backend-manager 2.5.60 → 2.5.62
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -60,14 +60,29 @@ Module.prototype.signOutOfSession = function (uid, session) {
|
|
|
60
60
|
.then(async (snap) => {
|
|
61
61
|
const data = snap.val() || {};
|
|
62
62
|
const keys = Object.keys(data);
|
|
63
|
+
|
|
63
64
|
for (var i = 0; i < keys.length; i++) {
|
|
64
65
|
const key = keys[i];
|
|
66
|
+
|
|
65
67
|
self.assistant.log(`Signing out: ${key}`, {environment: 'production'});
|
|
66
|
-
|
|
68
|
+
|
|
69
|
+
// Send signout command
|
|
70
|
+
await self.libraries.admin.database().ref(`${session}/${key}/command`)
|
|
71
|
+
.set('signout')
|
|
72
|
+
.catch(e => self.assistant.error(`Failed to signout of session ${key}`, e))
|
|
73
|
+
|
|
67
74
|
// await powertools.wait(3000);
|
|
68
|
-
|
|
75
|
+
|
|
76
|
+
// Delete session
|
|
77
|
+
setTimeout(function () {
|
|
78
|
+
self.libraries.admin.database().ref(`${session}/${key}`)
|
|
79
|
+
.remove()
|
|
80
|
+
.catch(e => self.assistant.error(`Failed to delete session ${key}`, e))
|
|
81
|
+
}, 30000);
|
|
82
|
+
|
|
69
83
|
count++;
|
|
70
84
|
}
|
|
85
|
+
|
|
71
86
|
return resolve(count);
|
|
72
87
|
})
|
|
73
88
|
.catch(e => {
|
|
@@ -1,27 +1,29 @@
|
|
|
1
1
|
rules_version = '2';
|
|
2
2
|
service cloud.firestore {
|
|
3
3
|
match /databases/{database}/documents {
|
|
4
|
+
// Custom rules
|
|
5
|
+
// ...
|
|
4
6
|
|
|
7
|
+
///---default-rules---///
|
|
5
8
|
// Lock by default
|
|
6
9
|
match /{document=**} {
|
|
7
10
|
allow read, write: if isAdmin();
|
|
8
11
|
}
|
|
9
|
-
|
|
10
|
-
//
|
|
11
|
-
///---default-rules---///
|
|
12
|
+
|
|
13
|
+
// Protect user account data
|
|
12
14
|
match /users/{uid} {
|
|
13
15
|
allow read: if belongsTo(uid);
|
|
14
|
-
allow write: if
|
|
15
|
-
// might also want to include a check for email verified?
|
|
16
|
+
allow write: if belongsTo(uid) && !isWritingProtectedUserField();
|
|
16
17
|
}
|
|
18
|
+
|
|
19
|
+
// Protect notification data
|
|
17
20
|
match /notifications/subscriptions/all/{token} {
|
|
18
|
-
allow read: if
|
|
19
|
-
allow update: if
|
|
21
|
+
allow read: if existingData().token == token || belongsTo(existingData().link.user.pk);
|
|
22
|
+
allow update: if existingData().token == token;
|
|
20
23
|
allow create: if true;
|
|
21
24
|
}
|
|
22
25
|
///---------end---------///
|
|
23
26
|
|
|
24
|
-
|
|
25
27
|
///---backend-manager---///
|
|
26
28
|
///---version=0.0.0---///
|
|
27
29
|
// Basic rules
|
|
@@ -34,10 +36,10 @@ service cloud.firestore {
|
|
|
34
36
|
return request.auth.uid;
|
|
35
37
|
}
|
|
36
38
|
function isAuthenticated() {
|
|
37
|
-
return request.auth
|
|
39
|
+
return request.auth != null;
|
|
38
40
|
}
|
|
39
41
|
function belongsTo(identity) {
|
|
40
|
-
return
|
|
42
|
+
return isAuthenticated() && (authUid() == identity || authEmail() == identity);
|
|
41
43
|
// eventually include a check for (existingData().link.email == identity)...(in case its a doc owned by a user that's not actually user doc)
|
|
42
44
|
}
|
|
43
45
|
|
|
@@ -58,13 +60,12 @@ service cloud.firestore {
|
|
|
58
60
|
|
|
59
61
|
function isWritingProtectedUserField() {
|
|
60
62
|
return isWritingField('auth')
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|| isWritingField('view');
|
|
63
|
+
|| isWritingField('roles')
|
|
64
|
+
|| isWritingField('plan')
|
|
65
|
+
|| isWritingField('affiliate')
|
|
66
|
+
|| isWritingField('api')
|
|
67
|
+
|| isWritingField('link')
|
|
68
|
+
|| isWritingField('usage');
|
|
68
69
|
}
|
|
69
70
|
|
|
70
71
|
function isCreatingField(field) {
|