From c41e41d66e0b4c61108a80c9c0439bedeb5f82ee Mon Sep 17 00:00:00 2001 From: Tom Arra Date: Thu, 12 May 2022 09:00:55 -0500 Subject: [PATCH] fix: update Firestore rules (#469) * fix: udpate firestore rules * updated initial check for specific characters * Better Regex * kick the bot * remove space to rekick * kick --- firestore.rules | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/firestore.rules b/firestore.rules index ba0521d0..5154b29a 100644 --- a/firestore.rules +++ b/firestore.rules @@ -9,21 +9,33 @@ service cloud.firestore { } function inCharLimit(initials) { - return initials.size() < 4; + return initials.matches('[A-Z]{3}'); + } + + function isValidScore(score) { + return score > 0 && score < 9999999999; } function isAuthedUser(auth) { - return request.auth.uid != null && auth.token.firebase.sign_in_provider == "anonymous" + return request.auth.uid != null && auth.token.firebase.sign_in_provider == 'anonymous' } + + function isValidCharacter(character) { + return character == 'android' || character == 'dash' || character == 'dino' || character == 'sparky'; + } // Leaderboard can be read if it doesn't contain any prohibited initials allow read: if isAuthedUser(request.auth); // A leaderboard entry can be created if the user is authenticated, - // it's 3 characters long, and not a prohibited combination. + // it's 3 characters long and capital letters only, not a + // prohibited combination, the score is within the accepted score window + // and the character is in the valid list allow create: if isAuthedUser(request.auth) && inCharLimit(request.resource.data.playerInitials) && - !prohibited(request.resource.data.playerInitials); + !prohibited(request.resource.data.playerInitials) && + isValidScore(request.resource.data.score) && + isValidCharacter(request.resource.data.character); } } -} \ No newline at end of file +} \ No newline at end of file