@devtion/devcli 0.0.0-3df1645 → 0.0.0-477457c

package/src/index.ts

@@ -7,6 +7,8 @@ import { fileURLToPath } from "url"
 import {
     setup,
     auth,
+    authSIWE,
+    authBandada,
     contribute,
     observe,
     finalize,
@@ -15,6 +17,7 @@ import {
     validate,
     listCeremonies
 } from "./commands/index.js"
+import setCeremonyCommands from "./commands/ceremony/index.js"
 
 // Get pkg info (e.g., name, version).
 const packagePath = `${dirname(fileURLToPath(import.meta.url))}/..`
@@ -26,6 +29,14 @@ program.name(name).description(description).version(version)
 
 // User commands.
 program.command("auth").description("authenticate yourself using your Github account (OAuth 2.0)").action(auth)
+program
+    .command("auth-bandada")
+    .description("authenticate yourself in a privacy-perserving manner using Bandada")
+    .action(authBandada)
+program
+    .command("auth-siwe")
+    .description("authenticate yourself using your Ethereum account (Sign In With Ethereum - SIWE)")
+    .action(authSIWE)
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")
@@ -44,27 +55,27 @@ program
     .action(logout)
 program
     .command("validate")
-    .description("Validate that a Ceremony Setup file is correct")
+    .description("validate that a Ceremony Setup file is correct")
     .requiredOption("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-c, --constraints <number>", "The number of constraints to check against")
     .action(validate)
 
 // Only coordinator commands.
-const ceremony = program.command("coordinate").description("commands for coordinating a ceremony")
+const coordinate = program.command("coordinate").description("commands for coordinating a ceremony")
 
-ceremony
+coordinate
     .command("setup")
     .description("setup a Groth16 Phase 2 Trusted Setup ceremony for zk-SNARK circuits")
     .option("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-a, --auth <string>", "The Github OAuth 2.0 token", "")
     .action(setup)
 
-ceremony
+coordinate
     .command("observe")
     .description("observe in real-time the waiting queue of each ceremony circuit")
     .action(observe)
 
-ceremony
+coordinate
     .command("finalize")
     .description(
         "finalize a Phase2 Trusted Setup ceremony by applying a beacon, exporting verification key and verifier contract"
@@ -72,4 +83,6 @@ ceremony
     .option("-a, --auth <string>", "the Github OAuth 2.0 token", "")
     .action(finalize)
 
+setCeremonyCommands(program)
+
 program.parseAsync(process.argv)

package/src/lib/bandada.ts

@@ -0,0 +1,51 @@
+import { ApiSdk, GroupResponse } from "@bandada/api-sdk"
+import { Identity } from "@semaphore-protocol/identity"
+import open from "open"
+
+import { askForConfirmation } from "../lib/prompts.js"
+import { showError } from "./errors.js"
+import theme from "../lib/theme.js"
+
+const { BANDADA_API_URL } = process.env
+
+const bandadaApi = new ApiSdk(BANDADA_API_URL)
+
+export const getGroup = async (groupId: string): Promise<GroupResponse | null> => {
+    try {
+        const group = await bandadaApi.getGroup(groupId)
+        return group
+    } catch (error: any) {
+        showError(`Bandada getGroup error: ${error}`, true)
+        return null
+    }
+}
+
+export const getMembersOfGroup = async (groupId: string): Promise<string[] | null> => {
+    try {
+        const group = await bandadaApi.getGroup(groupId)
+        return group.members
+    } catch (error: any) {
+        showError(`Bandada getMembersOfGroup error: ${error}`, true)
+        return null
+    }
+}
+
+export const addMemberToGroup = async (groupId: string, dashboardUrl: string, identity: Identity) => {
+    const commitment = identity.commitment.toString()
+    const group = await bandadaApi.getGroup(groupId)
+    const providerName = group.credentials.id.split("_")[0].toLowerCase()
+
+    // 6. open a new window with the url:
+    const url = `${dashboardUrl}credentials?group=${groupId}&member=${commitment}&provider=${providerName}`
+    console.log(`${theme.text.bold(`Verification URL:`)} ${theme.text.underlined(url)}`)
+    open(url)
+
+    const { confirmation } = await askForConfirmation("Did you join the Bandada group in the browser?")
+    if (!confirmation) showError("You must join the Bandada group to continue the login process", true)
+}
+
+export const isGroupMember = async (groupId: string, identity: Identity): Promise<boolean> => {
+    const commitment = identity.commitment.toString()
+    const isMember: boolean = await bandadaApi.isGroupMember(groupId, commitment)
+    return isMember
+}

package/src/lib/errors.ts

@@ -6,7 +6,7 @@ export const CORE_SERVICES_ERRORS = {
     FIREBASE_TOKEN_EXPIRED_REMOVED_PERMISSIONS: `The Github authorization has failed due to lack of association between your account and the CLI`,
     FIREBASE_USER_DISABLED: `The Github account has been suspended by the ceremony coordinator(s), blocking the possibility of contribution. Please, contact them to understand the motivation behind it.`,
     FIREBASE_FAILED_CREDENTIALS_VERIFICATION: `Firebase cannot verify your Github credentials due to network errors. Please, try once again later.`,
-    FIREBASE_NETWORK_ERROR: `Unable to reach Firebase due to network erros. Please, try once again later and make sure your Internet connection is stable.`,
+    FIREBASE_NETWORK_ERROR: `Unable to reach Firebase due to network errors. Please, try once again later and make sure your Internet connection is stable.`,
     FIREBASE_CEREMONY_NOT_OPENED: `There are no ceremonies opened to contributions`,
     FIREBASE_CEREMONY_NOT_CLOSED: `There are no ceremonies ready to finalization`,
     AWS_CEREMONY_BUCKET_CREATION: `Unable to create a new bucket for the ceremony. Something went wrong during the creation. Please, repeat the process by providing a new ceremony name of the ceremony.`,
@@ -34,7 +34,7 @@ export const COMMAND_ERRORS = {
     COMMAND_SETUP_NO_R1CS: `Unable to retrieve R1CS files from current working directory. Please, run this command from a working directory where the R1CS files are located to continue with the setup process. We kindly ask you to run the command from an empty directory containing only the R1CS and WASM files.`,
     COMMAND_SETUP_NO_WASM: `Unable to retrieve WASM files from current working directory. Please, run this command from a working directory where the WASM files are located to continue with the setup process. We kindly ask you to run the command from an empty directory containing only the WASM and R1CS files.`,
     COMMAND_SETUP_MISMATCH_R1CS_WASM: `The folder contains more R1CS files than WASM files (or vice versa). Please, run this command from a working directory where each R1CS is paired with its corresponding file WASM.`,
-    COMMAND_SETUP_DOWNLOAD_PTAU: `Unable to download Powers of Tau file from Hermez Cryptography Phase 1 Trusted Setup. Possible causes may involve an error while making the request (be sure to have a stable internet connection). Please, we kindly ask you to terminate the current session and repeat the process.`,
+    COMMAND_SETUP_DOWNLOAD_PTAU: `Unable to download Powers of Tau file from PPoT Phase 1 Trusted Setup. Possible causes may involve an error while making the request (be sure to have a stable internet connection). Please, we kindly ask you to terminate the current session and repeat the process.`,
     COMMAND_SETUP_ABORT: `You chose to abort the setup process.`,
     COMMAND_CONTRIBUTE_NO_OPENED_CEREMONIES: `Unfortunately, there is no ceremony for which you can make a contribution at this time. Please, try again later.`,
     COMMAND_CONTRIBUTE_NO_PARTICIPANT_DATA: `Unable to retrieve your data as ceremony participant. Please, terminate the current session and try again later. If the error persists, please contact the ceremony coordinator.`,

package/src/lib/localConfigs.ts

@@ -24,6 +24,14 @@ const config = new Conf({
         accessToken: {
             type: "string",
             default: ""
+        },
+        bandadaIdentity: {
+            type: "string",
+            default: ""
+        },
+        authMethod: {
+            type: "string",
+            default: ""
         }
     }
 })
@@ -91,6 +99,52 @@ export const setLocalAccessToken = (token: string) => config.set("accessToken",
  */
 export const deleteLocalAccessToken = () => config.delete("accessToken")
 
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+export const getLocalBandadaIdentity = (): string | unknown => config.get("bandadaIdentity")
+
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+export const checkLocalBandadaIdentity = (): boolean => config.has("bandadaIdentity") && !!config.get("bandadaIdentity")
+
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+export const setLocalBandadaIdentity = (identity: string) => config.set("bandadaIdentity", identity)
+
+/**
+ * Delete the stored Bandada identity.
+ */
+export const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity")
+
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+export const getLocalAuthMethod = (): string | unknown => config.get("authMethod")
+
+/**
+ * Check if the authentication method exists in the local storage.
+ * @returns <boolean>
+ */
+export const checkLocalAuthMethod = (): boolean => config.has("authMethod") && !!config.get("authMethod")
+
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+export const setLocalAuthMethod = (method: string) => config.set("authMethod", method)
+
+/**
+ * Delete the stored authentication method.
+ */
+export const deleteLocalAuthMethod = () => config.delete("authMethod")
+
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/src/lib/prompts.ts

@@ -203,7 +203,7 @@ export const promptCircomCompiler = async (): Promise<CircomCompilerData> => {
  * Shows a list of circuits for a single option selection.
  * @dev the circuit names are derived from local R1CS files.
  * @param options <Array<string>> - an array of circuits names.
- * @returns Promise<string> - the name of the choosen circuit.
+ * @returns Promise<string> - the name of the chosen circuit.
  */
 export const promptCircuitSelector = async (options: Array<string>): Promise<string> => {
     const { circuitFilename } = await prompts({
@@ -223,7 +223,7 @@ export const promptCircuitSelector = async (options: Array<string>): Promise<str
  * Shows a list of standard EC2 VM instance types for a single option selection.
  * @notice the suggested VM configuration type is calculated based on circuit constraint size.
  * @param constraintSize <number> - the amount of circuit constraints
- * @returns Promise<string> - the name of the choosen VM type.
+ * @returns Promise<string> - the name of the chosen VM type.
  */
 export const promptVMTypeSelector = async (constraintSize): Promise<string> => {
     let suggestedConfiguration: number = 0
@@ -325,7 +325,7 @@ export const promptVMDiskTypeSelector = async (): Promise<DiskTypeForVM> => {
 /**
  * Show a series of questions about the circuits.
  * @param constraintSize <number> - the amount of circuit constraints.
- * @param timeoutMechanismType <CeremonyTimeoutType> - the choosen timeout mechanism type for the ceremony.
+ * @param timeoutMechanismType <CeremonyTimeoutType> - the chosen timeout mechanism type for the ceremony.
  * @param needPromptCircomCompiler <boolean> - a boolean value indicating if the questions related to the Circom compiler version and commit hash must be asked.
  * @param enforceVM <boolean> - a boolean value indicating if the contribution verification could be supported by VM-only approach or not.
  * @returns Promise<Array<Circuit>> - circuit info prompted by the coordinator.
@@ -422,7 +422,7 @@ export const promptCircuitInputData = async (
         circomCommitHash = commitHash
     }
 
-    // Ask for prefered contribution verification method (CF vs VM).
+    // Ask for preferred contribution verification method (CF vs VM).
     if (!enforceVM) {
         const { confirmation } = await askForConfirmation(
             `The contribution verification can be performed using Cloud Functions (CF, cheaper for small contributions but limited to 1M constraints) or custom virtual machines (expensive but could scale up to 30M constraints). Be aware about VM costs and if you wanna learn more, please visit the documentation to have a complete overview about cost estimation of the two mechanisms.\nChoose the contribution verification mechanism`,
@@ -432,7 +432,6 @@ export const promptCircuitInputData = async (
         cfOrVm = confirmation
             ? CircuitContributionVerificationMechanism.CF
             : CircuitContributionVerificationMechanism.VM
-
     } else {
         cfOrVm = CircuitContributionVerificationMechanism.VM
     }
@@ -587,7 +586,7 @@ export const promptCircuitAddition = async (): Promise<boolean> => {
  * Shows a list of pre-computed zKeys for a single option selection.
  * @dev the names are derived from local zKeys files.
  * @param options <Array<string>> - an array of pre-computed zKeys names.
- * @returns Promise<string> - the name of the choosen pre-computed zKey.
+ * @returns Promise<string> - the name of the chosen pre-computed zKey.
  */
 export const promptPreComputedZkeySelector = async (options: Array<string>): Promise<string> => {
     const { preComputedZkeyFilename } = await prompts({
@@ -634,13 +633,13 @@ export const promptNeededPowersForCircuit = async (suggestedSmallestNeededPowers
  * Shows a list of PoT files for a single option selection.
  * @dev the names are derived from local PoT files.
  * @param options <Array<string>> - an array of PoT file names.
- * @returns Promise<string> - the name of the choosen PoT.
+ * @returns Promise<string> - the name of the chosen PoT.
  */
 export const promptPotSelector = async (options: Array<string>): Promise<string> => {
     const { potFilename } = await prompts({
         type: "select",
         name: "potFilename",
-        message: theme.text.bold("Select the Powers of Tau file choosen for the circuit"),
+        message: theme.text.bold("Select the Powers of Tau file chosen for the circuit"),
         choices: options.map((option: string) => {
             console.log(option)
             return { title: option, value: option }
@@ -662,7 +661,8 @@ export const promptPotSelector = async (options: Array<string>): Promise<string>
  */
 export const promptForCeremonySelection = async (
     ceremoniesDocuments: Array<FirebaseDocumentInfo>,
-    isFinalizing: boolean
+    isFinalizing: boolean,
+    messageToDisplay?: string
 ): Promise<FirebaseDocumentInfo> => {
     // Prepare state.
     const choices: Array<Choice> = []
@@ -687,11 +687,7 @@ export const promptForCeremonySelection = async (
     const { ceremony } = await prompts({
         type: "select",
         name: "ceremony",
-        message: theme.text.bold(
-            !isFinalizing
-                ? "Which ceremony would you like to contribute to?"
-                : "Which ceremony would you like to finalize?"
-        ),
+        message: theme.text.bold(messageToDisplay),
         choices,
         initial: 0
     })
@@ -732,7 +728,7 @@ export const promptToTypeEntropyOrBeacon = async (isEntropy = true): Promise<str
  * @return <Promise<string>> - the entropy.
  */
 export const promptForEntropy = async (): Promise<string> => {
-    // Prompt for entropy generation prefered method.
+    // Prompt for entropy generation preferred method.
     const { confirmation } = await askForConfirmation(
         `Do you prefer to type your entropy or generate it randomly?`,
         "Manually",

package/src/lib/services.ts

@@ -6,13 +6,18 @@ import {
 import clear from "clear"
 import figlet from "figlet"
 import { FirebaseApp } from "firebase/app"
-import { OAuthCredential } from "firebase/auth"
+import { OAuthCredential, getAuth, signInWithCustomToken } from "firebase/auth"
 import dotenv from "dotenv"
 import { fileURLToPath } from "url"
 import { dirname } from "path"
 import { AuthUser } from "../types/index.js"
 import { CONFIG_ERRORS, CORE_SERVICES_ERRORS, showError, THIRD_PARTY_SERVICES_ERRORS } from "./errors.js"
-import { checkLocalAccessToken, deleteLocalAccessToken, getLocalAccessToken } from "./localConfigs.js"
+import {
+    checkLocalAccessToken,
+    deleteLocalAccessToken,
+    getLocalAccessToken,
+    getLocalAuthMethod
+} from "./localConfigs.js"
 import theme from "./theme.js"
 import { exchangeGithubTokenForCredentials, getGithubProviderUserId, getUserHandleFromProviderUserId } from "./utils.js"
 
@@ -164,22 +169,42 @@ export const checkAuth = async (firebaseApp: FirebaseApp): Promise<AuthUser> =>
     // Retrieve local access token.
     const token = String(getLocalAccessToken())
 
-    // Get credentials.
-    const credentials = exchangeGithubTokenForCredentials(token)
-
-    // Sign in to Firebase using credentials.
-    await signInToFirebase(firebaseApp, credentials)
+    let providerUserId: string
+    let username: string
+    const authMethod = getLocalAuthMethod()
+    switch (authMethod) {
+        case "github": {
+            // Get credentials.
+            const credentials = exchangeGithubTokenForCredentials(token)
+            // Sign in to Firebase using credentials.
+            await signInToFirebase(firebaseApp, credentials)
+            // Get Github unique identifier (handle-id).
+            providerUserId = await getGithubProviderUserId(String(token))
+            username = getUserHandleFromProviderUserId(providerUserId)
+            break
+        }
+        case "bandada": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token)
+            providerUserId = userCredentials.user.uid
+            username = providerUserId
+            break
+        }
+        case "siwe": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token)
+            providerUserId = userCredentials.user.uid
+            username = providerUserId
+            break
+        }
+        default: {
+            break
+        }
+    }
 
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp)
 
-    // Get Github unique identifier (handle-id).
-    const providerUserId = await getGithubProviderUserId(String(token))
-
     // Greet the user.
-    console.log(
-        `Greetings, @${theme.text.bold(getUserHandleFromProviderUserId(providerUserId))} ${theme.emojis.wave}\n`
-    )
+    console.log(`Greetings, @${theme.text.bold(username)} ${theme.emojis.wave}\n`)
 
     return {
         user,

package/src/lib/utils.ts

@@ -18,7 +18,8 @@ import {
     ParticipantContributionStep,
     permanentlyStoreCurrentContributionTimeAndHash,
     progressToNextContributionStep,
-    verifyContribution
+    verifyContribution,
+    contribHashRegex
 } from "@devtion/actions"
 import { Presets, SingleBar } from "cli-progress"
 import dotenv from "dotenv"
@@ -155,9 +156,11 @@ export const getPublicAttestationGist = async (
  * @returns <string> - the third-party provider handle of the user.
  */
 export const getUserHandleFromProviderUserId = (providerUserId: string): string => {
-    if (providerUserId.indexOf("-") === -1) showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_GET_GITHUB_ACCOUNT_INFO, true)
+    if (providerUserId.indexOf("-") === -1) {
+        return providerUserId
+    }
 
-    return providerUserId.split("-")[0]
+    return providerUserId.substring(0, providerUserId.lastIndexOf("-"))
 }
 
 /**
@@ -309,8 +312,9 @@ export const generateCustomUrlToTweetAboutParticipation = (
     ceremonyName: string,
     gistUrl: string,
     isFinalizing: boolean
-) =>
-    isFinalizing
+) => {
+    ceremonyName = ceremonyName.replace(/ /g, "%20")
+    return isFinalizing
         ? `https://twitter.com/intent/tweet?text=I%20have%20finalized%20the%20${ceremonyName}${
               ceremonyName.toLowerCase().includes("trusted") ||
               ceremonyName.toLowerCase().includes("setup") ||
@@ -327,6 +331,7 @@ export const generateCustomUrlToTweetAboutParticipation = (
                   ? "!"
                   : "%20Phase%202%20Trusted%20Setup%20ceremony!"
           }%20You%20can%20view%20the%20steps%20to%20contribute%20here:%20https://ceremony.pse.dev%20You%20can%20view%20my%20attestation%20here:%20${gistUrl}%20#Ethereum%20#ZKP`
+}
 
 /**
  * Return a custom progress bar.
@@ -662,7 +667,7 @@ export const handleStartOrResumeContribution = async (
 
         // Read local transcript file info to get the contribution hash.
         const transcriptContents = readFile(transcriptLocalFilePath)
-        const matchContributionHash = transcriptContents.match(/Contribution.+Hash.+\n\t\t.+\n\t\t.+\n.+\n\t\t.+\n/)
+        const matchContributionHash = transcriptContents.match(contribHashRegex)
 
         if (!matchContributionHash)
             showError(COMMAND_ERRORS.COMMAND_CONTRIBUTE_FINALIZE_NO_TRANSCRIPT_CONTRIBUTION_HASH_MATCH, true)
@@ -739,8 +744,7 @@ export const handleStartOrResumeContribution = async (
             )
 
             progressBar.stop()
-        }
-        else
+        } else
             await multiPartUpload(
                 cloudFunctions,
                 bucketName,
@@ -751,7 +755,7 @@ export const handleStartOrResumeContribution = async (
 
         // small sleep to ensure the previous step is completed
         await sleep(5000)
-        
+
         spinner.succeed(
             `${
                 isFinalizing ? `Contribution` : `Contribution ${theme.text.bold(`#${nextZkeyIndex}`)}`

package/src/types/index.ts

@@ -68,3 +68,78 @@ export type GithubGistFile = {
     raw_url: string
     size: number
 }
+
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean
+    message: string
+    token: string
+}
+
+/**
+ * Define the return object of the device code uri request.
+ * @typedef {Object} OAuthDeviceCodeResponse
+ * @property {string} device_code - the device code.
+ * @property {string} user_code - the user code.
+ * @property {string} verification_uri - the verification uri.
+ * @property {number} expires_in - the expiration time in seconds.
+ * @property {number} interval - the interval time in seconds.
+ * @property {string} verification_uri_complete - the complete verification uri.
+ * @property {string} error - in case there was an error, show the code
+ * @property {string} error_description - error details.
+ * @property {string} error_uri - error uri.
+ */
+export type OAuthDeviceCodeResponse = {
+    device_code: string
+    user_code: string
+    verification_uri: string
+    expires_in: number
+    interval: number
+    verification_uri_complete: string
+    // error response should contain
+    error?: string
+    error_description?: string
+    error_uri?: string
+}
+
+/**
+ * Define the return object of the polling endpoint
+ * @typedef {Object} OAuthTokenResponse
+ * @property {string} access_token - the resulting device flow token
+ * @property {string} token_type - token type
+ * @property {number} expires_in - when does the token expires
+ * @property {string} scope - the scope requested by the initial device flow endpoint
+ * @property {string} refresh_token - refresh token
+ * @property {string} id_token - id token
+ * @property {string} error - in case there was an error, show the code
+ * @property {string} error_description - error details
+ */
+export type OAuthTokenResponse = {
+    access_token: string
+    token_type: string
+    expires_in: number
+    scope: string
+    refresh_token: string
+    id_token: string
+    // error response should contain
+    error?: string
+    error_description?: string
+}
+
+/**
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking was valid or not
+ * @property {string} message - more information about the validity
+ * @property {string} token - token to sign into Firebase
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean
+    message: string
+    token: string
+}