@devtion/backend 0.0.0-a9e4cd4 → 0.0.0-bbc217a

package/dist/src/functions/index.js

@@ -1,6 +1,6 @@
 /**
  * @module @p0tion/backend
- * @version 1.1.1
+ * @version 1.2.4
  * @file MPC Phase 2 backend for Firebase services management
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -27,10 +27,13 @@ var path = require('path');
 var os = require('os');
 var clientSsm = require('@aws-sdk/client-ssm');
 var clientEc2 = require('@aws-sdk/client-ec2');
+var ethers = require('ethers');
 var functionsV1 = require('firebase-functions/v1');
 var functionsV2 = require('firebase-functions/v2');
 var timerNode = require('timer-node');
 var snarkjs = require('snarkjs');
+var apiSdk = require('@bandada/api-sdk');
+var auth = require('firebase-admin/auth');
 
 function _interopNamespaceDefault(e) {
     var n = Object.create(null);
@@ -72,7 +75,7 @@ var LogLevel;
  * @notice the set of Firebase Functions status codes. The codes are the same at the
  * ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
  * @param errorCode <FunctionsErrorCode> - the set of possible error codes.
- * @param message <string> - the error messge.
+ * @param message <string> - the error message.
  * @param [details] <string> - the details of the error (optional).
  * @returns <HttpsError>
  */
@@ -164,6 +167,8 @@ const COMMON_ERRORS = {
     CM_INVALID_COMMAND_EXECUTION: makeError("unknown", "There was an error while executing the command on the VM", "Please, contact the coordinator if the error persists.")
 };
 
+dotenv.config();
+let provider;
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -186,6 +191,36 @@ const getS3Client = async () => {
         region: process.env.AWS_REGION
     });
 };
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+const setEthProvider = () => {
+    if (provider)
+        return provider;
+    console.log(`setting new provider`);
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`);
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        });
+    }
+    else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY
+        });
+    }
+    return provider;
+};
 
 dotenv.config();
 /**
@@ -524,7 +559,7 @@ dotenv.config();
 const registerAuthUser = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -556,7 +591,7 @@ const registerAuthUser = functions__namespace
         email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)) {
         const auth = admin.auth();
         // if provider == github.com let's use our functions to check the user's reputation
-        if (user.providerData[0].providerId === "github.com") {
+        if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
             const vars = getGitHubVariables();
             // this return true or false
             try {
@@ -588,7 +623,7 @@ const registerAuthUser = functions__namespace
         encodedDisplayName,
         // Metadata.
         creationTime,
-        lastSignInTime,
+        lastSignInTime: lastSignInTime || creationTime,
         // Optional.
         email: email || "",
         emailVerified: emailVerified || false,
@@ -611,7 +646,7 @@ const registerAuthUser = functions__namespace
 const processSignUpWithCustomClaims = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -652,7 +687,7 @@ dotenv.config();
 const startCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -674,7 +709,7 @@ const startCeremony = functions__namespace
 const stopCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -696,7 +731,7 @@ const stopCeremony = functions__namespace
 const setupCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -821,7 +856,7 @@ const initEmptyWaitingQueueForCircuit = functions__namespace
 const finalizeCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -897,7 +932,7 @@ dotenv.config();
 const checkParticipantForCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1001,7 +1036,7 @@ const checkParticipantForCeremony = functions__namespace
 const progressToNextCircuitForContribution = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1048,7 +1083,7 @@ const progressToNextCircuitForContribution = functions__namespace
 const progressToNextContributionStep = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1099,7 +1134,7 @@ const progressToNextContributionStep = functions__namespace
 const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1141,7 +1176,7 @@ const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
 const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1179,7 +1214,7 @@ const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
 const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1221,7 +1256,7 @@ const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
 const checkAndPrepareCoordinatorForFinalization = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -1461,7 +1496,7 @@ const waitForVMCommandExecution = (ssm, vmInstanceId, commandId) => new Promise(
 const coordinateCeremonyParticipant = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`${actions.commonTerms.collections.ceremonies.name}/{ceremonyId}/${actions.commonTerms.collections.participants.name}/{participantId}`)
     .onUpdate(async (participantChanges) => {
@@ -1861,7 +1896,7 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
 const refreshParticipantAfterContributionVerification = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`/${actions.commonTerms.collections.ceremonies.name}/{ceremony}/${actions.commonTerms.collections.circuits.name}/{circuit}/${actions.commonTerms.collections.contributions.name}/{contributions}`)
     .onCreate(async (createdContribution) => {
@@ -1922,7 +1957,7 @@ const refreshParticipantAfterContributionVerification = functionsV1__namespace
 const finalizeCircuit = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -2066,7 +2101,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName) => {
 const createBucket = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2156,7 +2191,7 @@ const createBucket = functions__namespace
 const checkIfObjectExist = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2202,7 +2237,7 @@ const checkIfObjectExist = functions__namespace
 const generateGetObjectPreSignedUrl = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth)
@@ -2242,7 +2277,7 @@ const generateGetObjectPreSignedUrl = functions__namespace
 const startMultiPartUpload = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2297,7 +2332,7 @@ const startMultiPartUpload = functions__namespace
 const generatePreSignedUrlsParts = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB",
+    memory: "1GB",
     timeoutSeconds: 300
 })
     .https.onCall(async (data, context) => {
@@ -2358,7 +2393,7 @@ const generatePreSignedUrlsParts = functions__namespace
 const completeMultiPartUpload = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2407,6 +2442,216 @@ const completeMultiPartUpload = functions__namespace
     }
 });
 
+const VKEY_DATA = {
+    protocol: "groth16",
+    curve: "bn128",
+    nPublic: 3,
+    vk_alpha_1: [
+        "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+        "9383485363053290200918347156157836566562967994039712273449902621266178545958",
+        "1"
+    ],
+    vk_beta_2: [
+        [
+            "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+        ],
+        [
+            "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+        ],
+        ["1", "0"]
+    ],
+    vk_gamma_2: [
+        [
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+        ],
+        [
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+        ],
+        ["1", "0"]
+    ],
+    vk_delta_2: [
+        [
+            "3697618915467790705869942236922063775466274665053173890632463796679068973252",
+            "14948341351907992175709156460547989243732741534604949238422596319735704165658"
+        ],
+        [
+            "3028459181652799888716942141752307629938889957960373621898607910203491239368",
+            "11380736494786911280692284374675752681598754560757720296073023058533044108340"
+        ],
+        ["1", "0"]
+    ],
+    vk_alphabeta_12: [
+        [
+            [
+                "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+                "21072700047562757817161031222997517981543347628379360635925549008442030252106"
+            ],
+            [
+                "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+                "12156638873931618554171829126792193045421052652279363021382169897324752428276"
+            ],
+            [
+                "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+                "7074218545237549455313236346927434013100842096812539264420499035217050630853"
+            ]
+        ],
+        [
+            [
+                "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+                "10093483419865920389913245021038182291233451549023025229112148274109565435465"
+            ],
+            [
+                "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+                "19831328484489333784475432780421641293929726139240675179672856274388269393268"
+            ],
+            [
+                "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+                "8037395052364110730298837004334506829870972346962140206007064471173334027475"
+            ]
+        ]
+    ],
+    IC: [
+        [
+            "12951059800758687233303204819298121944551181861362200875212570257618182506154",
+            "5751958719396509176593242305268064754837298673622815112953832050159760501392",
+            "1"
+        ],
+        [
+            "9561588427935871983444704959674198910445823619407211599507208879011862515257",
+            "14576201570478094842467636169770180675293504492823217349086195663150934064643",
+            "1"
+        ],
+        [
+            "4811967233483727873912563574622036989372099129165459921963463310078093941559",
+            "1874883809855039536107616044787862082553628089593740724610117059083415551067",
+            "1"
+        ],
+        [
+            "12252730267779308452229639835051322390696643456253768618882001876621526827161",
+            "7899194018737016222260328309937800777948677569409898603827268776967707173231",
+            "1"
+        ]
+    ]
+};
+dotenv.config();
+const { BANDADA_API_URL, BANDADA_GROUP_ID } = process.env;
+const bandadaApi = new apiSdk.ApiSdk(BANDADA_API_URL);
+const bandadaValidateProof = functions__namespace
+    .region("europe-west1")
+    .runWith({
+    memory: "512MB"
+})
+    .https.onCall(async (data) => {
+    if (!BANDADA_GROUP_ID)
+        throw new Error("BANDADA_GROUP_ID is not defined in .env");
+    const { proof, publicSignals } = data;
+    const isCorrect = snarkjs.groth16.verify(VKEY_DATA, publicSignals, proof);
+    if (!isCorrect)
+        return {
+            valid: false,
+            message: "Invalid proof",
+            token: ""
+        };
+    const commitment = data.publicSignals[1];
+    const isMember = await bandadaApi.isGroupMember(BANDADA_GROUP_ID, commitment);
+    if (!isMember)
+        return {
+            valid: false,
+            message: "Not a member of the group",
+            token: ""
+        };
+    const auth$1 = auth.getAuth();
+    try {
+        await admin.auth().createUser({
+            uid: commitment
+        });
+    }
+    catch (error) {
+        // if user already exist then just pass
+        if (error.code !== "auth/uid-already-exists") {
+            throw new Error(error);
+        }
+    }
+    const token = await auth$1.createCustomToken(commitment);
+    return {
+        valid: true,
+        message: "Valid proof and group member",
+        token
+    };
+});
+
+dotenv.config();
+const checkNonceOfSIWEAddress = functions__namespace
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data) => {
+    try {
+        const { auth0Token } = data;
+        const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+            method: "GET",
+            headers: {
+                "content-type": "application/json",
+                authorization: `Bearer ${auth0Token}`
+            }
+        }).then((_res) => _res.json()));
+        if (!result.sub) {
+            return {
+                valid: false,
+                message: "No user detected. Please check device flow token"
+            };
+        }
+        const auth$1 = auth.getAuth();
+        // check nonce
+        const parts = result.sub.split("|");
+        const address = decodeURIComponent(parts[2]).split(":")[2];
+        const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE);
+        const nonceBlockHeight = "latest"; // process.env.ETH_NONCE_BLOCK_HEIGHT
+        // look up nonce for address @block
+        let nonceOk = true;
+        if (minimumNonce > 0) {
+            const provider = setEthProvider();
+            console.log(`got provider - block # ${await provider.getBlockNumber()}`);
+            const nonce = await provider.getTransactionCount(address, nonceBlockHeight);
+            console.log(`nonce ${nonce}`);
+            nonceOk = nonce >= minimumNonce;
+        }
+        console.log(`checking nonce ${nonceOk}`);
+        if (!nonceOk) {
+            return {
+                valid: false,
+                message: "Eth address does not meet the nonce requirements"
+            };
+        }
+        try {
+            await admin.auth().createUser({
+                displayName: address,
+                uid: address
+            });
+        }
+        catch (error) {
+            // if user already exist then just pass
+            if (error.code !== "auth/uid-already-exists") {
+                throw new Error(error);
+            }
+        }
+        const token = await auth$1.createCustomToken(address);
+        return {
+            valid: true,
+            token
+        };
+    }
+    catch (error) {
+        return {
+            valid: false,
+            message: `Something went wrong ${error}`
+        };
+    }
+});
+
 dotenv.config();
 /**
  * Check and remove the current contributor if it doesn't complete the contribution on the specified amount of time.
@@ -2429,7 +2674,7 @@ dotenv.config();
 const checkAndRemoveBlockingContributor = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -2498,7 +2743,8 @@ const checkAndRemoveBlockingContributor = functions__namespace
                             if (timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                 (contributionStep === "DOWNLOADING" /* ParticipantContributionStep.DOWNLOADING */ ||
                                     contributionStep === "COMPUTING" /* ParticipantContributionStep.COMPUTING */ ||
-                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */))
+                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */ ||
+                                    contributionStep === "COMPLETED" /* ParticipantContributionStep.COMPLETED */))
                                 timeoutType = "BLOCKING_CONTRIBUTION" /* TimeoutType.BLOCKING_CONTRIBUTION */;
                             if (timeoutExpirationDateInMsForVerificationCloudFunction > 0 &&
                                 timeoutExpirationDateInMsForVerificationCloudFunction < currentServerTimestamp &&
@@ -2575,7 +2821,7 @@ const checkAndRemoveBlockingContributor = functions__namespace
 const resumeContributionAfterTimeoutExpiration = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2608,9 +2854,11 @@ const resumeContributionAfterTimeoutExpiration = functions__namespace
 
 admin.initializeApp();
 
+exports.bandadaValidateProof = bandadaValidateProof;
 exports.checkAndPrepareCoordinatorForFinalization = checkAndPrepareCoordinatorForFinalization;
 exports.checkAndRemoveBlockingContributor = checkAndRemoveBlockingContributor;
 exports.checkIfObjectExist = checkIfObjectExist;
+exports.checkNonceOfSIWEAddress = checkNonceOfSIWEAddress;
 exports.checkParticipantForCeremony = checkParticipantForCeremony;
 exports.completeMultiPartUpload = completeMultiPartUpload;
 exports.coordinateCeremonyParticipant = coordinateCeremonyParticipant;