firebase-js-rules
v0.5.1
Published
firebase rules, javascript style
Downloads
12
Readme
firebase-js-rules
firebase rules, javascript style - EXPERIMENTAL, tested but not used in production
The current way to create security rules for firebase is to edit a JSON file and then validate. Single file, no variables, no comments, no syntax highlighting, lots of repetitions.
• Example • Features • API • License
Example
var R = require('../index')
var rulesJSON = JSON.parse(`{
"users": {
"$user": {
".read": true,
".write": true,
".validate": "newData.hasChildren(['name','age'])"
}
}
}`)
//produces the same result (rJSON deep equal rJS)
var rulesJS = R({
users: R({
$user: R()
.read(true)
.write((auth, $user) => $user === auth.uid)
.validate(newData => newData.hasChildren(['name', 'age']))
})
})
//write to file
.save('./firebase-rules.json')
Features
- friendly with other javascript tools: linters, highlighers, autosuggest, ...
- variables to individually define, re-use or augment rule-sets or rule-templates
- commonJS module to individually prepare and test sets of rules and group them last
Two other tools already exist:
- firebase-bolt a YAML format that requires learning another syntax
- firebase-blaze another YAML format - DEPRECATED
API
R([template])
=> ruleObject
with the following methods
.read(logic)
=>ruleObject
with added property.write(logic)
=>ruleObject
with added property.indexOn(logic)
=>ruleObject
with added property.save([fileName])
nest in{rules: ruleObject}
and saves to a JSON file
rule logic
is either
- a JSON primitive to be used as-is:
string
,boolean
,null
- an arrow-function expression:
(auth, data, newData) => !data.exists() && newData.child('user_id').val() == auth.uid
- Only arrow functions and no curly braces to only allow expressions
- Function is run before extrating the body string to make sure that the variables methods are allowed
License
Released under the MIT License