@devtion/devcli 0.0.0-57a8ab9 → 0.0.0-5fad82d

package/dist/.env

@@ -45,4 +45,11 @@ CONFIG_CEREMONY_BUCKET_POSTFIX=-p0tion-development-environment
 # The amount of time in seconds which indicates the duration about the validity of a pre-signed URL.
 # default: 7200 seconds = 2 hours.
 CONFIG_PRESIGNED_URL_EXPIRATION_IN_SECONDS=7200
+
+
+# Sign In With Ethereum
+# Auth0 client id
+AUTH_SIWE_CLIENT_ID=tRuFnJNoPTJtKr1RynYfty6uJ16QzHXA
+# The Auth0 application url that support SIWE + Device Flow Authentication
+AUTH0_APPLICATION_URL=https://dev-l0tyk1agsmopw1xa.us.auth0.com
 

package/dist/index.js

@@ -2,7 +2,7 @@
 
 /**
  * @module @p0tion/phase2cli
- * @version 1.1.1
+ * @version 1.2.5
  * @file All-in-one interactive command-line for interfacing with zkSNARK Phase 2 Trusted Setup ceremonies
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -17,7 +17,7 @@ import boxen from 'boxen';
 import { pipeline } from 'node:stream';
 import { promisify } from 'node:util';
 import fetch$1 from 'node-fetch';
-import { commonTerms, formatZkeyIndex, getZkeyStorageFilePath, finalContributionIndex, createCustomLoggerForFile, getBucketName, progressToNextContributionStep, permanentlyStoreCurrentContributionTimeAndHash, convertToDoubleDigits, multiPartUpload, verifyContribution, generateGetObjectPreSignedUrl, convertBytesOrKbToGb, numExpIterations, getDocumentById, getParticipantsCollectionPath, fromQueryToFirebaseDocumentInfo, getAllCollectionDocs, extractPrefix, autoGenerateEntropy, vmConfigurationTypes, initializeFirebaseCoreServices, signInToFirebaseWithCredentials, getCurrentFirebaseAuthUser, isCoordinator, parseCeremonyFile, blake512FromPath, checkIfObjectExist, setupCeremony, genesisZkeyIndex, getR1csStorageFilePath, getWasmStorageFilePath, getPotStorageFilePath, extractPoTFromFilename, potFileDownloadMainUrl, createS3Bucket, potFilenameTemplate, getR1CSInfo, getOpenedCeremonies, getCeremonyCircuits, checkParticipantForCeremony, getCurrentActiveParticipantTimeout, getCircuitBySequencePosition, getCircuitContributionsFromContributor, progressToNextCircuitForContribution, resumeContributionAfterTimeoutExpiration, generateValidContributionsAttestation, getContributionsValidityForContributor, getClosedCeremonies, checkAndPrepareCoordinatorForFinalization, computeSHA256ToHex, finalizeCeremony, getVerificationKeyStorageFilePath, verificationKeyAcronym, getVerifierContractStorageFilePath, verifierSmartContractAcronym, finalizeCircuit, exportVkey, exportVerifierContract, getAllCeremonies } from '@devtion/actions';
+import { commonTerms, formatZkeyIndex, getZkeyStorageFilePath, finalContributionIndex, createCustomLoggerForFile, getBucketName, progressToNextContributionStep, contribHashRegex, permanentlyStoreCurrentContributionTimeAndHash, convertToDoubleDigits, multiPartUpload, verifyContribution, generateGetObjectPreSignedUrl, convertBytesOrKbToGb, numExpIterations, getDocumentById, getParticipantsCollectionPath, fromQueryToFirebaseDocumentInfo, getAllCollectionDocs, extractPrefix, autoGenerateEntropy, vmConfigurationTypes, initializeFirebaseCoreServices, signInToFirebaseWithCredentials, getCurrentFirebaseAuthUser, isCoordinator, parseCeremonyFile, blake512FromPath, checkIfObjectExist, setupCeremony, genesisZkeyIndex, getR1csStorageFilePath, getWasmStorageFilePath, getPotStorageFilePath, extractPoTFromFilename, potFileDownloadMainUrl, createS3Bucket, potFilenameTemplate, getR1CSInfo, getOpenedCeremonies, getCeremonyCircuits, checkParticipantForCeremony, getCurrentActiveParticipantTimeout, getCircuitBySequencePosition, getCircuitContributionsFromContributor, progressToNextCircuitForContribution, resumeContributionAfterTimeoutExpiration, generateValidContributionsAttestation, getContributionsValidityForContributor, getClosedCeremonies, checkAndPrepareCoordinatorForFinalization, computeSHA256ToHex, finalizeCeremony, getVerificationKeyStorageFilePath, verificationKeyAcronym, getVerifierContractStorageFilePath, verifierSmartContractAcronym, finalizeCircuit, exportVkey, exportVerifierContract, getAllCeremonies } from '@devtion/actions';
 import fetch from '@adobe/node-fetch-retry';
 import { request } from '@octokit/request';
 import { SingleBar, Presets } from 'cli-progress';
@@ -122,7 +122,7 @@ const COMMAND_ERRORS = {
     COMMAND_SETUP_NO_R1CS: `Unable to retrieve R1CS files from current working directory. Please, run this command from a working directory where the R1CS files are located to continue with the setup process. We kindly ask you to run the command from an empty directory containing only the R1CS and WASM files.`,
     COMMAND_SETUP_NO_WASM: `Unable to retrieve WASM files from current working directory. Please, run this command from a working directory where the WASM files are located to continue with the setup process. We kindly ask you to run the command from an empty directory containing only the WASM and R1CS files.`,
     COMMAND_SETUP_MISMATCH_R1CS_WASM: `The folder contains more R1CS files than WASM files (or vice versa). Please, run this command from a working directory where each R1CS is paired with its corresponding file WASM.`,
-    COMMAND_SETUP_DOWNLOAD_PTAU: `Unable to download Powers of Tau file from Hermez Cryptography Phase 1 Trusted Setup. Possible causes may involve an error while making the request (be sure to have a stable internet connection). Please, we kindly ask you to terminate the current session and repeat the process.`,
+    COMMAND_SETUP_DOWNLOAD_PTAU: `Unable to download Powers of Tau file from PPoT Phase 1 Trusted Setup. Possible causes may involve an error while making the request (be sure to have a stable internet connection). Please, we kindly ask you to terminate the current session and repeat the process.`,
     COMMAND_SETUP_ABORT: `You chose to abort the setup process.`,
     COMMAND_CONTRIBUTE_NO_OPENED_CEREMONIES: `Unfortunately, there is no ceremony for which you can make a contribution at this time. Please, try again later.`,
     COMMAND_CONTRIBUTE_NO_PARTICIPANT_DATA: `Unable to retrieve your data as ceremony participant. Please, terminate the current session and try again later. If the error persists, please contact the ceremony coordinator.`,
@@ -238,6 +238,14 @@ const checkAndMakeNewDirectoryIfNonexistent = (directoryLocalPath) => {
 const writeLocalJsonFile = (filePath, data) => {
     fs.writeFileSync(filePath, JSON.stringify(data), "utf-8");
 };
+/**
+ * Return the local current project directory name.
+ * @returns <string> - the local project (e.g., dist/) directory name.
+ */
+const getLocalDirname = () => {
+    const filename = fileURLToPath(import.meta.url);
+    return path.dirname(filename);
+};
 
 // Get npm package name.
 const packagePath$4 = `${dirname(fileURLToPath(import.meta.url))}/..`;
@@ -257,6 +265,10 @@ const config = new Conf({
         bandadaIdentity: {
             type: "string",
             default: ""
+        },
+        authMethod: {
+            type: "string",
+            default: ""
         }
     }
 });
@@ -336,6 +348,20 @@ const setLocalBandadaIdentity = (identity) => config.set("bandadaIdentity", iden
  * Delete the stored Bandada identity.
  */
 const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity");
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+const getLocalAuthMethod = () => config.get("authMethod");
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+const setLocalAuthMethod = (method) => config.set("authMethod", method);
+/**
+ * Delete the stored authentication method.
+ */
+const deleteLocalAuthMethod = () => config.delete("authMethod");
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.
@@ -497,7 +523,7 @@ const getUserHandleFromProviderUserId = (providerUserId) => {
     if (providerUserId.indexOf("-") === -1) {
         return providerUserId;
     }
-    return providerUserId.split("-")[0];
+    return providerUserId.substring(0, providerUserId.lastIndexOf("-"));
 };
 /**
  * Return a custom spinner.
@@ -827,7 +853,7 @@ const handleStartOrResumeContribution = async (cloudFunctions, firestoreDatabase
         spinner.start();
         // Read local transcript file info to get the contribution hash.
         const transcriptContents = readFile(transcriptLocalFilePath);
-        const matchContributionHash = transcriptContents.match(/Contribution.+Hash.+\n\t\t.+\n\t\t.+\n.+\n\t\t.+\n/);
+        const matchContributionHash = transcriptContents.match(contribHashRegex);
         if (!matchContributionHash)
             showError(COMMAND_ERRORS.COMMAND_CONTRIBUTE_FINALIZE_NO_TRANSCRIPT_CONTRIBUTION_HASH_MATCH, true);
         // Format contribution hash.
@@ -1416,7 +1442,7 @@ const promptPotSelector = async (options) => {
  * @param isFinalizing <boolean> - true when the coordinator must select a ceremony for finalization; otherwise false (participant selects a ceremony for contribution).
  * @returns Promise<FirebaseDocumentInfo> - the Firestore document of the selected ceremony.
  */
-const promptForCeremonySelection = async (ceremoniesDocuments, isFinalizing) => {
+const promptForCeremonySelection = async (ceremoniesDocuments, isFinalizing, messageToDisplay) => {
     // Prepare state.
     const choices = [];
     // Prepare choices x ceremony.
@@ -1434,9 +1460,7 @@ const promptForCeremonySelection = async (ceremoniesDocuments, isFinalizing) =>
     const { ceremony } = await prompts({
         type: "select",
         name: "ceremony",
-        message: theme.text.bold(!isFinalizing
-            ? "Which ceremony would you like to contribute to?"
-            : "Which ceremony would you like to finalize?"),
+        message: theme.text.bold(messageToDisplay),
         choices,
         initial: 0
     });
@@ -1589,20 +1613,30 @@ const checkAuth = async (firebaseApp) => {
     const token = String(getLocalAccessToken());
     let providerUserId;
     let username;
-    const isLocalBandadaIdentityStored = checkLocalBandadaIdentity();
-    if (isLocalBandadaIdentityStored) {
-        const userCredentials = await signInWithCustomToken(getAuth(), token);
-        providerUserId = userCredentials.user.uid;
-        username = providerUserId;
-    }
-    else {
-        // Get credentials.
-        const credentials = exchangeGithubTokenForCredentials(token);
-        // Sign in to Firebase using credentials.
-        await signInToFirebase(firebaseApp, credentials);
-        // Get Github unique identifier (handle-id).
-        providerUserId = await getGithubProviderUserId(String(token));
-        username = getUserHandleFromProviderUserId(providerUserId);
+    const authMethod = getLocalAuthMethod();
+    switch (authMethod) {
+        case "github": {
+            // Get credentials.
+            const credentials = exchangeGithubTokenForCredentials(token);
+            // Sign in to Firebase using credentials.
+            await signInToFirebase(firebaseApp, credentials);
+            // Get Github unique identifier (handle-id).
+            providerUserId = await getGithubProviderUserId(String(token));
+            username = getUserHandleFromProviderUserId(providerUserId);
+            break;
+        }
+        case "bandada": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token);
+            providerUserId = userCredentials.user.uid;
+            username = providerUserId;
+            break;
+        }
+        case "siwe": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token);
+            providerUserId = userCredentials.user.uid;
+            username = providerUserId;
+            break;
+        }
     }
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp);
@@ -1749,7 +1783,7 @@ const displayCeremonySummary = (ceremonyInputData, circuits) => {
 };
 /**
  * Check if the smallest Powers of Tau has already been downloaded/stored in the correspondent local path
- * @dev we are downloading the Powers of Tau file from Hermez Cryptography Phase 1 Trusted Setup.
+ * @dev we are downloading the Powers of Tau file from Perpetual Powers of Tau Phase 1 Trusted Setup.
  * @param powers <string> - the smallest amount of powers needed for the given circuit (should be in a 'XY' stringified form).
  * @param ptauCompleteFilename <string> - the complete file name of the powers of tau file to be downloaded.
  * @returns <Promise<void>>
@@ -1763,7 +1797,7 @@ const checkAndDownloadSmallestPowersOfTau = async (powers, ptauCompleteFilename)
         .map((dirent) => dirent.name);
     // Check if already downloaded or not.
     if (smallestPtauFileForGivenPowers.length === 0) {
-        const spinner = customSpinner(`Downloading the ${theme.text.bold(`#${powers}`)} smallest PoT file needed from the Hermez Cryptography Phase 1 Trusted Setup...`, `clock`);
+        const spinner = customSpinner(`Downloading the ${theme.text.bold(`#${powers}`)} smallest PoT file needed from the Perpetual Powers of Tau Phase 1 Trusted Setup...`, `clock`);
         spinner.start();
         // Download smallest Powers of Tau file from remote server.
         const streamPipeline = promisify(pipeline);
@@ -1878,7 +1912,7 @@ const handleCircuitArtifactUploadToStorage = async (firebaseFunctions, bucketNam
  * @notice The setup command allows the coordinator of the ceremony to prepare the next ceremony by interacting with the CLI.
  * @dev For proper execution, the command must be run in a folder containing the R1CS files related to the circuits
  * for which the coordinator wants to create the ceremony. The command will download the necessary Tau powers
- * from Hermez's ceremony Phase 1 Reliable Setup Ceremony.
+ * from PPoT ceremony Phase 1 Setup Ceremony.
  * @param cmd? <any> - the path to the ceremony setup file.
  */
 const setup = async (cmd) => {
@@ -2243,6 +2277,7 @@ const auth = async () => {
         // Generate a new access token using Github Device Flow (OAuth 2.0).
         const newToken = await executeGithubDeviceFlow(String(process.env.AUTH_GITHUB_CLIENT_ID));
         // Store the new access token.
+        setLocalAuthMethod("github");
         setLocalAccessToken(newToken);
     }
     else
@@ -2285,67 +2320,225 @@ const isGroupMember = async (groupId, identity) => {
 
 const { BANDADA_DASHBOARD_URL, BANDADA_GROUP_ID } = process.env;
 const authBandada = async () => {
-    const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
-    const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`);
-    spinner.start();
-    // 1. check if _identity string exists in local storage
-    let identityString;
-    const isIdentityStringStored = checkLocalBandadaIdentity();
-    if (isIdentityStringStored) {
-        identityString = getLocalBandadaIdentity();
-        spinner.succeed(`Identity seed found\n`);
-    }
-    else {
-        spinner.warn(`Identity seed not found\n`);
-        // 2. generate a random _identity string and save it in local storage
-        const { seed } = await prompts({
-            type: "text",
-            name: "seed",
-            message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
-            initial: false
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+        const spinner = customSpinner(`Checking identity string for Semaphore...`, `clock`);
+        spinner.start();
+        // 1. check if _identity string exists in local storage
+        let identityString;
+        const isIdentityStringStored = checkLocalBandadaIdentity();
+        if (isIdentityStringStored) {
+            identityString = getLocalBandadaIdentity();
+            spinner.succeed(`Identity seed found\n`);
+        }
+        else {
+            spinner.warn(`Identity seed not found\n`);
+            // 2. generate a random _identity string and save it in local storage
+            const { seed } = await prompts({
+                type: "text",
+                name: "seed",
+                message: theme.text.bold(`Enter a secret string to use as your identity seed in Semaphore:`),
+                initial: false
+            });
+            identityString = seed;
+            setLocalBandadaIdentity(identityString);
+        }
+        // 3. create a semaphore identity with _identity string as a seed
+        const identity = new Identity(identityString);
+        // 4. check if the user is a member of the group
+        console.log(`Checking Bandada membership...`);
+        const isMember = await isGroupMember(BANDADA_GROUP_ID, identity);
+        if (!isMember) {
+            await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity);
+        }
+        // 5. generate a proof that the user owns the commitment.
+        spinner.text = `Generating proof of identity...`;
+        spinner.start();
+        // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
+        const initDirectoryName = getLocalDirname();
+        const directoryName = initDirectoryName.includes("/src") ? "." : initDirectoryName;
+        const { proof, publicSignals } = await groth16.fullProve({
+            identityTrapdoor: identity.trapdoor,
+            identityNullifier: identity.nullifier,
+            externalNullifier: BANDADA_GROUP_ID
+        }, `${directoryName}/public/mini-semaphore.wasm`, `${directoryName}/public/mini-semaphore.zkey`);
+        spinner.succeed(`Proof generated.\n`);
+        spinner.text = `Sending proof to verification...`;
+        spinner.start();
+        // 6. send proof to a cloud function that verifies it and checks membership
+        const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof);
+        const result = await cf({
+            proof,
+            publicSignals
         });
-        identityString = seed;
-        setLocalBandadaIdentity(identityString);
-    }
-    // 3. create a semaphore identity with _identity string as a seed
-    const identity = new Identity(identityString);
-    // 4. check if the user is a member of the group
-    console.log(`Checking Bandada membership...`);
-    const isMember = await isGroupMember(BANDADA_GROUP_ID, identity);
-    if (!isMember) {
-        await addMemberToGroup(BANDADA_GROUP_ID, BANDADA_DASHBOARD_URL, identity);
-    }
-    // 5. generate a proof that the user owns the commitment.
-    spinner.text = `Generating proof of identity...`;
-    spinner.start();
-    // publicSignals = [hash(externalNullifier, identityNullifier), commitment]
-    const { proof, publicSignals } = await groth16.fullProve({
-        identityTrapdoor: identity.trapdoor,
-        identityNullifier: identity.nullifier,
-        externalNullifier: BANDADA_GROUP_ID
-    }, path.join(path.resolve(), "/public/mini-semaphore.wasm"), path.join(path.resolve(), "/public/mini-semaphore.zkey"));
-    spinner.succeed(`Proof generated.\n`);
-    spinner.text = `Sending proof to verification...`;
+        const { valid, token, message } = result.data;
+        if (!valid) {
+            showError(message, true);
+            deleteLocalAuthMethod();
+            deleteLocalAccessToken();
+            deleteLocalBandadaIdentity();
+        }
+        spinner.succeed(`Proof verified.\n`);
+        spinner.text = `Authenticating...`;
+        spinner.start();
+        // 7. Auth to p0tion firebase
+        const credentials = await signInWithCustomToken(getAuth(), token);
+        setLocalAuthMethod("bandada");
+        setLocalAccessToken(token);
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`);
+        console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+    }
+    catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.");
+        console.error(error);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+        deleteLocalBandadaIdentity();
+    }
+    process.exit(0);
+};
+
+const showVerificationCodeAndUri = async (OAuthDeviceCode) => {
+    // Copy code to clipboard.
+    let noClipboard = false;
+    try {
+        clipboard.writeSync(OAuthDeviceCode.user_code);
+        clipboard.readSync();
+    }
+    catch (error) {
+        noClipboard = true;
+    }
+    // Display data.
+    console.log(`${theme.symbols.warning} Visit ${theme.text.bold(theme.text.underlined(OAuthDeviceCode.verification_uri_complete))} on this device to generate a new token and authenticate\n`);
+    console.log(theme.colors.magenta(figlet.textSync("Code is Below", { font: "ANSI Shadow" })), "\n");
+    const message = !noClipboard ? `has been copied to your clipboard (${theme.emojis.clipboard})` : ``;
+    console.log(`${theme.symbols.info} Your auth code: ${theme.text.bold(OAuthDeviceCode.user_code)} ${message} ${theme.symbols.success}\n`);
+    const spinner = customSpinner(`Redirecting to Sign In With Ethereum...`, `clock`);
     spinner.start();
-    // 6. send proof to a cloud function that verifies it and checks membership
-    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.bandadaValidateProof);
+    await sleep(10000); // ~10s to make users able to read the CLI.
+    try {
+        // Automatically open the page (# Step 2).
+        await open(OAuthDeviceCode.verification_uri_complete);
+    }
+    catch (error) {
+        console.log(`${theme.symbols.info} Please authenticate via SIWE at ${OAuthDeviceCode.verification_uri_complete}`);
+    }
+    spinner.stop();
+};
+/**
+ * Return the token to sign in to Firebase after passing the SIWE Device Flow
+ * @param clientId <string> - The client id of the Auth0 application.
+ * @param firebaseFunctions <any> - The Firebase functions instance to call the cloud function
+ * @returns <string> - The token to sign in to Firebase
+ */
+const executeSIWEDeviceFlow = async (clientId, firebaseFunctions) => {
+    // Call Auth0 endpoint to request device code uri
+    const OAuthDeviceCode = (await fetch$1(`${process.env.AUTH0_APPLICATION_URL}/oauth/device/code`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({
+            client_id: clientId,
+            scope: "openid",
+            audience: `${process.env.AUTH0_APPLICATION_URL}/api/v2/`
+        })
+    }).then((_res) => _res.json()));
+    if (OAuthDeviceCode.error) {
+        showError(OAuthDeviceCode.error_description, true);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+    }
+    await showVerificationCodeAndUri(OAuthDeviceCode);
+    // Poll Auth0 endpoint until you get token or request expires
+    let isSignedIn = false;
+    let isExpired = false;
+    let auth0Token = "";
+    while (!isSignedIn && !isExpired) {
+        // Call Auth0 endpoint to request token
+        const OAuthToken = (await fetch$1(`${process.env.AUTH0_APPLICATION_URL}/oauth/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+                client_id: clientId,
+                device_code: OAuthDeviceCode.device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+            })
+        }).then((_res) => _res.json()));
+        if (OAuthToken.error) {
+            if (OAuthToken.error === "authorization_pending") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000);
+            }
+            else if (OAuthToken.error === "slow_down") {
+                // Wait for the user to sign in
+                await sleep(OAuthDeviceCode.interval * 1000 * 2);
+            }
+            else if (OAuthToken.error === "expired_token") {
+                // The user didn't sign in on time
+                isExpired = true;
+            }
+        }
+        else {
+            // The user signed in
+            isSignedIn = true;
+            auth0Token = OAuthToken.access_token;
+        }
+    }
+    // Send token to cloud function to check nonce, create user and retrieve token
+    const cf = httpsCallable(firebaseFunctions, commonTerms.cloudFunctionsNames.checkNonceOfSIWEAddress);
     const result = await cf({
-        proof,
-        publicSignals
+        auth0Token
     });
-    const { valid, token, message } = result.data;
+    const { token, valid, message } = result.data;
     if (!valid) {
         showError(message, true);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
+    }
+    return token;
+};
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+const authSIWE = async () => {
+    try {
+        const { firebaseFunctions } = await bootstrapCommandExecutionAndServices();
+        // Console more context for the user.
+        console.log(`${theme.symbols.info} ${theme.text.bold(`You are about to authenticate on this CLI using your Ethereum address (device flow - OAuth 2.0 mechanism).\n${theme.symbols.warning} Please, note that only a Sign-in With Ethereum signature will be required`)}\n`);
+        const spinner = customSpinner(`Checking authentication token...`, `clock`);
+        spinner.start();
+        await sleep(5000);
+        // Manage OAuth Github or SIWE token.
+        const isLocalTokenStored = checkLocalAccessToken();
+        if (!isLocalTokenStored) {
+            spinner.fail(`No local authentication token found\n`);
+            // Generate a new access token using Github Device Flow (OAuth 2.0).
+            const newToken = await executeSIWEDeviceFlow(String(process.env.AUTH_SIWE_CLIENT_ID), firebaseFunctions);
+            // Store the new access token.
+            setLocalAuthMethod("siwe");
+            setLocalAccessToken(newToken);
+        }
+        else
+            spinner.succeed(`Local authentication token found\n`);
+        // Get access token from local store.
+        const token = String(getLocalAccessToken());
+        spinner.text = `Authenticating...`;
+        spinner.start();
+        // Exchange token for credential.
+        const credentials = await signInWithCustomToken(getAuth(), token);
+        spinner.succeed(`Authenticated as ${theme.text.bold(credentials.user.uid)}.`);
+        console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
+        process.exit(0);
+    }
+    catch (error) {
+        // Delete local token.
+        console.log("An error crashed the process. Deleting local token and identity.");
+        console.error(error);
+        deleteLocalAuthMethod();
+        deleteLocalAccessToken();
     }
-    spinner.succeed(`Proof verified.\n`);
-    spinner.text = `Authenticating...`;
-    spinner.start();
-    // 7. Auth to p0tion firebase
-    const userCredentials = await signInWithCustomToken(getAuth(), token);
-    setLocalAccessToken(token);
-    spinner.succeed(`Authenticated as ${theme.text.bold(userCredentials.user.uid)}.`);
-    console.log(`\n${theme.symbols.warning} You can always log out by running the ${theme.text.bold(`phase2cli logout`)} command`);
-    process.exit(0);
 };
 
 /**
@@ -2470,8 +2663,8 @@ const handleDiskSpaceRequirementForNextContribution = async (cloudFunctions, cer
         spinner.fail(`You may not have enough memory to calculate the contribution for the Circuit ${theme.colors.magenta(`${circuitSequencePosition}`)}.\n\n${theme.symbols.info} The required amount of disk space is ${contributionDiskSpaceRequirement < 0.01
             ? theme.text.bold(`< 0.01`)
             : theme.text.bold(contributionDiskSpaceRequirement)} GB but you only have ${participantFreeDiskSpace > 0 ? theme.text.bold(participantFreeDiskSpace.toFixed(2)) : theme.text.bold(0)} GB available memory \nThe estimate ${theme.text.bold("may not be 100% correct")} since is based on the aggregate free memory on your disks but some may not be detected!\n`);
-        const { confirmation } = await askForConfirmation(`Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`, "Continue", "Exit");
-        wannaContributeOrHaveEnoughMemory = !!confirmation;
+        const { confirmationEnoughMemory } = await askForConfirmation(`Please, we kindly ask you to continue with the contribution if you have noticed the estimate is wrong and you have enough memory in your machine`, "Continue", "Exit");
+        wannaContributeOrHaveEnoughMemory = !!confirmationEnoughMemory;
         if (circuitSequencePosition > 1) {
             console.log(`${theme.symbols.info} Please note, you have time until ceremony ends to free up your memory and complete remaining contributions`);
             // Asks the contributor if their wants to terminate contributions for the ceremony.
@@ -2540,8 +2733,8 @@ const handlePublicAttestation = async (firestoreDatabase, circuits, ceremonyId,
     writeFile(getAttestationLocalFilePath(`${ceremonyPrefix}_${commonTerms.foldersAndPathsTerms.attestation}.log`), Buffer.from(publicAttestation));
     await sleep(1000); // workaround for file descriptor unexpected close.
     let gistUrl = "";
-    const isBandada = checkLocalBandadaIdentity();
-    if (!isBandada) {
+    const isGithub = getLocalAuthMethod() === "github";
+    if (isGithub) {
         gistUrl = await publishGist(participantAccessToken, publicAttestation, ceremonyName, ceremonyPrefix);
         console.log(`\n${theme.symbols.info} Your public attestation has been successfully posted as Github Gist (${theme.text.bold(theme.text.underlined(gistUrl))})`);
     }
@@ -2597,6 +2790,7 @@ const listenToCeremonyCircuitDocumentChanges = (firestoreDatabase, ceremonyId, p
         }
     });
 };
+let contributionInProgress = false;
 /**
  * Listen to current authenticated participant document changes.
  * @dev this is the core business logic related to the execution of the contribute command.
@@ -2724,11 +2918,21 @@ const listenToParticipantDocumentChanges = async (firestoreDatabase, cloudFuncti
                 (!noTemporaryContributionData && resumingWithSameTemporaryData);
             // Scenario (3.B).
             if (isCurrentContributor && hasResumableStep && startingOrResumingContribution) {
+                if (contributionInProgress) {
+                    console.warn(`\n${theme.symbols.warning} Received instruction to start/resume contribution but contribution is already in progress...[skipping]`);
+                    return;
+                }
                 // Communicate resume / start of the contribution to participant.
                 await simpleLoader(`${changedContributionStep === "DOWNLOADING" /* ParticipantContributionStep.DOWNLOADING */ ? `Starting` : `Resuming`} your contribution...`, `clock`, 3000);
-                // Start / Resume the contribution for the participant.
-                await handleStartOrResumeContribution(cloudFunctions, firestoreDatabase, ceremony, circuit, participant, entropy, providerUserId, false, // not finalizing.
-                circuits.length);
+                try {
+                    contributionInProgress = true;
+                    // Start / Resume the contribution for the participant.
+                    await handleStartOrResumeContribution(cloudFunctions, firestoreDatabase, ceremony, circuit, participant, entropy, providerUserId, false, // not finalizing.
+                    circuits.length);
+                }
+                finally {
+                    contributionInProgress = false;
+                }
             }
             // Scenario (3.A).
             else if (isWaitingForContribution)
@@ -2848,7 +3052,7 @@ const contribute = async (opt) => {
     }
     else {
         // Prompt the user to select a ceremony from the opened ones.
-        selectedCeremony = await promptForCeremonySelection(ceremoniesOpenedForContributions, false);
+        selectedCeremony = await promptForCeremonySelection(ceremoniesOpenedForContributions, false, "Which ceremony would you like to contribute to?");
     }
     // Get selected ceremony circuit(s) documents.
     const circuits = await getCeremonyCircuits(firestoreDatabase, selectedCeremony.id);
@@ -3012,7 +3216,7 @@ const observe = async () => {
         // Get running ceremonies info (if any).
         const runningCeremoniesDocs = await getOpenedCeremonies(firestoreDatabase);
         // Ask to select a ceremony.
-        const ceremony = await promptForCeremonySelection(runningCeremoniesDocs, false);
+        const ceremony = await promptForCeremonySelection(runningCeremoniesDocs, false, "Which ceremony would you like to observe?");
         console.log(`${logSymbols.info} Refresh rate set to ~3 seconds for waiting queue updates\n`);
         let cursorPos = 0; // Keep track of current cursor position.
         const spinner = customSpinner(`Getting ready...`, "clock");
@@ -3159,7 +3363,7 @@ const finalize = async (opt) => {
         showError(COMMAND_ERRORS.COMMAND_FINALIZED_NO_CLOSED_CEREMONIES, true);
     console.log(`${theme.symbols.warning} The computation of the final contribution could take the bulk of your computational resources and memory based on the size of the circuit ${theme.emojis.fire}\n`);
     // Prompt for ceremony selection.
-    const selectedCeremony = await promptForCeremonySelection(ceremoniesClosedForFinalization, true);
+    const selectedCeremony = await promptForCeremonySelection(ceremoniesClosedForFinalization, true, "Which ceremony would you like to finalize?");
     // Get coordinator participant document.
     let participant = await getDocumentById(firestoreDatabase, getParticipantsCollectionPath(selectedCeremony.id), user.uid);
     const isCoordinatorReadyForCeremonyFinalization = await checkAndPrepareCoordinatorForFinalization(firebaseFunctions, selectedCeremony.id);
@@ -3259,6 +3463,7 @@ const logout = async () => {
             const auth = getAuth();
             await signOut(auth);
             // Delete local token.
+            deleteLocalAuthMethod();
             deleteLocalAccessToken();
             deleteLocalBandadaIdentity();
             await sleep(3000); // ~3s.
@@ -3326,16 +3531,34 @@ const listParticipants = async () => {
     try {
         const { firestoreDatabase } = await bootstrapCommandExecutionAndServices();
         const allCeremonies = await getAllCeremonies(firestoreDatabase);
-        const selectedCeremony = await promptForCeremonySelection(allCeremonies, true);
+        const selectedCeremony = await promptForCeremonySelection(allCeremonies, true, "Which ceremony would you like to see participants?");
         const docRef = doc(firestoreDatabase, commonTerms.collections.ceremonies.name, selectedCeremony.id);
         const participantsRef = collection(docRef, "participants");
         const participantsSnapshot = await getDocs(participantsRef);
-        const participants = participantsSnapshot.docs.map((participantDoc) => participantDoc.data().userId);
-        console.log(participants);
-        /* const usersRef = collection(firestoreDatabase, "users")
-        const usersSnapshot = await getDocs(usersRef)
-        const users = usersSnapshot.docs.map((userDoc) => userDoc.data())
-        console.log(users) */
+        const participants = participantsSnapshot.docs.map((participantDoc) => participantDoc.data());
+        const usersRef = collection(firestoreDatabase, "users");
+        const usersSnapshot = await getDocs(usersRef);
+        const users = usersSnapshot.docs.map((userDoc) => {
+            const data = userDoc.data();
+            return { id: userDoc.id, ...data };
+        });
+        const participantDetails = participants
+            .map((participant) => {
+            const user = users.find((_user) => _user.id === participant.userId);
+            if (!user)
+                return null;
+            return {
+                id: user.name,
+                status: participant.status,
+                contributionStep: participant.contributionStep,
+                lastUpdated: new Date(participant.lastUpdated)
+            };
+        })
+            .filter((user) => user !== null);
+        const participantsDone = participantDetails.filter((participant) => participant.status === "DONE");
+        console.log(participantDetails);
+        console.log(`${theme.text.underlined("Total participants:")} ${participantDetails.length}`);
+        console.log(`${theme.text.underlined("Total participants finished:")} ${participantsDone.length}`);
     }
     catch (err) {
         showError(`Something went wrong: ${err.toString()}`, true);
@@ -3365,6 +3588,10 @@ program
     .command("auth-bandada")
     .description("authenticate yourself in a privacy-perserving manner using Bandada")
     .action(authBandada);
+program
+    .command("auth-siwe")
+    .description("authenticate yourself using your Ethereum account (Sign In With Ethereum - SIWE)")
+    .action(authSIWE);
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")

package/dist/types/commands/authSIWE.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Auth command using Sign In With Ethereum
+ * @notice The auth command allows a user to make the association of their Ethereum account with the CLI by leveraging SIWE as an authentication mechanism.
+ * @dev Under the hood, the command handles a manual Device Flow following the guidelines in the SIWE documentation.
+ */
+declare const authSIWE: () => Promise<void>;
+export default authSIWE;

package/dist/types/commands/index.d.ts

@@ -1,6 +1,7 @@
 export { default as setup } from "./setup.js";
 export { default as auth } from "./auth.js";
 export { default as authBandada } from "./authBandada.js";
+export { default as authSIWE } from "./authSIWE.js";
 export { default as contribute } from "./contribute.js";
 export { default as observe } from "./observe.js";
 export { default as finalize } from "./finalize.js";