@devtion/devcli 0.0.0-b499eaf → 0.0.0-c1f4cbe

package/src/index.ts

@@ -7,6 +7,8 @@ import { fileURLToPath } from "url"
 import {
     setup,
     auth,
+    authSIWE,
+    authBandada,
     contribute,
     observe,
     finalize,
@@ -15,6 +17,7 @@ import {
     validate,
     listCeremonies
 } from "./commands/index.js"
+import setCeremonyCommands from "./commands/ceremony/index.js"
 
 // Get pkg info (e.g., name, version).
 const packagePath = `${dirname(fileURLToPath(import.meta.url))}/..`
@@ -26,6 +29,14 @@ program.name(name).description(description).version(version)
 
 // User commands.
 program.command("auth").description("authenticate yourself using your Github account (OAuth 2.0)").action(auth)
+program
+    .command("auth-bandada")
+    .description("authenticate yourself in a privacy-perserving manner using Bandada")
+    .action(authBandada)
+program
+    .command("auth-siwe")
+    .description("authenticate yourself using your Ethereum account (Sign In With Ethereum - SIWE)")
+    .action(authSIWE)
 program
     .command("contribute")
     .description("compute contributions for a Phase2 Trusted Setup ceremony circuits")
@@ -44,27 +55,27 @@ program
     .action(logout)
 program
     .command("validate")
-    .description("Validate that a Ceremony Setup file is correct")
+    .description("validate that a Ceremony Setup file is correct")
     .requiredOption("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-c, --constraints <number>", "The number of constraints to check against")
     .action(validate)
 
 // Only coordinator commands.
-const ceremony = program.command("coordinate").description("commands for coordinating a ceremony")
+const coordinate = program.command("coordinate").description("commands for coordinating a ceremony")
 
-ceremony
+coordinate
     .command("setup")
     .description("setup a Groth16 Phase 2 Trusted Setup ceremony for zk-SNARK circuits")
     .option("-t, --template <path>", "The path to the ceremony setup template", "")
     .option("-a, --auth <string>", "The Github OAuth 2.0 token", "")
     .action(setup)
 
-ceremony
+coordinate
     .command("observe")
     .description("observe in real-time the waiting queue of each ceremony circuit")
     .action(observe)
 
-ceremony
+coordinate
     .command("finalize")
     .description(
         "finalize a Phase2 Trusted Setup ceremony by applying a beacon, exporting verification key and verifier contract"
@@ -72,4 +83,6 @@ ceremony
     .option("-a, --auth <string>", "the Github OAuth 2.0 token", "")
     .action(finalize)
 
+setCeremonyCommands(program)
+
 program.parseAsync(process.argv)

package/src/lib/bandada.ts

@@ -0,0 +1,51 @@
+import { ApiSdk, GroupResponse } from "@bandada/api-sdk"
+import { Identity } from "@semaphore-protocol/identity"
+import open from "open"
+
+import { askForConfirmation } from "../lib/prompts.js"
+import { showError } from "./errors.js"
+import theme from "../lib/theme.js"
+
+const { BANDADA_API_URL } = process.env
+
+const bandadaApi = new ApiSdk(BANDADA_API_URL)
+
+export const getGroup = async (groupId: string): Promise<GroupResponse | null> => {
+    try {
+        const group = await bandadaApi.getGroup(groupId)
+        return group
+    } catch (error: any) {
+        showError(`Bandada getGroup error: ${error}`, true)
+        return null
+    }
+}
+
+export const getMembersOfGroup = async (groupId: string): Promise<string[] | null> => {
+    try {
+        const group = await bandadaApi.getGroup(groupId)
+        return group.members
+    } catch (error: any) {
+        showError(`Bandada getMembersOfGroup error: ${error}`, true)
+        return null
+    }
+}
+
+export const addMemberToGroup = async (groupId: string, dashboardUrl: string, identity: Identity) => {
+    const commitment = identity.commitment.toString()
+    const group = await bandadaApi.getGroup(groupId)
+    const providerName = group.credentials.id.split("_")[0].toLowerCase()
+
+    // 6. open a new window with the url:
+    const url = `${dashboardUrl}credentials?group=${groupId}&member=${commitment}&provider=${providerName}`
+    console.log(`${theme.text.bold(`Verification URL:`)} ${theme.text.underlined(url)}`)
+    open(url)
+
+    const { confirmation } = await askForConfirmation("Did you join the Bandada group in the browser?")
+    if (!confirmation) showError("You must join the Bandada group to continue the login process", true)
+}
+
+export const isGroupMember = async (groupId: string, identity: Identity): Promise<boolean> => {
+    const commitment = identity.commitment.toString()
+    const isMember: boolean = await bandadaApi.isGroupMember(groupId, commitment)
+    return isMember
+}

package/src/lib/errors.ts

@@ -6,7 +6,7 @@ export const CORE_SERVICES_ERRORS = {
     FIREBASE_TOKEN_EXPIRED_REMOVED_PERMISSIONS: `The Github authorization has failed due to lack of association between your account and the CLI`,
     FIREBASE_USER_DISABLED: `The Github account has been suspended by the ceremony coordinator(s), blocking the possibility of contribution. Please, contact them to understand the motivation behind it.`,
     FIREBASE_FAILED_CREDENTIALS_VERIFICATION: `Firebase cannot verify your Github credentials due to network errors. Please, try once again later.`,
-    FIREBASE_NETWORK_ERROR: `Unable to reach Firebase due to network erros. Please, try once again later and make sure your Internet connection is stable.`,
+    FIREBASE_NETWORK_ERROR: `Unable to reach Firebase due to network errors. Please, try once again later and make sure your Internet connection is stable.`,
     FIREBASE_CEREMONY_NOT_OPENED: `There are no ceremonies opened to contributions`,
     FIREBASE_CEREMONY_NOT_CLOSED: `There are no ceremonies ready to finalization`,
     AWS_CEREMONY_BUCKET_CREATION: `Unable to create a new bucket for the ceremony. Something went wrong during the creation. Please, repeat the process by providing a new ceremony name of the ceremony.`,

package/src/lib/localConfigs.ts

@@ -24,6 +24,14 @@ const config = new Conf({
         accessToken: {
             type: "string",
             default: ""
+        },
+        bandadaIdentity: {
+            type: "string",
+            default: ""
+        },
+        authMethod: {
+            type: "string",
+            default: ""
         }
     }
 })
@@ -91,6 +99,52 @@ export const setLocalAccessToken = (token: string) => config.set("accessToken",
  */
 export const deleteLocalAccessToken = () => config.delete("accessToken")
 
+/**
+ * Return the Bandada identity, if present.
+ * @returns <string | undefined> - the Bandada identity if present, otherwise undefined.
+ */
+export const getLocalBandadaIdentity = (): string | unknown => config.get("bandadaIdentity")
+
+/**
+ * Check if the Bandada identity exists in the local storage.
+ * @returns <boolean>
+ */
+export const checkLocalBandadaIdentity = (): boolean => config.has("bandadaIdentity") && !!config.get("bandadaIdentity")
+
+/**
+ * Set the Bandada identity.
+ * @param identity <string> - the Bandada identity to be stored.
+ */
+export const setLocalBandadaIdentity = (identity: string) => config.set("bandadaIdentity", identity)
+
+/**
+ * Delete the stored Bandada identity.
+ */
+export const deleteLocalBandadaIdentity = () => config.delete("bandadaIdentity")
+
+/**
+ * Return the authentication method, if present.
+ * @returns <string | undefined> - the authentication method if present, otherwise undefined.
+ */
+export const getLocalAuthMethod = (): string | unknown => config.get("authMethod")
+
+/**
+ * Check if the authentication method exists in the local storage.
+ * @returns <boolean>
+ */
+export const checkLocalAuthMethod = (): boolean => config.has("authMethod") && !!config.get("authMethod")
+
+/**
+ * Set the authentication method.
+ * @param method <string> - the authentication method to be stored.
+ */
+export const setLocalAuthMethod = (method: string) => config.set("authMethod", method)
+
+/**
+ * Delete the stored authentication method.
+ */
+export const deleteLocalAuthMethod = () => config.delete("authMethod")
+
 /**
  * Get the complete local file path.
  * @param cwd <string> - the current working directory path.

package/src/lib/services.ts

@@ -6,13 +6,18 @@ import {
 import clear from "clear"
 import figlet from "figlet"
 import { FirebaseApp } from "firebase/app"
-import { OAuthCredential } from "firebase/auth"
+import { OAuthCredential, getAuth, signInWithCustomToken } from "firebase/auth"
 import dotenv from "dotenv"
 import { fileURLToPath } from "url"
 import { dirname } from "path"
 import { AuthUser } from "../types/index.js"
 import { CONFIG_ERRORS, CORE_SERVICES_ERRORS, showError, THIRD_PARTY_SERVICES_ERRORS } from "./errors.js"
-import { checkLocalAccessToken, deleteLocalAccessToken, getLocalAccessToken } from "./localConfigs.js"
+import {
+    checkLocalAccessToken,
+    deleteLocalAccessToken,
+    getLocalAccessToken,
+    getLocalAuthMethod
+} from "./localConfigs.js"
 import theme from "./theme.js"
 import { exchangeGithubTokenForCredentials, getGithubProviderUserId, getUserHandleFromProviderUserId } from "./utils.js"
 
@@ -164,22 +169,42 @@ export const checkAuth = async (firebaseApp: FirebaseApp): Promise<AuthUser> =>
     // Retrieve local access token.
     const token = String(getLocalAccessToken())
 
-    // Get credentials.
-    const credentials = exchangeGithubTokenForCredentials(token)
-
-    // Sign in to Firebase using credentials.
-    await signInToFirebase(firebaseApp, credentials)
+    let providerUserId: string
+    let username: string
+    const authMethod = getLocalAuthMethod()
+    switch (authMethod) {
+        case "github": {
+            // Get credentials.
+            const credentials = exchangeGithubTokenForCredentials(token)
+            // Sign in to Firebase using credentials.
+            await signInToFirebase(firebaseApp, credentials)
+            // Get Github unique identifier (handle-id).
+            providerUserId = await getGithubProviderUserId(String(token))
+            username = getUserHandleFromProviderUserId(providerUserId)
+            break
+        }
+        case "bandada": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token)
+            providerUserId = userCredentials.user.uid
+            username = providerUserId
+            break
+        }
+        case "siwe": {
+            const userCredentials = await signInWithCustomToken(getAuth(), token)
+            providerUserId = userCredentials.user.uid
+            username = providerUserId
+            break
+        }
+        default: {
+            break
+        }
+    }
 
     // Get current authenticated user.
     const user = getCurrentFirebaseAuthUser(firebaseApp)
 
-    // Get Github unique identifier (handle-id).
-    const providerUserId = await getGithubProviderUserId(String(token))
-
     // Greet the user.
-    console.log(
-        `Greetings, @${theme.text.bold(getUserHandleFromProviderUserId(providerUserId))} ${theme.emojis.wave}\n`
-    )
+    console.log(`Greetings, @${theme.text.bold(username)} ${theme.emojis.wave}\n`)
 
     return {
         user,

package/src/lib/utils.ts

@@ -155,7 +155,9 @@ export const getPublicAttestationGist = async (
  * @returns <string> - the third-party provider handle of the user.
  */
 export const getUserHandleFromProviderUserId = (providerUserId: string): string => {
-    if (providerUserId.indexOf("-") === -1) showError(THIRD_PARTY_SERVICES_ERRORS.GITHUB_GET_GITHUB_ACCOUNT_INFO, true)
+    if (providerUserId.indexOf("-") === -1) {
+        return providerUserId
+    }
 
     return providerUserId.split("-")[0]
 }

package/src/types/index.ts

@@ -68,3 +68,71 @@ export type GithubGistFile = {
     raw_url: string
     size: number
 }
+
+/**
+ * Define the return object of the function that verifies the Bandada membership and proof.
+ * @typedef {Object} VerifiedBandadaResponse
+ * @property {boolean} valid - true if the proof is valid and the user is a member of the group; otherwise false.
+ * @property {string} message - a message describing the result of the verification.
+ * @property {string} token - the custom access token.
+ */
+export type VerifiedBandadaResponse = {
+    valid: boolean
+    message: string
+    token: string
+}
+
+/**
+ * Define the return object of the device code uri request.
+ * @typedef {Object} OAuthDeviceCodeResponse
+ * @property {string} device_code - the device code.
+ * @property {string} user_code - the user code.
+ * @property {string} verification_uri - the verification uri.
+ * @property {number} expires_in - the expiration time in seconds.
+ * @property {number} interval - the interval time in seconds.
+ * @property {string} verification_uri_complete - the complete verification uri.
+ */
+export type OAuthDeviceCodeResponse = {
+    device_code: string
+    user_code: string
+    verification_uri: string
+    expires_in: number
+    interval: number
+    verification_uri_complete: string
+}
+
+/**
+ * Define the return object of the polling endpoint
+ * @typedef {Object} OAuthTokenResponse
+ * @property {string} access_token - the resulting device flow token
+ * @property {string} token_type - token type
+ * @property {number} expires_in - when does the token expires
+ * @property {string} scope - the scope requested by the initial device flow endpoint
+ * @property {string} refresh_token - refresh token
+ * @property {string} id_token - id token
+ * @property {string} error - in case there was an error
+ * @property {string} error_description - error details
+ */
+export type OAuthTokenResponse = {
+    access_token: string
+    token_type: string
+    expires_in: number
+    scope: string
+    refresh_token: string
+    id_token: string
+    // error response should contain
+    error?: string
+    error_description?: string
+}
+
+/**
+ * @typedef {Object} CheckNonceOfSIWEAddressResponse
+ * @property {boolean} valid - if the checking was valid or not
+ * @property {string} message - more information about the validity
+ * @property {string} token - token to sign into Firebase
+ */
+export type CheckNonceOfSIWEAddressResponse = {
+    valid: boolean
+    message: string
+    token: string
+}