From 852c14fa600d1996662bddc5bf9852bb5845a064 Mon Sep 17 00:00:00 2001 From: Tom Arra Date: Tue, 3 May 2022 16:22:11 -0500 Subject: [PATCH] feat: adding firestore rules --- firebase.json | 9 ++++----- firestore.rules | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 firestore.rules diff --git a/firebase.json b/firebase.json index 80e2ae69..2cf30143 100644 --- a/firebase.json +++ b/firebase.json @@ -1,11 +1,10 @@ { + "firestore": { + "rules": "firestore.rules" + }, "hosting": { "public": "build/web", "site": "ashehwkdkdjruejdnensjsjdne", - "ignore": [ - "firebase.json", - "**/.*", - "**/node_modules/**" - ] + "ignore": ["firebase.json", "**/.*", "**/node_modules/**"] } } diff --git a/firestore.rules b/firestore.rules new file mode 100644 index 00000000..5afff26a --- /dev/null +++ b/firestore.rules @@ -0,0 +1,29 @@ +rules_version = '2'; +service cloud.firestore { + match /databases/{database}/documents { + match /leaderboard/{userId} { + + function prohibited(initials) { + let prohibitedInitials = get(/databases/$(database)/documents/prohibitedInitials/list); + return initials in prohibitedInitials; + } + + function inCharLimit(initials) { + return initials.size() < 4; + } + + function isAuthedUser(auth) { + return auth.token.aud == "pinball-dev" && auth.token.firebase.sign_in_provider == "anonymous" + } + + // Leaderboard can be read if it doesn't contain any prohibited initials + allow read: if !prohibited(resource.data.playerInitials); + + // A leaderboard entry can be created if the user is authenticated, + // it's 3 characters long, and not a prohibited combination. + allow create: if isAuthedUser(request.auth) && + inCharLimit(request.resource.data.playerInitials) && + !prohibited(request.resource.data.playerInitials); + } + } +} \ No newline at end of file