@devtion/backend 0.0.0-7e983e3

package/dist/types/types/index.d.ts

@@ -0,0 +1,130 @@
+import { CeremonyInputData, CircuitDocument, ETagWithPartNumber } from "@p0tion/actions";
+/**
+ * Group all the necessary data needed for running the `setupCeremony` cloud function.
+ * @typedef {Object} SetupCeremonyData
+ * @property {CeremonyInputData} ceremonyInputData - the necessary input data for setup a new ceremony.
+ * @property {string} ceremonyPrefix - the ceremony prefix.
+ * @property {Array<CircuitDocument>} circuits - the necessary input data for setup the related ceremony circuits.
+ */
+export type SetupCeremonyData = {
+    ceremonyInputData: CeremonyInputData;
+    ceremonyPrefix: string;
+    circuits: Array<CircuitDocument>;
+};
+/**
+ * Group all the necessary data needed for running the `createBucket` cloud function.
+ * @typedef {Object} CreateBucketData
+ * @property {string} bucketName - the name of the bucket.
+ */
+export type CreateBucketData = {
+    bucketName: string;
+};
+/**
+ * Group all the necessary data needed for running the `checkIfObjectExist` or `generateGetObjectPreSignedUrl` cloud functions.
+ * @typedef {Object} BucketAndObjectKeyData
+ * @property {string} bucketName - the name of the bucket.
+ * @property {string} objectKey - the unique key to identify the object inside the given AWS S3 bucket.
+ */
+export type BucketAndObjectKeyData = {
+    bucketName: string;
+    objectKey: string;
+};
+/**
+ * Group all the necessary data needed for running the `startMultiPartUpload` cloud function.
+ * @typedef {Object} StartMultiPartUploadData
+ * @property {string} bucketName - the name of the bucket.
+ * @property {string} objectKey - the unique key to identify the object inside the given AWS S3 bucket.
+ * @property {string} ceremonyId - the prefix of the ceremony.
+ */
+export type StartMultiPartUploadData = BucketAndObjectKeyData & {
+    ceremonyId?: string;
+};
+/**
+ * Group all the necessary data needed for running the `generatePreSignedUrlsParts` cloud function.
+ * @typedef {Object} GeneratePreSignedUrlsPartsData
+ * @property {string} bucketName - the name of the bucket.
+ * @property {string} objectKey - the unique key to identify the object inside the given AWS S3 bucket.
+ * @property {string} uploadId - the identifier of the initiated multi-part upload.
+ * @property {number} numberOfParts - the amount of chunks for which pre-signed urls are to be generated.
+ * @property {string} ceremonyId - the prefix of the ceremony.
+ */
+export type GeneratePreSignedUrlsPartsData = BucketAndObjectKeyData & {
+    uploadId: string;
+    numberOfParts: number;
+    ceremonyId?: string;
+};
+/**
+ * Group all the necessary data needed for running the `completeMultiPartUpload` cloud function.
+ * @typedef {Object} GeneratePreSignedUrlsPartsData
+ * @property {string} bucketName - the name of the bucket.
+ * @property {string} objectKey - the unique key to identify the object inside the given AWS S3 bucket.
+ * @property {string} uploadId - the identifier of the initiated multi-part upload.
+ * @property {Array<ETagWithPartNumber>} parts - the chunks of the file related to the multi-part upload.
+ * @property {string} [ceremonyId] - the unique identifier of the ceremony.
+ */
+export type CompleteMultiPartUploadData = BucketAndObjectKeyData & {
+    uploadId: string;
+    parts: Array<ETagWithPartNumber>;
+    ceremonyId?: string;
+};
+/**
+ * Group all the necessary data needed for running the `permanentlyStoreCurrentContributionTimeAndHash` cloud function.
+ * @typedef {Object} PermanentlyStoreCurrentContributionTimeAndHash
+ * @property {string} ceremonyId - the unique identifier of the ceremony.
+ * @property {number} contributionComputationTime - the time spent by the contributor to compute the contribution.
+ * @property {string} contributionHash - the hash of the contribution.
+ */
+export type PermanentlyStoreCurrentContributionTimeAndHash = {
+    ceremonyId: string;
+    contributionComputationTime: number;
+    contributionHash: string;
+};
+/**
+ * Group all the necessary data needed for running the `temporaryStoreCurrentContributionMultiPartUploadId` cloud function.
+ * @typedef {Object} TemporaryStoreCurrentContributionMultiPartUploadId
+ * @property {string} ceremonyId - the unique identifier of the ceremony.
+ * @property {number} uploadId - the unique identifier of the already started multi-part upload.
+ */
+export type TemporaryStoreCurrentContributionMultiPartUploadId = {
+    ceremonyId: string;
+    uploadId: string;
+};
+/**
+ * Group all the necessary data needed for running the `temporaryStoreCurrentContributionUploadedChunkData` cloud function.
+ * @typedef {Object} TemporaryStoreCurrentContributionUploadedChunkData
+ * @property {string} ceremonyId - the unique identifier of the ceremony.
+ * @property {number} uploadId - the unique identifier of the already started multi-part upload.
+ */
+export type TemporaryStoreCurrentContributionUploadedChunkData = {
+    ceremonyId: string;
+    chunk: ETagWithPartNumber;
+};
+/**
+ * Group all the necessary data needed for running the `verifycontribution` cloud function.
+ * @typedef {Object} VerifyContributionData
+ * @property {string} ceremonyId - the unique identifier of the ceremony.
+ * @property {string} circuitId - the unique identifier of the circuit.
+ * @property {string} bucketName - the name of the bucket.
+ * @property {string} contributorOrCoordinatorIdentifier - the identifier of the contributor or coordinator (only when finalizing).
+ */
+export type VerifyContributionData = {
+    ceremonyId: string;
+    circuitId: string;
+    bucketName: string;
+    contributorOrCoordinatorIdentifier: string;
+};
+/**
+ * Group all the necessary data needed for running the `finalizeCircuit` cloud function.
+ * @typedef {Object} FinalizeCircuitData
+ * @property {string} ceremonyId - the unique identifier of the ceremony.
+ * @property {string} circuitId - the unique identifier of the circuit.
+ * @property {string} bucketName - the name of the bucket.
+ * @property {string} beacon - the value used to compute the final contribution while finalizing the ceremony.
+ */
+export type FinalizeCircuitData = {
+    ceremonyId: string;
+    circuitId: string;
+    bucketName: string;
+    beacon: string;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/types/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAExF;;;;;;GAMG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC5B,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,EAAE,MAAM,CAAA;IACtB,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;CACnC,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC3B,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;CACpB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,wBAAwB,GAAG,sBAAsB,GAAG;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,8BAA8B,GAAG,sBAAsB,GAAG;IAClE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,2BAA2B,GAAG,sBAAsB,GAAG;IAC/D,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,KAAK,CAAC,kBAAkB,CAAC,CAAA;IAChC,UAAU,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IACzD,UAAU,EAAE,MAAM,CAAA;IAClB,2BAA2B,EAAE,MAAM,CAAA;IACnC,gBAAgB,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,kDAAkD,GAAG;IAC7D,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,kBAAkB,CAAA;CAC5B,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,kCAAkC,EAAE,MAAM,CAAA;CAC7C,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAC9B,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,MAAM,CAAA;CACjB,CAAA"}

package/package.json

@@ -0,0 +1,89 @@
+{
+  "name": "@devtion/backend",
+  "version": "0.0.0-7e983e3",
+  "description": "MPC Phase 2 backend for Firebase services management",
+  "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
+  "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
+  "bugs": "https://github.com/privacy-scaling-explorations/p0tion/issues",
+  "license": "MIT",
+  "main": "./dist/src/functions/index.js",
+  "exports": {
+    "import": "./dist/src/functions/index.mjs",
+    "require": "./dist/src/functions/index.js"
+  },
+  "types": "dist/types/types/index.d.ts",
+  "engines": {
+    "node": "16"
+  },
+  "files": [
+    "dist/",
+    "src/",
+    "test/",
+    "README.md"
+  ],
+  "keywords": [
+    "typescript",
+    "zero-knowledge",
+    "zk-snarks",
+    "phase-2",
+    "trusted-setup",
+    "ceremony",
+    "snarkjs",
+    "circom"
+  ],
+  "scripts": {
+    "build": "rimraf dist && rollup -c rollup.config.ts --configPlugin typescript",
+    "build:watch": "rollup -c rollup.config.ts -w --configPlugin typescript",
+    "firebase:login": "firebase login",
+    "firebase:logout": "firebase logout",
+    "firebase:init": "firebase init",
+    "firebase:deploy": "yarn firestore:get-indexes && firebase deploy --project prod",
+    "firebase:deploy-functions": "firebase deploy --only functions --project prod",
+    "firebase:deploy-firestore": "yarn firestore:get-indexes && firebase deploy --only firestore --project prod",
+    "firebase:log-functions": "firebase functions:log --project prod",
+    "firestore:get-indexes": "firebase firestore:indexes --project prod > firestore.indexes.json",
+    "emulator:serve": "yarn build && firebase emulators:start",
+    "emulator:serve-functions": "yarn build && firebase emulators:start --only functions",
+    "emulator:shell": "yarn build && firebase functions:shell",
+    "emulator:exec-test": "firebase --project dev emulators:exec \"yarn test:emulator\"",
+    "test:emulator": "jest --config=../../jest.json --detectOpenHandles --forceExit --coverage=false --watchAll=false --no-cache",
+    "docs": "typedoc src/**/*.ts --out ../../docs/backend"
+  },
+  "devDependencies": {
+    "@firebase/rules-unit-testing": "^2.0.7",
+    "@types/rollup-plugin-auto-external": "^2.0.2",
+    "@types/uuid": "^9.0.1",
+    "firebase-functions-test": "^3.1.0",
+    "firebase-tools": "^12.0.0",
+    "rollup-plugin-auto-external": "^2.0.0",
+    "rollup-plugin-cleanup": "^3.2.1",
+    "rollup-plugin-typescript2": "^0.34.1",
+    "typescript": "^5.0.4"
+  },
+  "dependencies": {
+    "@adobe/node-fetch-retry": "^2.2.0",
+    "@aws-sdk/client-ec2": "^3.357.0",
+    "@aws-sdk/client-s3": "^3.329.0",
+    "@aws-sdk/client-ssm": "^3.357.0",
+    "@aws-sdk/middleware-endpoint": "^3.329.0",
+    "@aws-sdk/s3-request-presigner": "^3.329.0",
+    "@p0tion/actions": "^1.0.5",
+    "blakejs": "^1.2.1",
+    "dotenv": "^16.0.3",
+    "ethers": "5.7.2",
+    "firebase-admin": "^11.8.0",
+    "firebase-functions": "^4.4.0",
+    "html-entities": "^2.3.3",
+    "rimraf": "^5.0.0",
+    "rollup": "^3.21.6",
+    "snarkjs": "^0.6.11",
+    "solc": "^0.8.19",
+    "timer-node": "^5.0.7",
+    "uuid": "^9.0.0",
+    "winston": "^3.8.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "gitHead": "afae72061a3b366b05508de53fe91e9b254cc3d5"
+}

package/src/functions/ceremony.ts

@@ -0,0 +1,333 @@
+import * as functions from "firebase-functions"
+import admin from "firebase-admin"
+import dotenv from "dotenv"
+import { DocumentSnapshot, QueryDocumentSnapshot } from "firebase-functions/v1/firestore"
+import {
+    CeremonyState,
+    ParticipantStatus,
+    CeremonyType,
+    CircuitWaitingQueue,
+    commonTerms,
+    getCircuitsCollectionPath,
+    getParticipantsCollectionPath,
+    createEC2Instance,
+    terminateEC2Instance,
+    getBucketName,
+    CircuitContributionVerificationMechanism,
+    computeDiskSizeForVM,
+    vmBootstrapCommand,
+    vmDependenciesAndCacheArtifactsCommand,
+    vmBootstrapScriptFilename
+} from "@p0tion/actions"
+import { encode } from "html-entities"
+import { SetupCeremonyData } from "../types/index"
+import { COMMON_ERRORS, logAndThrowError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
+import {
+    queryCeremoniesByStateAndDate,
+    getCurrentServerTimestampInMillis,
+    getDocumentById,
+    getCeremonyCircuits,
+    getFinalContribution,
+    htmlEncodeCircuitData,
+    createEC2Client,
+    uploadFileToBucketNoFile,
+    getAWSVariables
+} from "../lib/utils"
+import { LogLevel } from "../types/enums"
+
+dotenv.config()
+
+/**
+ * Make a scheduled ceremony open.
+ * @dev this function automatically runs every 30 minutes.
+ * @todo this methodology for transitioning a ceremony from `scheduled` to `opened` state will be replaced with one
+ * that resolves the issues presented in the issue #192 (https://github.com/quadratic-funding/mpc-phase2-suite/issues/192).
+ */
+export const startCeremony = functions
+    .region("europe-west1")
+    .runWith({
+        memory: "512MB"
+    })
+    .pubsub.schedule(`every 30 minutes`)
+    .onRun(async () => {
+        // Get ready to be opened ceremonies.
+        const scheduledCeremoniesQuerySnap = await queryCeremoniesByStateAndDate(CeremonyState.SCHEDULED, true, "<=")
+
+        if (!scheduledCeremoniesQuerySnap.empty)
+            scheduledCeremoniesQuerySnap.forEach(async (ceremonyDoc: DocumentSnapshot) => {
+                // Make state transition to start ceremony.
+                await ceremonyDoc.ref.set({ state: CeremonyState.OPENED }, { merge: true })
+
+                printLog(`Ceremony ${ceremonyDoc.id} is now open`, LogLevel.DEBUG)
+            })
+    })
+
+/**
+ * Make a scheduled ceremony close.
+ * @dev this function automatically runs every 30 minutes.
+ * @todo this methodology for transitioning a ceremony from `opened` to `closed` state will be replaced with one
+ * that resolves the issues presented in the issue #192 (https://github.com/quadratic-funding/mpc-phase2-suite/issues/192).
+ */
+export const stopCeremony = functions
+    .region("europe-west1")
+    .runWith({
+        memory: "512MB"
+    })
+    .pubsub.schedule(`every 30 minutes`)
+    .onRun(async () => {
+        // Get opened ceremonies.
+        const runningCeremoniesQuerySnap = await queryCeremoniesByStateAndDate(CeremonyState.OPENED, false, "<=")
+
+        if (!runningCeremoniesQuerySnap.empty) {
+            runningCeremoniesQuerySnap.forEach(async (ceremonyDoc: DocumentSnapshot) => {
+                // Make state transition to close ceremony.
+                await ceremonyDoc.ref.set({ state: CeremonyState.CLOSED }, { merge: true })
+
+                printLog(`Ceremony ${ceremonyDoc.id} is now closed`, LogLevel.DEBUG)
+            })
+        }
+    })
+
+/**
+ * Register all ceremony setup-related documents on the Firestore database.
+ * @dev this function will create a new document in the `ceremonies` collection and as needed `circuit`
+ * documents in the sub-collection.
+ */
+export const setupCeremony = functions
+    .region("europe-west1")
+    .runWith({
+        memory: "512MB"
+    })
+    .https.onCall(async (data: SetupCeremonyData, context: functions.https.CallableContext): Promise<any> => {
+        // Check if the user has the coordinator claim.
+        if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)
+
+        // Validate the provided data.
+        if (!data.ceremonyInputData || !data.ceremonyPrefix || !data.circuits.length)
+            logAndThrowError(COMMON_ERRORS.CM_MISSING_OR_WRONG_INPUT_DATA)
+
+        // Prepare Firestore DB.
+        const firestore = admin.firestore()
+        const batch = firestore.batch()
+
+        // Prepare data.
+        const { ceremonyInputData, ceremonyPrefix, circuits } = data
+        const userId = context.auth?.uid
+
+        // Create a new ceremony document.
+        const ceremonyDoc = await firestore.collection(`${commonTerms.collections.ceremonies.name}`).doc().get()
+
+        // Prepare tx to write ceremony data.
+        batch.create(ceremonyDoc.ref, {
+            title: encode(ceremonyInputData.title),
+            description: encode(ceremonyInputData.description),
+            startDate: new Date(ceremonyInputData.startDate).valueOf(),
+            endDate: new Date(ceremonyInputData.endDate).valueOf(),
+            prefix: ceremonyPrefix,
+            state: CeremonyState.SCHEDULED,
+            type: CeremonyType.PHASE2,
+            penalty: ceremonyInputData.penalty,
+            timeoutType: ceremonyInputData.timeoutMechanismType,
+            coordinatorId: userId,
+            lastUpdated: getCurrentServerTimestampInMillis()
+        })
+
+        // Get the bucket name so we can upload the startup script
+        const bucketName = getBucketName(ceremonyPrefix, String(process.env.AWS_CEREMONY_BUCKET_POSTFIX))
+
+        // Create a new circuit document (circuits ceremony document sub-collection).
+        for (let circuit of circuits) {
+            // The VM unique identifier (if any).
+            let vmInstanceId: string = ""
+
+            // Get a new circuit document.
+            const circuitDoc = await firestore.collection(getCircuitsCollectionPath(ceremonyDoc.ref.id)).doc().get()
+
+            // Check if using the VM approach for contribution verification.
+            if (circuit.verification.cfOrVm === CircuitContributionVerificationMechanism.VM) {
+                // VM command to be run at the startup.
+                const startupCommand = vmBootstrapCommand(bucketName)
+
+                // Get EC2 client.
+                const ec2Client = await createEC2Client()
+
+                // Get AWS variables.
+                const { snsTopic, region } = getAWSVariables()
+
+                // Prepare dependencies and cache artifacts command.
+                const vmCommands = vmDependenciesAndCacheArtifactsCommand(
+                    `${bucketName}/${circuit.files?.initialZkeyStoragePath!}`,
+                    `${bucketName}/${circuit.files?.potStoragePath!}`,
+                    snsTopic,
+                    region
+                )
+
+                printLog(`Check VM dependencies and cache artifacts commands ${vmCommands.join("\n")}`, LogLevel.DEBUG)
+
+                // Upload the post-startup commands script file.
+                await uploadFileToBucketNoFile(bucketName, vmBootstrapScriptFilename, vmCommands.join("\n"))
+
+                // Compute the VM disk space requirement (in GB).
+                const vmDiskSize = computeDiskSizeForVM(circuit.zKeySizeInBytes!, circuit.metadata?.pot!)
+
+                printLog(`Check VM startup commands ${startupCommand.join("\n")}`, LogLevel.DEBUG)
+
+                // Configure and instantiate a new VM based on the coordinator input.
+                const instance = await createEC2Instance(
+                    ec2Client,
+                    startupCommand,
+                    circuit.verification.vm?.vmConfigurationType!,
+                    vmDiskSize,
+                    circuit.verification.vm?.vmDiskType!
+                )
+
+                // Get the VM instance identifier.
+                vmInstanceId = instance.instanceId
+
+                // Update the circuit document info accordingly.
+                circuit = {
+                    ...circuit,
+                    verification: {
+                        cfOrVm: circuit.verification.cfOrVm,
+                        vm: {
+                            vmConfigurationType: circuit.verification.vm?.vmConfigurationType!,
+                            vmDiskSize,
+                            vmInstanceId
+                        }
+                    }
+                }
+            }
+
+            // Encode circuit data.
+            const encodedCircuit = htmlEncodeCircuitData(circuit)
+
+            // Prepare tx to write circuit data.
+            batch.create(circuitDoc.ref, {
+                ...encodedCircuit,
+                lastUpdated: getCurrentServerTimestampInMillis()
+            })
+        }
+
+        // Send txs in a batch (to avoid race conditions).
+        await batch.commit()
+
+        printLog(`Setup completed for ceremony ${ceremonyDoc.id}`, LogLevel.DEBUG)
+
+        return ceremonyDoc.id
+    })
+
+/**
+ * Prepare all the necessary information needed for initializing the waiting queue of a circuit.
+ * @dev this function will add a new field `waitingQueue` in the newly created circuit document.
+ */
+export const initEmptyWaitingQueueForCircuit = functions
+    .region("europe-west1")
+    .runWith({
+        memory: "512MB"
+    })
+    .firestore.document(
+        `/${commonTerms.collections.ceremonies.name}/{ceremony}/${commonTerms.collections.circuits.name}/{circuit}`
+    )
+    .onCreate(async (doc: QueryDocumentSnapshot) => {
+        // Prepare Firestore DB.
+        const firestore = admin.firestore()
+
+        // Get circuit document identifier and data.
+        const circuitId = doc.id
+        // Get parent ceremony collection path.
+        const parentCollectionPath = doc.ref.parent.path // == /ceremonies/{ceremony}/circuits/.
+
+        // Define an empty waiting queue.
+        const emptyWaitingQueue: CircuitWaitingQueue = {
+            contributors: [],
+            currentContributor: "",
+            completedContributions: 0,
+            failedContributions: 0
+        }
+
+        // Update the circuit document.
+        await firestore.collection(parentCollectionPath).doc(circuitId).set(
+            {
+                waitingQueue: emptyWaitingQueue,
+                lastUpdated: getCurrentServerTimestampInMillis()
+            },
+            { merge: true }
+        )
+
+        printLog(
+            `An empty waiting queue has been successfully initialized for circuit ${circuitId} which belongs to ceremony ${doc.id}`,
+            LogLevel.DEBUG
+        )
+    })
+
+/**
+ * Conclude the finalization of the ceremony.
+ * @dev checks that the ceremony is closed (= CLOSED), the coordinator is finalizing and has already
+ * provided the final contribution for each ceremony circuit.
+ */
+export const finalizeCeremony = functions
+    .region("europe-west1")
+    .runWith({
+        memory: "512MB"
+    })
+    .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<any> => {
+        if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)
+
+        if (!data.ceremonyId) logAndThrowError(COMMON_ERRORS.CM_MISSING_OR_WRONG_INPUT_DATA)
+
+        // Prepare Firestore DB.
+        const firestore = admin.firestore()
+        const batch = firestore.batch()
+
+        // Extract data.
+        const { ceremonyId } = data
+        const userId = context.auth?.uid
+
+        // Look for the ceremony document.
+        const ceremonyDoc = await getDocumentById(commonTerms.collections.ceremonies.name, ceremonyId)
+        const participantDoc = await getDocumentById(getParticipantsCollectionPath(ceremonyId), userId!)
+
+        if (!ceremonyDoc.data() || !participantDoc.data()) logAndThrowError(COMMON_ERRORS.CM_INEXISTENT_DOCUMENT_DATA)
+
+        // Get ceremony circuits.
+        const circuits = await getCeremonyCircuits(ceremonyId)
+
+        // Get final contribution for each circuit.
+        // nb. the `getFinalContributionDocument` checks the existance of the final contribution document (if not present, throws).
+        // Therefore, we just need to call the method without taking any data to verify the pre-condition of having already computed
+        // the final contributions for each ceremony circuit.
+        for await (const circuit of circuits) await getFinalContribution(ceremonyId, circuit.id)
+
+        // Extract data.
+        const { state } = ceremonyDoc.data()!
+        const { status } = participantDoc.data()!
+
+        // Pre-conditions: verify the ceremony is closed and coordinator is finalizing.
+        if (state === CeremonyState.CLOSED && status === ParticipantStatus.FINALIZING) {
+            // Prepare txs for updates.
+            batch.update(ceremonyDoc.ref, { state: CeremonyState.FINALIZED })
+            batch.update(participantDoc.ref, {
+                status: ParticipantStatus.FINALIZED
+            })
+
+            // Check for VM termination (if any).
+            for (const circuit of circuits) {
+                const circuitData = circuit.data()
+                const { verification } = circuitData
+
+                if (verification.cfOrVm === CircuitContributionVerificationMechanism.VM) {
+                    // Prepare EC2 client.
+                    const ec2Client = await createEC2Client()
+
+                    const { vm } = verification
+
+                    await terminateEC2Instance(ec2Client, vm.vmInstanceId)
+                }
+            }
+
+            // Send txs.
+            await batch.commit()
+
+            printLog(`Ceremony ${ceremonyDoc.id} correctly finalized - Coordinator ${participantDoc.id}`, LogLevel.INFO)
+        } else logAndThrowError(SPECIFIC_ERRORS.SE_CEREMONY_CANNOT_FINALIZE_CEREMONY)
+    })