https://github.com/rootz491/connect-491

maybe a serious web app for social media.
https://github.com/rootz491/connect-491

Last synced: 3 months ago
JSON representation

maybe a serious web app for social media.

• Host: GitHub
• URL: https://github.com/rootz491/connect-491
• Owner: rootz491
• Created: 2020-10-12T11:55:30.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2020-10-21T15:08:22.000Z (over 5 years ago)
• Last Synced: 2026-01-31T12:23:37.131Z (4 months ago)
• Language: HTML
• Homepage: https://connect-491.web.app
• Size: 58.6 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md

Awesome Lists containing this project

README

          
# FIREBASE 

## security rules

    >   .read       describes if and when data is allowed to be read by users.

    >   .write      describes if and when data is allowed to be written.

    >   .validate   defines what a correctly formatted value will look like, whether it has child attributes, and the data type.

    >   .indexOn    specifies a child index to support ordering and querying.

    *to validate write by autherisation*

    "user" {

        "$uid": {

            ".write": "$uid === auth.uid"

        }

    }

    *incoming data validation*

    "post": {

        ".validate": "newData.isString() && newData.val().length < 100"

    }

    *defining database indexes*

    "user": {

        "indexOn": ["userName", "age", "rank"]

    }

    *structuring security rules*

    "parent": {

        "child": {

            ".read": ,

            ".write": ,

            ".validate": 

        }

    }

    *wildcard capture variables*

    "posts": {

        "$pid": {

            "comments": {

                ".write": "$pid.contains('public')"

            }

        }

    }

    *Any write that would result in additional children being created would fail*

    "user": {

        "$uid": {

            "name": {".validate": },

            "age": {".validate": },

            "role": {".validate": },

            "$other": {".validate": false}

        }

    }

    >   a path is always string, so can't compare it with number.

        so bypass:

        $key === newData.val+()     will work just fine.

    *this is a delete or a create, but not an update*

    ".write": "!data.exists() || !newData.exists()"

    *reference data in other path*

    >   root, data, newData.

    *EXAMPLE*

    ".write": "root.child('allow_writes').val() === true &&

          !data.parent().child('readOnly').exists() &&

          newData.child('foo').exists()"

    *EXAMPLE RULES OVERVIEW*

    {

      "rules": {

        // write is allowed for all paths

        ".write": true,

        "widget": {

          // a valid widget must have attributes "color" and "size"

          // allows deleting widgets (since .validate is not applied to delete rules)

          ".validate": "newData.hasChildren(['color', 'size'])",

          "size": {

            // the value of "size" must be a number between 0 and 99

            ".validate": "newData.isNumber() &&

                          newData.val() >= 0 &&

                          newData.val() <= 99"

          },

          "color": {

            // the value of "color" must exist as a key in our mythical

            // /valid_colors/ index

            ".validate": "root.child('valid_colors/' + newData.val()).exists()"

          }

        }

      }

}