Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dergoegge/firebase-security-testing

Testing framework for firestore and firebase storage security rules.
https://github.com/dergoegge/firebase-security-testing

firebase security-rules security-testing testing-framework

Last synced: 8 days ago
JSON representation

Testing framework for firestore and firebase storage security rules.

Host: GitHub
URL: https://github.com/dergoegge/firebase-security-testing
Owner: dergoegge
License: apache-2.0
Created: 2019-03-14T21:14:13.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2022-12-10T16:57:10.000Z (almost 2 years ago)
Last Synced: 2024-10-04T15:45:58.693Z (about 1 month ago)
Topics: firebase, security-rules, security-testing, testing-framework
Language: JavaScript
Size: 197 KB
Stars: 5
Watchers: 1
Forks: 0
Open Issues: 8
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Firebase security rules testing

There is currently no official testing framework for firebase storage security rules.

There is how ever the [Firebase Rules API](https://developers.google.com/apis-explorer/?hl=en_US#search/firebaserules/firebaserules/v1/) which does provide unit testing functionality.

The simulator in the firebase console makes use of this api.

This repository is an attempt at a client for this api and since the api works for both **Firestore** and **Firebase Storage** you will be able to test both types of security rules with this client.

I also opened a feature request with firebase, so maybe they will realease something like this pretty soon with official support.

## Install

```sh

npm i firebase-security-testing

```

## Setup

In order for this package to work you will have to set the `FIREBASE_TOKEN` environment variable.

You can obtain the token with:

```sh

firebase login:ci

```

## Examples

## 

```javascript

const { RuleTestSuite, validateRuleSuite } = require('firebase-security-testing');

// Initialise the rule test suite

var storageRules = new RuleTestSuite({

	rulePath: 'storage.rules', // path to your rules file

	project: '', // your project name

	description: 'storage rules' // optional for logging of results

});

// add a test case

storageRules.test(''/* description for logging */, {

	path: '/b//o/path/to/resource',

	method: 'get',

	auth: {

		uid: '...',

		token: {

			'...': '...'

		}

	}

}).shouldSucceed(); // this test case should succeed

// ad another test case

storageRules.test(''/* description for logging */, {

	path: '/b//o/path/to/resource',

	method: 'create'

}).shouldFail(); // this test case should fail

// validate the tests

validateRuleSuite(storageRules, { logging: true, exitOnFailure: true });

```

*The `exitOnFailure` option defaults to true.*

## Test case options

The options for the test cases ("as far as i can tell") are the ones listed in the documentation for [firestore request](https://firebase.google.com/docs/reference/rules/rules.firestore.Request), [firestore resource](https://firebase.google.com/docs/reference/rules/rules.firestore.Resource), [storage request](https://firebase.google.com/docs/reference/security/storage/#request), [storage resource](https://firebase.google.com/docs/reference/security/storage/#resource)

## Contributing

Every contribution welcome just open a issue or pr...