fix: update Firestore rules (#469)

* fix: udpate firestore rules * updated initial check for specific characters * Better Regex * kick the bot * remove space to rekick * kick
3 years ago · c41e41d66e
parent 75a5cf7537
commit c41e41d66e
1 changed files with 17 additions and 5 deletions
--- a/firestore.rules
+++ b/firestore.rules
@ -9,21 +9,33 @@ service cloud.firestore {
      }
      
      function inCharLimit(initials) {
-        return initials.size() < 4;
+        return initials.matches('[A-Z]{3}');
+      }
+
+      function isValidScore(score) {
+        return score > 0 && score < 9999999999;
      }
      
      function isAuthedUser(auth) {
-      	return request.auth.uid != null && auth.token.firebase.sign_in_provider == "anonymous"
+      	return request.auth.uid != null && auth.token.firebase.sign_in_provider == 'anonymous'
      }
+
+      function isValidCharacter(character) {
+         return character == 'android' || character == 'dash' || character == 'dino' || character == 'sparky';
+       }
   
      // Leaderboard can be read if it doesn't contain any prohibited initials
      allow read: if isAuthedUser(request.auth);
      
      // A leaderboard entry can be created if the user is authenticated,
-      // it's 3 characters long, and not a prohibited combination.
+      // it's 3 characters long and capital letters only, not a 
+      // prohibited combination, the score is within the accepted score window
+      // and the character is in the valid list
      allow create: if isAuthedUser(request.auth) &&
                       inCharLimit(request.resource.data.playerInitials) && 
-                       !prohibited(request.resource.data.playerInitials);
+                       !prohibited(request.resource.data.playerInitials) &&
+                       isValidScore(request.resource.data.score) &&
+                       isValidCharacter(request.resource.data.character);
    }
  }
-}
+}