB"
+})
+    .https.onCall(async (data) => {
+    if (!BANDADA_GROUP_ID)
+        throw new Error("BANDADA_GROUP_ID is not defined in .env");
+    const { proof, publicSignals } = data;
+    const isCorrect = snarkjs.groth16.verify(VKEY_DATA, publicSignals, proof);
+    if (!isCorrect)
+        return {
+            valid: false,
+            message: "Invalid proof",
+            token: ""
+        };
+    const commitment = data.publicSignals[1];
+    const isMember = await bandadaApi.isGroupMember(BANDADA_GROUP_ID, commitment);
+    if (!isMember)
+        return {
+            valid: false,
+            message: "Not a member of the group",
+            token: ""
+        };
+    const auth$1 = auth.getAuth();
+    try {
+        await admin.auth().createUser({
+            uid: commitment
+        });
+    }
+    catch (error) {
+        // if user already exist then just pass
+        if (error.code !== "auth/uid-already-exists") {
+            throw new Error(error);
+        }
+    }
+    const token = await auth$1.createCustomToken(commitment);
+    return {
+        valid: true,
+        message: "Valid proof and group member",
+        token
+    };
+});
+
 dotenv.config();
 /**
  * Check and remove the current contributor if it doesn't complete the contribution on the specified amount of time.
@@ -2608,6 +2752,7 @@ const resumeContributionAfterTimeoutExpiration = functions__namespace
 
 admin.initializeApp();
 
+exports.bandadaValidateProof = bandadaValidateProof;
 exports.checkAndPrepareCoordinatorForFinalization = checkAndPrepareCoordinatorForFinalization;
 exports.checkAndRemoveBlockingContributor = checkAndRemoveBlockingContributor;
 exports.checkIfObjectExist = checkIfObjectExist;

package/dist/src/functions/index.mjs

@@ -28,7 +28,9 @@ import { EC2Client } from '@aws-sdk/client-ec2';
 import * as functionsV1 from 'firebase-functions/v1';
 import * as functionsV2 from 'firebase-functions/v2';
 import { Timer } from 'timer-node';
-import { zKey } from 'snarkjs';
+import { zKey, groth16 } from 'snarkjs';
+import { ApiSdk } from '@bandada/api-sdk';
+import { getAuth } from 'firebase-admin/auth';
 
 /**
  * Log levels.
@@ -533,7 +535,7 @@ const registerAuthUser = functions
         email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)) {
         const auth = admin.auth();
         // if provider == github.com let's use our functions to check the user's reputation
-        if (user.providerData[0].providerId === "github.com") {
+        if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
             const vars = getGitHubVariables();
             // this return true or false
             try {
@@ -565,7 +567,7 @@ const registerAuthUser = functions
         encodedDisplayName,
         // Metadata.
         creationTime,
-        lastSignInTime,
+        lastSignInTime: lastSignInTime || creationTime,
         // Optional.
         email: email || "",
         emailVerified: emailVerified || false,
@@ -2384,6 +2386,148 @@ const completeMultiPartUpload = functions
     }
 });
 
+const VKEY_DATA = {
+    protocol: "groth16",
+    curve: "bn128",
+    nPublic: 3,
+    vk_alpha_1: [
+        "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+        "9383485363053290200918347156157836566562967994039712273449902621266178545958",
+        "1"
+    ],
+    vk_beta_2: [
+        [
+            "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+        ],
+        [
+            "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+        ],
+        ["1", "0"]
+    ],
+    vk_gamma_2: [
+        [
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+        ],
+        [
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+        ],
+        ["1", "0"]
+    ],
+    vk_delta_2: [
+        [
+            "3697618915467790705869942236922063775466274665053173890632463796679068973252",
+            "14948341351907992175709156460547989243732741534604949238422596319735704165658"
+        ],
+        [
+            "3028459181652799888716942141752307629938889957960373621898607910203491239368",
+            "11380736494786911280692284374675752681598754560757720296073023058533044108340"
+        ],
+        ["1", "0"]
+    ],
+    vk_alphabeta_12: [
+        [
+            [
+                "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+                "21072700047562757817161031222997517981543347628379360635925549008442030252106"
+            ],
+            [
+                "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+                "12156638873931618554171829126792193045421052652279363021382169897324752428276"
+            ],
+            [
+                "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+                "7074218545237549455313236346927434013100842096812539264420499035217050630853"
+            ]
+        ],
+        [
+            [
+                "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+                "10093483419865920389913245021038182291233451549023025229112148274109565435465"
+            ],
+            [
+                "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+                "19831328484489333784475432780421641293929726139240675179672856274388269393268"
+            ],
+            [
+                "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+                "8037395052364110730298837004334506829870972346962140206007064471173334027475"
+            ]
+        ]
+    ],
+    IC: [
+        [
+            "12951059800758687233303204819298121944551181861362200875212570257618182506154",
+            "5751958719396509176593242305268064754837298673622815112953832050159760501392",
+            "1"
+        ],
+        [
+            "9561588427935871983444704959674198910445823619407211599507208879011862515257",
+            "14576201570478094842467636169770180675293504492823217349086195663150934064643",
+            "1"
+        ],
+        [
+            "4811967233483727873912563574622036989372099129165459921963463310078093941559",
+            "1874883809855039536107616044787862082553628089593740724610117059083415551067",
+            "1"
+        ],
+        [
+            "12252730267779308452229639835051322390696643456253768618882001876621526827161",
+            "7899194018737016222260328309937800777948677569409898603827268776967707173231",
+            "1"
+        ]
+    ]
+};
+dotenv.config();
+const { BANDADA_API_URL, BANDADA_GROUP_ID } = process.env;
+const bandadaApi = new ApiSdk(BANDADA_API_URL);
+const bandadaValidateProof = functions
+    .region("europe-west1")
+    .runWith({
+    memory: "512MB"
+})
+    .https.onCall(async (data) => {
+    if (!BANDADA_GROUP_ID)
+        throw new Error("BANDADA_GROUP_ID is not defined in .env");
+    const { proof, publicSignals } = data;
+    const isCorrect = groth16.verify(VKEY_DATA, publicSignals, proof);
+    if (!isCorrect)
+        return {
+            valid: false,
+            message: "Invalid proof",
+            token: ""
+        };
+    const commitment = data.publicSignals[1];
+    const isMember = await bandadaApi.isGroupMember(BANDADA_GROUP_ID, commitment);
+    if (!isMember)
+        return {
+            valid: false,
+            message: "Not a member of the group",
+            token: ""
+        };
+    const auth = getAuth();
+    try {
+        await admin.auth().createUser({
+            uid: commitment
+        });
+    }
+    catch (error) {
+        // if user already exist then just pass
+        if (error.code !== "auth/uid-already-exists") {
+            throw new Error(error);
+        }
+    }
+    const token = await auth.createCustomToken(commitment);
+    return {
+        valid: true,
+        message: "Valid proof and group member",
+        token
+    };
+});
+
 dotenv.config();
 /**
  * Check and remove the current contributor if it doesn't complete the contribution on the specified amount of time.
@@ -2585,4 +2729,4 @@ const resumeContributionAfterTimeoutExpiration = functions
 
 admin.initializeApp();
 
-export { checkAndPrepareCoordinatorForFinalization, checkAndRemoveBlockingContributor, checkIfObjectExist, checkParticipantForCeremony, completeMultiPartUpload, coordinateCeremonyParticipant, createBucket, finalizeCeremony, finalizeCircuit, generateGetObjectPreSignedUrl, generatePreSignedUrlsParts, initEmptyWaitingQueueForCircuit, permanentlyStoreCurrentContributionTimeAndHash, processSignUpWithCustomClaims, progressToNextCircuitForContribution, progressToNextContributionStep, refreshParticipantAfterContributionVerification, registerAuthUser, resumeContributionAfterTimeoutExpiration, setupCeremony, startCeremony, startMultiPartUpload, stopCeremony, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, verifycontribution };
+export { bandadaValidateProof, checkAndPrepareCoordinatorForFinalization, checkAndRemoveBlockingContributor, checkIfObjectExist, checkParticipantForCeremony, completeMultiPartUpload, coordinateCeremonyParticipant, createBucket, finalizeCeremony, finalizeCircuit, generateGetObjectPreSignedUrl, generatePreSignedUrlsParts, initEmptyWaitingQueueForCircuit, permanentlyStoreCurrentContributionTimeAndHash, processSignUpWithCustomClaims, progressToNextCircuitForContribution, progressToNextContributionStep, refreshParticipantAfterContributionVerification, registerAuthUser, resumeContributionAfterTimeoutExpiration, setupCeremony, startCeremony, startMultiPartUpload, stopCeremony, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, verifycontribution };

package/dist/types/functions/bandada.d.ts

@@ -0,0 +1,4 @@
+import * as functions from "firebase-functions";
+export declare const bandadaValidateProof: functions.HttpsFunction & functions.Runnable<any>;
+export default bandadaValidateProof;
+//# sourceMappingURL=bandada.d.ts.map

package/dist/types/functions/bandada.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bandada.d.ts","sourceRoot":"","sources":["../../../src/functions/bandada.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AA8G/C,eAAO,MAAM,oBAAoB,mDA0C3B,CAAA;AAEN,eAAe,oBAAoB,CAAA"}

package/dist/types/functions/index.d.ts

@@ -3,5 +3,6 @@ export { startCeremony, stopCeremony, setupCeremony, initEmptyWaitingQueueForCir
 export { checkParticipantForCeremony, progressToNextContributionStep, permanentlyStoreCurrentContributionTimeAndHash, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, progressToNextCircuitForContribution, checkAndPrepareCoordinatorForFinalization } from "./participant";
 export { coordinateCeremonyParticipant, verifycontribution, refreshParticipantAfterContributionVerification, finalizeCircuit } from "./circuit";
 export { createBucket, checkIfObjectExist, generateGetObjectPreSignedUrl, startMultiPartUpload, generatePreSignedUrlsParts, completeMultiPartUpload } from "./storage";
+export { bandadaValidateProof } from "./bandada";
 export { checkAndRemoveBlockingContributor, resumeContributionAfterTimeoutExpiration } from "./timeout";
 //# sourceMappingURL=index.d.ts.map

package/dist/types/functions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/functions/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,6BAA6B,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EACH,aAAa,EACb,YAAY,EACZ,aAAa,EACb,+BAA+B,EAC/B,gBAAgB,EACnB,MAAM,YAAY,CAAA;AACnB,OAAO,EACH,2BAA2B,EAC3B,8BAA8B,EAC9B,8CAA8C,EAC9C,kDAAkD,EAClD,kDAAkD,EAClD,oCAAoC,EACpC,yCAAyC,EAC5C,MAAM,eAAe,CAAA;AACtB,OAAO,EACH,6BAA6B,EAC7B,kBAAkB,EAClB,+CAA+C,EAC/C,eAAe,EAClB,MAAM,WAAW,CAAA;AAClB,OAAO,EACH,YAAY,EACZ,kBAAkB,EAClB,6BAA6B,EAC7B,oBAAoB,EACpB,0BAA0B,EAC1B,uBAAuB,EAC1B,MAAM,WAAW,CAAA;AAClB,OAAO,EAAE,iCAAiC,EAAE,wCAAwC,EAAE,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/functions/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,6BAA6B,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EACH,aAAa,EACb,YAAY,EACZ,aAAa,EACb,+BAA+B,EAC/B,gBAAgB,EACnB,MAAM,YAAY,CAAA;AACnB,OAAO,EACH,2BAA2B,EAC3B,8BAA8B,EAC9B,8CAA8C,EAC9C,kDAAkD,EAClD,kDAAkD,EAClD,oCAAoC,EACpC,yCAAyC,EAC5C,MAAM,eAAe,CAAA;AACtB,OAAO,EACH,6BAA6B,EAC7B,kBAAkB,EAClB,+CAA+C,EAC/C,eAAe,EAClB,MAAM,WAAW,CAAA;AAClB,OAAO,EACH,YAAY,EACZ,kBAAkB,EAClB,6BAA6B,EAC7B,oBAAoB,EACpB,0BAA0B,EAC1B,uBAAuB,EAC1B,MAAM,WAAW,CAAA;AAClB,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,EAAE,iCAAiC,EAAE,wCAAwC,EAAE,MAAM,WAAW,CAAA"}

package/dist/types/types/index.d.ts

@@ -1,4 +1,5 @@
 import { CeremonyInputData, CircuitDocument, ETagWithPartNumber } from "@devtion/actions";
+import type { Groth16Proof, PublicSignals } from "snarkjs";
 /**
  * Group all the necessary data needed for running the `setupCeremony` cloud function.
  * @typedef {Object} SetupCeremonyData
@@ -127,4 +128,28 @@ export type FinalizeCircuitData = {
     bucketName: string;
     beacon: string;
 };
+/**
+ * Group all the necessary data needed for running the `bandadaValidateProof` cloud function.
+ * @typedef {Object} BandadaValidateProof
+ * @property {string} merkleTreeRoot - the merkle tree root of the group.
+ * @property {string} nullifierHash - the nullifier hash of the member.
+ * @property {string} externalNullifier - the external nullifier of the member.
+ * @property {PackedProof} proof - the packed proof generated on the client.
+ */
+export type BandadaValidateProof = {
+    proof: Groth16Proof;
+    publicSignals: PublicSignals;
+};
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean;
+    message: string;
+    token: string;
+};
 //# sourceMappingURL=index.d.ts.map

package/dist/types/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAExF;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC5B,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,EAAE,MAAM,CAAA;IACtB,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;CACnC,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC3B,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CACpB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,wBAAwB,GAAG,sBAAsB,GAAG;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GAAG,sBAAsB,GAAG;IAClE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,2BAA2B,GAAG,sBAAsB,GAAG;IAC/D,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IACzD,UAAU,EAAE,MAAM,CAAA;IAClB,2BAA2B,EAAE,MAAM,CAAA;IACnC,gBAAgB,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,kBAAkB,CAAA;CAC5B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,kCAAkC,EAAE,MAAM,CAAA;CAC7C,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACxF,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC5B,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,EAAE,MAAM,CAAA;IACtB,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;CACnC,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC3B,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CACpB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,wBAAwB,GAAG,sBAAsB,GAAG;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GAAG,sBAAsB,GAAG;IAClE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,2BAA2B,GAAG,sBAAsB,GAAG;IAC/D,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IACzD,UAAU,EAAE,MAAM,CAAA;IAClB,2BAA2B,EAAE,MAAM,CAAA;IACnC,gBAAgB,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,kBAAkB,CAAA;CAC5B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,kCAAkC,EAAE,MAAM,CAAA;CAC7C,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,oBAAoB,GAAG;IAC/B,KAAK,EAAE,YAAY,CAAA;IACnB,aAAa,EAAE,aAAa,CAAA;CAC/B,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IAClC,KAAK,EAAE,OAAO,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@devtion/backend",
-  "version": "0.0.0-56ecf35",
+  "version": "0.0.0-57a8ab9",
   "description": "MPC Phase 2 backend for Firebase services management",
   "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
   "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
@@ -67,6 +67,7 @@
     "@aws-sdk/client-ssm": "^3.357.0",
     "@aws-sdk/middleware-endpoint": "^3.329.0",
     "@aws-sdk/s3-request-presigner": "^3.329.0",
+    "@bandada/api-sdk": "^1.0.0-beta.1",
     "@devtion/actions": "latest",
     "blakejs": "^1.2.1",
     "dotenv": "^16.0.3",
@@ -76,7 +77,7 @@
     "html-entities": "^2.3.3",
     "rimraf": "^5.0.0",
     "rollup": "^3.21.6",
-    "snarkjs": "^0.6.11",
+    "snarkjs": "0.7.3",
     "solc": "^0.8.19",
     "timer-node": "^5.0.7",
     "uuid": "^9.0.0",
@@ -85,5 +86,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "7d72963a1027f3e86cecf40d3255f04cc74e4826"
+  "gitHead": "6bddf60f1121786c19ad4437e0448de4c859b829"
 }

package/src/functions/bandada.ts

@@ -0,0 +1,156 @@
+import dotenv from "dotenv"
+import * as functions from "firebase-functions"
+import { ApiSdk } from "@bandada/api-sdk"
+import { groth16 } from "snarkjs"
+import { getAuth } from "firebase-admin/auth"
+import { BandadaValidateProof, VerifiedBandadaResponse } from "../types/index"
+
+import admin from "firebase-admin"
+
+const VKEY_DATA = {
+    protocol: "groth16",
+    curve: "bn128",
+    nPublic: 3,
+    vk_alpha_1: [
+        "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+        "9383485363053290200918347156157836566562967994039712273449902621266178545958",
+        "1"
+    ],
+    vk_beta_2: [
+        [
+            "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+        ],
+        [
+            "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+        ],
+        ["1", "0"]
+    ],
+    vk_gamma_2: [
+        [
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+        ],
+        [
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+        ],
+        ["1", "0"]
+    ],
+    vk_delta_2: [
+        [
+            "3697618915467790705869942236922063775466274665053173890632463796679068973252",
+            "14948341351907992175709156460547989243732741534604949238422596319735704165658"
+        ],
+        [
+            "3028459181652799888716942141752307629938889957960373621898607910203491239368",
+            "11380736494786911280692284374675752681598754560757720296073023058533044108340"
+        ],
+        ["1", "0"]
+    ],
+    vk_alphabeta_12: [
+        [
+            [
+                "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+                "21072700047562757817161031222997517981543347628379360635925549008442030252106"
+            ],
+            [
+                "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+                "12156638873931618554171829126792193045421052652279363021382169897324752428276"
+            ],
+            [
+                "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+                "7074218545237549455313236346927434013100842096812539264420499035217050630853"
+            ]
+        ],
+        [
+            [
+                "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+                "10093483419865920389913245021038182291233451549023025229112148274109565435465"
+            ],
+            [
+                "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+                "19831328484489333784475432780421641293929726139240675179672856274388269393268"
+            ],
+            [
+                "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+                "8037395052364110730298837004334506829870972346962140206007064471173334027475"
+            ]
+        ]
+    ],
+    IC: [
+        [
+            "12951059800758687233303204819298121944551181861362200875212570257618182506154",
+            "5751958719396509176593242305268064754837298673622815112953832050159760501392",
+            "1"
+        ],
+        [
+            "9561588427935871983444704959674198910445823619407211599507208879011862515257",
+            "14576201570478094842467636169770180675293504492823217349086195663150934064643",
+            "1"
+        ],
+        [
+            "4811967233483727873912563574622036989372099129165459921963463310078093941559",
+            "1874883809855039536107616044787862082553628089593740724610117059083415551067",
+            "1"
+        ],
+        [
+            "12252730267779308452229639835051322390696643456253768618882001876621526827161",
+            "7899194018737016222260328309937800777948677569409898603827268776967707173231",
+            "1"
+        ]
+    ]
+}
+
+dotenv.config()
+
+const { BANDADA_API_URL, BANDADA_GROUP_ID } = process.env
+
+const bandadaApi = new ApiSdk(BANDADA_API_URL)
+
+export const bandadaValidateProof = functions
+    .region("europe-west1")
+    .runWith({
+        memory: "512MB"
+    })
+    .https.onCall(async (data: BandadaValidateProof): Promise<VerifiedBandadaResponse> => {
+        if (!BANDADA_GROUP_ID) throw new Error("BANDADA_GROUP_ID is not defined in .env")
+
+        const { proof, publicSignals } = data
+        const isCorrect = groth16.verify(VKEY_DATA, publicSignals, proof)
+        if (!isCorrect)
+            return {
+                valid: false,
+                message: "Invalid proof",
+                token: ""
+            }
+
+        const commitment = data.publicSignals[1]
+        const isMember = await bandadaApi.isGroupMember(BANDADA_GROUP_ID, commitment)
+        if (!isMember)
+            return {
+                valid: false,
+                message: "Not a member of the group",
+                token: ""
+            }
+        const auth = getAuth()
+        try {
+            await admin.auth().createUser({
+                uid: commitment
+            })
+        } catch (error: any) {
+            // if user already exist then just pass
+            if (error.code !== "auth/uid-already-exists") {
+                throw new Error(error)
+            }
+        }
+        const token = await auth.createCustomToken(commitment)
+        return {
+            valid: true,
+            message: "Valid proof and group member",
+            token
+        }
+    })
+
+export default bandadaValidateProof

package/src/functions/index.ts

@@ -31,6 +31,7 @@ export {
     generatePreSignedUrlsParts,
     completeMultiPartUpload
 } from "./storage"
+export { bandadaValidateProof } from "./bandada"
 export { checkAndRemoveBlockingContributor, resumeContributionAfterTimeoutExpiration } from "./timeout"
 
 admin.initializeApp()

package/src/functions/user.ts

@@ -55,7 +55,7 @@ export const registerAuthUser = functions
         ) {
             const auth = admin.auth()
             // if provider == github.com let's use our functions to check the user's reputation
-            if (user.providerData[0].providerId === "github.com") {
+            if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
                 const vars = getGitHubVariables()
 
                 // this return true or false
@@ -112,7 +112,7 @@ export const registerAuthUser = functions
             encodedDisplayName,
             // Metadata.
             creationTime,
-            lastSignInTime,
+            lastSignInTime: lastSignInTime || creationTime,
             // Optional.
             email: email || "",
             emailVerified: emailVerified || false,

package/src/types/declarations.d.ts

@@ -0,0 +1 @@
+declare module "@bandada/api-sdk"

package/src/types/index.ts

@@ -1,4 +1,5 @@
 import { CeremonyInputData, CircuitDocument, ETagWithPartNumber } from "@devtion/actions"
+import type { Groth16Proof, PublicSignals } from "snarkjs"
 
 /**
  * Group all the necessary data needed for running the `setupCeremony` cloud function.
@@ -138,3 +139,29 @@ export type FinalizeCircuitData = {
     bucketName: string
     beacon: string
 }
+
+/**
+ * Group all the necessary data needed for running the `bandadaValidateProof` cloud function.
+ * @typedef {Object} BandadaValidateProof
+ * @property {string} merkleTreeRoot - the merkle tree root of the group.
+ * @property {string} nullifierHash - the nullifier hash of the member.
+ * @property {string} externalNullifier - the external nullifier of the member.
+ * @property {PackedProof} proof - the packed proof generated on the client.
+ */
+export type BandadaValidateProof = {
+    proof: Groth16Proof
+    publicSignals: PublicSignals
+}
+
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean
+    message: string
+    token: string
+}