backend-manager 2.5.60 → 2.5.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/templates/firestore.rules +18 -17
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "backend-manager",
|
|
3
|
-
"version": "2.5.
|
|
3
|
+
"version": "2.5.61",
|
|
4
4
|
"description": "Quick tools for developing Firebase functions",
|
|
5
5
|
"main": "src/manager/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -62,4 +62,4 @@
|
|
|
62
62
|
"wonderful-fetch": "^0.0.17",
|
|
63
63
|
"yargs": "^17.7.1"
|
|
64
64
|
}
|
|
65
|
-
}
|
|
65
|
+
}
|
|
@@ -1,27 +1,29 @@
|
|
|
1
1
|
rules_version = '2';
|
|
2
2
|
service cloud.firestore {
|
|
3
3
|
match /databases/{database}/documents {
|
|
4
|
+
// Custom rules
|
|
5
|
+
// ...
|
|
4
6
|
|
|
7
|
+
///---default-rules---///
|
|
5
8
|
// Lock by default
|
|
6
9
|
match /{document=**} {
|
|
7
10
|
allow read, write: if isAdmin();
|
|
8
11
|
}
|
|
9
|
-
|
|
10
|
-
//
|
|
11
|
-
///---default-rules---///
|
|
12
|
+
|
|
13
|
+
// Protect user account data
|
|
12
14
|
match /users/{uid} {
|
|
13
15
|
allow read: if belongsTo(uid);
|
|
14
|
-
allow write: if
|
|
15
|
-
// might also want to include a check for email verified?
|
|
16
|
+
allow write: if belongsTo(uid) && !isWritingProtectedUserField();
|
|
16
17
|
}
|
|
18
|
+
|
|
19
|
+
// Protect notification data
|
|
17
20
|
match /notifications/subscriptions/all/{token} {
|
|
18
|
-
allow read: if
|
|
19
|
-
allow update: if
|
|
21
|
+
allow read: if existingData().token == token || belongsTo(existingData().link.user.pk);
|
|
22
|
+
allow update: if existingData().token == token;
|
|
20
23
|
allow create: if true;
|
|
21
24
|
}
|
|
22
25
|
///---------end---------///
|
|
23
26
|
|
|
24
|
-
|
|
25
27
|
///---backend-manager---///
|
|
26
28
|
///---version=0.0.0---///
|
|
27
29
|
// Basic rules
|
|
@@ -34,10 +36,10 @@ service cloud.firestore {
|
|
|
34
36
|
return request.auth.uid;
|
|
35
37
|
}
|
|
36
38
|
function isAuthenticated() {
|
|
37
|
-
return request.auth
|
|
39
|
+
return request.auth != null;
|
|
38
40
|
}
|
|
39
41
|
function belongsTo(identity) {
|
|
40
|
-
return
|
|
42
|
+
return isAuthenticated() && (authUid() == identity || authEmail() == identity);
|
|
41
43
|
// eventually include a check for (existingData().link.email == identity)...(in case its a doc owned by a user that's not actually user doc)
|
|
42
44
|
}
|
|
43
45
|
|
|
@@ -58,13 +60,12 @@ service cloud.firestore {
|
|
|
58
60
|
|
|
59
61
|
function isWritingProtectedUserField() {
|
|
60
62
|
return isWritingField('auth')
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|| isWritingField('view');
|
|
63
|
+
|| isWritingField('roles')
|
|
64
|
+
|| isWritingField('plan')
|
|
65
|
+
|| isWritingField('affiliate')
|
|
66
|
+
|| isWritingField('api')
|
|
67
|
+
|| isWritingField('link')
|
|
68
|
+
|| isWritingField('usage');
|
|
68
69
|
}
|
|
69
70
|
|
|
70
71
|
function isCreatingField(field) {
|