@edgedev/create-edge-app 1.0.43 → 1.0.44

package/firestore.rules

@@ -31,6 +31,14 @@ service cloud.firestore {
     allow update: if false; 
     allow delete: if false; 
   }
+
+
+  match /databases/{database}/documents/system/{event} {
+    allow read: if false;
+    allow create: if false;  
+    allow update: if false; 
+    allow delete: if false; 
+  }
   
   match /databases/{database}/documents/rule-helpers/{helper} {
     allow read: if false;
@@ -56,11 +64,14 @@ service cloud.firestore {
 
   match /databases/{database}/documents/collection-data/{collectionPath} {
     // TODO: these rules need tested.
-    function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
+    function getRolePermission(role, permissionCheck) {
+        let permissions = {
+          'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+          'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+          'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+          'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+        };
+        return permissions[role][permissionCheck];
     }
     function canAssign() {
       let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
@@ -76,7 +87,7 @@ service cloud.firestore {
         "roles" in user && 
         ruleHelper[collectionPath].permissionCheckPath in user.roles &&
         "role" in user.roles[ruleHelper[collectionPath].permissionCheckPath] &&
-         getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, collectionPath, "assign")
+         getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, "assign")
       );
     }
     allow read: if request.auth != null; // All signed in users can read collection-data
@@ -141,7 +152,7 @@ service cloud.firestore {
               (
                 (
                   "roles" in user &&
-                  getRolePermission(user.roles[permissionCheckPath].role, permissionCheckPath, "assign")
+                  getRolePermission(user.roles[permissionCheckPath].role, "assign")
                 ) ||
                 (
                   "specialPermissions" in user &&
@@ -160,7 +171,7 @@ service cloud.firestore {
               (
                 "roles" in user &&
                 ruleHelper["edge-assignment-helper"].permissionCheckPath in user.roles &&
-                getRolePermission(user.roles[ruleHelper["edge-assignment-helper"].permissionCheckPath].role, ruleHelper["edge-assignment-helper"].permissionCheckPath, 'assign')
+                getRolePermission(user.roles[ruleHelper["edge-assignment-helper"].permissionCheckPath].role, 'assign')
               ) ||
               (
                 "specialPermissions" in user &&
@@ -188,7 +199,7 @@ service cloud.firestore {
                 (
                   "roles" in user &&
                   permissionCheckPath in user.roles &&
-                  getRolePermission(user.roles[permissionCheckPath].role, permissionCheckPath, "assign")
+                  getRolePermission(user.roles[permissionCheckPath].role, "assign")
                 ) ||
                 (
                   "specialPermissions" in user &&
@@ -216,12 +227,15 @@ service cloud.firestore {
       return request.resource.data.roles.size() == 0 && request.resource.data.specialPermissions.size() == 0;
     }
 
-    function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
-      }
+    function getRolePermission(role, permissionCheck) {
+        let permissions = {
+          'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+          'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+          'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+          'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+        };
+        return permissions[role][permissionCheck];
+     }
 
      function canGet () {
        return resource == null || 
@@ -237,11 +251,14 @@ service cloud.firestore {
   }
 
   match /databases/{database}/documents/{seg1} {
-      function getRolePermission(role, collection, permissionCheck) {
-        let pathCollectionPermissions = get(/databases/$(database)/documents/collection-data/$(collection)).data;
-        let defaultPermissions = get(/databases/$(database)/documents/collection-data/-default-).data;
-        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
-              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
+      function getRolePermission(role, permissionCheck) {
+        let permissions = {
+          'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+          'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+          'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+          'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+        };
+        return permissions[role][permissionCheck];
       }
       function checkPermission(collectionPath, permissionCheck) {
           let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
@@ -251,7 +268,9 @@ service cloud.firestore {
                  !(permissionCheck == "write" && 
                     (
                       ("stripeCustomerId" in request.resource.data && (!("stripeCustomerId" in resource.data) || resource.data.stripeCustomerId != request.resource.data.stripeCustomerId)) ||
-                      ("stripeSubscription" in request.resource.data && (!("stripeSubscription" in resource.data) || resource.data.stripeSubscription != request.resource.data.stripeSubscription))
+                      ("stripeSubscription" in request.resource.data && (!("stripeSubscription" in resource.data) || resource.data.stripeSubscription != request.resource.data.stripeSubscription)) ||
+                      ("stripeProductId" in request.resource.data && (!("stripeProductId" in resource.data) || resource.data.stripeProductId != request.resource.data.stripeProductId)) ||
+                      ("stripePriceId" in request.resource.data && (!("stripePriceId" in resource.data) || resource.data.stripePriceId != request.resource.data.stripePriceId))
                     )
                   ) &&
                   request.auth != null &&
@@ -265,7 +284,7 @@ service cloud.firestore {
                     (
                       "roles" in user &&
                       ruleHelper[collectionPath].permissionCheckPath in user.roles &&
-                      getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, ruleHelper[collectionPath].permissionCheckPath, permissionCheck)
+                      getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, permissionCheck)
                     ) ||
                     (
                       "specialPermissions" in user &&

package/firestore.rules.backup

@@ -2,6 +2,29 @@ rules_version = '2';
 // #EDGE FIREBASE RULES START
 service cloud.firestore {
 
+  match /databases/{database}/documents/phone-auth/{phone} {
+    allow read: if false;
+    allow create: if false;  
+    allow update: if false; 
+    allow delete: if false; 
+  }
+
+  match /databases/{database}/documents/topic-queue/{topic} {
+    allow read: if false;
+    allow create: if false;  
+    allow update: if false; 
+    allow delete: if false; 
+  }
+
+
+  match /databases/{database}/documents/public-users/{user} {
+    allow read: if request.auth != null;
+    allow list: if request.auth != null;
+    allow create: if false;  
+    allow update: if false; 
+    allow delete: if false; 
+  }
+
   match /databases/{database}/documents/events/{event} {
     allow read: if false;
     allow create: if false;  
@@ -222,9 +245,15 @@ service cloud.firestore {
       }
       function checkPermission(collectionPath, permissionCheck) {
           let user = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
-          let skipPaths = ["collection-data", "users", "staged-users", "events", "rule-helpers"];
+          let skipPaths = ["collection-data", "users", "staged-users", "events", "rule-helpers", "phone-auth", "public-users", "topic-queue"];
           let ruleHelper = get(/databases/$(database)/documents/rule-helpers/$(request.auth.uid)).data;
           return !(collectionPath in skipPaths) &&
+                 !(permissionCheck == "write" && 
+                    (
+                      ("stripeCustomerId" in request.resource.data && (!("stripeCustomerId" in resource.data) || resource.data.stripeCustomerId != request.resource.data.stripeCustomerId)) ||
+                      ("stripeSubscription" in request.resource.data && (!("stripeSubscription" in resource.data) || resource.data.stripeSubscription != request.resource.data.stripeSubscription))
+                    )
+                  ) &&
                   request.auth != null &&
                   collectionPath in ruleHelper &&
                   "permissionCheckPath" in ruleHelper[collectionPath] &&

package/functions/config.js

@@ -0,0 +1,87 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+/* eslint-disable no-undef */
+const functions = require('firebase-functions')
+const { PubSub } = require('@google-cloud/pubsub')
+const admin = require('firebase-admin')
+
+const pubsub = new PubSub()
+
+admin.initializeApp()
+
+const { onMessagePublished } = require('firebase-functions/v2/pubsub')
+
+const { onCall, HttpsError, onRequest } = require('firebase-functions/v2/https')
+const { onSchedule } = require('firebase-functions/v2/scheduler')
+const { Storage } = require('@google-cloud/storage')
+const {
+  onDocumentWritten,
+  onDocumentCreated,
+  onDocumentUpdated,
+  onDocumentDeleted,
+  Change,
+  FirestoreEvent,
+} = require('firebase-functions/v2/firestore')
+const { logger } = require('firebase-functions/v2')
+const { getFirestore } = require('firebase-admin/firestore')
+const twilio = require('twilio')
+const db = getFirestore()
+
+// The permissionCheck function
+
+const permissions = {
+  'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+  'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+  'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+  'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+};
+
+const permissionCheck = async (userId, action, originalFilePath) => {
+  // Fetch user document
+  const collectionPath = originalFilePath.replace(/\//g, '-')
+  const userDoc = await db.collection('users').doc(userId).get()
+  if (!userDoc.exists) {
+    console.log('No such user!')
+    return false // Or handle as needed
+  }
+  const userData = userDoc.data()
+
+  // Fetch roles from user data
+  const roles = Object.values(userData.roles || {})
+
+  for (const role of roles) {
+    // Check if the role's collectionPath is a prefix of the collectionPath
+    if (collectionPath.startsWith(role.collectionPath)) {
+      // Use permissions object instead of fetching collection data
+      const rolePermissions = permissions[role.role];
+      if (rolePermissions && rolePermissions[action]) {
+        return true;
+      }
+    }
+  }
+  return false;
+}
+
+module.exports = {
+  pubsub,
+  onMessagePublished,
+  onRequest,
+  onSchedule,
+  onDocumentWritten,
+  onDocumentCreated,
+  onDocumentUpdated,
+  onDocumentDeleted,
+  Change,
+  FirestoreEvent,
+  onCall,
+  HttpsError,
+  logger,
+  getFirestore,
+  functions,
+  admin,
+  twilio,
+  db,
+  Storage,
+  permissionCheck,
+}
+
+

package/functions/edgeFirebase.js

@@ -0,0 +1,424 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+/* eslint-disable no-undef */
+const { onCall, HttpsError, logger, getFirestore, functions, admin, twilio, db, onSchedule, onDocumentUpdated, pubsub, Storage, permissionCheck } = require('./config.js')
+
+const authToken = process.env.TWILIO_AUTH_TOKEN
+const accountSid = process.env.TWILIO_SID
+const systemNumber = process.env.TWILIO_SYSTEM_NUMBER
+
+function formatPhoneNumber(phone) {
+  // Remove non-numeric characters from the phone number
+  const numericPhone = phone.replace(/\D/g, '')
+  // Return the formatted number
+  return `+1${numericPhone}`
+}
+
+exports.topicQueue = onSchedule({ schedule: 'every 1 minutes', timeoutSeconds: 180 }, async (event) => {
+  const queuedTopicsRef = db.collection('topic-queue')
+  const snapshot = await queuedTopicsRef.get()
+
+  for (const doc of snapshot.docs) {
+    await db.runTransaction(async (transaction) => {
+      const docSnapshot = await transaction.get(doc.ref)
+      if (!docSnapshot.exists) {
+        throw new Error('Document does not exist!')
+      }
+      const docData = docSnapshot.data()
+      const emailTimestamp = docData.timestamp ? docData.timestamp.toMillis() : 0
+      const delayTimestamp = docData.minuteDelay ? emailTimestamp + docData.minuteDelay * 60 * 1000 : 0
+      const currentTimestamp = Date.now()
+      // Check if current time is beyond the timestamp + minuteDelay, or if timestamp or minuteDelay is not set
+      if (emailTimestamp > currentTimestamp || currentTimestamp >= delayTimestamp || !docData.timestamp || !docData.minuteDelay) {
+        // Check if topic and payload exist and are not empty
+        if (docData.topic && docData.payload && typeof docData.payload === 'object' && docData.topic.trim() !== '') {
+          try {
+            await pubsub.topic(docData.topic).publishMessage({ data: Buffer.from(JSON.stringify(docData.payload)) })
+            // Delete the document after successfully publishing the message
+            transaction.delete(doc.ref)
+          }
+          catch (error) {
+            console.error(`Error publishing message to topic ${docData.topic}:`, error)
+            // Increment retry count and set new delay
+            const retryCount = docData.retry ? docData.retry + 1 : 1
+            if (retryCount <= 3) {
+              const minuteDelay = retryCount === 1 ? 1 : retryCount === 2 ? 10 : 30
+              transaction.update(doc.ref, { retry: retryCount, minuteDelay })
+            }
+            else {
+              // Delete the document if there was an error publishing the topic after 3 retries
+              transaction.delete(doc.ref)
+            }
+          }
+        }
+        // Delete the document if topic or payload does not exist or is empty
+        else {
+          transaction.delete(doc.ref)
+        }
+      }
+    })
+  }
+})
+
+exports.sendVerificationCode = onCall(async (request) => {
+  const data = request.data
+  let code = (Math.floor(Math.random() * 1000000) + 1000000).toString().substring(1)
+  const phone = formatPhoneNumber(data.phone)
+
+  if (phone === '+19999999999') {
+    code = '123456'
+  }
+  else {
+    try {
+      const client = twilio(accountSid, authToken)
+      await client.messages.create({
+        body: `Your verification code is: ${code}`,
+        to: phone, // the user's phone number
+        from: systemNumber, // your Twilio phone number from the configuration
+      })
+    }
+    catch (error) {
+      console.log(error)
+      return { success: false, error: 'Invalid Phone #' }
+    }
+  }
+
+  try {
+    // Use the formatted phone number as the document ID for Firestore
+    await db.collection('phone-auth').doc(phone).set({
+      phone,
+      code,
+    })
+    return phone
+  }
+  catch (error) {
+    return { success: false, error }
+  }
+})
+
+exports.verifyPhoneNumber = onCall(async (request) => {
+  const data = request.data
+  const phone = data.phone
+  const code = data.code
+
+  // Get the phone-auth document with the given phone number
+  const phoneDoc = await db.collection('phone-auth').doc(phone).get()
+
+  if (!phoneDoc.exists) {
+    return { success: false, error: 'Phone number not found.' }
+  }
+
+  const storedCode = phoneDoc.data().code
+
+  if (storedCode !== code) {
+    return { success: false, error: 'Invalid verification code.' }
+  }
+
+  // If the code matches, authenticate the user with Firebase Custom Auth
+  try {
+    // You would typically generate a UID based on the phone number or another system
+    const uid = phone
+
+    // Create a custom token (this can be used on the client to sign in)
+    const customToken = await admin.auth().createCustomToken(uid)
+
+    return { success: true, token: customToken }
+  }
+  catch (error) {
+    console.error('Error creating custom token:', error)
+    return { success: false, error: 'Failed to authenticate.' }
+  }
+})
+
+exports.initFirestore = onCall(async (request) => {
+  // checks to see of the collections 'staged-users' exist if not will seed them with data
+  const stagedUsers = await db.collection('staged-users').get()
+  if (stagedUsers.empty) {
+    const templateUser = {
+      docId: 'organization-registration-template',
+      isTemplate: true,
+      meta: {
+        name: 'Organization Registration Template',
+      },
+      subCreate: {
+        documentStructure: {
+          name: '',
+        },
+        dynamicDocumentField: 'name',
+        role: 'admin',
+        rootPath: 'organizations',
+      },
+      userId: '',
+    }
+    await db.collection('staged-users').doc('organization-registration-template').set(templateUser)
+  }
+})
+
+exports.removeNonRegisteredUser = onCall(async (request) => {
+  const data = request.data
+  const auth = request.auth
+  if (data.uid === auth.uid) {
+    const stagedUser = await db.collection('staged-users').doc(data.docId).get()
+    if (stagedUser.exists) {
+      const stagedUserData = stagedUser.data()
+
+      const rolesExist = stagedUserData.roles && Object.keys(stagedUserData.roles).length !== 0
+      const specialPermissionsExist = stagedUserData.specialPermissions && Object.keys(stagedUserData.specialPermissions).length !== 0
+      const userIdExistsAndNotBlank = stagedUserData.userId && stagedUserData.userId !== ''
+
+      if (!rolesExist && !specialPermissionsExist && !userIdExistsAndNotBlank) {
+        await db.collection('staged-users').doc(data.docId).delete()
+        return { success: true, message: '' }
+      }
+      else {
+        let message = ''
+        if (rolesExist && specialPermissionsExist) {
+          message = 'Cannot delete because the non-registered user still has roles and special permissions assigned.'
+        }
+        else if (rolesExist) {
+          message = 'Cannot delete because the non-registered user still has roles assigned.'
+        }
+        else if (specialPermissionsExist) {
+          message = 'Cannot delete because the non-registered user still has special permissions assigned.'
+        }
+        else if (userIdExistsAndNotBlank) {
+          message = 'Cannot delete because the user is registered.'
+        }
+        return { success: false, message }
+      }
+    }
+  }
+  return { success: false, message: 'Non-registered user not found.' }
+})
+
+exports.currentUserRegister = onCall(async (request) => {
+  const data = request.data
+  const auth = request.auth
+  if (data.uid === auth.uid) {
+    const stagedUser = await db.collection('staged-users').doc(data.registrationCode).get()
+    if (!stagedUser.exists) {
+      return { success: false, message: 'Registration code not found.' }
+    }
+    else {
+      const stagedUserData = await stagedUser.data()
+      let process = false
+      if (stagedUserData.isTemplate) {
+        process = true
+      }
+      if (!stagedUserData.isTemplate && stagedUserData.userId === '') {
+        process = true
+      }
+      if (!process) {
+        return { success: false, message: 'Registration code not valid.' }
+      }
+      const newRoles = stagedUserData.roles || {}
+      const currentUser = await db.collection('users').doc(data.uid).get()
+      const currentUserData = await currentUser.data()
+      const currentRoles = currentUserData.roles || {}
+      const currentUserCollectionPaths = currentUserData.collectionPaths || []
+      let newRole = {}
+      if (stagedUserData.subCreate && Object.keys(stagedUserData.subCreate).length !== 0 && stagedUserData.isTemplate) {
+        if (!data.dynamicDocumentFieldValue) {
+          return { success: false, message: 'Dynamic document field value is required.' }
+        }
+        const rootPath = stagedUserData.subCreate.rootPath
+        const newDoc = stagedUserData.subCreate.documentStructure
+        newDoc[stagedUserData.subCreate.dynamicDocumentField] = data.dynamicDocumentFieldValue
+        const addedDoc = await db.collection(rootPath).add(newDoc)
+        await db.collection(rootPath).doc(addedDoc.id).update({ docId: addedDoc.id })
+        newRole = { [`${rootPath}-${addedDoc.id}`]: { collectionPath: `${rootPath}-${addedDoc.id}`, role: stagedUserData.subCreate.role } }
+      }
+      const combinedRoles = { ...currentRoles, ...newRoles, ...newRole }
+      Object.values(combinedRoles).forEach((role) => {
+        if (!currentUserCollectionPaths.includes(role.collectionPath)) {
+          currentUserCollectionPaths.push(role.collectionPath)
+        }
+      })
+      await db.collection('staged-users').doc(currentUserData.stagedDocId).update({ roles: combinedRoles, collectionPaths: currentUserCollectionPaths })
+      if (!stagedUserData.isTemplate) {
+        await db.collection('staged-users').doc(data.registrationCode).delete()
+      }
+      return { success: true, message: '' }
+    }
+  }
+})
+
+exports.checkOrgIdExists = onCall(async (request) => {
+  const data = request.data
+  const orgId = data.orgId.toLowerCase()
+  const orgDoc = await db.collection('organizations').doc(orgId).get()
+  return { exists: orgDoc.exists }
+})
+
+exports.deleteSelf = onCall(async (request) => {
+  if (request.data.uid === request.auth.uid) {
+    try {
+      const userDoc = await db.collection('staged-users').doc(request.auth.uid).get()
+      const userData = userDoc.data()
+      const userCollectionPaths = userData.collectionPaths || []
+
+      for (const path of userCollectionPaths) {
+        const usersWithSamePath = await db.collection('staged-users').where('collectionPaths', 'array-contains', path).get()
+
+        // If no other users have the same collection path, delete the path and all documents and collections under it
+        if (usersWithSamePath.size <= 1) {
+          const adjustedPath = path.replace(/-/g, '/')
+          const docRef = db.doc(adjustedPath)
+          const doc = await docRef.get()
+
+          if (doc.exists) {
+            // If the path is a document, delete it directly
+            await docRef.delete()
+          }
+          else {
+            // If the path is a collection, delete all documents under it
+            const docsToDelete = await db.collection(adjustedPath).get()
+            const batch = db.batch()
+            docsToDelete.docs.forEach((doc) => {
+              batch.delete(doc.ref)
+            })
+            await batch.commit()
+          }
+        }
+      }
+
+      // Delete from 'staged-users' collection
+      await db.collection('staged-users').doc(request.data.uid).delete()
+
+      // Delete from 'users' collection
+      await db.collection('users').doc(request.data.uid).delete()
+
+      // Delete the user from Firebase
+      await admin.auth().deleteUser(request.data.uid)
+
+      return { success: true }
+    }
+    catch (error) {
+      console.error('Error deleting user:', error)
+      return { success: false, error }
+    }
+  }
+})
+
+exports.updateUser = onDocumentUpdated({ document: 'staged-users/{docId}', timeoutSeconds: 180 }, async (event) => {
+  const change = event.data
+  const eventId = event.id
+  const eventRef = db.collection('events').doc(eventId)
+  const stagedDocId = event.params.docId
+  let newData = change.after.data()
+  const oldData = change.before.data()
+
+  const shouldProcess = await eventRef.get().then((eventDoc) => {
+    return !eventDoc.exists || !eventDoc.data().processed
+  })
+
+  if (!shouldProcess) {
+    return null
+  }
+
+  // Note: we can trust on newData.uid because we are checking in rules that it matches the auth.uid
+  if (newData.userId) {
+    const userRef = db.collection('users').doc(newData.userId)
+    await setUser(userRef, newData, oldData, stagedDocId)
+    await markProcessed(eventRef)
+  }
+  else {
+    if (newData.templateUserId !== oldData.templateUserId) {
+      // Check if templateUserId already exists in the staged-users collection
+      const stagedUserRef = db.collection('staged-users').doc(newData.templateUserId)
+      const doc = await stagedUserRef.get()
+
+      // If it exists, skip the creation process
+      if (doc.exists) {
+        return null
+      }
+
+      newData.isTemplate = false
+      const templateUserId = newData.templateUserId
+      newData.meta = newData.templateMeta
+      delete newData.templateMeta
+      delete newData.templateUserId
+      if (Object.prototype.hasOwnProperty.call(newData, 'subCreate') && Object.values(newData.subCreate).length > 0) {
+        const subCreate = newData.subCreate
+        delete newData.subCreate
+        let newDocId = ''
+        if (Object.prototype.hasOwnProperty.call(newData, 'requestedOrgId')) {
+          newDocId = newData.requestedOrgId.toLowerCase()
+          delete newData.requestedOrgId
+        }
+        let addedDoc
+        if (newDocId) {
+          const docRef = db.collection(subCreate.rootPath).doc(newDocId)
+          const doc = await docRef.get()
+          if (!doc.exists) {
+            await docRef.set({ [subCreate.dynamicDocumentField]: newData.dynamicDocumentFieldValue })
+            addedDoc = docRef
+          }
+          else {
+            addedDoc = await db.collection(subCreate.rootPath).add({ [subCreate.dynamicDocumentField]: newData.dynamicDocumentFieldValue })
+          }
+        }
+        else {
+          addedDoc = await db.collection(subCreate.rootPath).add({ [subCreate.dynamicDocumentField]: newData.dynamicDocumentFieldValue })
+        }
+        await db.collection(subCreate.rootPath).doc(addedDoc.id).update({ docId: addedDoc.id })
+        delete newData.dynamicDocumentFieldValue
+        const newRole = { [`${subCreate.rootPath}-${addedDoc.id}`]: { collectionPath: `${subCreate.rootPath}-${addedDoc.id}`, role: subCreate.role } }
+        if (Object.prototype.hasOwnProperty.call(newData, 'collectionPaths')) {
+          newData.collectionPaths.push(`${subCreate.rootPath}-${addedDoc.id}`)
+        }
+        else {
+          newData.collectionPaths = [`${subCreate.rootPath}-${addedDoc.id}`]
+        }
+        const newRoles = { ...newData.roles, ...newRole }
+        newData = { ...newData, roles: newRoles }
+        const stagedUserRef = db.collection('staged-users').doc(templateUserId)
+        await stagedUserRef.set({ ...newData, userId: templateUserId })
+        const userRef = db.collection('users').doc(templateUserId)
+        await setUser(userRef, newData, oldData, templateUserId)
+        await markProcessed(eventRef)
+      }
+      else {
+        const stagedUserRef = db.collection('staged-users').doc(templateUserId)
+        await stagedUserRef.set({ ...newData, userId: templateUserId })
+        const userRef = db.collection('users').doc(templateUserId)
+        await setUser(userRef, newData, oldData, templateUserId)
+        await markProcessed(eventRef)
+      }
+    }
+  }
+  await markProcessed(eventRef)
+})
+
+async function setUser(userRef, newData, oldData, stagedDocId) {
+  const user = await userRef.get()
+  let userUpdate = { meta: newData.meta, stagedDocId }
+
+  if (newData.meta && newData.meta.name) {
+    const publicUserRef = db.collection('public-users').doc(stagedDocId)
+    const publicMeta = { name: newData.meta.name }
+    publicUserRef.set({ uid: newData.uid, meta: publicMeta, collectionPaths: newData.collectionPaths, userId: stagedDocId })
+  }
+
+  if (Object.prototype.hasOwnProperty.call(newData, 'roles')) {
+    userUpdate = { ...userUpdate, roles: newData.roles }
+  }
+  if (Object.prototype.hasOwnProperty.call(newData, 'specialPermissions')) {
+    userUpdate = { ...userUpdate, specialPermissions: newData.specialPermissions }
+  }
+
+  if (!oldData.userId) {
+    userUpdate = { ...userUpdate, userId: newData.uid }
+  }
+  if (!user.exists) {
+    return userRef.set(userUpdate)
+  }
+  else {
+    return userRef.update(userUpdate)
+  }
+}
+
+function markProcessed(eventRef) {
+  return eventRef.set({ processed: true }).then(() => {
+    return null
+  })
+}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@edgedev/create-edge-app",
-    "version": "1.0.43",
+    "version": "1.0.44",
     "description": "Create Edge Starter App",
     "bin": {
         "create-edge-app": "./bin/cli.js"
@@ -39,6 +39,7 @@
         "vaul-vue": "^0.1.2",
         "vee-validate": "^4.13.1",
         "vue-sonner": "^1.1.2",
+        "vue-upload-component": "^3.1.17",
         "zod": "^3.23.8"
     },
     "devDependencies": {

package/plugins/fileUpload.ts

@@ -0,0 +1,6 @@
+import VueUploadComponent from 'vue-upload-component'
+import { defineNuxtPlugin } from '#app'
+
+export default defineNuxtPlugin((nuxtApp) => {
+  nuxtApp.vueApp.component('file-upload', VueUploadComponent)
+})

package/storage.rules

@@ -6,3 +6,56 @@ service firebase.storage {
     }
   }
 }
+// #EDGE FIREBASE RULES START
+service firebase.storage {
+  match /b/{bucket}/o {
+    // Match the file path structure you're using, simulating the Firestore document path structure for permissions.
+    function getRolePermission(role, permissionCheck) {
+      let permissions = {
+        'admin': {'assign': true, 'delete': true, 'read': true, 'write': true},
+        'editor': {'assign': false, 'delete': true, 'read': true, 'write': true},
+        'user': {'assign': false, 'delete': false, 'read': true, 'write': false},
+        'writer': {'assign': false, 'delete': false, 'read': true, 'write': true}
+      };
+      return permissions[role][permissionCheck];
+    }
+    function checkPermission(permissionCheck, collectionPath) {
+      let user = firestore.get(/databases/(default)/documents/users/$(request.auth.uid)).data;
+      let ruleHelper = firestore.get(/databases/(default)/documents/rule-helpers/$(request.auth.uid)).data;
+      return  request.auth != null &&
+              collectionPath in ruleHelper &&
+              "permissionCheckPath" in ruleHelper[collectionPath] &&
+              (
+                ruleHelper[collectionPath].permissionCheckPath == "-" ||
+                collectionPath.matches("^" + ruleHelper[collectionPath].permissionCheckPath + ".*$")
+              ) &&
+              (
+                (
+                  "roles" in user &&
+                  ruleHelper[collectionPath].permissionCheckPath in user.roles &&
+                  getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, permissionCheck)
+                ) ||
+                (
+                  "specialPermissions" in user &&
+                  ruleHelper[collectionPath].permissionCheckPath in user.specialPermissions &&
+                  permissionCheck in user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath] &&
+                  user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath][permissionCheck]
+                )
+              );
+    }
+    match /public/{fileId} {
+      // Public directory with special rules
+      allow read: if true; // Unrestricted read access
+      allow write, delete: if request.auth != null; // Write and delete require authentication
+    }
+    match /{dir}/{fileId} {
+      // General read permission check based on Firestore data
+      allow read: if checkPermission("read", dir);
+      // General write permission check, including creating and updating files
+      allow write: if checkPermission("write", dir);
+      // General delete permission check
+      allow delete: if checkPermission("write", dir);
+    }
+  }
+}
+// #EDGE FIREBASE RULES END

package/storage.rules.backup

@@ -0,0 +1,8 @@
+rules_version = '2';
+service firebase.storage {
+  match /b/{bucket}/o {
+    match /{allPaths=**} {
+      allow read, write: if false;
+    }
+  }
+}