Merge d4a6dc8 into 2235d46

privacy-scaling-explorations · May 18, 2023 · 8782c65 · 8782c65
2 parents 2235d46 + d4a6dc8
commit 8782c65
Show file tree

Hide file tree

Showing 9 changed files with 51 additions and 103 deletions.
diff --git a/packages/actions/.env.default b/packages/actions/.env.default
@@ -51,7 +51,7 @@ AWS_REGION="YOUR-AWS-REGION"
 # The unique identifier for the Github client associated to the OAuth Application.
 AUTH_GITHUB_CLIENT_ID="YOUR-GITHUB-CLIENT-ID"
 # A GitHub personal access token
-AUTH_GITHUB_ACCESS_TOKEN="YOUR_GITHUB_ACCESS_TOKEN"
+GITHUB_ACCESS_TOKEN="YOUR_GITHUB_ACCESS_TOKEN"
 
 ### For production testing purposes only.
 

diff --git a/packages/actions/src/helpers/security.ts b/packages/actions/src/helpers/security.ts
@@ -9,7 +9,7 @@ const getNumberOfPublicReposGitHub = async (user: string): Promise<number> => {
     const response = await fetch(`https://api.github.com/users/${user}/repos`, {
         method: "GET",
         headers: {
-            Authorization: `token ${process.env.AUTH_GITHUB_ACCESS_TOKEN!}`
+            Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN!}`
         }
     })
     if (response.status !== 200)
@@ -29,7 +29,7 @@ const getNumberOfFollowersGitHub = async (user: string): Promise<number> => {
     const response = await fetch(`https://api.github.com/users/${user}/followers`, {
         method: "GET",
         headers: {
-            Authorization: `token ${process.env.AUTH_GITHUB_ACCESS_TOKEN!}`
+            Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN!}`
         }
     })
 
@@ -50,7 +50,7 @@ const getNumberOfFollowingGitHub = async (user: string): Promise<number> => {
     const response = await fetch(`https://api.github.com/users/${user}/following`, {
         method: "GET",
         headers: {
-            Authorization: `token ${process.env.AUTH_GITHUB_ACCESS_TOKEN!}`
+            Authorization: `token ${process.env.GITHUB_ACCESS_TOKEN!}`
         }
     })
 
@@ -76,7 +76,7 @@ export const githubReputation = async (
     minimumAmountOfFollowers: number,
     minimumAmountOfPublicRepos: number
 ): Promise<boolean> => {
-    if (!process.env.AUTH_GITHUB_ACCESS_TOKEN)
+    if (!process.env.GITHUB_ACCESS_TOKEN)
         throw new Error(
             "The GitHub access token is missing. Please insert a valid token to be used for anti-sybil checks on user registation, and then try again."
         )

diff --git a/packages/actions/test/data/artifacts/circuit_vkey.json b/packages/actions/test/data/artifacts/circuit_vkey.json
@@ -1,90 +1 @@
-{
-    "protocol": "groth16",
-    "curve": "bn128",
-    "nPublic": 2,
-    "vk_alpha_1": [
-        "20491192805390485299153009773594534940189261866228447918068658471970481763042",
-        "9383485363053290200918347156157836566562967994039712273449902621266178545958",
-        "1"
-    ],
-    "vk_beta_2": [
-        [
-            "6375614351688725206403948262868962793625744043794305715222011528459656738731",
-            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
-        ],
-        [
-            "10505242626370262277552901082094356697409835680220590971873171140371331206856",
-            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
-        ],
-        ["1", "0"]
-    ],
-    "vk_gamma_2": [
-        [
-            "10857046999023057135944570762232829481370756359578518086990519993285655852781",
-            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
-        ],
-        [
-            "8495653923123431417604973247489272438418190587263600148770280649306958101930",
-            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
-        ],
-        ["1", "0"]
-    ],
-    "vk_delta_2": [
-        [
-            "3351906943192106241258173069101062710430064441805762919435903448145435528973",
-            "3609814357773144717518631524459248007709624660755909037176309802677798373232"
-        ],
-        [
-            "9069438153336502951158456788763587199974358703205747886284949853078455843859",
-            "15566461416342721154195875920091334398078943971015435069515020299158779682082"
-        ],
-        ["1", "0"]
-    ],
-    "vk_alphabeta_12": [
-        [
-            [
-                "2029413683389138792403550203267699914886160938906632433982220835551125967885",
-                "21072700047562757817161031222997517981543347628379360635925549008442030252106"
-            ],
-            [
-                "5940354580057074848093997050200682056184807770593307860589430076672439820312",
-                "12156638873931618554171829126792193045421052652279363021382169897324752428276"
-            ],
-            [
-                "7898200236362823042373859371574133993780991612861777490112507062703164551277",
-                "7074218545237549455313236346927434013100842096812539264420499035217050630853"
-            ]
-        ],
-        [
-            [
-                "7077479683546002997211712695946002074877511277312570035766170199895071832130",
-                "10093483419865920389913245021038182291233451549023025229112148274109565435465"
-            ],
-            [
-                "4595479056700221319381530156280926371456704509942304414423590385166031118820",
-                "19831328484489333784475432780421641293929726139240675179672856274388269393268"
-            ],
-            [
-                "11934129596455521040620786944827826205713621633706285934057045369193958244500",
-                "8037395052364110730298837004334506829870972346962140206007064471173334027475"
-            ]
-        ]
-    ],
-    "IC": [
-        [
-            "6819801395408938350212900248749732364821477541620635511814266536599629892365",
-            "9092252330033992554755034971584864587974280972948086568597554018278609861372",
-            "1"
-        ],
-        [
-            "2494923446058214646639418591712156421366388762181821637289531085843728324281",
-            "5725178132428480568821403146496952551332721127066178100464798546821141271312",
-            "1"
-        ],
-        [
-            "2949088342211450078770029559615904525423143982944239450257777566971809628121",
-            "14382936099891824927341970188446629554258856083543365916396703111259580806134",
-            "1"
-        ]
-    ]
-}
+{"protocol":"groth16","curve":"bn128","nPublic":2,"vk_alpha_1":["20491192805390485299153009773594534940189261866228447918068658471970481763042","9383485363053290200918347156157836566562967994039712273449902621266178545958","1"],"vk_beta_2":[["6375614351688725206403948262868962793625744043794305715222011528459656738731","4252822878758300859123897981450591353533073413197771768651442665752259397132"],["10505242626370262277552901082094356697409835680220590971873171140371331206856","21847035105528745403288232691147584728191162732299865338377159692350059136679"],["1","0"]],"vk_gamma_2":[["10857046999023057135944570762232829481370756359578518086990519993285655852781","11559732032986387107991004021392285783925812861821192530917403151452391805634"],["8495653923123431417604973247489272438418190587263600148770280649306958101930","4082367875863433681332203403145435568316851327593401208105741076214120093531"],["1","0"]],"vk_delta_2":[["3351906943192106241258173069101062710430064441805762919435903448145435528973","3609814357773144717518631524459248007709624660755909037176309802677798373232"],["9069438153336502951158456788763587199974358703205747886284949853078455843859","15566461416342721154195875920091334398078943971015435069515020299158779682082"],["1","0"]],"vk_alphabeta_12":[[["2029413683389138792403550203267699914886160938906632433982220835551125967885","21072700047562757817161031222997517981543347628379360635925549008442030252106"],["5940354580057074848093997050200682056184807770593307860589430076672439820312","12156638873931618554171829126792193045421052652279363021382169897324752428276"],["7898200236362823042373859371574133993780991612861777490112507062703164551277","7074218545237549455313236346927434013100842096812539264420499035217050630853"]],[["7077479683546002997211712695946002074877511277312570035766170199895071832130","10093483419865920389913245021038182291233451549023025229112148274109565435465"],["4595479056700221319381530156280926371456704509942304414423590385166031118820","19831328484489333784475432780421641293929726139240675179672856274388269393268"],["11934129596455521040620786944827826205713621633706285934057045369193958244500","8037395052364110730298837004334506829870972346962140206007064471173334027475"]]],"IC":[["6819801395408938350212900248749732364821477541620635511814266536599629892365","9092252330033992554755034971584864587974280972948086568597554018278609861372","1"],["2494923446058214646639418591712156421366388762181821637289531085843728324281","5725178132428480568821403146496952551332721127066178100464798546821141271312","1"],["2949088342211450078770029559615904525423143982944239450257777566971809628121","14382936099891824927341970188446629554258856083543365916396703111259580806134","1"]]}
diff --git a/packages/actions/test/unit/contract.test.ts b/packages/actions/test/unit/contract.test.ts
@@ -183,7 +183,7 @@ describe("Smart Contract", () => {
             // * create participant
             // * create contribution
             before(async () => {
-                ;[signer] = await ethers.getSigners()
+                [signer] = await ethers.getSigners()
 
                 for (let i = 0; i < users.length; i++) {
                     users[i].uid = await createMockUser(userApp, users[i].data.email, passwords[i], true, adminAuth)

diff --git a/packages/actions/test/unit/security.test.ts b/packages/actions/test/unit/security.test.ts
@@ -175,7 +175,7 @@ describe("Security", () => {
                 expect(await githubReputation("mpc-dev", 5, 1, 1)).to.be.false
             })
             it("should not be rate limited when using a personal access token", async () => {
-                expect(process.env.AUTH_GITHUB_ACCESS_TOKEN).to.not.be.undefined
+                expect(process.env.GITHUB_ACCESS_TOKEN).to.not.be.undefined
                 for (let i = 0; i < 100; i++) {
                     expect(await githubReputation("ctrlc03", 5, 1, 2)).to.be.true
                 }

diff --git a/packages/backend/.default.env b/packages/backend/.default.env
@@ -23,6 +23,8 @@ GITHUB_MINIMUM_FOLLOWERS="1"
 GITHUB_MINIMUM_FOLLOWING="5"
 ## Minimum amount of public repos for the GitHub account
 GITHUB_MINIMUM_PUBLIC_REPOS="2"
+## Personal access token for API rate limiting (no privileges required)
+GITHUB_ACCESS_TOKEN="YOUR-GITHUB-ACCESS-TOKEN"
 
 # The email address of the user who is going to be the coordinator of all ceremonies.
 # nb. right now, only one user could be a coordinator for all ceremonies deployed within the same instance.

diff --git a/packages/backend/src/functions/circuit.ts b/packages/backend/src/functions/circuit.ts
@@ -494,7 +494,8 @@ export const verifycontribution = functionsV2.https.onCall(
                 await uploadFileToBucket(
                     bucketName,
                     verificationTranscriptStoragePathAndFilename,
-                    verificationTranscriptTemporaryLocalPath
+                    verificationTranscriptTemporaryLocalPath,
+                    true
                 )
 
                 // Compute verification transcript hash.

diff --git a/packages/backend/src/functions/storage.ts b/packages/backend/src/functions/storage.ts
@@ -6,7 +6,9 @@ import {
     UploadPartCommand,
     CompleteMultipartUploadCommand,
     HeadObjectCommand,
-    CreateBucketCommand
+    CreateBucketCommand,
+    PutPublicAccessBlockCommand,
+    PutBucketCorsCommand
 } from "@aws-sdk/client-s3"
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner"
 import dotenv from "dotenv"
@@ -146,7 +148,8 @@ export const createBucket = functions
             Bucket: data.bucketName,
             CreateBucketConfiguration: {
                 LocationConstraint: String(process.env.AWS_REGION)
-            }
+            },
+            ObjectOwnership: "BucketOwnerPreferred"
         })
 
         try {
@@ -156,6 +159,37 @@ export const createBucket = functions
             // Check response.
             if (response.$metadata.httpStatusCode === 200 && !!response.Location)
                 printLog(`The AWS S3 bucket ${data.bucketName} has been created successfully`, LogLevel.LOG)
+
+            const publicBlockCommand = new PutPublicAccessBlockCommand({
+                Bucket: data.bucketName,
+                PublicAccessBlockConfiguration: {
+                    BlockPublicAcls: false,
+                    BlockPublicPolicy: false,
+                }
+            })
+
+            // Allow objects to be public
+            const publicBlockResponse = await S3.send(publicBlockCommand)
+            // Check response.
+            if (publicBlockResponse.$metadata.httpStatusCode === 200)
+                printLog(`The AWS S3 bucket ${data.bucketName} has been set with the PublicAccessBlock disabled.`, LogLevel.LOG)
+
+            // Set CORS
+            const corsCommand = new PutBucketCorsCommand({
+                Bucket: data.bucketName,
+                CORSConfiguration: {
+                    CORSRules: [
+                        {
+                            AllowedMethods: ["GET"],
+                            AllowedOrigins: ["*"],
+                        }
+                    ]
+                }
+            })
+            const corsResponse = await S3.send(corsCommand)
+            // Check response.
+            if (corsResponse.$metadata.httpStatusCode === 200)
+                printLog(`The AWS S3 bucket ${data.bucketName} has been set with the CORS configuration.`, LogLevel.LOG)
         } catch (error: any) {
             /** * {@link https://docs.aws.amazon.com/simspaceweaver/latest/userguide/troubleshooting_bucket-name-too-long.html | InvalidBucketName} */
             if (error.$metadata.httpStatusCode === 400 && error.Code === `InvalidBucketName`)
@@ -308,7 +342,7 @@ export const startMultiPartUpload = functions
         const S3 = await getS3Client()
 
         // Prepare S3 command.
-        const command = new CreateMultipartUploadCommand({ Bucket: bucketName, Key: objectKey })
+        const command = new CreateMultipartUploadCommand({ Bucket: bucketName, Key: objectKey, ACL: "private" })
 
         try {
             // Execute S3 command.

diff --git a/packages/backend/src/lib/utils.ts b/packages/backend/src/lib/utils.ts
@@ -220,15 +220,15 @@ export const downloadArtifactFromS3Bucket = async (bucketName: string, objectKey
  * @param objectKey <string> - the unique key to identify the object inside the given AWS S3 bucket.
  * @param localFilePath <string> - the local path where the file to be uploaded is stored.
  */
-export const uploadFileToBucket = async (bucketName: string, objectKey: string, localFilePath: string) => {
+export const uploadFileToBucket = async (bucketName: string, objectKey: string, localFilePath: string, isPublic: boolean = false) => {
     // Prepare AWS S3 client instance.
     const client = await getS3Client()
 
     // Extract content type.
     const contentType = mime.lookup(localFilePath) || ""
 
     // Prepare command.
-    const command = new PutObjectCommand({ Bucket: bucketName, Key: objectKey, ContentType: contentType })
+    const command = new PutObjectCommand({ Bucket: bucketName, Key: objectKey, ContentType: contentType, ACL: isPublic ? "public-read" : "private" })
 
     // Generate a pre-signed url for uploading the file.
     const url = await getSignedUrl(client, command, { expiresIn: Number(process.env.AWS_PRESIGNED_URL_EXPIRATION) })