npm - backend-manager - Versions diffs - 2.3.8 → 2.3.11 - Mend

backend-manager 2.3.8 → 2.3.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "backend-manager",
-  "version": "2.3.8",
+  "version": "2.3.11",
   "description": "Quick tools for developing Firebase functions",
   "main": "src/manager/index.js",
   "bin": {

package/src/manager/functions/core/actions/api/user/get-active-sessions.js ADDED Viewed

@@ -0,0 +1,44 @@
+const _ = require('lodash')
+function Module() {
+}
+Module.prototype.main = function () {
+  const self = this;
+  const Manager = self.Manager;
+  const Api = self.Api;
+  const assistant = self.assistant;
+  const payload = self.payload;
+  return new Promise(async function(resolve, reject) {
+    self.Api.resolveUser({adminRequired: true})
+    .then(async (user) => {
+      const uid = _.get(user, 'auth.uid', null);
+      const id = _.get(payload.data.payload, 'id', 'sessions/app');
+      assistant.log(`Getting active sessions for ${uid} @ ${id}`, {environment: 'production'})
+      await self.libraries.admin.database().ref(id)
+      .orderByChild('uid')
+      .equalTo(uid)
+      .once('value')
+      .then(async (snap) => {
+        const data = (snap.val() || []).filter(i => i);
+        return resolve({data: data});
+      })
+      .catch(e => {
+        return reject(assistant.errorManager(`Session query error: ${e}`, {code: 500, sentry: false, send: false, log: false}).error)
+      })
+    })
+    .catch(e => {
+      return reject(e);
+    })
+  });
+};
+module.exports = Module;

package/src/manager/functions/core/actions/api/user/sign-out-all-sessions.js CHANGED Viewed

@@ -16,24 +16,27 @@ Module.prototype.main = function () {
     self.Api.resolveUser({adminRequired: true})
     .then(async (user) => {
       const uid = _.get(user, 'auth.uid', null);
+      const id = _.get(payload.data.payload, 'id', 'sessions/app');
-      await self.libraries.admin.database().ref(`gatherings/online`)
+      assistant.log(`Signing out of all active sessions for ${uid} @ ${id}`, {environment: 'production'})
+      await self.libraries.admin.database().ref(id)
       .orderByChild('uid')
       .equalTo(uid)
       .once('value')
-      .then(async snap => {
+      .then(async (snap) => {
         const data = snap.val();
         const keys = Object.keys(data || {});
         for (var i = 0; i < keys.length; i++) {
           const key = keys[i];
           self.assistant.log(`Signing out: ${key}`, {environment: 'production'});
-          await self.libraries.admin.database().ref(`gatherings/online/${key}/command`).set('signout').catch(e => self.assistant.error(`Failed to signout ${key}`, e))
+          await self.libraries.admin.database().ref(`${id}/${key}/command`).set('signout').catch(e => self.assistant.error(`Failed to signout ${key}`, e))
           await powertools.wait(3000);
-          await self.libraries.admin.database().ref(`gatherings/online/${key}`).remove().catch(e => self.assistant.error(`Failed to delete ${key}`, e))
+          await self.libraries.admin.database().ref(`${id}/${key}`).remove().catch(e => self.assistant.error(`Failed to delete ${key}`, e))
         }
       })
       .catch(e => {
-        console.error('Gathering query error', e);
+        console.error('Session query error', e);
       })
       await self.libraries.admin

package/templates/database.rules.json CHANGED Viewed

@@ -3,7 +3,44 @@
     ///---backend-manager---///
     ///---version=0.0.0---///
-    // Gathering rules
+    // Sessions rules
+    "sessions": {
+      ".read": false,
+      ".write": false,
+			"$room": {
+        ".read": "
+        	(auth.uid != null && query.equalTo == auth.uid)
+        ",
+        ".write": false,
+        ".indexOn": ["uid"],
+        "$id": {
+          ".read": "
+          	// Allowed if user is authenticated AND is the owner of the doc
+          	(auth != null && auth.uid == data.child('uid').val())
+            // Allowed if uid is equal to the doc id [LEGACY FOR SOMIIBO]
+            || (auth != null && auth.uid == $id)
+          	// Allowed if user is not authenticated AND is the doc has no owner
+          	|| (auth == null && (data.child('uid').val() == ''))
+          ",
+          ".write": "
+          	// Allowed if the user is authenticated AND is the owner of the existing doc
+          	(auth != null && auth.uid == data.child('uid').val())
+          	// Allowed if the user is authenticated AND is the owner of the new doc
+          	|| (auth != null && auth.uid == newData.child('uid').val())
+            // Allowed if the user is authenticated AND is the owner of the existing doc
+          	|| (auth != null && auth.uid == data.child('uid').val())
+            // Allowed if uid is equal to the doc id [LEGACY FOR SOMIIBO]
+            || (auth != null && auth.uid == $id)
+            // Allowed if the existing doc has no owner
+          	|| (data.child('uid').val() == '')
+          	// Allowed if the new doc has no owner
+          	|| (newData.child('uid').val() == '')
+            // Allowed if it's a delete
+          	|| (!newData.exists())
+          ",
+      	}
+      }
+    },
     "gatherings": {
       ".read": false,
       ".write": false,