@devtion/backend 0.0.0-bfc9ee4 → 0.0.0-eb3bb7d

package/README.md

@@ -100,6 +100,32 @@ yarn firebase:init
 
 ### Deployment
 
+#### AWS Infrastructure
+
+0. Login or create a [new AWS Account](https://portal.aws.amazon.com/billing/signup?nc2=h_ct&src=header_signup&redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start/email). 
+    - The AWS free tier account will cover a good number of requests for ceremonies but there could be some costs based on your ceremony circuits size.
+1. Create an access key for a user with Admin privileges (__NOT ROOT USER__)
+2. Setup the `awscli` ([docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html)) and add the keys for this user. 
+3. Install `terraform` ([docs](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli))
+4. Decide on an AWS region (by default this is **us-east-1**) - if you want to change you will need to do the following:
+    1. update **aws/lambda/index.mjs** ([exact line](https://github.com/privacy-scaling-explorations/p0tion/blob/dev/packages/backend/aws/lambda/index.mjs#L3)) to the new region
+    2. update **main.tf** ([exact line](https://github.com/privacy-scaling-explorations/p0tion/blob/dev/packages/backend/aws/main.tf#L2)) to the new region
+5. zip the Lambda folder:
+    1. `cd lambda`
+    2. `zip -r ../lambda.zip .`
+6. Run terraform:
+    1. `terraform init`
+    2. `terraform plan`
+    3. `terraform apply`
+    4. `terraform output secret_key` 
+        - To print the secret access key for the IAM user
+    6. Store the other values (sns_topic_arn etc.)
+        - These will be needed for the .env file configuration
+
+The IAM user created with the steps above can be used for all p0tion's features.
+
+#### Firebase
+
 Deploy the current configuration to the `prod` project running
 
 ```bash

package/dist/src/functions/index.js

@@ -544,8 +544,10 @@ const registerAuthUser = functions__namespace
     const { uid } = user;
     // Reference to a document using uid.
     const userRef = firestore.collection(actions.commonTerms.collections.users.name).doc(uid);
-    // html encode the display name
-    const encodedDisplayName = htmlEntities.encode(displayName);
+    // html encode the display name (or put the ID if the name is not displayed)
+    const encodedDisplayName = user.displayName === "Null" || user.displayName === null ? user.uid : htmlEntities.encode(displayName);
+    // store the avatar URL of a contributor
+    let avatarUrl = "";
     // we only do reputation check if the user is not a coordinator
     if (!(email?.endsWith(`@${process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN}`) ||
         email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)) {
@@ -555,14 +557,16 @@ const registerAuthUser = functions__namespace
             const vars = getGitHubVariables();
             // this return true or false
             try {
-                const res = await actions.githubReputation(user.providerData[0].uid, vars.minimumFollowing, vars.minimumFollowers, vars.minimumPublicRepos);
-                if (!res) {
+                const { reputable, avatarUrl: avatarURL } = await actions.githubReputation(user.providerData[0].uid, vars.minimumFollowing, vars.minimumFollowers, vars.minimumPublicRepos);
+                if (!reputable) {
                     // Delete user
                     await auth.deleteUser(user.uid);
                     // Throw error
-                    logAndThrowError(makeError("permission-denied", "The user is not allowed to sign up because their Github reputation is not high enough.", `The user ${user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`));
+                    logAndThrowError(makeError("permission-denied", "The user is not allowed to sign up because their Github reputation is not high enough.", `The user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`));
                 }
-                printLog(`Github reputation check passed for user ${user.displayName}`, LogLevel.DEBUG);
+                // store locally
+                avatarUrl = avatarURL;
+                printLog(`Github reputation check passed for user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName}`, LogLevel.DEBUG);
             }
             catch (error) {
                 // Delete user
@@ -572,6 +576,8 @@ const registerAuthUser = functions__namespace
         }
     }
     // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
+    // In future releases we might want to loop through the providerData array as we support
+    // more providers. 
     await userRef.set({
         name: encodedDisplayName,
         encodedDisplayName,
@@ -584,7 +590,13 @@ const registerAuthUser = functions__namespace
         photoURL: photoURL || "",
         lastUpdated: getCurrentServerTimestampInMillis()
     });
+    // we want to create a new collection for the users to store the avatars
+    const avatarRef = firestore.collection(actions.commonTerms.collections.avatars.name).doc(uid);
+    await avatarRef.set({
+        avatarUrl: avatarUrl || "",
+    });
     printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG);
+    printLog(`Authenticated user avatar with identifier ${uid} has been correctly stored`, LogLevel.DEBUG);
 });
 /**
  * Set custom claims for role-based access control on the newly created user.

package/dist/src/functions/index.mjs

@@ -521,8 +521,10 @@ const registerAuthUser = functions
     const { uid } = user;
     // Reference to a document using uid.
     const userRef = firestore.collection(commonTerms.collections.users.name).doc(uid);
-    // html encode the display name
-    const encodedDisplayName = encode(displayName);
+    // html encode the display name (or put the ID if the name is not displayed)
+    const encodedDisplayName = user.displayName === "Null" || user.displayName === null ? user.uid : encode(displayName);
+    // store the avatar URL of a contributor
+    let avatarUrl = "";
     // we only do reputation check if the user is not a coordinator
     if (!(email?.endsWith(`@${process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN}`) ||
         email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)) {
@@ -532,14 +534,16 @@ const registerAuthUser = functions
             const vars = getGitHubVariables();
             // this return true or false
             try {
-                const res = await githubReputation(user.providerData[0].uid, vars.minimumFollowing, vars.minimumFollowers, vars.minimumPublicRepos);
-                if (!res) {
+                const { reputable, avatarUrl: avatarURL } = await githubReputation(user.providerData[0].uid, vars.minimumFollowing, vars.minimumFollowers, vars.minimumPublicRepos);
+                if (!reputable) {
                     // Delete user
                     await auth.deleteUser(user.uid);
                     // Throw error
-                    logAndThrowError(makeError("permission-denied", "The user is not allowed to sign up because their Github reputation is not high enough.", `The user ${user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`));
+                    logAndThrowError(makeError("permission-denied", "The user is not allowed to sign up because their Github reputation is not high enough.", `The user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`));
                 }
-                printLog(`Github reputation check passed for user ${user.displayName}`, LogLevel.DEBUG);
+                // store locally
+                avatarUrl = avatarURL;
+                printLog(`Github reputation check passed for user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName}`, LogLevel.DEBUG);
             }
             catch (error) {
                 // Delete user
@@ -549,6 +553,8 @@ const registerAuthUser = functions
         }
     }
     // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
+    // In future releases we might want to loop through the providerData array as we support
+    // more providers. 
     await userRef.set({
         name: encodedDisplayName,
         encodedDisplayName,
@@ -561,7 +567,13 @@ const registerAuthUser = functions
         photoURL: photoURL || "",
         lastUpdated: getCurrentServerTimestampInMillis()
     });
+    // we want to create a new collection for the users to store the avatars
+    const avatarRef = firestore.collection(commonTerms.collections.avatars.name).doc(uid);
+    await avatarRef.set({
+        avatarUrl: avatarUrl || "",
+    });
     printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG);
+    printLog(`Authenticated user avatar with identifier ${uid} has been correctly stored`, LogLevel.DEBUG);
 });
 /**
  * Set custom claims for role-based access control on the newly created user.

package/dist/types/functions/user.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../src/functions/user.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAW/C;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,mEAuFvB,CAAA;AACN;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,mEA+BpC,CAAA"}
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../src/functions/user.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,SAAS,MAAM,oBAAoB,CAAA;AAW/C;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,mEAsGvB,CAAA;AACN;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,mEA+BpC,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@devtion/backend",
-  "version": "0.0.0-bfc9ee4",
+  "version": "0.0.0-eb3bb7d",
   "description": "MPC Phase 2 backend for Firebase services management",
   "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
   "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
@@ -85,5 +85,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "b2a3be0c3d0ad2a94270d7a256b5b5acf3b1c47f"
+  "gitHead": "d21d2002b8d020289595aaea83be0202d28486cb"
 }

package/src/functions/user.ts

@@ -40,8 +40,11 @@ export const registerAuthUser = functions
         const { uid } = user
         // Reference to a document using uid.
         const userRef = firestore.collection(commonTerms.collections.users.name).doc(uid)
-        // html encode the display name
-        const encodedDisplayName = encode(displayName)
+        // html encode the display name (or put the ID if the name is not displayed)
+        const encodedDisplayName = user.displayName === "Null" || user.displayName === null ? user.uid : encode(displayName)
+
+        // store the avatar URL of a contributor
+        let avatarUrl: string = ""
         // we only do reputation check if the user is not a coordinator
         if (
             !(
@@ -56,13 +59,13 @@ export const registerAuthUser = functions
 
                 // this return true or false
                 try {
-                    const res = await githubReputation(
+                    const { reputable, avatarUrl: avatarURL } = await githubReputation(
                         user.providerData[0].uid,
                         vars.minimumFollowing,
                         vars.minimumFollowers,
                         vars.minimumPublicRepos
                     )
-                    if (!res) {
+                    if (!reputable) {
                         // Delete user
                         await auth.deleteUser(user.uid)
                         // Throw error
@@ -70,11 +73,13 @@ export const registerAuthUser = functions
                             makeError(
                                 "permission-denied",
                                 "The user is not allowed to sign up because their Github reputation is not high enough.",
-                                `The user ${user.displayName} is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`
+                                `The user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName } is not allowed to sign up because their Github reputation is not high enough. Please contact the administrator if you think this is a mistake.`
                             )
                         )
-                    }
-                    printLog(`Github reputation check passed for user ${user.displayName}`, LogLevel.DEBUG)
+                    } 
+                    // store locally
+                    avatarUrl = avatarURL
+                    printLog(`Github reputation check passed for user ${user.displayName === "Null" || user.displayName === null ? user.uid : user.displayName }`, LogLevel.DEBUG)
                 } catch (error: any) {
                     // Delete user
                     await auth.deleteUser(user.uid)
@@ -89,6 +94,8 @@ export const registerAuthUser = functions
             }
         }
         // Set document (nb. we refer to providerData[0] because we use Github OAuth provider only).
+        // In future releases we might want to loop through the providerData array as we support
+        // more providers. 
         await userRef.set({
             name: encodedDisplayName,
             encodedDisplayName,
@@ -101,7 +108,15 @@ export const registerAuthUser = functions
             photoURL: photoURL || "",
             lastUpdated: getCurrentServerTimestampInMillis()
         })
+
+        // we want to create a new collection for the users to store the avatars
+        const avatarRef = firestore.collection(commonTerms.collections.avatars.name).doc(uid)
+        await avatarRef.set({
+            avatarUrl: avatarUrl || "",
+        })
+
         printLog(`Authenticated user document with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)
+        printLog(`Authenticated user avatar with identifier ${uid} has been correctly stored`, LogLevel.DEBUG)
     })
 /**
  * Set custom claims for role-based access control on the newly created user.