@devtion/backend 0.0.0-57a8ab9 → 0.0.0-5fad82d

package/dist/src/functions/index.js

@@ -1,6 +1,6 @@
 /**
  * @module @p0tion/backend
- * @version 1.1.1
+ * @version 1.2.4
  * @file MPC Phase 2 backend for Firebase services management
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -27,6 +27,7 @@ var path = require('path');
 var os = require('os');
 var clientSsm = require('@aws-sdk/client-ssm');
 var clientEc2 = require('@aws-sdk/client-ec2');
+var ethers = require('ethers');
 var functionsV1 = require('firebase-functions/v1');
 var functionsV2 = require('firebase-functions/v2');
 var timerNode = require('timer-node');
@@ -166,6 +167,8 @@ const COMMON_ERRORS = {
     CM_INVALID_COMMAND_EXECUTION: makeError("unknown", "There was an error while executing the command on the VM", "Please, contact the coordinator if the error persists.")
 };
 
+dotenv.config();
+let provider;
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -188,6 +191,36 @@ const getS3Client = async () => {
         region: process.env.AWS_REGION
     });
 };
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+const setEthProvider = () => {
+    if (provider)
+        return provider;
+    console.log(`setting new provider`);
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`);
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        });
+    }
+    else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY
+        });
+    }
+    return provider;
+};
 
 dotenv.config();
 /**
@@ -526,7 +559,7 @@ dotenv.config();
 const registerAuthUser = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -613,7 +646,7 @@ const registerAuthUser = functions__namespace
 const processSignUpWithCustomClaims = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -654,7 +687,7 @@ dotenv.config();
 const startCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -676,7 +709,7 @@ const startCeremony = functions__namespace
 const stopCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -698,7 +731,7 @@ const stopCeremony = functions__namespace
 const setupCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -823,7 +856,7 @@ const initEmptyWaitingQueueForCircuit = functions__namespace
 const finalizeCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -899,7 +932,7 @@ dotenv.config();
 const checkParticipantForCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1003,7 +1036,7 @@ const checkParticipantForCeremony = functions__namespace
 const progressToNextCircuitForContribution = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1050,7 +1083,7 @@ const progressToNextCircuitForContribution = functions__namespace
 const progressToNextContributionStep = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1101,7 +1134,7 @@ const progressToNextContributionStep = functions__namespace
 const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1143,7 +1176,7 @@ const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
 const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1181,7 +1214,7 @@ const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
 const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1223,7 +1256,7 @@ const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
 const checkAndPrepareCoordinatorForFinalization = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -1463,7 +1496,7 @@ const waitForVMCommandExecution = (ssm, vmInstanceId, commandId) => new Promise(
 const coordinateCeremonyParticipant = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`${actions.commonTerms.collections.ceremonies.name}/{ceremonyId}/${actions.commonTerms.collections.participants.name}/{participantId}`)
     .onUpdate(async (participantChanges) => {
@@ -1863,7 +1896,7 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
 const refreshParticipantAfterContributionVerification = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`/${actions.commonTerms.collections.ceremonies.name}/{ceremony}/${actions.commonTerms.collections.circuits.name}/{circuit}/${actions.commonTerms.collections.contributions.name}/{contributions}`)
     .onCreate(async (createdContribution) => {
@@ -1924,7 +1957,7 @@ const refreshParticipantAfterContributionVerification = functionsV1__namespace
 const finalizeCircuit = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -2068,7 +2101,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName) => {
 const createBucket = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2158,7 +2191,7 @@ const createBucket = functions__namespace
 const checkIfObjectExist = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2204,7 +2237,7 @@ const checkIfObjectExist = functions__namespace
 const generateGetObjectPreSignedUrl = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth)
@@ -2244,7 +2277,7 @@ const generateGetObjectPreSignedUrl = functions__namespace
 const startMultiPartUpload = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2299,7 +2332,7 @@ const startMultiPartUpload = functions__namespace
 const generatePreSignedUrlsParts = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB",
+    memory: "1GB",
     timeoutSeconds: 300
 })
     .https.onCall(async (data, context) => {
@@ -2360,7 +2393,7 @@ const generatePreSignedUrlsParts = functions__namespace
 const completeMultiPartUpload = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2551,6 +2584,74 @@ const bandadaValidateProof = functions__namespace
     };
 });
 
+dotenv.config();
+const checkNonceOfSIWEAddress = functions__namespace
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data) => {
+    try {
+        const { auth0Token } = data;
+        const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+            method: "GET",
+            headers: {
+                "content-type": "application/json",
+                authorization: `Bearer ${auth0Token}`
+            }
+        }).then((_res) => _res.json()));
+        if (!result.sub) {
+            return {
+                valid: false,
+                message: "No user detected. Please check device flow token"
+            };
+        }
+        const auth$1 = auth.getAuth();
+        // check nonce
+        const parts = result.sub.split("|");
+        const address = decodeURIComponent(parts[2]).split(":")[2];
+        const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE);
+        const nonceBlockHeight = "latest"; // process.env.ETH_NONCE_BLOCK_HEIGHT
+        // look up nonce for address @block
+        let nonceOk = true;
+        if (minimumNonce > 0) {
+            const provider = setEthProvider();
+            console.log(`got provider - block # ${await provider.getBlockNumber()}`);
+            const nonce = await provider.getTransactionCount(address, nonceBlockHeight);
+            console.log(`nonce ${nonce}`);
+            nonceOk = nonce >= minimumNonce;
+        }
+        console.log(`checking nonce ${nonceOk}`);
+        if (!nonceOk) {
+            return {
+                valid: false,
+                message: "Eth address does not meet the nonce requirements"
+            };
+        }
+        try {
+            await admin.auth().createUser({
+                displayName: address,
+                uid: address
+            });
+        }
+        catch (error) {
+            // if user already exist then just pass
+            if (error.code !== "auth/uid-already-exists") {
+                throw new Error(error);
+            }
+        }
+        const token = await auth$1.createCustomToken(address);
+        return {
+            valid: true,
+            token
+        };
+    }
+    catch (error) {
+        return {
+            valid: false,
+            message: `Something went wrong ${error}`
+        };
+    }
+});
+
 dotenv.config();
 /**
  * Check and remove the current contributor if it doesn't complete the contribution on the specified amount of time.
@@ -2573,7 +2674,7 @@ dotenv.config();
 const checkAndRemoveBlockingContributor = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -2642,7 +2743,8 @@ const checkAndRemoveBlockingContributor = functions__namespace
                             if (timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                 (contributionStep === "DOWNLOADING" /* ParticipantContributionStep.DOWNLOADING */ ||
                                     contributionStep === "COMPUTING" /* ParticipantContributionStep.COMPUTING */ ||
-                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */))
+                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */ ||
+                                    contributionStep === "COMPLETED" /* ParticipantContributionStep.COMPLETED */))
                                 timeoutType = "BLOCKING_CONTRIBUTION" /* TimeoutType.BLOCKING_CONTRIBUTION */;
                             if (timeoutExpirationDateInMsForVerificationCloudFunction > 0 &&
                                 timeoutExpirationDateInMsForVerificationCloudFunction < currentServerTimestamp &&
@@ -2719,7 +2821,7 @@ const checkAndRemoveBlockingContributor = functions__namespace
 const resumeContributionAfterTimeoutExpiration = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2756,6 +2858,7 @@ exports.bandadaValidateProof = bandadaValidateProof;
 exports.checkAndPrepareCoordinatorForFinalization = checkAndPrepareCoordinatorForFinalization;
 exports.checkAndRemoveBlockingContributor = checkAndRemoveBlockingContributor;
 exports.checkIfObjectExist = checkIfObjectExist;
+exports.checkNonceOfSIWEAddress = checkNonceOfSIWEAddress;
 exports.checkParticipantForCeremony = checkParticipantForCeremony;
 exports.completeMultiPartUpload = completeMultiPartUpload;
 exports.coordinateCeremonyParticipant = coordinateCeremonyParticipant;

package/dist/src/functions/index.mjs

@@ -1,6 +1,6 @@
 /**
  * @module @p0tion/backend
- * @version 1.1.1
+ * @version 1.2.4
  * @file MPC Phase 2 backend for Firebase services management
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -25,6 +25,7 @@ import path from 'path';
 import os from 'os';
 import { SSMClient, CommandInvocationStatus } from '@aws-sdk/client-ssm';
 import { EC2Client } from '@aws-sdk/client-ec2';
+import ethers from 'ethers';
 import * as functionsV1 from 'firebase-functions/v1';
 import * as functionsV2 from 'firebase-functions/v2';
 import { Timer } from 'timer-node';
@@ -143,6 +144,8 @@ const COMMON_ERRORS = {
     CM_INVALID_COMMAND_EXECUTION: makeError("unknown", "There was an error while executing the command on the VM", "Please, contact the coordinator if the error persists.")
 };
 
+dotenv.config();
+let provider;
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -165,6 +168,36 @@ const getS3Client = async () => {
         region: process.env.AWS_REGION
     });
 };
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+const setEthProvider = () => {
+    if (provider)
+        return provider;
+    console.log(`setting new provider`);
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`);
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        });
+    }
+    else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY
+        });
+    }
+    return provider;
+};
 
 dotenv.config();
 /**
@@ -503,7 +536,7 @@ dotenv.config();
 const registerAuthUser = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -590,7 +623,7 @@ const registerAuthUser = functions
 const processSignUpWithCustomClaims = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -631,7 +664,7 @@ dotenv.config();
 const startCeremony = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -653,7 +686,7 @@ const startCeremony = functions
 const stopCeremony = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -675,7 +708,7 @@ const stopCeremony = functions
 const setupCeremony = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -800,7 +833,7 @@ const initEmptyWaitingQueueForCircuit = functions
 const finalizeCeremony = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -876,7 +909,7 @@ dotenv.config();
 const checkParticipantForCeremony = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -980,7 +1013,7 @@ const checkParticipantForCeremony = functions
 const progressToNextCircuitForContribution = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1027,7 +1060,7 @@ const progressToNextCircuitForContribution = functions
 const progressToNextContributionStep = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1078,7 +1111,7 @@ const progressToNextContributionStep = functions
 const permanentlyStoreCurrentContributionTimeAndHash = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1120,7 +1153,7 @@ const permanentlyStoreCurrentContributionTimeAndHash = functions
 const temporaryStoreCurrentContributionMultiPartUploadId = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1158,7 +1191,7 @@ const temporaryStoreCurrentContributionMultiPartUploadId = functions
 const temporaryStoreCurrentContributionUploadedChunkData = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1200,7 +1233,7 @@ const temporaryStoreCurrentContributionUploadedChunkData = functions
 const checkAndPrepareCoordinatorForFinalization = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -1440,7 +1473,7 @@ const waitForVMCommandExecution = (ssm, vmInstanceId, commandId) => new Promise(
 const coordinateCeremonyParticipant = functionsV1
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`${commonTerms.collections.ceremonies.name}/{ceremonyId}/${commonTerms.collections.participants.name}/{participantId}`)
     .onUpdate(async (participantChanges) => {
@@ -1840,7 +1873,7 @@ const verifycontribution = functionsV2.https.onCall({ memory: "16GiB", timeoutSe
 const refreshParticipantAfterContributionVerification = functionsV1
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`/${commonTerms.collections.ceremonies.name}/{ceremony}/${commonTerms.collections.circuits.name}/{circuit}/${commonTerms.collections.contributions.name}/{contributions}`)
     .onCreate(async (createdContribution) => {
@@ -1901,7 +1934,7 @@ const refreshParticipantAfterContributionVerification = functionsV1
 const finalizeCircuit = functionsV1
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -2045,7 +2078,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName) => {
 const createBucket = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2135,7 +2168,7 @@ const createBucket = functions
 const checkIfObjectExist = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2181,7 +2214,7 @@ const checkIfObjectExist = functions
 const generateGetObjectPreSignedUrl = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth)
@@ -2221,7 +2254,7 @@ const generateGetObjectPreSignedUrl = functions
 const startMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2276,7 +2309,7 @@ const startMultiPartUpload = functions
 const generatePreSignedUrlsParts = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB",
+    memory: "1GB",
     timeoutSeconds: 300
 })
     .https.onCall(async (data, context) => {
@@ -2337,7 +2370,7 @@ const generatePreSignedUrlsParts = functions
 const completeMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2528,6 +2561,74 @@ const bandadaValidateProof = functions
     };
 });
 
+dotenv.config();
+const checkNonceOfSIWEAddress = functions
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data) => {
+    try {
+        const { auth0Token } = data;
+        const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+            method: "GET",
+            headers: {
+                "content-type": "application/json",
+                authorization: `Bearer ${auth0Token}`
+            }
+        }).then((_res) => _res.json()));
+        if (!result.sub) {
+            return {
+                valid: false,
+                message: "No user detected. Please check device flow token"
+            };
+        }
+        const auth = getAuth();
+        // check nonce
+        const parts = result.sub.split("|");
+        const address = decodeURIComponent(parts[2]).split(":")[2];
+        const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE);
+        const nonceBlockHeight = "latest"; // process.env.ETH_NONCE_BLOCK_HEIGHT
+        // look up nonce for address @block
+        let nonceOk = true;
+        if (minimumNonce > 0) {
+            const provider = setEthProvider();
+            console.log(`got provider - block # ${await provider.getBlockNumber()}`);
+            const nonce = await provider.getTransactionCount(address, nonceBlockHeight);
+            console.log(`nonce ${nonce}`);
+            nonceOk = nonce >= minimumNonce;
+        }
+        console.log(`checking nonce ${nonceOk}`);
+        if (!nonceOk) {
+            return {
+                valid: false,
+                message: "Eth address does not meet the nonce requirements"
+            };
+        }
+        try {
+            await admin.auth().createUser({
+                displayName: address,
+                uid: address
+            });
+        }
+        catch (error) {
+            // if user already exist then just pass
+            if (error.code !== "auth/uid-already-exists") {
+                throw new Error(error);
+            }
+        }
+        const token = await auth.createCustomToken(address);
+        return {
+            valid: true,
+            token
+        };
+    }
+    catch (error) {
+        return {
+            valid: false,
+            message: `Something went wrong ${error}`
+        };
+    }
+});
+
 dotenv.config();
 /**
  * Check and remove the current contributor if it doesn't complete the contribution on the specified amount of time.
@@ -2550,7 +2651,7 @@ dotenv.config();
 const checkAndRemoveBlockingContributor = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -2619,7 +2720,8 @@ const checkAndRemoveBlockingContributor = functions
                             if (timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                 (contributionStep === "DOWNLOADING" /* ParticipantContributionStep.DOWNLOADING */ ||
                                     contributionStep === "COMPUTING" /* ParticipantContributionStep.COMPUTING */ ||
-                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */))
+                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */ ||
+                                    contributionStep === "COMPLETED" /* ParticipantContributionStep.COMPLETED */))
                                 timeoutType = "BLOCKING_CONTRIBUTION" /* TimeoutType.BLOCKING_CONTRIBUTION */;
                             if (timeoutExpirationDateInMsForVerificationCloudFunction > 0 &&
                                 timeoutExpirationDateInMsForVerificationCloudFunction < currentServerTimestamp &&
@@ -2696,7 +2798,7 @@ const checkAndRemoveBlockingContributor = functions
 const resumeContributionAfterTimeoutExpiration = functions
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2729,4 +2831,4 @@ const resumeContributionAfterTimeoutExpiration = functions
 
 admin.initializeApp();
 
-export { bandadaValidateProof, checkAndPrepareCoordinatorForFinalization, checkAndRemoveBlockingContributor, checkIfObjectExist, checkParticipantForCeremony, completeMultiPartUpload, coordinateCeremonyParticipant, createBucket, finalizeCeremony, finalizeCircuit, generateGetObjectPreSignedUrl, generatePreSignedUrlsParts, initEmptyWaitingQueueForCircuit, permanentlyStoreCurrentContributionTimeAndHash, processSignUpWithCustomClaims, progressToNextCircuitForContribution, progressToNextContributionStep, refreshParticipantAfterContributionVerification, registerAuthUser, resumeContributionAfterTimeoutExpiration, setupCeremony, startCeremony, startMultiPartUpload, stopCeremony, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, verifycontribution };
+export { bandadaValidateProof, checkAndPrepareCoordinatorForFinalization, checkAndRemoveBlockingContributor, checkIfObjectExist, checkNonceOfSIWEAddress, checkParticipantForCeremony, completeMultiPartUpload, coordinateCeremonyParticipant, createBucket, finalizeCeremony, finalizeCircuit, generateGetObjectPreSignedUrl, generatePreSignedUrlsParts, initEmptyWaitingQueueForCircuit, permanentlyStoreCurrentContributionTimeAndHash, processSignUpWithCustomClaims, progressToNextCircuitForContribution, progressToNextContributionStep, refreshParticipantAfterContributionVerification, registerAuthUser, resumeContributionAfterTimeoutExpiration, setupCeremony, startCeremony, startMultiPartUpload, stopCeremony, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, verifycontribution };

package/dist/types/functions/bandada.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bandada.d.ts","sourceRoot":"","sources":["../../../src/functions/bandada.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AA8G/C,eAAO,MAAM,oBAAoB,mDA0C3B,CAAA;AAEN,eAAe,oBAAoB,CAAA"}
+{"version":3,"file":"bandada.d.ts","sourceRoot":"","sources":["../../../src/functions/bandada.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AA6G/C,eAAO,MAAM,oBAAoB,mDA0C3B,CAAA;AAEN,eAAe,oBAAoB,CAAA"}

package/dist/types/functions/index.d.ts

@@ -4,5 +4,6 @@ export { checkParticipantForCeremony, progressToNextContributionStep, permanentl
 export { coordinateCeremonyParticipant, verifycontribution, refreshParticipantAfterContributionVerification, finalizeCircuit } from "./circuit";
 export { createBucket, checkIfObjectExist, generateGetObjectPreSignedUrl, startMultiPartUpload, generatePreSignedUrlsParts, completeMultiPartUpload } from "./storage";
 export { bandadaValidateProof } from "./bandada";
+export { checkNonceOfSIWEAddress } from "./siwe";
 export { checkAndRemoveBlockingContributor, resumeContributionAfterTimeoutExpiration } from "./timeout";
 //# sourceMappingURL=index.d.ts.map

package/dist/types/functions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/functions/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,6BAA6B,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EACH,aAAa,EACb,YAAY,EACZ,aAAa,EACb,+BAA+B,EAC/B,gBAAgB,EACnB,MAAM,YAAY,CAAA;AACnB,OAAO,EACH,2BAA2B,EAC3B,8BAA8B,EAC9B,8CAA8C,EAC9C,kDAAkD,EAClD,kDAAkD,EAClD,oCAAoC,EACpC,yCAAyC,EAC5C,MAAM,eAAe,CAAA;AACtB,OAAO,EACH,6BAA6B,EAC7B,kBAAkB,EAClB,+CAA+C,EAC/C,eAAe,EAClB,MAAM,WAAW,CAAA;AAClB,OAAO,EACH,YAAY,EACZ,kBAAkB,EAClB,6BAA6B,EAC7B,oBAAoB,EACpB,0BAA0B,EAC1B,uBAAuB,EAC1B,MAAM,WAAW,CAAA;AAClB,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,EAAE,iCAAiC,EAAE,wCAAwC,EAAE,MAAM,WAAW,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/functions/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,6BAA6B,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EACH,aAAa,EACb,YAAY,EACZ,aAAa,EACb,+BAA+B,EAC/B,gBAAgB,EACnB,MAAM,YAAY,CAAA;AACnB,OAAO,EACH,2BAA2B,EAC3B,8BAA8B,EAC9B,8CAA8C,EAC9C,kDAAkD,EAClD,kDAAkD,EAClD,oCAAoC,EACpC,yCAAyC,EAC5C,MAAM,eAAe,CAAA;AACtB,OAAO,EACH,6BAA6B,EAC7B,kBAAkB,EAClB,+CAA+C,EAC/C,eAAe,EAClB,MAAM,WAAW,CAAA;AAClB,OAAO,EACH,YAAY,EACZ,kBAAkB,EAClB,6BAA6B,EAC7B,oBAAoB,EACpB,0BAA0B,EAC1B,uBAAuB,EAC1B,MAAM,WAAW,CAAA;AAClB,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,EAAE,uBAAuB,EAAE,MAAM,QAAQ,CAAA;AAChD,OAAO,EAAE,iCAAiC,EAAE,wCAAwC,EAAE,MAAM,WAAW,CAAA"}

package/dist/types/functions/siwe.d.ts

@@ -0,0 +1,4 @@
+import * as functions from "firebase-functions";
+export declare const checkNonceOfSIWEAddress: functions.HttpsFunction & functions.Runnable<any>;
+export default checkNonceOfSIWEAddress;
+//# sourceMappingURL=siwe.d.ts.map

package/dist/types/functions/siwe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"siwe.d.ts","sourceRoot":"","sources":["../../../src/functions/siwe.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAQ/C,eAAO,MAAM,uBAAuB,mDAgE9B,CAAA;AAEN,eAAe,uBAAuB,CAAA"}

package/dist/types/functions/timeout.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"timeout.d.ts","sourceRoot":"","sources":["../../../src/functions/timeout.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAuB/C;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,iCAAiC,kCA6MxC,CAAA;AAEN;;;GAGG;AACH,eAAO,MAAM,wCAAwC,mDA0C/C,CAAA"}
+{"version":3,"file":"timeout.d.ts","sourceRoot":"","sources":["../../../src/functions/timeout.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAuB/C;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,iCAAiC,kCA8MxC,CAAA;AAEN;;;GAGG;AACH,eAAO,MAAM,wCAAwC,mDA0C/C,CAAA"}

package/dist/types/lib/services.d.ts

@@ -1,3 +1,4 @@
+import ethers from "ethers";
 import { S3Client } from "@aws-sdk/client-s3";
 /**
  * Return a configured and connected instance of the AWS S3 client.
@@ -6,4 +7,10 @@ import { S3Client } from "@aws-sdk/client-s3";
  * @returns <Promise<S3Client>> - the instance of the connected S3 Client instance.
  */
 export declare const getS3Client: () => Promise<S3Client>;
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+export declare const setEthProvider: () => ethers.providers.Provider;
 //# sourceMappingURL=services.d.ts.map

package/dist/types/lib/services.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../../src/lib/services.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAG7C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,QAAa,QAAQ,QAAQ,CAkBpD,CAAA"}
+{"version":3,"file":"services.d.ts","sourceRoot":"","sources":["../../../src/lib/services.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAC3B,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAM7C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,QAAa,QAAQ,QAAQ,CAkBpD,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,cAAc,QAAO,OAAO,SAAS,CAAC,QAwBlD,CAAA"}

package/dist/types/types/index.d.ts

@@ -152,4 +152,35 @@ export type VerifiedBandadaResponse = {
     message: string;
     token: string;
 };
+/**
+ * Define the check nonce object for the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressRequest
+ * @property {string} auth0Token - token from the device flow authentication
+ */
+export type CheckNonceOfSIWEAddressRequest = {
+    auth0Token: string;
+};
+/**
+ * Define the check nonce response object of the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking result was valid or not
+ * @property {string} message - informative message
+ * @property {string} token - token to sign in
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean;
+    message?: string;
+    token?: string;
+};
+/**
+ * Define the response from auth0 /userinfo endpoint
+ *
+ */
+export type Auth0UserInfo = {
+    sub: string;
+    nickname: string;
+    name: string;
+    picture: string;
+    updated_at: string;
+};
 //# sourceMappingURL=index.d.ts.map

package/dist/types/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACxF,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC5B,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,EAAE,MAAM,CAAA;IACtB,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;CACnC,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC3B,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CACpB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,wBAAwB,GAAG,sBAAsB,GAAG;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GAAG,sBAAsB,GAAG;IAClE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,2BAA2B,GAAG,sBAAsB,GAAG;IAC/D,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IACzD,UAAU,EAAE,MAAM,CAAA;IAClB,2BAA2B,EAAE,MAAM,CAAA;IACnC,gBAAgB,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,kBAAkB,CAAA;CAC5B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,kCAAkC,EAAE,MAAM,CAAA;CAC7C,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,oBAAoB,GAAG;IAC/B,KAAK,EAAE,YAAY,CAAA;IACnB,aAAa,EAAE,aAAa,CAAA;CAC/B,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IAClC,KAAK,EAAE,OAAO,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACxF,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAE1D;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC5B,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,EAAE,MAAM,CAAA;IACtB,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;CACnC,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC3B,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CACpB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,wBAAwB,GAAG,sBAAsB,GAAG;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GAAG,sBAAsB,GAAG;IAClE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,2BAA2B,GAAG,sBAAsB,GAAG;IAC/D,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IACzD,UAAU,EAAE,MAAM,CAAA;IAClB,2BAA2B,EAAE,MAAM,CAAA;IACnC,gBAAgB,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,kBAAkB,CAAA;CAC5B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,kCAAkC,EAAE,MAAM,CAAA;CAC7C,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,oBAAoB,GAAG;IAC/B,KAAK,EAAE,YAAY,CAAA;IACnB,aAAa,EAAE,aAAa,CAAA;CAC/B,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IAClC,KAAK,EAAE,OAAO,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,8BAA8B,GAAG;IACzC,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC1C,KAAK,EAAE,OAAO,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAA;CACjB,CAAA;AACD;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG;IACxB,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@devtion/backend",
-  "version": "0.0.0-57a8ab9",
+  "version": "0.0.0-5fad82d",
   "description": "MPC Phase 2 backend for Firebase services management",
   "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
   "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
@@ -86,5 +86,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "6bddf60f1121786c19ad4437e0448de4c859b829"
+  "gitHead": "32fddd9a2d6199f1b0701cb4b8c3bc418660df31"
 }

package/src/functions/bandada.ts

@@ -3,9 +3,8 @@ import * as functions from "firebase-functions"
 import { ApiSdk } from "@bandada/api-sdk"
 import { groth16 } from "snarkjs"
 import { getAuth } from "firebase-admin/auth"
-import { BandadaValidateProof, VerifiedBandadaResponse } from "../types/index"
-
 import admin from "firebase-admin"
+import { BandadaValidateProof, VerifiedBandadaResponse } from "../types/index"
 
 const VKEY_DATA = {
     protocol: "groth16",

package/src/functions/ceremony.ts

@@ -46,7 +46,7 @@ dotenv.config()
 export const startCeremony = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -71,7 +71,7 @@ export const startCeremony = functions
 export const stopCeremony = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -96,7 +96,7 @@ export const stopCeremony = functions
 export const setupCeremony = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: SetupCeremonyData, context: functions.https.CallableContext): Promise<any> => {
         // Check if the user has the coordinator claim.
@@ -273,7 +273,7 @@ export const initEmptyWaitingQueueForCircuit = functions
 export const finalizeCeremony = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)

package/src/functions/circuit.ts

@@ -312,7 +312,7 @@ const waitForVMCommandExecution = (ssm: SSMClient, vmInstanceId: string, command
 export const coordinateCeremonyParticipant = functionsV1
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .firestore.document(
         `${commonTerms.collections.ceremonies.name}/{ceremonyId}/${commonTerms.collections.participants.name}/{participantId}`
@@ -883,7 +883,7 @@ export const verifycontribution = functionsV2.https.onCall(
 export const refreshParticipantAfterContributionVerification = functionsV1
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .firestore.document(
         `/${commonTerms.collections.ceremonies.name}/{ceremony}/${commonTerms.collections.circuits.name}/{circuit}/${commonTerms.collections.contributions.name}/{contributions}`
@@ -966,7 +966,7 @@ export const refreshParticipantAfterContributionVerification = functionsV1
 export const finalizeCircuit = functionsV1
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: FinalizeCircuitData, context: functionsV1.https.CallableContext) => {
         if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)

package/src/functions/index.ts

@@ -32,6 +32,7 @@ export {
     completeMultiPartUpload
 } from "./storage"
 export { bandadaValidateProof } from "./bandada"
+export { checkNonceOfSIWEAddress } from "./siwe"
 export { checkAndRemoveBlockingContributor, resumeContributionAfterTimeoutExpiration } from "./timeout"
 
 admin.initializeApp()

package/src/functions/participant.ts

@@ -46,7 +46,7 @@ dotenv.config()
 export const checkParticipantForCeremony = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext) => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -177,7 +177,7 @@ export const checkParticipantForCeremony = functions
 export const progressToNextCircuitForContribution = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<void> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -235,7 +235,7 @@ export const progressToNextCircuitForContribution = functions
 export const progressToNextContributionStep = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext) => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -298,7 +298,7 @@ export const progressToNextContributionStep = functions
 export const permanentlyStoreCurrentContributionTimeAndHash = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(
         async (data: PermanentlyStoreCurrentContributionTimeAndHash, context: functions.https.CallableContext) => {
@@ -357,7 +357,7 @@ export const permanentlyStoreCurrentContributionTimeAndHash = functions
 export const temporaryStoreCurrentContributionMultiPartUploadId = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(
         async (data: TemporaryStoreCurrentContributionMultiPartUploadId, context: functions.https.CallableContext) => {
@@ -411,7 +411,7 @@ export const temporaryStoreCurrentContributionMultiPartUploadId = functions
 export const temporaryStoreCurrentContributionUploadedChunkData = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(
         async (data: TemporaryStoreCurrentContributionUploadedChunkData, context: functions.https.CallableContext) => {
@@ -471,7 +471,7 @@ export const temporaryStoreCurrentContributionUploadedChunkData = functions
 export const checkAndPrepareCoordinatorForFinalization = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<boolean> => {
         if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)

package/src/functions/siwe.ts

@@ -0,0 +1,77 @@
+import dotenv from "dotenv"
+import fetch from "@adobe/node-fetch-retry"
+import * as functions from "firebase-functions"
+import { getAuth } from "firebase-admin/auth"
+import admin from "firebase-admin"
+import { Auth0UserInfo, CheckNonceOfSIWEAddressRequest, CheckNonceOfSIWEAddressResponse } from "../types"
+import { setEthProvider } from "../lib/services"
+
+dotenv.config()
+
+export const checkNonceOfSIWEAddress = functions
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data: CheckNonceOfSIWEAddressRequest): Promise<CheckNonceOfSIWEAddressResponse> => {
+        try {
+            const { auth0Token } = data
+            const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+                method: "GET",
+                headers: {
+                    "content-type": "application/json",
+                    authorization: `Bearer ${auth0Token}`
+                }
+            }).then((_res) => _res.json())) as Auth0UserInfo
+            if (!result.sub) {
+                return {
+                    valid: false,
+                    message: "No user detected. Please check device flow token"
+                }
+            }
+            const auth = getAuth()
+            // check nonce
+            const parts = result.sub.split("|")
+            const address = decodeURIComponent(parts[2]).split(":")[2]
+
+            const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE)
+            const nonceBlockHeight = "latest" // process.env.ETH_NONCE_BLOCK_HEIGHT
+            // look up nonce for address @block
+            let nonceOk = true
+            if (minimumNonce > 0) {
+                const provider = setEthProvider()
+                console.log(`got provider - block # ${await provider.getBlockNumber()}`)
+                const nonce = await provider.getTransactionCount(address, nonceBlockHeight)
+                console.log(`nonce ${nonce}`)
+                nonceOk = nonce >= minimumNonce
+            }
+            console.log(`checking nonce ${nonceOk}`)
+            if (!nonceOk) {
+                return {
+                    valid: false,
+                    message: "Eth address does not meet the nonce requirements"
+                }
+            }
+            try {
+                await admin.auth().createUser({
+                    displayName: address,
+                    uid: address
+                })
+            } catch (error: any) {
+                // if user already exist then just pass
+                if (error.code !== "auth/uid-already-exists") {
+                    throw new Error(error)
+                }
+            }
+            const token = await auth.createCustomToken(address)
+            return {
+                valid: true,
+                token
+            }
+        } catch (error) {
+            return {
+                valid: false,
+                message: `Something went wrong ${error}`
+            }
+        }
+    })
+
+export default checkNonceOfSIWEAddress

package/src/functions/storage.ts

@@ -134,7 +134,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName: string) => {
 export const createBucket = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: CreateBucketData, context: functions.https.CallableContext) => {
         // Check if the user has the coordinator claim.
@@ -238,7 +238,7 @@ export const createBucket = functions
 export const checkIfObjectExist = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: BucketAndObjectKeyData, context: functions.https.CallableContext): Promise<boolean> => {
         // Check if the user has the coordinator claim.
@@ -294,7 +294,7 @@ export const checkIfObjectExist = functions
 export const generateGetObjectPreSignedUrl = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: BucketAndObjectKeyData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth) logAndThrowError(COMMON_ERRORS.CM_NOT_AUTHENTICATED)
@@ -341,7 +341,7 @@ export const generateGetObjectPreSignedUrl = functions
 export const startMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "2GB"
     })
     .https.onCall(async (data: StartMultiPartUploadData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -409,7 +409,7 @@ export const startMultiPartUpload = functions
 export const generatePreSignedUrlsParts = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB",
+        memory: "1GB",
         timeoutSeconds: 300
     })
     .https.onCall(
@@ -487,7 +487,7 @@ export const generatePreSignedUrlsParts = functions
 export const completeMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "2GB"
     })
     .https.onCall(async (data: CompleteMultiPartUploadData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))

package/src/functions/timeout.ts

@@ -42,7 +42,7 @@ dotenv.config()
 export const checkAndRemoveBlockingContributor = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -144,7 +144,8 @@ export const checkAndRemoveBlockingContributor = functions
                                     timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                     (contributionStep === ParticipantContributionStep.DOWNLOADING ||
                                         contributionStep === ParticipantContributionStep.COMPUTING ||
-                                        contributionStep === ParticipantContributionStep.UPLOADING)
+                                        contributionStep === ParticipantContributionStep.UPLOADING ||
+                                        contributionStep === ParticipantContributionStep.COMPLETED)
                                 )
                                     timeoutType = TimeoutType.BLOCKING_CONTRIBUTION
 
@@ -253,7 +254,7 @@ export const checkAndRemoveBlockingContributor = functions
 export const resumeContributionAfterTimeoutExpiration = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<void> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))

package/src/functions/user.ts

@@ -18,7 +18,7 @@ dotenv.config()
 export const registerAuthUser = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .auth.user()
     .onCreate(async (user: UserRecord) => {
@@ -136,7 +136,7 @@ export const registerAuthUser = functions
 export const processSignUpWithCustomClaims = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .auth.user()
     .onCreate(async (user: UserRecord) => {

package/src/lib/services.ts

@@ -1,6 +1,11 @@
+import dotenv from "dotenv"
+import ethers from "ethers"
 import { S3Client } from "@aws-sdk/client-s3"
 import { COMMON_ERRORS, logAndThrowError } from "./errors"
 
+dotenv.config()
+let provider: ethers.providers.Provider
+
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -26,3 +31,34 @@ export const getS3Client = async (): Promise<S3Client> => {
         region: process.env.AWS_REGION!
     })
 }
+
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+export const setEthProvider = (): ethers.providers.Provider => {
+    if (provider) return provider
+    console.log(`setting new provider`)
+
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`)
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        })
+    } else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY!,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY!
+        })
+    }
+
+    return provider
+}

package/src/types/index.ts

@@ -165,3 +165,36 @@ export type VerifiedBandadaResponse = {
     message: string
     token: string
 }
+
+/**
+ * Define the check nonce object for the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressRequest
+ * @property {string} auth0Token - token from the device flow authentication
+ */
+export type CheckNonceOfSIWEAddressRequest = {
+    auth0Token: string
+}
+
+/**
+ * Define the check nonce response object of the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking result was valid or not
+ * @property {string} message - informative message
+ * @property {string} token - token to sign in
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean
+    message?: string
+    token?: string
+}
+/**
+ * Define the response from auth0 /userinfo endpoint
+ *
+ */
+export type Auth0UserInfo = {
+    sub: string
+    nickname: string
+    name: string
+    picture: string
+    updated_at: string
+}