@devtion/backend 0.0.0-8bb9489 → 0.0.0-9239207

package/src/functions/index.ts

@@ -31,6 +31,8 @@ export {
     generatePreSignedUrlsParts,
     completeMultiPartUpload
 } from "./storage"
+export { bandadaValidateProof } from "./bandada"
+export { checkNonceOfSIWEAddress } from "./siwe"
 export { checkAndRemoveBlockingContributor, resumeContributionAfterTimeoutExpiration } from "./timeout"
 
 admin.initializeApp()

package/src/functions/participant.ts

@@ -46,7 +46,7 @@ dotenv.config()
 export const checkParticipantForCeremony = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext) => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -134,7 +134,7 @@ export const checkParticipantForCeremony = functions
                 participantDoc.ref.update({
                     status: ParticipantStatus.EXHUMED,
                     contributions,
-                    tempContributionData: tempContributionData ? tempContributionData : FieldValue.delete(),
+                    tempContributionData: tempContributionData || FieldValue.delete(),
                     contributionStep: ParticipantContributionStep.DOWNLOADING,
                     contributionStartedAt: 0,
                     verificationStartedAt: FieldValue.delete(),
@@ -177,7 +177,7 @@ export const checkParticipantForCeremony = functions
 export const progressToNextCircuitForContribution = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<void> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -235,7 +235,7 @@ export const progressToNextCircuitForContribution = functions
 export const progressToNextContributionStep = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext) => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -298,7 +298,7 @@ export const progressToNextContributionStep = functions
 export const permanentlyStoreCurrentContributionTimeAndHash = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(
         async (data: PermanentlyStoreCurrentContributionTimeAndHash, context: functions.https.CallableContext) => {
@@ -357,7 +357,7 @@ export const permanentlyStoreCurrentContributionTimeAndHash = functions
 export const temporaryStoreCurrentContributionMultiPartUploadId = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(
         async (data: TemporaryStoreCurrentContributionMultiPartUploadId, context: functions.https.CallableContext) => {
@@ -411,7 +411,7 @@ export const temporaryStoreCurrentContributionMultiPartUploadId = functions
 export const temporaryStoreCurrentContributionUploadedChunkData = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(
         async (data: TemporaryStoreCurrentContributionUploadedChunkData, context: functions.https.CallableContext) => {
@@ -471,7 +471,7 @@ export const temporaryStoreCurrentContributionUploadedChunkData = functions
 export const checkAndPrepareCoordinatorForFinalization = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<boolean> => {
         if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)

package/src/functions/siwe.ts

@@ -0,0 +1,77 @@
+import dotenv from "dotenv"
+import fetch from "@adobe/node-fetch-retry"
+import * as functions from "firebase-functions"
+import { getAuth } from "firebase-admin/auth"
+import admin from "firebase-admin"
+import { Auth0UserInfo, CheckNonceOfSIWEAddressRequest, CheckNonceOfSIWEAddressResponse } from "../types"
+import { setEthProvider } from "../lib/services"
+
+dotenv.config()
+
+export const checkNonceOfSIWEAddress = functions
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data: CheckNonceOfSIWEAddressRequest): Promise<CheckNonceOfSIWEAddressResponse> => {
+        try {
+            const { auth0Token } = data
+            const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+                method: "GET",
+                headers: {
+                    "content-type": "application/json",
+                    authorization: `Bearer ${auth0Token}`
+                }
+            }).then((_res) => _res.json())) as Auth0UserInfo
+            if (!result.sub) {
+                return {
+                    valid: false,
+                    message: "No user detected. Please check device flow token"
+                }
+            }
+            const auth = getAuth()
+            // check nonce
+            const parts = result.sub.split("|")
+            const address = decodeURIComponent(parts[2]).split(":")[2]
+
+            const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE)
+            const nonceBlockHeight = "latest" // process.env.ETH_NONCE_BLOCK_HEIGHT
+            // look up nonce for address @block
+            let nonceOk = true
+            if (minimumNonce > 0) {
+                const provider = setEthProvider()
+                console.log(`got provider - block # ${await provider.getBlockNumber()}`)
+                const nonce = await provider.getTransactionCount(address, nonceBlockHeight)
+                console.log(`nonce ${nonce}`)
+                nonceOk = nonce >= minimumNonce
+            }
+            console.log(`checking nonce ${nonceOk}`)
+            if (!nonceOk) {
+                return {
+                    valid: false,
+                    message: "Eth address does not meet the nonce requirements"
+                }
+            }
+            try {
+                await admin.auth().createUser({
+                    displayName: address,
+                    uid: address
+                })
+            } catch (error: any) {
+                // if user already exist then just pass
+                if (error.code !== "auth/uid-already-exists") {
+                    throw new Error(error)
+                }
+            }
+            const token = await auth.createCustomToken(address)
+            return {
+                valid: true,
+                token
+            }
+        } catch (error) {
+            return {
+                valid: false,
+                message: `Something went wrong ${error}`
+            }
+        }
+    })
+
+export default checkNonceOfSIWEAddress

package/src/functions/storage.ts

@@ -134,7 +134,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName: string) => {
 export const createBucket = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: CreateBucketData, context: functions.https.CallableContext) => {
         // Check if the user has the coordinator claim.
@@ -238,7 +238,7 @@ export const createBucket = functions
 export const checkIfObjectExist = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: BucketAndObjectKeyData, context: functions.https.CallableContext): Promise<boolean> => {
         // Check if the user has the coordinator claim.
@@ -294,7 +294,7 @@ export const checkIfObjectExist = functions
 export const generateGetObjectPreSignedUrl = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: BucketAndObjectKeyData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth) logAndThrowError(COMMON_ERRORS.CM_NOT_AUTHENTICATED)
@@ -341,7 +341,7 @@ export const generateGetObjectPreSignedUrl = functions
 export const startMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "2GB"
     })
     .https.onCall(async (data: StartMultiPartUploadData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -409,7 +409,7 @@ export const startMultiPartUpload = functions
 export const generatePreSignedUrlsParts = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB",
+        memory: "1GB",
         timeoutSeconds: 300
     })
     .https.onCall(
@@ -487,7 +487,7 @@ export const generatePreSignedUrlsParts = functions
 export const completeMultiPartUpload = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "2GB"
     })
     .https.onCall(async (data: CompleteMultiPartUploadData, context: functions.https.CallableContext): Promise<any> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))

package/src/functions/timeout.ts

@@ -42,7 +42,7 @@ dotenv.config()
 export const checkAndRemoveBlockingContributor = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -64,7 +64,7 @@ export const checkAndRemoveBlockingContributor = functions
                 const circuits = await getCeremonyCircuits(ceremony.id)
 
                 // Extract ceremony data.
-                const { timeoutMechanismType, penalty } = ceremony.data()!
+                const { timeoutType: timeoutMechanismType, penalty } = ceremony.data()!
 
                 for (const circuit of circuits) {
                     if (!circuit.data())
@@ -144,7 +144,8 @@ export const checkAndRemoveBlockingContributor = functions
                                     timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                     (contributionStep === ParticipantContributionStep.DOWNLOADING ||
                                         contributionStep === ParticipantContributionStep.COMPUTING ||
-                                        contributionStep === ParticipantContributionStep.UPLOADING)
+                                        contributionStep === ParticipantContributionStep.UPLOADING ||
+                                        contributionStep === ParticipantContributionStep.COMPLETED)
                                 )
                                     timeoutType = TimeoutType.BLOCKING_CONTRIBUTION
 
@@ -253,7 +254,7 @@ export const checkAndRemoveBlockingContributor = functions
 export const resumeContributionAfterTimeoutExpiration = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: { ceremonyId: string }, context: functions.https.CallableContext): Promise<void> => {
         if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))

package/src/functions/user.ts

@@ -18,7 +18,7 @@ dotenv.config()
 export const registerAuthUser = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .auth.user()
     .onCreate(async (user: UserRecord) => {
@@ -55,7 +55,7 @@ export const registerAuthUser = functions
         ) {
             const auth = admin.auth()
             // if provider == github.com let's use our functions to check the user's reputation
-            if (user.providerData[0].providerId === "github.com") {
+            if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
                 const vars = getGitHubVariables()
 
                 // this return true or false
@@ -64,7 +64,8 @@ export const registerAuthUser = functions
                         user.providerData[0].uid,
                         vars.minimumFollowing,
                         vars.minimumFollowers,
-                        vars.minimumPublicRepos
+                        vars.minimumPublicRepos,
+                        vars.minimumAge
                     )
                     if (!reputable) {
                         // Delete user
@@ -111,7 +112,7 @@ export const registerAuthUser = functions
             encodedDisplayName,
             // Metadata.
             creationTime,
-            lastSignInTime,
+            lastSignInTime: lastSignInTime || creationTime,
             // Optional.
             email: email || "",
             emailVerified: emailVerified || false,
@@ -135,7 +136,7 @@ export const registerAuthUser = functions
 export const processSignUpWithCustomClaims = functions
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .auth.user()
     .onCreate(async (user: UserRecord) => {

package/src/lib/errors.ts

@@ -7,7 +7,7 @@ import { LogLevel } from "../types/enums"
  * @notice the set of Firebase Functions status codes. The codes are the same at the
  * ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
  * @param errorCode <FunctionsErrorCode> - the set of possible error codes.
- * @param message <string> - the error messge.
+ * @param message <string> - the error message.
  * @param [details] <string> - the details of the error (optional).
  * @returns <HttpsError>
  */

package/src/lib/services.ts

@@ -1,6 +1,11 @@
+import dotenv from "dotenv"
+import ethers from "ethers"
 import { S3Client } from "@aws-sdk/client-s3"
 import { COMMON_ERRORS, logAndThrowError } from "./errors"
 
+dotenv.config()
+let provider: ethers.providers.Provider
+
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -26,3 +31,34 @@ export const getS3Client = async (): Promise<S3Client> => {
         region: process.env.AWS_REGION!
     })
 }
+
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+export const setEthProvider = (): ethers.providers.Provider => {
+    if (provider) return provider
+    console.log(`setting new provider`)
+
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`)
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        })
+    } else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY!,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY!
+        })
+    }
+
+    return provider
+}

package/src/lib/utils.ts

@@ -10,7 +10,7 @@ import admin from "firebase-admin"
 import dotenv from "dotenv"
 import { DeleteObjectCommand, GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3"
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner"
-import { createWriteStream, fstat } from "node:fs"
+import { createWriteStream } from "node:fs"
 import { pipeline } from "node:stream"
 import { promisify } from "node:util"
 import { readFileSync } from "fs"
@@ -385,14 +385,16 @@ export const getGitHubVariables = (): any => {
     if (
         !process.env.GITHUB_MINIMUM_FOLLOWERS ||
         !process.env.GITHUB_MINIMUM_FOLLOWING ||
-        !process.env.GITHUB_MINIMUM_PUBLIC_REPOS
+        !process.env.GITHUB_MINIMUM_PUBLIC_REPOS ||
+        !process.env.GITHUB_MINIMUM_AGE
     )
         logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION)
 
     return {
         minimumFollowers: Number(process.env.GITHUB_MINIMUM_FOLLOWERS),
         minimumFollowing: Number(process.env.GITHUB_MINIMUM_FOLLOWING),
-        minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS)
+        minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS),
+        minimumAge: Number(process.env.GITHUB_MINIMUM_AGE)
     }
 }
 
@@ -404,7 +406,7 @@ export const getAWSVariables = (): any => {
     if (
         !process.env.AWS_ACCESS_KEY_ID ||
         !process.env.AWS_SECRET_ACCESS_KEY ||
-        !process.env.AWS_ROLE_ARN ||
+        !process.env.AWS_INSTANCE_PROFILE_ARN ||
         !process.env.AWS_AMI_ID ||
         !process.env.AWS_SNS_TOPIC_ARN
     )
@@ -414,7 +416,7 @@ export const getAWSVariables = (): any => {
         accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
         secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
         region: process.env.AWS_REGION || "eu-central-1",
-        roleArn: process.env.AWS_ROLE_ARN!,
+        instanceProfileArn: process.env.AWS_INSTANCE_PROFILE_ARN!,
         amiId: process.env.AWS_AMI_ID!,
         snsTopic: process.env.AWS_SNS_TOPIC_ARN!
     }

package/src/types/declarations.d.ts

@@ -0,0 +1 @@
+declare module "@bandada/api-sdk"

package/src/types/index.ts

@@ -1,4 +1,5 @@
 import { CeremonyInputData, CircuitDocument, ETagWithPartNumber } from "@devtion/actions"
+import type { Groth16Proof, PublicSignals } from "snarkjs"
 
 /**
  * Group all the necessary data needed for running the `setupCeremony` cloud function.
@@ -138,3 +139,62 @@ export type FinalizeCircuitData = {
     bucketName: string
     beacon: string
 }
+
+/**
+ * Group all the necessary data needed for running the `bandadaValidateProof` cloud function.
+ * @typedef {Object} BandadaValidateProof
+ * @property {string} merkleTreeRoot - the merkle tree root of the group.
+ * @property {string} nullifierHash - the nullifier hash of the member.
+ * @property {string} externalNullifier - the external nullifier of the member.
+ * @property {PackedProof} proof - the packed proof generated on the client.
+ */
+export type BandadaValidateProof = {
+    proof: Groth16Proof
+    publicSignals: PublicSignals
+}
+
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean
+    message: string
+    token: string
+}
+
+/**
+ * Define the check nonce object for the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressRequest
+ * @property {string} auth0Token - token from the device flow authentication
+ */
+export type CheckNonceOfSIWEAddressRequest = {
+    auth0Token: string
+}
+
+/**
+ * Define the check nonce response object of the cloud function
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking result was valid or not
+ * @property {string} message - informative message
+ * @property {string} token - token to sign in
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean
+    message?: string
+    token?: string
+}
+/**
+ * Define the response from auth0 /userinfo endpoint
+ *
+ */
+export type Auth0UserInfo = {
+    sub: string
+    nickname: string
+    name: string
+    picture: string
+    updated_at: string
+}