@devtion/devcli 0.0.0-56ecf35 → 0.0.0-57a8ab9

package/dist/.env

@@ -23,6 +23,13 @@ FIREBASE_CF_URL_VERIFY_CONTRIBUTION=https://verifycontribution-mq4aqokliq-ew.a.r
 
 # The unique identifier for the Github client associated to the OAuth Application.
 AUTH_GITHUB_CLIENT_ID=e9f8a5fabdfe0d95618c
+### BANDADA AUTHENTICATION ###
+# The Bandada API URL to be used for authentication.
+BANDADA_API_URL=https://api.bandada.pse.dev/
+# The Bandada group id that will be used for the credentials criteria (e.g. GH followers)
+BANDADA_GROUP_ID=40887196405294111455930028907236
+# The Bandada dashboard URL to administrate the groups
+BANDADA_DASHBOARD_URL=https://bandada.pse.dev/
 
 ### AWS S3 STORAGE ###
 ### These configs are related to the configuration of the interaction with the

package/dist/index.js

@@ -10,19 +10,19 @@
 */
 import { createCommand } from 'commander';
 import fs, { readFileSync, createWriteStream, existsSync, renameSync } from 'fs';
-import { dirname } from 'path';
+import path, { dirname } from 'path';
 import { fileURLToPath } from 'url';
-import { zKey } from 'snarkjs';
+import { zKey, groth16 } from 'snarkjs';
 import boxen from 'boxen';
 import { pipeline } from 'node:stream';
 import { promisify } from 'node:util';
 import fetch$1 from 'node-fetch';
-import { commonTerms, formatZkeyIndex, getZkeyStorageFilePath, finalContributionIndex, createCustomLoggerForFile, getBucketName, progressToNextContributionStep, permanentlyStoreCurrentContributionTimeAndHash, convertToDoubleDigits, multiPartUpload, verifyContribution, generateGetObjectPreSignedUrl, convertBytesOrKbToGb, numExpIterations, getDocumentById, getParticipantsCollectionPath, fromQueryToFirebaseDocumentInfo, getAllCollectionDocs, extractPrefix, autoGenerateEntropy, vmConfigurationTypes, initializeFirebaseCoreServices, signInToFirebaseWithCredentials, getCurrentFirebaseAuthUser, isCoordinator, parseCeremonyFile, blake512FromPath, checkIfObjectExist, setupCeremony, genesisZkeyIndex, getR1csStorageFilePath, getWasmStorageFilePath, getPotStorageFilePath, extractPoTFromFilename, potFileDownloadMainUrl, createS3Bucket, potFilenameTemplate, getR1CSInfo, getOpenedCeremonies, getCeremonyCircuits, checkParticipantForCeremony, getCurrentActiveParticipantTimeout, getCircuitBySequencePosition, getCircuitContributionsFromContributor, progressToNextCircuitForContribution, resumeContributionAfterTimeoutExpiration, generateValidContributionsAttestation, getContributionsValidityForContributor, getClosedCeremonies, checkAndPrepareCoordinatorForFinalization, computeSHA256ToHex, finalizeCeremony, getVerificationKeyStorageFilePath, verificationKeyAcronym, getVerifierContractStorageFilePath, verifierSmartContractAcronym, finalizeCircuit, exportVkey, exportVerifierContract } from '@devtion/actions';
+import { commonTerms, formatZkeyIndex, getZkeyStorageFilePath, finalContributionIndex, createCustomLoggerForFile, getBucketName, progressToNextContributionStep, permanentlyStoreCurrentContributionTimeAndHash, convertToDoubleDigits, multiPartUpload, verifyContribution, generateGetObjectPreSignedUrl, convertBytesOrKbToGb, numExpIterations, getDocumentById, getParticipantsCollectionPath, fromQueryToFirebaseDocumentInfo, getAllCollectionDocs, extractPrefix, autoGenerateEntropy, vmConfigurationTypes, initializeFirebaseCoreServices, signInToFirebaseWithCredentials, getCurrentFirebaseAuthUser, isCoordinator, parseCeremonyFile, blake512FromPath, checkIfObjectExist, setupCeremony, genesisZkeyIndex, getR1csStorageFilePath, getWasmStorageFilePath, getPotStorageFilePath, extractPoTFromFilename, potFileDownloadMainUrl, createS3Bucket, potFilenameTemplate, getR1CSInfo, getOpenedCeremonies, getCeremonyCircuits, checkParticipantForCeremony, getCurrentActiveParticipantTimeout, getCircuitBySequencePosition, getCircuitContributionsFromContributor, progressToNextCircuitForContribution, resumeContributionAfterTimeoutExpiration, generateValidContributionsAttestation, getContributionsValidityForContributor, getClosedCeremonies, checkAndPrepareCoordinatorForFinalization, computeSHA256ToHex, finalizeCeremony, getVerificationKeyStorageFilePath, verificationKeyAcronym, getVerifierContractStorageFilePath, verifierSmartContractAcronym, finalizeCircuit, exportVkey, exportVerifierContract, getAllCeremonies } from '@devtion/actions';
 import fetch from '@adobe/node-fetch-retry';
 import { request } from '@octokit/request';
 import { SingleBar, Presets } from 'cli-progress';
 import dotenv from 'dotenv';
-import { GithubAuthProvider, getAuth, signOut } from 'firebase/auth';
+import { GithubAuthProvider, signInWithCustomToken, getAuth, signOut } from 'firebase/auth';
 import { getDiskInfoSync } from 'node-disk-info';
 import ora from 'ora';
 import { Timer } from 'timer-node';
@@ -36,7 +36,10 @@ import figlet from 'figlet';
 import { createOAuthDeviceAuth } from '@octokit/auth-oauth-device';
 import clipboard from 'clipboardy';
 import open from 'open';
-import { Timestamp, onSnapshot } from 'firebase/firestore';
+import { Identity } from '@semaphore-protocol/identity';
+import { httpsCallable } from 'firebase/functions';
+import { ApiSdk } from '@bandada/api-sdk';
+import { Timestamp, onSnapshot, doc, collection, getDocs } from 'firebase/firestore';
 import readline from 'readline';
 
 /**
@@ -250,6 +253,10 @@ const config = new Conf({
         accessToken: {
             type: "string",
             default: ""
+        },
+        bandadaIdentity: {
+            type: "string",
+            default: ""
         }
     }
 });
@@ -310,6 +317,25 @@ const setLocalAccessToken = (token) => config.set("accessToken", token);
  * Delete the stored access token.
  */
 const deleteLocalAccessToken = () => config.delete("accessToken");
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+const getLocalBandadaIdentity = () => config.get("bandadaIdentity");
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+const checkLocalBandadaIdentity = () => config.has("bandadaIdentity") && !!config.get("bandadaIdentity");
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+const setLocalBandadaIdentity = (identity) => config.set("bandadaIdentity", identity);
+/**
+ * Delete the stored Bandada identity.
+ */
+const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity");
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.
@@ -420,7 +446,7 @@ const getGithubAuthenticatedUserGists = async (githubToken, params) => {
         headers: {
             authorization: `token ${githubToken}`
         },
-        per_page: params.perPage,
+        per_page: params.perPage, // max items per page = 100.
         page: params.page
     });
     if (response && response.status === 200)
@@ -468,8 +494,9 @@ const getPublicAttestationGist = async (githubToken, publicAttestationFilename)
  * @returns <string> - the third-party provider handle of the user.
  */
 const getUserHandleFromProviderUserId = (providerUserId) => {
-    if (providerUserId.indexOf("-") === -1)
-        showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_GET_GITHUB_ACCOUNT_INFO, true);
+    if (providerUserId.indexOf("-") === -1) {
+        return providerUserId;
+    }
     return providerUserId.split("-")[0];
 };
 /**
@@ -1560,16 +1587,27 @@ const checkAuth = async (firebaseApp) => {
         showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_NOT_AUTHENTICATED, true);
     // Retrieve local access token.
     const token = String(getLocalAccessToken());
-    // Get credentials.
-    const credentials = exchangeGithubTokenForCredentials(token);
-    // Sign in to Firebase using credentials.
-    await signInToFirebase(firebaseApp, credentials);
+    let providerUserId;
+    let username;
+    const isLocalBandadaIdentityStored = checkLocalBandadaIdentity();
+    if (isLocalBandadaIdentityStored) {
+        const userCredentials = await signInWithCustomToken(getAuth(), token);
+        providerUserId = userCredentials.user.uid;
+        username = providerUserId;
+    }
+    else {
+        // Get credentials.
+        const credentials = exchangeGithubTokenForCredentials(token);
+        // Sign in to Firebase using credentials.
+        await signInToFirebase(firebaseApp, credentials);
+        // Get Github unique identifier (handle-id).
+        providerUserId = await getGithubProviderUserId(String(token));
+        username = getUserHandleFromProviderUserId(providerUserId);
+    }
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp);
-    // Get Github unique identifier (handle-id).
-    const providerUserId = await getGithubProviderUserId(String(token));
     // Greet the user.
-    console.log(`Greetings, @${theme.text.bold(getUserHandleFromProviderUserId(providerUserId))} ${theme.emojis.wave}\n`);
+    console.log(`Greetings, @${theme.text.bold(username)} ${theme.emojis.wave}\n`);
     return {
         user,
         token,
@@ -2225,6 +2263,91 @@ const auth = async () => {
     terminate(providerUserId);
 };
 
+const { BANDADA_API_URL } = process.env;
+const bandadaApi = new ApiSdk(BANDADA_API_URL);
+const addMemberToGroup = async (groupId, dashboardUrl, identity) => {
+    const commitment = identity.commitment.toString();
+    const group = await bandadaApi.getGroup(groupId);
+    const providerName = group.credentials.id.split("_")[0].toLowerCase();
+    // 6. open a new window with the url:
+    const url = `${dashboardUrl}credentials?group=${groupId}&member=${commitment}&provider=${providerName}`;
+    console.log(`${theme.text.bold(`Verification URL:`)} ${theme.text.underlined(url)}`);
+    open(url);
+    const { confirmation } = await askForConfirmation("Did you join the Bandada group in the browser?");
+    if (!confirmation)
+        showError("You must join the Bandada group to continue the login process", true);
+};
+const isGroupMember = async (groupId, identity) => {
+    const commitment = identity.commitment.toString();
+    const isMember = await bandadaApi.isGroupMember(groupId, commitment);
+    return isMember;
+};
+
+const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env;
+const authBandada = async () => {
+    const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+    const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`);
+    spinner.start();
+    // 1. check if _identity string exists in local storage
+    let identityString;
+    const isIdentityStringStored = checkLocalBandadaIdentity();
+    if (isIdentityStringStored) {
+        identityString = getLocalBandadaIdentity();
+        spinner.succeed(`Identity seed found\n`);
+    }
+    else {
+        spinner.warn(`Identity seed not found\n`);
+        // 2. generate a random _identity string and save it in local storage
+        const { seed } = await prompts({
+            type: "text",
+            name: "seed",
+            message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+            initial: false
+        });
+        identityString = seed;
+        setLocalBandadaIdentity(identityString);
+    }
+    // 3. create a semaphore identity with _identity string as a seed
+    const identity = new Identity(identityString);
+    // 4. check if the user is a member of the group
+    console.log(`Checking Bandada membership...`);
+    const isMember = await isGroupMember(BANDADA_GROUP_ID, identity);
+    if (!isMember) {
+        await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity);
+    }
+    // 5. generate a proof that the user owns the commitment.
+    spinner.text = `Generating proof of identity...`;
+    spinner.start();
+    // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+    const { proof, publicSignals } = await groth16.fullProve({
+        identityTrapdoor: identity.trapdoor,
+        identityNullifier: identity.nullifier,
+        externalNullifier: BANDADA_GROUP_ID
+    }, path.join(path.resolve(), "/public/mini-semaphore.wasm"), path.join(path.resolve(), "/public/mini-semaphore.zkey"));
+    spinner.succeed(`Proof generated.\n`);
+    spinner.text = `Sending proof to verification...`;
+    spinner.start();
+    // 6. send proof to a cloud function that verifies it and checks membership
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof);
+    const result = await cf({
+        proof,
+        publicSignals
+    });
+    const { valid, token, message } = result.data;
+    if (!valid) {
+        showError(message, true);
+    }
+    spinner.succeed(`Proof verified.\n`);
+    spinner.text = `Authenticating...`;
+    spinner.start();
+    // 7. Auth to p0tion firebase
+    const userCredentials = await signInWithCustomToken(getAuth(), token);
+    setLocalAccessToken(token);
+    spinner.succeed(`Authenticated as ${theme.text.bold(userCredentials.user.uid)}.`);
+    console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+    process.exit(0);
+};
+
 /**
  * Return the verification result for latest contribution.
  * @param firestoreDatabase <Firestore> - the Firestore service instance associated to the current Firebase application.
@@ -2416,8 +2539,12 @@ const handlePublicAttestation = async (firestoreDatabase, circuits, ceremonyId,
     // Write public attestation locally.
     writeFile(getAttestationLocalFilePath(`${ceremonyPrefix}_${commonTerms.foldersAndPathsTerms.attestation}.log`), Buffer.from(publicAttestation));
     await sleep(1000); // workaround for file descriptor unexpected close.
-    const gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix);
-    console.log(`\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(theme.text.underlined(gistUrl))})`);
+    let gistUrl = "";
+    const isBandada = checkLocalBandadaIdentity();
+    if (!isBandada) {
+        gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix);
+        console.log(`\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(theme.text.underlined(gistUrl))})`);
+    }
     // Prepare a ready-to-share tweet.
     await handleTweetGeneration(ceremonyName, gistUrl);
 };
@@ -3133,6 +3260,7 @@ const logout = async () => {
             await signOut(auth);
             // Delete local token.
             deleteLocalAccessToken();
+            deleteLocalBandadaIdentity();
             await sleep(3000); // ~3s.
             spinner.stop();
             console.log(`${theme.symbols.success} Logout successfully completed`);
@@ -3194,6 +3322,37 @@ const listCeremonies = async () => {
     }
 };
 
+const listParticipants = async () => {
+    try {
+        const { firestoreDatabase } = await bootstrapCommandExecutionAndServices();
+        const allCeremonies = await getAllCeremonies(firestoreDatabase);
+        const selectedCeremony = await promptForCeremonySelection(allCeremonies, true);
+        const docRef = doc(firestoreDatabase, commonTerms.collections.ceremonies.name, selectedCeremony.id);
+        const participantsRef = collection(docRef, "participants");
+        const participantsSnapshot = await getDocs(participantsRef);
+        const participants = participantsSnapshot.docs.map((participantDoc) => participantDoc.data().userId);
+        console.log(participants);
+        /* const usersRef = collection(firestoreDatabase, "users")
+        const usersSnapshot = await getDocs(usersRef)
+        const users = usersSnapshot.docs.map((userDoc) => userDoc.data())
+        console.log(users) */
+    }
+    catch (err) {
+        showError(`Something went wrong: ${err.toString()}`, true);
+    }
+    process.exit(0);
+};
+
+const setCeremonyCommands = (program) => {
+    const ceremony = program.command("ceremony").description("manage ceremonies");
+    ceremony
+        .command("participants")
+        .description("retrieve participants list of a ceremony")
+        .requiredOption("-c, --ceremony <string>", "the prefix of the ceremony you want to retrieve information about", "")
+        .action(listParticipants);
+    return ceremony;
+};
+
 // Get pkg info (e.g., name, version).
 const packagePath = `${dirname(fileURLToPath(import.meta.url))}/..`;
 const { description, version, name } = JSON.parse(readFileSync(`${packagePath}/package.json`, "utf8"));
@@ -3202,6 +3361,10 @@ const program = createCommand();
 program.name(name).description(description).version(version);
 // User commands.
 program.command("auth").description("authenticate yourself using your Github account (OAuth 2.0)").action(auth);
+program
+    .command("auth-bandada")
+    .description("authenticate yourself in a privacy-perserving manner using Bandada")
+    .action(authBandada);
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")
@@ -3220,25 +3383,26 @@ program
     .action(logout);
 program
     .command("validate")
-    .description("Validate that a Ceremony Setup file is correct")
+    .description("validate that a Ceremony Setup file is correct")
     .requiredOption("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-c, --constraints <number>", "The number of constraints to check against")
     .action(validate);
 // Only coordinator commands.
-const ceremony = program.command("coordinate").description("commands for coordinating a ceremony");
-ceremony
+const coordinate = program.command("coordinate").description("commands for coordinating a ceremony");
+coordinate
     .command("setup")
     .description("setup a Groth16 Phase 2 Trusted Setup ceremony for zk-SNARK circuits")
     .option("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-a, --auth <string>", "The Github OAuth 2.0 token", "")
     .action(setup);
-ceremony
+coordinate
     .command("observe")
     .description("observe in real-time the waiting queue of each ceremony circuit")
     .action(observe);
-ceremony
+coordinate
     .command("finalize")
     .description("finalize a Phase2 Trusted Setup ceremony by applying a beacon, exporting verification key and verifier contract")
     .option("-a, --auth <string>", "the Github OAuth 2.0 token", "")
     .action(finalize);
+setCeremonyCommands(program);
 program.parseAsync(process.argv);

package/dist/types/commands/authBandada.d.ts

@@ -0,0 +1,2 @@
+declare const authBandada: () => Promise<never>;
+export default authBandada;

package/dist/types/commands/ceremony/index.d.ts

@@ -0,0 +1,3 @@
+import { Command } from "commander";
+declare const setCeremonyCommands: (program: Command) => Command;
+export default setCeremonyCommands;

package/dist/types/commands/ceremony/listParticipants.d.ts

@@ -0,0 +1,2 @@
+declare const listParticipants: () => Promise<never>;
+export default listParticipants;

package/dist/types/commands/index.d.ts

@@ -1,5 +1,6 @@
 export { default as setup } from "./setup.js";
 export { default as auth } from "./auth.js";
+export { default as authBandada } from "./authBandada.js";
 export { default as contribute } from "./contribute.js";
 export { default as observe } from "./observe.js";
 export { default as finalize } from "./finalize.js";

package/dist/types/lib/bandada.d.ts

@@ -0,0 +1,6 @@
+import { GroupResponse } from "@bandada/api-sdk";
+import { Identity } from "@semaphore-protocol/identity";
+export declare const getGroup: (groupId: string) => Promise<GroupResponse | null>;
+export declare const getMembersOfGroup: (groupId: string) => Promise<string[] | null>;
+export declare const addMemberToGroup: (groupId: string, dashboardUrl: string, identity: Identity) => Promise<void>;
+export declare const isGroupMember: (groupId: string, identity: Identity) => Promise<boolean>;

package/dist/types/lib/files.d.ts

@@ -1,4 +1,5 @@
 /// <reference types="node" />
+/// <reference types="node" />
 import { Dirent, Stats } from "fs";
 /**
  * Check a directory path.

package/dist/types/lib/localConfigs.d.ts

@@ -35,6 +35,25 @@ export declare const setLocalAccessToken: (token: string) => void;
  * Delete the stored access token.
  */
 export declare const deleteLocalAccessToken: () => void;
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+export declare const getLocalBandadaIdentity: () => string | unknown;
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+export declare const checkLocalBandadaIdentity: () => boolean;
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+export declare const setLocalBandadaIdentity: (identity: string) => void;
+/**
+ * Delete the stored Bandada identity.
+ */
+export declare const deleteLocalBandadaIdentity: () => void;
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/dist/types/types/index.d.ts

@@ -63,3 +63,15 @@ export type GithubGistFile = {
     raw_url: string;
     size: number;
 };
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean;
+    message: string;
+    token: string;
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@devtion/devcli",
   "type": "module",
-  "version": "0.0.0-56ecf35",
+  "version": "0.0.0-57a8ab9",
   "description": "All-in-one interactive command-line for interfacing with zkSNARK Phase 2 Trusted Setup ceremonies",
   "repository": "git@github.com:privacy-scaling-explorations/p0tion.git",
   "homepage": "https://github.com/privacy-scaling-explorations/p0tion",
@@ -34,11 +34,13 @@
     "build:watch": "rollup -c rollup.config.ts -w --configPlugin typescript",
     "start": "ts-node --esm ./src/index.ts",
     "auth": "yarn start auth",
+    "auth:bandada": "yarn start auth-bandada",
     "contribute": "yarn start contribute",
     "clean": "yarn start clean",
     "list": "yarn start list",
     "logout": "yarn start logout",
     "validate": "yarn start validate",
+    "ceremony:participants": "yarn start ceremony participants",
     "coordinate:setup": "yarn start coordinate setup",
     "coordinate:observe": "yarn start coordinate observe",
     "coordinate:finalize": "yarn start coordinate finalize",
@@ -65,10 +67,12 @@
   "dependencies": {
     "@adobe/node-fetch-retry": "^2.2.0",
     "@aws-sdk/client-s3": "^3.329.0",
+    "@bandada/api-sdk": "^1.0.0-beta.1",
     "@devtion/actions": "latest",
     "@octokit/auth-oauth-app": "^5.0.5",
     "@octokit/auth-oauth-device": "^4.0.4",
     "@octokit/request": "^6.2.3",
+    "@semaphore-protocol/identity": "^3.15.1",
     "blakejs": "^1.2.1",
     "boxen": "^7.1.0",
     "chalk": "^5.2.0",
@@ -78,6 +82,7 @@
     "commander": "^10.0.1",
     "conf": "^11.0.1",
     "dotenv": "^16.0.3",
+    "ethers": "^6.9.0",
     "figlet": "^1.6.0",
     "firebase": "^9.21.0",
     "log-symbols": "^5.1.0",
@@ -90,12 +95,12 @@
     "prompts": "^2.4.2",
     "rimraf": "^5.0.0",
     "rollup": "^3.21.6",
-    "snarkjs": "^0.6.11",
+    "snarkjs": "0.7.3",
     "timer-node": "^5.0.7",
     "winston": "^3.8.2"
   },
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "7d72963a1027f3e86cecf40d3255f04cc74e4826"
+  "gitHead": "6bddf60f1121786c19ad4437e0448de4c859b829"
 }

package/src/commands/authBandada.ts

@@ -0,0 +1,99 @@
+import { Identity } from "@semaphore-protocol/identity"
+
+import { commonTerms } from "@devtion/actions"
+import { httpsCallable } from "firebase/functions"
+import { groth16 } from "snarkjs"
+import path from "path"
+import { getAuth, signInWithCustomToken } from "firebase/auth"
+import theme from "../lib/theme.js"
+import { customSpinner } from "../lib/utils.js"
+import { VerifiedBandadaResponse } from "../types/index.js"
+import { showError } from "../lib/errors.js"
+import { bootstrapCommandExecutionAndServices } from "../lib/services.js"
+import { addMemberToGroup, isGroupMember } from "../lib/bandada.js"
+import {
+    checkLocalBandadaIdentity,
+    getLocalBandadaIdentity,
+    setLocalAccessToken,
+    setLocalBandadaIdentity
+} from "../lib/localConfigs.js"
+import prompts from "prompts"
+
+const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env
+
+const authBandada = async () => {
+    const { firebaseFunctions } = await bootstrapCommandExecutionAndServices()
+    const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`)
+    spinner.start()
+    // 1. check if _identity string exists in local storage
+    let identityString: string | unknown
+    const isIdentityStringStored = checkLocalBandadaIdentity()
+    if (isIdentityStringStored) {
+        identityString = getLocalBandadaIdentity()
+        spinner.succeed(`Identity seed found\n`)
+    } else {
+        spinner.warn(`Identity seed not found\n`)
+        // 2. generate a random _identity string and save it in local storage
+        const { seed } = await prompts({
+            type: "text",
+            name: "seed",
+            message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+            initial: false
+        })
+        identityString = seed as string
+        setLocalBandadaIdentity(identityString as string)
+    }
+    // 3. create a semaphore identity with _identity string as a seed
+    const identity = new Identity(identityString as string)
+
+    // 4. check if the user is a member of the group
+    console.log(`Checking Bandada membership...`)
+    const isMember = await isGroupMember(BANDADA_GROUP_ID, identity)
+    if (!isMember) {
+        await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity)
+    }
+
+    // 5. generate a proof that the user owns the commitment.
+    spinner.text = `Generating proof of identity...`
+    spinner.start()
+    // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+    const { proof, publicSignals } = await groth16.fullProve(
+        {
+            identityTrapdoor: identity.trapdoor,
+            identityNullifier: identity.nullifier,
+            externalNullifier: BANDADA_GROUP_ID
+        },
+        path.join(path.resolve(), "/public/mini-semaphore.wasm"),
+        path.join(path.resolve(), "/public/mini-semaphore.zkey")
+    )
+    spinner.succeed(`Proof generated.\n`)
+    spinner.text = `Sending proof to verification...`
+    spinner.start()
+    // 6. send proof to a cloud function that verifies it and checks membership
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof)
+    const result = await cf({
+        proof,
+        publicSignals
+    })
+    const { valid, token, message } = result.data as VerifiedBandadaResponse
+    if (!valid) {
+        showError(message, true)
+    }
+    spinner.succeed(`Proof verified.\n`)
+    spinner.text = `Authenticating...`
+    spinner.start()
+    // 7. Auth to p0tion firebase
+    const userCredentials = await signInWithCustomToken(getAuth(), token)
+    setLocalAccessToken(token)
+    spinner.succeed(`Authenticated as ${theme.text.bold(userCredentials.user.uid)}.`)
+
+    console.log(
+        `\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(
+            `phase2cli logout`
+        )} command`
+    )
+
+    process.exit(0)
+}
+
+export default authBandada

package/src/commands/ceremony/index.ts

@@ -0,0 +1,20 @@
+import { Command } from "commander"
+import listParticipants from "./listParticipants.js"
+
+const setCeremonyCommands = (program: Command) => {
+    const ceremony = program.command("ceremony").description("manage ceremonies")
+
+    ceremony
+        .command("participants")
+        .description("retrieve participants list of a ceremony")
+        .requiredOption(
+            "-c, --ceremony <string>",
+            "the prefix of the ceremony you want to retrieve information about",
+            ""
+        )
+        .action(listParticipants)
+
+    return ceremony
+}
+
+export default setCeremonyCommands

package/src/commands/ceremony/listParticipants.ts

@@ -0,0 +1,30 @@
+import { collection, doc, getDocs } from "firebase/firestore"
+import { commonTerms, getAllCeremonies } from "@devtion/actions"
+import { bootstrapCommandExecutionAndServices } from "../../lib/services.js"
+import { showError } from "../../lib/errors.js"
+import { promptForCeremonySelection } from "../../lib/prompts.js"
+
+const listParticipants = async () => {
+    try {
+        const { firestoreDatabase } = await bootstrapCommandExecutionAndServices()
+
+        const allCeremonies = await getAllCeremonies(firestoreDatabase)
+        const selectedCeremony = await promptForCeremonySelection(allCeremonies, true)
+
+        const docRef = doc(firestoreDatabase, commonTerms.collections.ceremonies.name, selectedCeremony.id)
+        const participantsRef = collection(docRef, "participants")
+        const participantsSnapshot = await getDocs(participantsRef)
+        const participants = participantsSnapshot.docs.map((participantDoc) => participantDoc.data().userId)
+        console.log(participants)
+
+        /* const usersRef = collection(firestoreDatabase, "users")
+        const usersSnapshot = await getDocs(usersRef)
+        const users = usersSnapshot.docs.map((userDoc) => userDoc.data())
+        console.log(users) */
+    } catch (err: any) {
+        showError(`Something went wrong: ${err.toString()}`, true)
+    }
+    process.exit(0)
+}
+
+export default listParticipants

package/src/commands/contribute.ts

@@ -41,7 +41,7 @@ import {
 } from "../lib/utils.js"
 import { COMMAND_ERRORS, showError } from "../lib/errors.js"
 import { authWithToken, bootstrapCommandExecutionAndServices, checkAuth } from "../lib/services.js"
-import { getAttestationLocalFilePath, localPaths } from "../lib/localConfigs.js"
+import { checkLocalBandadaIdentity, getAttestationLocalFilePath, localPaths } from "../lib/localConfigs.js"
 import theme from "../lib/theme.js"
 import { checkAndMakeNewDirectoryIfNonexistent, writeFile } from "../lib/files.js"
 
@@ -419,14 +419,19 @@ export const handlePublicAttestation = async (
 
     await sleep(1000) // workaround for file descriptor unexpected close.
 
-    const gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix)
-
-    console.log(
-        `\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(
-            theme.text.underlined(gistUrl)
-        )})`
-    )
+    let gistUrl = ""
+    const isBandada = checkLocalBandadaIdentity()
+    if (!isBandada) {
+        gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix)
 
+        console.log(
+            `\n${
+                theme.symbols.info
+            } Your public attestation has been successfully posted as Github Gist (${theme.text.bold(
+                theme.text.underlined(gistUrl)
+            )})`
+        )
+    }
     // Prepare a ready-to-share tweet.
     await handleTweetGeneration(ceremonyName, gistUrl)
 }

package/src/commands/index.ts

@@ -1,5 +1,6 @@
 export { default as setup } from "./setup.js"
 export { default as auth } from "./auth.js"
+export { default as authBandada } from "./authBandada.js"
 export { default as contribute } from "./contribute.js"
 export { default as observe } from "./observe.js"
 export { default as finalize } from "./finalize.js"

package/src/commands/logout.ts

@@ -6,7 +6,7 @@ import { showError } from "../lib/errors.js"
 import { askForConfirmation } from "../lib/prompts.js"
 import { customSpinner, sleep, terminate } from "../lib/utils.js"
 import theme from "../lib/theme.js"
-import { deleteLocalAccessToken } from "../lib/localConfigs.js"
+import { deleteLocalAccessToken, deleteLocalBandadaIdentity } from "../lib/localConfigs.js"
 
 /**
  * Logout command.
@@ -53,6 +53,7 @@ const logout = async () => {
 
             // Delete local token.
             deleteLocalAccessToken()
+            deleteLocalBandadaIdentity()
 
             await sleep(3000) // ~3s.
 

package/src/index.ts

@@ -7,6 +7,7 @@ import { fileURLToPath } from "url"
 import {
     setup,
     auth,
+    authBandada,
     contribute,
     observe,
     finalize,
@@ -15,6 +16,7 @@ import {
     validate,
     listCeremonies
 } from "./commands/index.js"
+import setCeremonyCommands from "./commands/ceremony/index.js"
 
 // Get pkg info (e.g., name, version).
 const packagePath = `${dirname(fileURLToPath(import.meta.url))}/..`
@@ -26,6 +28,10 @@ program.name(name).description(description).version(version)
 
 // User commands.
 program.command("auth").description("authenticate yourself using your Github account (OAuth 2.0)").action(auth)
+program
+    .command("auth-bandada")
+    .description("authenticate yourself in a privacy-perserving manner using Bandada")
+    .action(authBandada)
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")
@@ -44,27 +50,27 @@ program
     .action(logout)
 program
     .command("validate")
-    .description("Validate that a Ceremony Setup file is correct")
+    .description("validate that a Ceremony Setup file is correct")
     .requiredOption("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-c, --constraints <number>", "The number of constraints to check against")
     .action(validate)
 
 // Only coordinator commands.
-const ceremony = program.command("coordinate").description("commands for coordinating a ceremony")
+const coordinate = program.command("coordinate").description("commands for coordinating a ceremony")
 
-ceremony
+coordinate
     .command("setup")
     .description("setup a Groth16 Phase 2 Trusted Setup ceremony for zk-SNARK circuits")
     .option("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-a, --auth <string>", "The Github OAuth 2.0 token", "")
     .action(setup)
 
-ceremony
+coordinate
     .command("observe")
     .description("observe in real-time the waiting queue of each ceremony circuit")
     .action(observe)
 
-ceremony
+coordinate
     .command("finalize")
     .description(
         "finalize a Phase2 Trusted Setup ceremony by applying a beacon, exporting verification key and verifier contract"
@@ -72,4 +78,6 @@ ceremony
     .option("-a, --auth <string>", "the Github OAuth 2.0 token", "")
     .action(finalize)
 
+setCeremonyCommands(program)
+
 program.parseAsync(process.argv)

package/src/lib/bandada.ts

@@ -0,0 +1,51 @@
+import { ApiSdk, GroupResponse } from "@bandada/api-sdk"
+import { Identity } from "@semaphore-protocol/identity"
+import open from "open"
+
+import { askForConfirmation } from "../lib/prompts.js"
+import { showError } from "./errors.js"
+import theme from "../lib/theme.js"
+
+const { BANDADA_API_URL } = process.env
+
+const bandadaApi = new ApiSdk(BANDADA_API_URL)
+
+export const getGroup = async (groupId: string): Promise<GroupResponse | null> => {
+    try {
+        const group = await bandadaApi.getGroup(groupId)
+        return group
+    } catch (error: any) {
+        showError(`Bandada getGroup error: ${error}`, true)
+        return null
+    }
+}
+
+export const getMembersOfGroup = async (groupId: string): Promise<string[] | null> => {
+    try {
+        const group = await bandadaApi.getGroup(groupId)
+        return group.members
+    } catch (error: any) {
+        showError(`Bandada getMembersOfGroup error: ${error}`, true)
+        return null
+    }
+}
+
+export const addMemberToGroup = async (groupId: string, dashboardUrl: string, identity: Identity) => {
+    const commitment = identity.commitment.toString()
+    const group = await bandadaApi.getGroup(groupId)
+    const providerName = group.credentials.id.split("_")[0].toLowerCase()
+
+    // 6. open a new window with the url:
+    const url = `${dashboardUrl}credentials?group=${groupId}&member=${commitment}&provider=${providerName}`
+    console.log(`${theme.text.bold(`Verification URL:`)} ${theme.text.underlined(url)}`)
+    open(url)
+
+    const { confirmation } = await askForConfirmation("Did you join the Bandada group in the browser?")
+    if (!confirmation) showError("You must join the Bandada group to continue the login process", true)
+}
+
+export const isGroupMember = async (groupId: string, identity: Identity): Promise<boolean> => {
+    const commitment = identity.commitment.toString()
+    const isMember: boolean = await bandadaApi.isGroupMember(groupId, commitment)
+    return isMember
+}

package/src/lib/localConfigs.ts

@@ -24,6 +24,10 @@ const config = new Conf({
         accessToken: {
             type: "string",
             default: ""
+        },
+        bandadaIdentity: {
+            type: "string",
+            default: ""
         }
     }
 })
@@ -91,6 +95,29 @@ export const setLocalAccessToken = (token: string) => config.set("accessToken",
  */
 export const deleteLocalAccessToken = () => config.delete("accessToken")
 
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+export const getLocalBandadaIdentity = (): string | unknown => config.get("bandadaIdentity")
+
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+export const checkLocalBandadaIdentity = (): boolean => config.has("bandadaIdentity") && !!config.get("bandadaIdentity")
+
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+export const setLocalBandadaIdentity = (identity: string) => config.set("bandadaIdentity", identity)
+
+/**
+ * Delete the stored Bandada identity.
+ */
+export const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity")
+
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/src/lib/services.ts

@@ -6,13 +6,18 @@ import {
 import clear from "clear"
 import figlet from "figlet"
 import { FirebaseApp } from "firebase/app"
-import { OAuthCredential } from "firebase/auth"
+import { OAuthCredential, getAuth, signInWithCustomToken } from "firebase/auth"
 import dotenv from "dotenv"
 import { fileURLToPath } from "url"
 import { dirname } from "path"
 import { AuthUser } from "../types/index.js"
 import { CONFIG_ERRORS, CORE_SERVICES_ERRORS, showError, THIRD_PARTY_SERVICES_ERRORS } from "./errors.js"
-import { checkLocalAccessToken, deleteLocalAccessToken, getLocalAccessToken } from "./localConfigs.js"
+import {
+    checkLocalAccessToken,
+    checkLocalBandadaIdentity,
+    deleteLocalAccessToken,
+    getLocalAccessToken
+} from "./localConfigs.js"
 import theme from "./theme.js"
 import { exchangeGithubTokenForCredentials, getGithubProviderUserId, getUserHandleFromProviderUserId } from "./utils.js"
 
@@ -164,22 +169,30 @@ export const checkAuth = async (firebaseApp: FirebaseApp): Promise<AuthUser> =>
     // Retrieve local access token.
     const token = String(getLocalAccessToken())
 
-    // Get credentials.
-    const credentials = exchangeGithubTokenForCredentials(token)
-
-    // Sign in to Firebase using credentials.
-    await signInToFirebase(firebaseApp, credentials)
+    let providerUserId: string
+    let username: string
+    const isLocalBandadaIdentityStored = checkLocalBandadaIdentity()
+    if (isLocalBandadaIdentityStored) {
+        const userCredentials = await signInWithCustomToken(getAuth(), token)
+        providerUserId = userCredentials.user.uid
+        username = providerUserId
+    } else {
+        // Get credentials.
+        const credentials = exchangeGithubTokenForCredentials(token)
+
+        // Sign in to Firebase using credentials.
+        await signInToFirebase(firebaseApp, credentials)
+
+        // Get Github unique identifier (handle-id).
+        providerUserId = await getGithubProviderUserId(String(token))
+        username = getUserHandleFromProviderUserId(providerUserId)
+    }
 
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp)
 
-    // Get Github unique identifier (handle-id).
-    const providerUserId = await getGithubProviderUserId(String(token))
-
     // Greet the user.
-    console.log(
-        `Greetings, @${theme.text.bold(getUserHandleFromProviderUserId(providerUserId))} ${theme.emojis.wave}\n`
-    )
+    console.log(`Greetings, @${theme.text.bold(username)} ${theme.emojis.wave}\n`)
 
     return {
         user,

package/src/lib/utils.ts

@@ -155,7 +155,9 @@ export const getPublicAttestationGist = async (
  * @returns <string> - the third-party provider handle of the user.
  */
 export const getUserHandleFromProviderUserId = (providerUserId: string): string => {
-    if (providerUserId.indexOf("-") === -1) showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_GET_GITHUB_ACCOUNT_INFO, true)
+    if (providerUserId.indexOf("-") === -1) {
+        return providerUserId
+    }
 
     return providerUserId.split("-")[0]
 }

package/src/types/index.ts

@@ -68,3 +68,16 @@ export type GithubGistFile = {
     raw_url: string
     size: number
 }
+
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean
+    message: string
+    token: string
+}