@edgedev/firebase 2.0.33 → 2.0.35

package/edgeFirebase.ts

@@ -55,7 +55,7 @@ import {
 } from "firebase/auth";
 
 
-import { getStorage, ref as storageRef, uploadBytes, getDownloadURL, connectStorageEmulator} from "firebase/storage";
+import { getStorage, ref, uploadBytes, getDownloadURL, connectStorageEmulator, listAll, deleteObject} from "firebase/storage";
 
 import { getFunctions, httpsCallable, connectFunctionsEmulator } from "firebase/functions";
 
@@ -245,8 +245,9 @@ export const EdgeFirebase = class {
       connectFunctionsEmulator(this.functions, "127.0.0.1", this.firebaseConfig.emulatorFunctions)
     }
     if (this.firebaseConfig.emulatorStorage) {
-      connectStorageEmulator(this.storage,  "127.0.0.1", this.firebaseConfig.emulatorStorage)
+      connectStorageEmulator(this.storage, "127.0.0.1", this.firebaseConfig.emulatorStorage)
     }
+    this.setOnAuthStateChanged();
   }
 
   private firebaseConfig = null;
@@ -2126,8 +2127,8 @@ export const EdgeFirebase = class {
 
 
   // File functions
-  public uploadFileToStorage = async (filePath: string, file: Blob): Promise<actionResponse> => {
-    try {
+  public uploadFile = async (filePath: string, file: Blob): Promise<actionResponse> => {
+
       // Validate if file is provided
       if (!file) {
         return this.sendResponse({
@@ -2147,46 +2148,83 @@ export const EdgeFirebase = class {
         });
       }
 
-      // Initialize Firebase Storage
-
-      // Define a temporary path for the file upload
-      // You might want to include some unique identifier in the temporary path
-      const tempFilePath = `temp/${this.user.uid}/${filePath.replaceAll('/', '-|-')}`;
-
-      // Create a reference to the temporary file location
-      const fileRef = storageRef(this.storage, tempFilePath);
-
-      // Upload the file to the temporary location
-      await uploadBytes(fileRef, file);
-
-      // Prepare data for the callable function
-      const data = {
-        uid: this.user.uid,
-        filePath: filePath, // The final desired path for the file
-      };
-
-      // Call the Firebase Function to handle the file move and any additional processing
-      const callable = httpsCallable(this.functions, 'edgeFirebase-uploadFile');
-      const functionResult = await callable(data);
-
-      const resultData = functionResult.data as { success: boolean; message: string; finalDownloadURL?: string };
-
-      if (!resultData.success) {
-        throw new Error(resultData.message);
+      try {
+        const tempFilePath = `${filePath.replaceAll('/', '-')}` + '/' + file.name;
+        const fileRef = ref(this.storage, tempFilePath);
+        await uploadBytes(fileRef, file);
+        return this.sendResponse({
+          success: true,
+          message: "File uploaded successfully.",
+          meta: {}
+        });
+      } catch (error) {
+        return this.sendResponse({
+          success: false,
+          message: "An error occurred during file upload.",
+          meta: {}
+        });
       }
-      // Return success response
+  };
+
+  public deleteFile = async (filePath: string): Promise<actionResponse> => {
+    const hasDeletePermission = await this.permissionCheck("write", filePath);
+    if (!hasDeletePermission) {
+      return this.sendResponse({
+        success: false,
+        message: "You do not have permission to delete files in this path.",
+        meta: {}
+      });
+    }
+    try {
+      const fileRef = ref(this.storage, filePath);
+      await deleteObject(fileRef);
       return this.sendResponse({
         success: true,
-        message: "File processed successfully.",
+        message: "File deleted successfully.",
         meta: {}
       });
     } catch (error) {
-      console.error(error);
       return this.sendResponse({
         success: false,
-        message: "An error occurred during file processing.",
+        message: "An error occurred during file deletion.",
         meta: {}
       });
     }
   };
+
+  public listFiles = async (filePath: string): Promise<actionResponse> => {
+    const hasReadPermission = await this.permissionCheck("read", filePath);
+    if (!hasReadPermission) {
+      return this.sendResponse({
+        success: false,
+        message: "You do not have permission to list files in this path.",
+        meta: {}
+      });
+    }
+  
+    try {
+      const listRef = ref(this.storage, filePath.replaceAll('/', '-'));
+      const listResult = await listAll(listRef);
+      const filesPromises = listResult.items.map(async (item) => {
+        const downloadURL = await getDownloadURL(item);
+        return {
+          fileName: item.name,
+          fullPath: item.fullPath, // Assuming fullPath is a property available on the item
+          downloadURL: downloadURL
+        };
+      });
+      const files = await Promise.all(filesPromises);
+      return this.sendResponse({
+        success: true,
+        message: "Files listed successfully.",
+        meta: { files }
+      });
+    } catch (error) {
+      return this.sendResponse({
+        success: false,
+        message: "An error occurred while listing files.",
+        meta: {}
+      });
+    }
+  }
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@edgedev/firebase",
-  "version": "2.0.33",
+  "version": "2.0.35",
   "description": "Vue 3 / Nuxt 3 Plugin or Nuxt 3 plugin for firebase authentication and firestore.",
   "main": "index.ts",
   "scripts": {

package/src/.env.dev

@@ -4,5 +4,4 @@ STRIPE_RETURN_URL=
 OPENAI_API_KEY=
 TWILIO_SID=
 TWILIO_AUTH_TOKEN=
-TWILIO_SYSTEM_NUMBER=
-STORAGE_BUCKET=
+TWILIO_SYSTEM_NUMBER=

package/src/.env.prod

@@ -4,5 +4,4 @@ STRIPE_RETURN_URL=
 OPENAI_API_KEY=
 TWILIO_SID=
 TWILIO_AUTH_TOKEN=
-TWILIO_SYSTEM_NUMBER=
-STORAGE_BUCKET=
+TWILIO_SYSTEM_NUMBER=

package/src/edgeFirebase.js

@@ -1,12 +1,11 @@
 /* eslint-disable @typescript-eslint/no-var-requires */
 /* eslint-disable no-undef */
-const { onCall, HttpsError, logger, getFirestore, functions, admin, twilio, db, onSchedule, onDocumentUpdated, pubsub } = require('./config.js')
+const { onCall, HttpsError, logger, getFirestore, functions, admin, twilio, db, onSchedule, onDocumentUpdated, pubsub, Storage } = require('./config.js')
 
 const authToken = process.env.TWILIO_AUTH_TOKEN
 const accountSid = process.env.TWILIO_SID
 const systemNumber = process.env.TWILIO_SYSTEM_NUMBER
 
-
 function formatPhoneNumber(phone) {
   // Remove non-numeric characters from the phone number
   const numericPhone = phone.replace(/\D/g, '')
@@ -14,119 +13,31 @@ function formatPhoneNumber(phone) {
   return `+1${numericPhone}`
 }
 
+const permissionCheck = async (userId, action, originalFilePath) => {
+  // Fetch user document
+  const collectionPath = originalFilePath.replace(/\//g, '-')
+  const userDoc = await db.collection('users').doc(userId).get()
+  const userData = userDoc.data()
 
+  // Fetch roles from user data
+  const roles = Object.values(userData.roles || {})
 
-// File functions:
-
-//TODO: NEED TO WRITE WRAPPERS FOR THESE IN THE edgeFirebase.js file... UPLOAD has to do alot more... upload needs to acutall upload the file to firestorage... get the path, then pass it to the uploadFile function...
-//TODO: the uploadFile funntion needs to delete the file if they don't have permission to write to the path... 
-
-const bucketName = process.env.BUCKET_NAME
-const storage = new Storage();
-const bucket = storage.bucket(bucketName)
+  for (const role of roles) {
+    // Check if the role's collectionPath is a prefix of the collectionPath
+    if (collectionPath.startsWith(role.collectionPath)) {
+      // Fetch collection data
+      const collectionDoc = await db.collection('collection-data').doc(role.collectionPath).get()
+      const collectionData = collectionDoc.exists ? collectionDoc.data() : await db.collection('collection-data').doc('-default-').get().then(doc => doc.data())
 
-exports.uploadFile = onCall(async (request) => {
-  const auth = request.auth
-  if (data.uid !== auth.uid) {
-    throw new functions.https.HttpsError('permission-denied', 'You do not have permission to upload files for this user.');
-  }
-  const tempFilesPath = `temp/${auth.uid}/`;
-  const [files] = await bucket.getFiles({ prefix: tempFilesPath });
-  for (const file of files) {
-    const originalFilePath = file.name.replace(/-\|-/g, '/');
-    const hasWritePermission = await permissionCheck(auth.uid, "write", originalFilePath);
-    if (hasWritePermission) {
-      // Move file to the new path
-      await bucket.file(file.name).move(originalFilePath);
-    } else {
-      // Delete the file if no write permission
-      await bucket.file(file.name).delete();
+      // Check if action is permitted
+      if (collectionData && collectionData[role.role] && collectionData[role.role][action]) {
+        return true
+      }
     }
   }
-});
-
-exports.downloadFile = onCall(async (request) => {
-  const data = request.data;
-  const auth = request.auth
-  if (data.uid !== auth.uid) {
-    throw new functions.https.HttpsError('permission-denied', 'You do not have permission to upload files for this user.');
-  }
-  // Permission check for downloading the specified file
-  const canRead = await permissionCheck(auth.uid, "read", data.filePath);
-  if (!canRead) {
-    throw new HttpsError('permission-denied', 'You do not have permission to download this file.');
-  }
-
-  const options = {
-    version: 'v4',
-    action: 'read',
-    expires: Date.now() + 5 * 60 * 1000, // 5 minutes
-  };
-
-  try {
-    const [url] = await bucket.file(data.filePath).getSignedUrl(options);
-    return { success: true, url };
-  } catch (error) {
-    logger.error(error);
-    throw new HttpsError('internal', 'Unable to generate download URL.');
-  }
-});
-
-exports.listFiles = onCall(async (request) => {
-  // Validate user authentication
-  const data = request.data
-  const auth = request.auth
-  if (data.uid !== auth.uid) {
-    throw new functions.https.HttpsError('permission-denied', 'You do not have permission to upload files for this user.');
-  }
-
-  // Permission check for reading the specified directory
-  const canRead = await permissionCheck(auth.uid, "read", data.directoryPath);
-  if (!canRead) {
-    throw new HttpsError('permission-denied', 'You do not have permission to list files in this directory.');
-  }
-
-  try {
-    const [files] = await bucket.getFiles({ prefix: data.directoryPath });
-    const fileList = files.map(file => file.name);
-    return { success: true, fileList };
-  } catch (error) {
-    logger.error(error);
-    throw new HttpsError('internal', 'Unable to list files.');
-  }
-});
-
-
-exports.deleteFile = onCall(async (request) => {
-  // Validate user authentication
-  const data = request.data
-  const auth = request.auth
-  if (data.uid !== auth.uid) {
-    throw new functions.https.HttpsError('permission-denied', 'You do not have permission to upload files for this user.');
-  }
-
-  // Extract filePath from the request data
-  const filePath = data.filePath;
-
-  // Perform permission check for deleting the specified file
-  const canDelete = await permissionCheck(auth.uid, "delete", filePath);
-  if (!canDelete) {
-    throw new functions.https.HttpsError('permission-denied', 'You do not have permission to delete this file.');
-  }
-
-  try {
-    // Specify your bucket name
-    await storage.bucket(bucketName).file(filePath).delete();
-
-    return { success: true, message: "File successfully deleted." };
-  } catch (error) {
-    console.error("Error deleting file:", error);
-    throw new functions.https.HttpsError('internal', 'Failed to delete file.');
-  }
-});
-
-//end file functions
-
+  // If no permission found, return false
+  return false
+}
 
 exports.topicQueue = onSchedule({ schedule: 'every 1 minutes', timeoutSeconds: 180 }, async (event) => {
   const queuedTopicsRef = db.collection('topic-queue')
@@ -178,7 +89,7 @@ exports.sendVerificationCode = onCall(async (request) => {
   const data = request.data
   let code = (Math.floor(Math.random() * 1000000) + 1000000).toString().substring(1)
   const phone = formatPhoneNumber(data.phone)
-  
+
   if (phone === '+19999999999') {
     code = '123456'
   }
@@ -374,32 +285,6 @@ exports.checkOrgIdExists = onCall(async (request) => {
   return { exists: orgDoc.exists }
 })
 
-const permissionCheck = async (userId, action, collectionPath) => {
-  // Fetch user document
-  const userDoc = await db.collection('users').doc(userId).get()
-  const userData = userDoc.data()
-
-  // Fetch roles from user data
-  const roles = userData.roles || []
-
-  // Check each role for permission
-  for (const role of roles) {
-    if (role.collectionPath === collectionPath) {
-      // Fetch collection data
-      const collectionDoc = await db.collection('collection-data').doc(collectionPath).get()
-      const collectionData = collectionDoc.exists ? collectionDoc.data() : await db.collection('collection-data').doc('-default-').get().then(doc => doc.data())
-
-      // Check if action is permitted
-      if (collectionData && collectionData[role.role] && collectionData[role.role][action]) {
-        return true
-      }
-    }
-  }
-
-  // If no permission found, return false
-  return false
-}
-
 exports.deleteSelf = onCall(async (request) => {
   if (request.data.uid === request.auth.uid) {
     try {

package/src/storage.rules

@@ -2,17 +2,44 @@ rules_version = '2';
 // #EDGE FIREBASE RULES START
 service firebase.storage {
   match /b/{bucket}/o {
-    // Deny read access to all paths
-    match /{allPaths=**} {
-      allow read: if false;
+    // Match the file path structure you're using, simulating the Firestore document path structure for permissions.
+    function getRolePermission(role, collection, permissionCheck) {
+        let pathCollectionPermissions = firestore.get(/databases/(default)/documents/collection-data/$(collection)).data;
+        let defaultPermissions = firestore.get(/databases/(default)/documents/collection-data/-default-).data;
+        return (role in pathCollectionPermissions && pathCollectionPermissions[role][permissionCheck]) ||
+              (role in defaultPermissions && defaultPermissions[role][permissionCheck]);
     }
-    // Allow write access only to paths matching /temp/{userId}/{anyPath=**}
-    // {userId} is a placeholder for the actual user ID
-    // {anyPath=**} matches any file path under /temp/{userId}/
-    match /temp/{userId}/{anyPath=**} {
-      allow write: if request.auth != null && request.auth.uid == userId;
-      // Keep read access denied
-      allow read: if false;
+    function checkPermission(permissionCheck, collectionPath) {
+      let user = firestore.get(/databases/(default)/documents/users/$(request.auth.uid)).data;
+      let ruleHelper = firestore.get(/databases/(default)/documents/rule-helpers/$(request.auth.uid)).data;
+      return  request.auth != null &&
+              collectionPath in ruleHelper &&
+              "permissionCheckPath" in ruleHelper[collectionPath] &&
+              (
+                ruleHelper[collectionPath].permissionCheckPath == "-" ||
+                collectionPath.matches("^" + ruleHelper[collectionPath].permissionCheckPath + ".*$")
+              ) &&
+              (
+                (
+                  "roles" in user &&
+                  ruleHelper[collectionPath].permissionCheckPath in user.roles &&
+                  getRolePermission(user.roles[ruleHelper[collectionPath].permissionCheckPath].role, ruleHelper[collectionPath].permissionCheckPath, permissionCheck)
+                ) ||
+                (
+                  "specialPermissions" in user &&
+                  ruleHelper[collectionPath].permissionCheckPath in user.specialPermissions &&
+                  permissionCheck in user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath] &&
+                  user.specialPermissions[ruleHelper[collectionPath].permissionCheckPath][permissionCheck]
+                )
+              );
+    }
+    match /{dir}/{fileId} {
+      // General read permission check based on Firestore data
+      allow read: if checkPermission("read", dir);
+      // General write permission check, including creating and updating files
+      allow write: if checkPermission("write", dir);
+      // General delete permission check
+      allow delete: if checkPermission("write", dir);
     }
   }
 }