@devtion/backend 0.0.0-5d170d3 → 0.0.0-5fad82d

package/src/functions/storage.ts

@@ -20,7 +20,7 @@ import {
     ParticipantContributionStep,
     formatZkeyIndex,
     getZkeyStorageFilePath
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import { getCeremonyCircuits, getDocumentById } from "../lib/utils"
 import { COMMON_ERRORS, logAndThrowError, makeError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
 import { LogLevel } from "../types/enums"
@@ -134,7 +134,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName: string) => {
 export const createBucket = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: CreateBucketData, context: functions.https.CallableContext) => {
         // Check if the user has the coordinator claim.
@@ -193,8 +193,10 @@ export const createBucket = functions
                         CORSConfiguration: {
                             CORSRules: [
                                 {
-                                    AllowedMethods: ["GET"],
-                                    AllowedOrigins: ["*"]
+                                    AllowedMethods: ["GET", "PUT"],
+                                    AllowedOrigins: ["*"],
+                                    ExposeHeaders: ["ETag", "Content-Length"],
+                                    AllowedHeaders: ["*"]
                                 }
                             ]
                         }
@@ -236,7 +238,7 @@ export const createBucket = functions
 export const checkIfObjectExist = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: BucketAndObjectKeyData, context: functions.https.CallableContext): Promise<boolean> => {
         // Check if the user has the coordinator claim.
@@ -292,7 +294,7 @@ export const checkIfObjectExist = functions
 export const generateGetObjectPreSignedUrl = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: BucketAndObjectKeyData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth) logAndThrowError(COMMON_ERRORS.CM_NOT_AUTHENTICATED)
@@ -339,7 +341,7 @@ export const generateGetObjectPreSignedUrl = functions
 export const startMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "2GB"
     })
     .https.onCall(async (data: StartMultiPartUploadData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -407,7 +409,8 @@ export const startMultiPartUpload = functions
 export const generatePreSignedUrlsParts = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB",
+        timeoutSeconds: 300
     })
     .https.onCall(
         async (
@@ -484,7 +487,7 @@ export const generatePreSignedUrlsParts = functions
 export const completeMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "2GB"
     })
     .https.onCall(async (data: CompleteMultiPartUploadData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))

package/src/functions/timeout.ts

@@ -9,7 +9,7 @@ import {
     ParticipantStatus,
     getTimeoutsCollectionPath,
     commonTerms
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import {
     getCeremonyCircuits,
     getCurrentServerTimestampInMillis,
@@ -42,7 +42,7 @@ dotenv.config()
 export const checkAndRemoveBlockingContributor = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -64,7 +64,7 @@ export const checkAndRemoveBlockingContributor = functions
                 const circuits = await getCeremonyCircuits(ceremony.id)
 
                 // Extract ceremony data.
-                const { timeoutMechanismType, penalty } = ceremony.data()!
+                const { timeoutType: timeoutMechanismType, penalty } = ceremony.data()!
 
                 for (const circuit of circuits) {
                     if (!circuit.data())
@@ -144,7 +144,8 @@ export const checkAndRemoveBlockingContributor = functions
                                     timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                     (contributionStep === ParticipantContributionStep.DOWNLOADING ||
                                         contributionStep === ParticipantContributionStep.COMPUTING ||
-                                        contributionStep === ParticipantContributionStep.UPLOADING)
+                                        contributionStep === ParticipantContributionStep.UPLOADING ||
+                                        contributionStep === ParticipantContributionStep.COMPLETED)
                                 )
                                     timeoutType = TimeoutType.BLOCKING_CONTRIBUTION
 
@@ -174,7 +175,7 @@ export const checkAndRemoveBlockingContributor = functions
                                     const batch = firestore.batch()
 
                                     // Remove current contributor from waiting queue.
-                                    contributors.shift(1)
+                                    contributors.shift()
 
                                     // Check if someone else is ready to start the contribution.
                                     if (contributors.length > 0) {
@@ -253,7 +254,7 @@ export const checkAndRemoveBlockingContributor = functions
 export const resumeContributionAfterTimeoutExpiration = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<void> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -281,7 +282,8 @@ export const resumeContributionAfterTimeoutExpiration = functions
         if (status === ParticipantStatus.EXHUMED)
             await participantDoc.ref.update({
                 status: ParticipantStatus.READY,
-                lastUpdated: getCurrentServerTimestampInMillis()
+                lastUpdated: getCurrentServerTimestampInMillis(),
+                tempContributionData: {}
             })
         else logAndThrowError(SPECIFIC_ERRORS.SE_CONTRIBUTE_CANNOT_PROGRESS_TO_NEXT_CIRCUIT)
 

package/src/functions/user.ts

@@ -2,7 +2,7 @@ import * as functions from "firebase-functions"
 import { UserRecord } from "firebase-functions/v1/auth"
 import admin from "firebase-admin"
 import dotenv from "dotenv"
-import { commonTerms, githubReputation } from "@p0tion/actions"
+import { commonTerms, githubReputation } from "@devtion/actions"
 import { encode } from "html-entities"
 import { getGitHubVariables, getCurrentServerTimestampInMillis } from "../lib/utils"
 import { logAndThrowError, makeError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
@@ -18,7 +18,7 @@ dotenv.config()
 export const registerAuthUser = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .auth.user()
     .onCreate(async (user: UserRecord) => {
@@ -40,8 +40,12 @@ export const registerAuthUser = functions
         const { uid } = user
         // Reference to a document using uid.
         const userRef = firestore.collection(commonTerms.collections.users.name).doc(uid)
-        // html encode the display name
-        const encodedDisplayName = encode(displayName)
+        // html encode the display name (or put the ID if the name is not displayed)
+        const encodedDisplayName =
+            user.displayName === "Null" || user.displayName === null ? user.uid : encode(displayName)
+
+        // store the avatar URL of a contributor
+        let avatarUrl: string = ""
         // we only do reputation check if the user is not a coordinator
         if (
             !(
@@ -51,18 +55,19 @@ export const registerAuthUser = functions
         ) {
             const auth = admin.auth()
             // if provider == github.com let's use our functions to check the user's reputation
-            if (user.providerData[0].providerId === "github.com") {
+            if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
                 const vars = getGitHubVariables()
 
                 // this return true or false
                 try {
-                    const res = await githubReputation(
+                    const { reputable, avatarUrl: avatarURL } = await githubReputation(
                         user.providerData[0].uid,
                         vars.minimumFollowing,
                         vars.minimumFollowers,
-                        vars.minimumPublicRepos
+                        vars.minimumPublicRepos,
+                        vars.minimumAge
                     )
-                    if (!res) {
+                    if (!reputable) {
                         // Delete user
                         await auth.deleteUser(user.uid)
                         // Throw error
@@ -70,11 +75,22 @@ export const registerAuthUser = functions
                             makeError(
                                 "permission-denied",
                                 "The user is not allowed to sign up because their Github reputation is not high enough.",
-                                `The user ${user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`
+                                `The user ${
+                                    user.displayName === "Null" || user.displayName === null
+                                        ? user.uid
+                                        : user.displayName
+                                } is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`
                             )
                         )
                     }
-                    printLog(`Github reputation check passed for user ${user.displayName}`, LogLevel.DEBUG)
+                    // store locally
+                    avatarUrl = avatarURL
+                    printLog(
+                        `Github reputation check passed for user ${
+                            user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName
+                        }`,
+                        LogLevel.DEBUG
+                    )
                 } catch (error: any) {
                     // Delete user
                     await auth.deleteUser(user.uid)
@@ -89,19 +105,28 @@ export const registerAuthUser = functions
             }
         }
         // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
+        // In future releases we might want to loop through the providerData array as we support
+        // more providers.
         await userRef.set({
             name: encodedDisplayName,
             encodedDisplayName,
             // Metadata.
             creationTime,
-            lastSignInTime,
+            lastSignInTime: lastSignInTime || creationTime,
             // Optional.
             email: email || "",
             emailVerified: emailVerified || false,
             photoURL: photoURL || "",
             lastUpdated: getCurrentServerTimestampInMillis()
         })
+
+        // we want to create a new collection for the users to store the avatars
+        const avatarRef = firestore.collection(commonTerms.collections.avatars.name).doc(uid)
+        await avatarRef.set({
+            avatarUrl: avatarUrl || ""
+        })
         printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)
+        printLog(`Authenticated user avatar with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)
     })
 /**
  * Set custom claims for role-based access control on the newly created user.
@@ -111,7 +136,7 @@ export const registerAuthUser = functions
 export const processSignUpWithCustomClaims = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .auth.user()
     .onCreate(async (user: UserRecord) => {

package/src/lib/errors.ts

@@ -7,7 +7,7 @@ import { LogLevel } from "../types/enums"
  * @notice the set of Firebase Functions status codes. The codes are the same at the
  * ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
  * @param errorCode <FunctionsErrorCode> - the set of possible error codes.
- * @param message <string> - the error messge.
+ * @param message <string> - the error message.
  * @param [details] <string> - the details of the error (optional).
  * @returns <HttpsError>
  */
@@ -184,6 +184,11 @@ export const SPECIFIC_ERRORS = {
         "unavailable",
         "VM command execution has been delayed since there were no available instance at the moment",
         "Please, contact the coordinator if this error persists."
+    ),
+    SE_VM_UNKNOWN_COMMAND_STATUS: makeError(
+        "unavailable",
+        "VM command execution has failed due to an unknown status code",
+        "Please, contact the coordinator if this error persists."
     )
 }
 

package/src/lib/services.ts

@@ -1,6 +1,11 @@
+import dotenv from "dotenv"
+import ethers from "ethers"
 import { S3Client } from "@aws-sdk/client-s3"
 import { COMMON_ERRORS, logAndThrowError } from "./errors"
 
+dotenv.config()
+let provider: ethers.providers.Provider
+
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -26,3 +31,34 @@ export const getS3Client = async (): Promise<S3Client> => {
         region: process.env.AWS_REGION!
     })
 }
+
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+export const setEthProvider = (): ethers.providers.Provider => {
+    if (provider) return provider
+    console.log(`setting new provider`)
+
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`)
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        })
+    } else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY!,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY!
+        })
+    }
+
+    return provider
+}

package/src/lib/utils.ts

@@ -10,7 +10,7 @@ import admin from "firebase-admin"
 import dotenv from "dotenv"
 import { DeleteObjectCommand, GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3"
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner"
-import { createWriteStream, fstat } from "node:fs"
+import { createWriteStream } from "node:fs"
 import { pipeline } from "node:stream"
 import { promisify } from "node:util"
 import { readFileSync } from "fs"
@@ -25,7 +25,7 @@ import {
     CeremonyState,
     finalContributionIndex,
     CircuitDocument
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import fetch from "@adobe/node-fetch-retry"
 import path from "path"
 import os from "os"
@@ -166,7 +166,7 @@ export const getCircuitDocumentByPosition = async (
     // Query for all ceremony circuits.
     const circuits = await getCeremonyCircuits(ceremonyId)
 
-    // Apply a filter using the sequence postion.
+    // Apply a filter using the sequence position.
     const matchedCircuits = circuits.filter(
         (circuit: DocumentData) => circuit.data().sequencePosition === sequencePosition
     )
@@ -217,7 +217,7 @@ export const downloadArtifactFromS3Bucket = async (bucketName: string, objectKey
     const streamPipeline = promisify(pipeline)
     await streamPipeline(response.body, writeStream)
 
-    writeStream.on('finish', () => {
+    writeStream.on("finish", () => {
         writeStream.end()
     })
 }
@@ -305,7 +305,7 @@ export const deleteObject = async (bucketName: string, objectKey: string) => {
 
     // Prepare command.
     const command = new DeleteObjectCommand({ Bucket: bucketName, Key: objectKey })
-    
+
     // Execute command.
     const data = await client.send(command)
 
@@ -385,14 +385,16 @@ export const getGitHubVariables = (): any => {
     if (
         !process.env.GITHUB_MINIMUM_FOLLOWERS ||
         !process.env.GITHUB_MINIMUM_FOLLOWING ||
-        !process.env.GITHUB_MINIMUM_PUBLIC_REPOS
+        !process.env.GITHUB_MINIMUM_PUBLIC_REPOS ||
+        !process.env.GITHUB_MINIMUM_AGE
     )
         logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION)
 
     return {
         minimumFollowers: Number(process.env.GITHUB_MINIMUM_FOLLOWERS),
         minimumFollowing: Number(process.env.GITHUB_MINIMUM_FOLLOWING),
-        minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS)
+        minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS),
+        minimumAge: Number(process.env.GITHUB_MINIMUM_AGE)
     }
 }
 
@@ -404,7 +406,7 @@ export const getAWSVariables = (): any => {
     if (
         !process.env.AWS_ACCESS_KEY_ID ||
         !process.env.AWS_SECRET_ACCESS_KEY ||
-        !process.env.AWS_ROLE_ARN ||
+        !process.env.AWS_INSTANCE_PROFILE_ARN ||
         !process.env.AWS_AMI_ID ||
         !process.env.AWS_SNS_TOPIC_ARN
     )
@@ -414,7 +416,7 @@ export const getAWSVariables = (): any => {
         accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
         secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
         region: process.env.AWS_REGION || "eu-central-1",
-        roleArn: process.env.AWS_ROLE_ARN!,
+        instanceProfileArn: process.env.AWS_INSTANCE_PROFILE_ARN!,
         amiId: process.env.AWS_AMI_ID!,
         snsTopic: process.env.AWS_SNS_TOPIC_ARN!
     }

package/src/types/declarations.d.ts

@@ -0,0 +1 @@
+declare module "@bandada/api-sdk"

package/src/types/index.ts

@@ -1,4 +1,5 @@
-import { CeremonyInputData, CircuitDocument, ETagWithPartNumber } from "@p0tion/actions"
+import { CeremonyInputData, CircuitDocument, ETagWithPartNumber } from "@devtion/actions"
+import type { Groth16Proof, PublicSignals } from "snarkjs"
 
 /**
  * Group all the necessary data needed for running the `setupCeremony` cloud function.
@@ -138,3 +139,62 @@ export type FinalizeCircuitData = {
     bucketName: string
     beacon: string
 }
+
+/**
+ * Group all the necessary data needed for running the `bandadaValidateProof` cloud function.
+ * @typedef {Object} BandadaValidateProof
+ * @property {string} merkleTreeRoot - the merkle tree root of the group.
+ * @property {string} nullifierHash - the nullifier hash of the member.
+ * @property {string} externalNullifier - the external nullifier of the member.
+ * @property {PackedProof} proof - the packed proof generated on the client.
+ */
+export type BandadaValidateProof = {
+    proof: Groth16Proof
+    publicSignals: PublicSignals
+}
+
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean
+    message: string
+    token: string
+}
+
+/**
+ * Define the check nonce object for the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressRequest
+ * @property {string} auth0Token - token from the device flow authentication
+ */
+export type CheckNonceOfSIWEAddressRequest = {
+    auth0Token: string
+}
+
+/**
+ * Define the check nonce response object of the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking result was valid or not
+ * @property {string} message - informative message
+ * @property {string} token - token to sign in
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean
+    message?: string
+    token?: string
+}
+/**
+ * Define the response from auth0 /userinfo endpoint
+ *
+ */
+export type Auth0UserInfo = {
+    sub: string
+    nickname: string
+    name: string
+    picture: string
+    updated_at: string
+}