Options
All
  • Public
  • Public/Protected
  • All
Menu

@jahed/firebase-rules

@jahed/firebase-rules

Travis npm Patreon Liberapay PayPal

A type-safe Firebase Real-time Database Security Rules builder.

  • Compose and re-use common rules.
  • Reference constants used throughout the project.
  • Catch any errors and typos.
  • Auto-completion.

Installation

 
npm install --save-dev @jahed/firebase-rules

Usage

Import the modules you need to build your rules. You can create helper functions to reduce reptition and give your rules more context. For this example, we'll just use the modules directly to keep it simple.

import { node, props, validate, newData, read, write, equal, auth, allowAll, param, between, oneOf, not, data } from '@jahed/firebase-rules'

const rules = {
  rules: node(props({
    app: node(
      props({
        update: node(props({
          version: node(validate(newData.isString())),
          force: node(validate(newData.isBoolean())),
          timestamp: node(validate(newData.isNumber()))
        })),
        delay: node(validate(newData.isNumber()))
      }),
      read(allowAll),
      write(equal(auth.uid, 'service-admin'))
    ),
    users: node(
      param('$userId', $userId => node(
        props({
          name: node(validate(
            newData.isString(val => between(val.length, 0, 24))
          )),
          created_at: node(validate(
            newData.isNumber(newVal => oneOf(
              not(data.exists()),
              data.isNumber(val => equal(val, newVal))
            ))
          ))
        }),
        write(equal($userId, auth.uid)),
        validate(newData.hasChildren(['name', 'created_at']))
      )),
      read(allowAll)
    )
  }))
}

const json = JSON.stringify(rules, null, 2)

Now you can write json to a file and push it to Firebase. The configuration above will look like this in JSON:

{
  "rules": {
    "app": {
      "update": {
        "version": {
          ".validate": "newData.isString()"
        },
        "force": {
          ".validate": "newData.isBoolean()"
        },
        "timestamp": {
          ".validate": "newData.isNumber()"
        },
        "$other": {
          ".validate": false
        }
      },
      "delay": {
        ".validate": "newData.isNumber()"
      },
      "$other": {
        ".validate": false
      },
      ".read": true,
      ".write": "(auth.uid === \"service-admin\")"
    },
    "users": {
      "$userId": {
        "name": {
          ".validate": "(newData.isString() && ((newData.val().length > 0) && (newData.val().length < 24)))"
        },
        "created_at": {
          ".validate": "(newData.isNumber() && (!data.exists() || (data.isNumber() && (data.val() === newData.val()))))"
        },
        "$other": {
          ".validate": false
        },
        ".write": "($userId === auth.uid)",
        ".validate": "newData.hasChildren([\"name\",\"created_at\"])"
      },
      ".read": true
    },
    "$other": {
      ".validate": false
    }
  }
}

For more thorough examples, see the tests.

API

For complete API documentation, see the documentation website.

License

MIT.

Generated using TypeDoc