@devtion/backend 0.0.0-5d170d3 → 0.0.0-671e653

package/src/functions/circuit.ts

@@ -37,12 +37,14 @@ import {
     createCustomLoggerForFile,
     retrieveCommandStatus,
     stopEC2Instance
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import { zKey } from "snarkjs"
 import { CommandInvocationStatus, SSMClient } from "@aws-sdk/client-ssm"
+import { EC2Client } from "@aws-sdk/client-ec2"
+import { HttpsError } from "firebase-functions/v2/https"
 import { FinalizeCircuitData, VerifyContributionData } from "../types/index"
 import { LogLevel } from "../types/enums"
-import { COMMON_ERRORS, logAndThrowError, makeError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
+import { COMMON_ERRORS, logAndThrowError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
 import {
     createEC2Client,
     createSSMClient,
@@ -57,7 +59,6 @@ import {
     sleep,
     uploadFileToBucket
 } from "../lib/utils"
-import { EC2Client } from "@aws-sdk/client-ec2"
 
 dotenv.config()
 
@@ -131,6 +132,7 @@ const coordinate = async (
 
             newParticipantStatus = ParticipantStatus.CONTRIBUTING
             newContributionStep = ParticipantContributionStep.DOWNLOADING
+            newCurrentContributorId = participant.id
         }
         // Scenario (B).
         else if (participantIsNotCurrentContributor) {
@@ -213,113 +215,80 @@ const coordinate = async (
  * Wait until the command has completed its execution inside the VM.
  * @dev this method implements a custom interval to check 5 times after 1 minute if the command execution
  * has been completed or not by calling the `retrieveCommandStatus` method.
- * @param {any} resolve the promise.
- * @param {any} reject the promise.
  * @param {SSMClient} ssm the SSM client.
  * @param {string} vmInstanceId the unique identifier of the VM instance.
  * @param {string} commandId the unique identifier of the VM command.
  * @returns <Promise<void>> true when the command execution succeed; otherwise false.
  */
-const waitForVMCommandExecution = (
-    resolve: any,
-    reject: any,
-    ssm: SSMClient,
-    vmInstanceId: string,
-    commandId: string
-) => {
-    const interval = setInterval(async () => {
-        try {
-            // Get command status.
-            const cmdStatus = await retrieveCommandStatus(ssm, vmInstanceId, commandId)
-            printLog(`Checking command ${commandId} status => ${cmdStatus}`, LogLevel.DEBUG)
-
-            if (cmdStatus === CommandInvocationStatus.SUCCESS) {
-                printLog(`Command ${commandId} successfully completed`, LogLevel.DEBUG)
-
-                // Resolve the promise.
-                resolve()
-            } else if (cmdStatus === CommandInvocationStatus.FAILED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_FAILED_COMMAND_EXECUTION)
-                reject()
-            } else if (cmdStatus === CommandInvocationStatus.TIMED_OUT) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_TIMEDOUT_COMMAND_EXECUTION)
-                reject()
-            } else if (cmdStatus === CommandInvocationStatus.CANCELLED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_CANCELLED_COMMAND_EXECUTION)
-                reject()
-            } else if (cmdStatus === CommandInvocationStatus.DELAYED) {
-                logAndThrowError(SPECIFIC_ERRORS.SE_VM_DELAYED_COMMAND_EXECUTION)
-                reject()
-            }
-        } catch (error: any) {
-            printLog(`Invalid command ${commandId} execution`, LogLevel.DEBUG)
+const waitForVMCommandExecution = (ssm: SSMClient, vmInstanceId: string, commandId: string): Promise<void> =>
+    new Promise((resolve, reject) => {
+        const poll = async () => {
+            try {
+                // Get command status.
+                const cmdStatus = await retrieveCommandStatus(ssm, vmInstanceId, commandId)
+                printLog(`Checking command ${commandId} status => ${cmdStatus}`, LogLevel.DEBUG)
+
+                let error: HttpsError | undefined
+                switch (cmdStatus) {
+                    case CommandInvocationStatus.CANCELLING:
+                    case CommandInvocationStatus.CANCELLED: {
+                        error = SPECIFIC_ERRORS.SE_VM_CANCELLED_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.DELAYED: {
+                        error = SPECIFIC_ERRORS.SE_VM_DELAYED_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.FAILED: {
+                        error = SPECIFIC_ERRORS.SE_VM_FAILED_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.TIMED_OUT: {
+                        error = SPECIFIC_ERRORS.SE_VM_TIMEDOUT_COMMAND_EXECUTION
+                        break
+                    }
+                    case CommandInvocationStatus.IN_PROGRESS:
+                    case CommandInvocationStatus.PENDING: {
+                        // wait a minute and poll again
+                        setTimeout(poll, 60000)
+                        return
+                    }
+                    case CommandInvocationStatus.SUCCESS: {
+                        printLog(`Command ${commandId} successfully completed`, LogLevel.DEBUG)
+
+                        // Resolve the promise.
+                        resolve()
+                        return
+                    }
+                    default: {
+                        logAndThrowError(SPECIFIC_ERRORS.SE_VM_UNKNOWN_COMMAND_STATUS)
+                    }
+                }
 
-            if (!error.toString().includes(commandId)) logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
+                if (error) {
+                    logAndThrowError(error)
+                }
+            } catch (error: any) {
+                printLog(`Invalid command ${commandId} execution`, LogLevel.DEBUG)
 
-            // Reject the promise.
-            reject()
-        } finally {
-            // Clear the interval.
-            clearInterval(interval)
-        }
-    }, 60000) // 1 minute.
-}
+                const ec2 = await createEC2Client()
 
-/**
- * Wait until the artifacts have been downloaded.
- * @param {any} resolve the promise.
- * @param {any} reject the promise.
- * @param {string} potTempFilePath the tmp path to the locally downloaded pot file.
- * @param {string} firstZkeyTempFilePath the tmp path to the locally downloaded first zkey file.
- * @param {string} lastZkeyTempFilePath the tmp path to the locally downloaded last zkey file. 
- */
-const waitForFileDownload = (
-    resolve: any,
-    reject: any,
-    potTempFilePath: string,
-    firstZkeyTempFilePath: string,
-    lastZkeyTempFilePath: string,
-    circuitId: string,
-    participantId: string 
-) => {
-    const maxWaitTime = 5 * 60 * 1000 // 5 minutes
-    // every second check if the file download was completed
-    const interval = setInterval(async () => {
-        printLog(`Verifying that the artifacts were downloaded for circuit ${circuitId} and participant ${participantId}`, LogLevel.DEBUG)
-        try {                            
-            // check if files have been downloaded
-            if (!fs.existsSync(potTempFilePath)) {
-                printLog(`Pot file not found at ${potTempFilePath}`, LogLevel.DEBUG)
-            }
-            if (!fs.existsSync(firstZkeyTempFilePath)) {
-                printLog(`First zkey file not found at ${firstZkeyTempFilePath}`, LogLevel.DEBUG)
-            }
-            if (!fs.existsSync(lastZkeyTempFilePath)) {
-                printLog(`Last zkey file not found at ${lastZkeyTempFilePath}`, LogLevel.DEBUG)
-            }
+                // if it errors out, let's just log it as a warning so the coordinator is aware
+                try {
+                    await stopEC2Instance(ec2, vmInstanceId)
+                } catch (error: any) {
+                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
+                }
+
+                if (!error.toString().includes(commandId)) logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
 
-            // if all files were downloaded
-            if (fs.existsSync(potTempFilePath) && fs.existsSync(firstZkeyTempFilePath) && fs.existsSync(lastZkeyTempFilePath)) {
-                printLog(`All required files are present on disk.`, LogLevel.INFO)
-                // resolve the promise
-                resolve()
+                // Reject the promise.
+                reject()
             }
-        } catch (error: any) {
-            // if we have an error then we print it as a warning and reject
-            printLog(`Error while downloading files: ${error}`, LogLevel.WARN)
-            reject()
-        } finally {
-            printLog(`Clearing the interval for file download. Circuit ${circuitId} and participant ${participantId}`, LogLevel.DEBUG)
-            clearInterval(interval)
         }
-    }, 5000)
 
-    // we want to clean in 5 minutes in case
-    setTimeout(() => {
-        clearInterval(interval)
-        reject(new Error('Timeout exceeded while waiting for files to be downloaded.'))
-    }, maxWaitTime)
-}
+        setTimeout(poll, 60000)
+    })
 
 /**
  * This method is used to coordinate the waiting queues of ceremony circuits.
@@ -341,7 +310,7 @@ const waitForFileDownload = (
  * - Just completed a contribution or all contributions for each circuit. If yes, coordinate (multi-participant scenario).
  */
 export const coordinateCeremonyParticipant = functionsV1
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -442,7 +411,6 @@ export const coordinateCeremonyParticipant = functionsV1
         }
     })
 
-
 /**
  * Recursive function to check whether an EC2 is in a running state
  * @notice required step to run commands
@@ -451,23 +419,18 @@ export const coordinateCeremonyParticipant = functionsV1
  * @param attempts <number> - how many times to retry before failing
  * @returns <Promise<boolean>> - whether the VM was started
  */
-const checkIfVMRunning = async (
-    ec2: EC2Client, 
-    vmInstanceId: string, 
-    attempts = 5
-    ): Promise<boolean> => {
+const checkIfVMRunning = async (ec2: EC2Client, vmInstanceId: string, attempts = 5): Promise<boolean> => {
     // if we tried 5 times, then throw an error
     if (attempts <= 0) logAndThrowError(SPECIFIC_ERRORS.SE_VM_NOT_RUNNING)
 
-    await sleep(60000); // Wait for 1 min
-    const isVMRunning = await checkIfRunning(ec2, vmInstanceId) 
+    await sleep(60000) // Wait for 1 min
+    const isVMRunning = await checkIfRunning(ec2, vmInstanceId)
 
     if (!isVMRunning) {
         printLog(`VM not running, ${attempts - 1} attempts remaining. Retrying in 1 minute...`, LogLevel.DEBUG)
-        return await checkIfVMRunning(ec2, vmInstanceId, attempts - 1)
-    } else {
-        return true
+        return checkIfVMRunning(ec2, vmInstanceId, attempts - 1)
     }
+    return true
 }
 
 /**
@@ -497,7 +460,7 @@ const checkIfVMRunning = async (
  * 2) Send all updates atomically to the Firestore database.
  */
 export const verifycontribution = functionsV2.https.onCall(
-    { memory: "16GiB", timeoutSeconds: 3600, region: 'europe-west1' },
+    { memory: "16GiB", timeoutSeconds: 3600, region: "europe-west1" },
     async (request: functionsV2.https.CallableRequest<VerifyContributionData>): Promise<any> => {
         if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
             logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER)
@@ -665,9 +628,6 @@ export const verifycontribution = functionsV2.https.onCall(
                         verificationTranscriptTemporaryLocalPath,
                         true
                     )
-
-                    // Stop VM instance.
-                    await stopEC2Instance(ec2, vmInstanceId)
                 } else {
                     // Upload verification transcript.
                     /// nb. do not use multi-part upload here due to small file size.
@@ -744,6 +704,17 @@ export const verifycontribution = functionsV2.https.onCall(
                 })
             }
 
+            // Stop VM instance
+            if (isUsingVM) {
+                // using try and catch as the VM stopping function can throw
+                // however we want to continue without stopping as the
+                // verification was valid, and inform the coordinator
+                try {
+                    await stopEC2Instance(ec2, vmInstanceId)
+                } catch (error: any) {
+                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
+                }
+            }
             // Step (1.A.4.C)
             if (!isFinalizing) {
                 // Step (1.A.4.C.1)
@@ -764,6 +735,8 @@ export const verifycontribution = functionsV2.https.onCall(
                         : verifyCloudFunctionTime
 
                 // Prepare tx to update circuit average contribution/verification time.
+                const updatedCircuitDoc = await getDocumentById(getCircuitsCollectionPath(ceremonyId), circuitId)
+                const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data()!
                 /// @dev this must happen only for valid contributions.
                 batch.update(circuitDoc.ref, {
                     avgTimings: {
@@ -776,7 +749,7 @@ export const verifycontribution = functionsV2.https.onCall(
                             : avgVerifyCloudFunctionTime
                     },
                     waitingQueue: {
-                        ...waitingQueue,
+                        ...updatedWaitingQueue,
                         completedContributions: isContributionValid
                             ? completedContributions + 1
                             : completedContributions,
@@ -835,9 +808,7 @@ export const verifycontribution = functionsV2.https.onCall(
                 printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG)
 
                 // Step (1.A.3.3).
-                return new Promise<void>((resolve, reject) =>
-                    waitForVMCommandExecution(resolve, reject, ssm, vmInstanceId, commandId)
-                )
+                return waitForVMCommandExecution(ssm, vmInstanceId, commandId)
                     .then(async () => {
                         // Command execution successfully completed.
                         printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG)
@@ -849,76 +820,57 @@ export const verifycontribution = functionsV2.https.onCall(
 
                         logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
                     })
-            } else {
-                // CF approach.
-                printLog(`CF mechanism`, LogLevel.DEBUG)
-
-                const potStoragePath = getPotStorageFilePath(files.potFilename)
-                const firstZkeyStoragePath = getZkeyStorageFilePath(prefix, `${prefix}_${genesisZkeyIndex}.zkey`)
-                // Prepare temporary file paths.
-                // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
-                verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(
-                    verificationTranscriptCompleteFilename
-                )
-                const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`)
-                const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`)
-                const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`)
-
-                // Create and populate transcript.
-                const transcriptLogger = createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath)
-                transcriptLogger.info(
-                    `${
-                        isFinalizing ? `Final verification` : `Verification`
-                    } transcript for ${prefix} circuit Phase 2 contribution.\n${
-                        isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`
-                    } (${contributorOrCoordinatorIdentifier})\n`
-                )
-
-                // Step (1.A.2).
-                await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath)
-                await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath)
-                await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath)
+            }
 
-                await sleep(6000)
+            // CF approach.
+            printLog(`CF mechanism`, LogLevel.DEBUG)
+
+            const potStoragePath = getPotStorageFilePath(files.potFilename)
+            const firstZkeyStoragePath = getZkeyStorageFilePath(prefix, `${prefix}_${genesisZkeyIndex}.zkey`)
+            // Prepare temporary file paths.
+            // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
+            verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename)
+            const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`)
+            const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`)
+            const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`)
+
+            // Create and populate transcript.
+            const transcriptLogger = createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath)
+            transcriptLogger.info(
+                `${
+                    isFinalizing ? `Final verification` : `Verification`
+                } transcript for ${prefix} circuit Phase 2 contribution.\n${
+                    isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`
+                } (${contributorOrCoordinatorIdentifier})\n`
+            )
 
-                // wait until the files are actually downloaded
-                return new Promise<void>((resolve, reject) => 
-                    waitForFileDownload(resolve, reject, potTempFilePath, firstZkeyTempFilePath, lastZkeyTempFilePath, circuitId, participantDoc.id)
-                )
-                    .then(async () => {
-                        printLog(`Downloads from AWS S3 bucket completed - ceremony ${ceremonyId} circuit ${circuitId}`, LogLevel.DEBUG)
-
-                        // Step (1.A.4).
-                        isContributionValid = await zKey.verifyFromInit(
-                            firstZkeyTempFilePath,
-                            potTempFilePath,
-                            lastZkeyTempFilePath,
-                            transcriptLogger
-                        )
-                        
-                        // Compute contribution hash.
-                        lastZkeyBlake2bHash = await blake512FromPath(lastZkeyTempFilePath)
-
-                        // Free resources by unlinking temporary folders.
-                        // Do not free-up verification transcript path here.
-                        try {
-                            fs.unlinkSync(potTempFilePath)
-                            fs.unlinkSync(firstZkeyTempFilePath)
-                            fs.unlinkSync(lastZkeyTempFilePath)
-                        } catch (error: any) {
-                            printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN)
-                        }  
+            // Step (1.A.2).
+            await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath)
+            await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath)
+            await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath)
 
-                        await completeVerification()
-                    })
-                    .catch((error: any) => {
-                        // Throw the new error
-                        const commonError = COMMON_ERRORS.CM_INVALID_REQUEST
-                        const additionalDetails = error.toString()
+            // Step (1.A.4).
+            isContributionValid = await zKey.verifyFromInit(
+                firstZkeyTempFilePath,
+                potTempFilePath,
+                lastZkeyTempFilePath,
+                transcriptLogger
+            )
 
-                        logAndThrowError(makeError(commonError.code, commonError.message, additionalDetails))
-                    })
+            // Compute contribution hash.
+            lastZkeyBlake2bHash = await blake512FromPath(lastZkeyTempFilePath)
+
+            // Free resources by unlinking temporary folders.
+            // Do not free-up verification transcript path here.
+            try {
+                fs.unlinkSync(potTempFilePath)
+                fs.unlinkSync(firstZkeyTempFilePath)
+                fs.unlinkSync(lastZkeyTempFilePath)
+            } catch (error: any) {
+                printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN)
             }
+
+            await completeVerification()
         }
     }
 )
@@ -929,7 +881,7 @@ export const verifycontribution = functionsV2.https.onCall(
  * this does not happen if the participant is actually the coordinator who is finalizing the ceremony.
  */
 export const refreshParticipantAfterContributionVerification = functionsV1
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -1012,7 +964,7 @@ export const refreshParticipantAfterContributionVerification = functionsV1
  * and verification key extracted from the circuit final contribution (as part of the ceremony finalization process).
  */
 export const finalizeCircuit = functionsV1
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })

package/src/functions/index.ts

@@ -31,6 +31,8 @@ export {
     generatePreSignedUrlsParts,
     completeMultiPartUpload
 } from "./storage"
+export { bandadaValidateProof } from "./bandada"
+export { checkNonceOfSIWEAddress } from "./siwe"
 export { checkAndRemoveBlockingContributor, resumeContributionAfterTimeoutExpiration } from "./timeout"
 
 admin.initializeApp()

package/src/functions/participant.ts

@@ -8,7 +8,7 @@ import {
     ParticipantContributionStep,
     getParticipantsCollectionPath,
     commonTerms
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import { FieldValue } from "firebase-admin/firestore"
 import {
     PermanentlyStoreCurrentContributionTimeAndHash,
@@ -44,7 +44,7 @@ dotenv.config()
  * @dev true when the participant can participate (1.A, 3.B, 1.D); otherwise false.
  */
 export const checkParticipantForCeremony = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -134,7 +134,7 @@ export const checkParticipantForCeremony = functions
                 participantDoc.ref.update({
                     status: ParticipantStatus.EXHUMED,
                     contributions,
-                    tempContributionData: tempContributionData ? tempContributionData : FieldValue.delete(),
+                    tempContributionData: tempContributionData || FieldValue.delete(),
                     contributionStep: ParticipantContributionStep.DOWNLOADING,
                     contributionStartedAt: 0,
                     verificationStartedAt: FieldValue.delete(),
@@ -175,7 +175,7 @@ export const checkParticipantForCeremony = functions
  * 2) the participant has just finished the contribution for a circuit (contributionProgress != 0 && status = CONTRIBUTED && contributionStep = COMPLETED).
  */
 export const progressToNextCircuitForContribution = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -233,7 +233,7 @@ export const progressToNextCircuitForContribution = functions
  * 5) Completed contribution computation and verification.
  */
 export const progressToNextContributionStep = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -296,7 +296,7 @@ export const progressToNextContributionStep = functions
  * @dev enable the current contributor to resume a contribution from where it had left off.
  */
 export const permanentlyStoreCurrentContributionTimeAndHash = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -355,7 +355,7 @@ export const permanentlyStoreCurrentContributionTimeAndHash = functions
  * @dev enable the current contributor to resume a multi-part upload from where it had left off.
  */
 export const temporaryStoreCurrentContributionMultiPartUploadId = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -409,7 +409,7 @@ export const temporaryStoreCurrentContributionMultiPartUploadId = functions
  * @dev enable the current contributor to resume a multi-part upload from where it had left off.
  */
 export const temporaryStoreCurrentContributionUploadedChunkData = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })
@@ -469,7 +469,7 @@ export const temporaryStoreCurrentContributionUploadedChunkData = functions
  * contributed to every selected ceremony circuits (= DONE).
  */
 export const checkAndPrepareCoordinatorForFinalization = functions
-    .region('europe-west1')
+    .region("europe-west1")
     .runWith({
         memory: "512MB"
     })

package/src/functions/siwe.ts

@@ -0,0 +1,77 @@
+import dotenv from "dotenv"
+import fetch from "@adobe/node-fetch-retry"
+import * as functions from "firebase-functions"
+import { getAuth } from "firebase-admin/auth"
+import admin from "firebase-admin"
+import { Auth0UserInfo, CheckNonceOfSIWEAddressRequest, CheckNonceOfSIWEAddressResponse } from "../types"
+import { setEthProvider } from "../lib/services"
+
+dotenv.config()
+
+export const checkNonceOfSIWEAddress = functions
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data: CheckNonceOfSIWEAddressRequest): Promise<CheckNonceOfSIWEAddressResponse> => {
+        try {
+            const { auth0Token } = data
+            const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+                method: "GET",
+                headers: {
+                    "content-type": "application/json",
+                    authorization: `Bearer ${auth0Token}`
+                }
+            }).then((_res) => _res.json())) as Auth0UserInfo
+            if (!result.sub) {
+                return {
+                    valid: false,
+                    message: "No user detected. Please check device flow token"
+                }
+            }
+            const auth = getAuth()
+            // check nonce
+            const parts = result.sub.split("|")
+            const address = decodeURIComponent(parts[2]).split("eip155:534352:")[1]
+
+            const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE)
+            const nonceBlockHeight = "latest" // process.env.ETH_NONCE_BLOCK_HEIGHT
+            // look up nonce for address @block
+            let nonceOk = true
+            if (minimumNonce > 0) {
+                const provider = setEthProvider()
+                console.log(`got provider - block # ${await provider.getBlockNumber()}`)
+                const nonce = await provider.getTransactionCount(address, nonceBlockHeight)
+                console.log(`nonce ${nonce}`)
+                nonceOk = nonce >= minimumNonce
+            }
+            console.log(`checking nonce ${nonceOk}`)
+            if (!nonceOk) {
+                return {
+                    valid: false,
+                    message: "Eth address does not meet the nonce requirements"
+                }
+            }
+            try {
+                await admin.auth().createUser({
+                    displayName: address,
+                    uid: address
+                })
+            } catch (error: any) {
+                // if user already exist then just pass
+                if (error.code !== "auth/uid-already-exists") {
+                    throw new Error(error)
+                }
+            }
+            const token = await auth.createCustomToken(address)
+            return {
+                valid: true,
+                token
+            }
+        } catch (error) {
+            return {
+                valid: false,
+                message: `Something went wrong ${error}`
+            }
+        }
+    })
+
+export default checkNonceOfSIWEAddress

package/src/functions/storage.ts

@@ -20,7 +20,7 @@ import {
     ParticipantContributionStep,
     formatZkeyIndex,
     getZkeyStorageFilePath
-} from "@p0tion/actions"
+} from "@devtion/actions"
 import { getCeremonyCircuits, getDocumentById } from "../lib/utils"
 import { COMMON_ERRORS, logAndThrowError, makeError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
 import { LogLevel } from "../types/enums"
@@ -193,8 +193,10 @@ export const createBucket = functions
                         CORSConfiguration: {
                             CORSRules: [
                                 {
-                                    AllowedMethods: ["GET"],
-                                    AllowedOrigins: ["*"]
+                                    AllowedMethods: ["GET", "PUT"],
+                                    AllowedOrigins: ["*"],
+                                    ExposeHeaders: ["ETag", "Content-Length"],
+                                    AllowedHeaders: ["*"]
                                 }
                             ]
                         }
@@ -407,7 +409,8 @@ export const startMultiPartUpload = functions
 export const generatePreSignedUrlsParts = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "512MB",
+        timeoutSeconds: 300
     })
     .https.onCall(
         async (