feat(firestore-signup): add security rules

eficode · Dec 29, 2020 · 51ef618 · 51ef618
1 parent 9f6240c
commit 51ef618
Showing 1 changed file with 25 additions and 4 deletions.
diff --git a/packages/firestore/firestore.rules b/packages/firestore/firestore.rules
@@ -1,9 +1,30 @@
 rules_version = '2';
 service cloud.firestore {
   match /databases/{database}/documents {
-    match /{document=**} {
-      allow read, write: if
-          request.time < timestamp.date(2021, 1, 16);
+
+    match /users/{userId} {
+      allow read: if userId == authUserUid();
+      allow create: if userId == authUserUid() && isValidUserCreate();
     }
+
+    function isValidUserCreate() {
+      return newData().keys().hasOnly(['role', 'devOpsMaturity', 'email'])
+        && newData().role is string
+        && newData().devOpsMaturity is string
+        && newData().email == request.auth.token.email;
+    }
+  }
+
+
+  function newData() {
+    return request.resource.data;
+  }
+
+  function authUserUid() {
+    return request.auth.uid;
+  }
+
+  function isAuthenticated() {
+    return request.auth != null;
   }
-}
+}