Skip to content
A type-safe Firebase Real-time Database Security Rules builder
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
src
tests
.editorconfig
.gitignore
.travis.yml
LICENSE
README.md
jest.config.js
package.json
publish-docs.sh
tsconfig.es.json
tsconfig.json
tslint.json
yarn.lock

README.md

@jahed/firebase-rules

Travis npm Patreon Liberapay

A type-safe Firebase Real-time Database Security Rules builder.

Installation

# NPM
npm install --save-dev @jahed/firebase-rules

# Yarn
yarn add --dev @jahed/firebase-rules

Usage

Import the modules you need to build your rules. You can create helper functions to reduce reptition and give your rules more context. For this example, we'll just use the modules directly to keep it simple.

import { node, props, validate, newData, read, write, equal } from '@jahed/firebase-rules'

const rules = {
  rules: node(props({
    app: node(
      props({
        update: node(props({
          version: node(validate(newData.isString())),
          force: node(validate(newData.isBoolean())),
          timestamp: node(validate(newData.isNumber()))
        })),
        delay: node(validate(newData.isNumber()))
      }),
      read(allowAll),
      write(equal(auth.uid, 'service-admin'))
    ),
    users: node(
      param('$userId', $userId => node(
        props({
          name: node(validate(
            newData.isString(val => between(val.length, 0, 24))
          )),
          created_at: node(validate(
            newData.isNumber(newVal => oneOf(
              not(data.exists()),
              data.isNumber(val => equal(val, newVal))
            ))
          ))
        }),
        write(equal($userId, auth.uid)),
        validate(newData.hasChildren(['name', 'created_at']))
      )),
      read(allowAll)
    )
  }))
}

const json = JSON.stringify(rules, null, 2)

Now you can write json to a file and push it to Firebase. The configuration above will look like this in JSON:

{
  "rules": {
    "app": {
      "update": {
        "version": {
          ".validate": "newData.isString()"
        },
        "force": {
          ".validate": "newData.isBoolean()"
        },
        "timestamp": {
          ".validate": "newData.isNumber()"
        },
        "$other": {
          ".validate": false
        }
      },
      "delay": {
        ".validate": "newData.isNumber()"
      }
    },
    "users": {
      "$userId": {
        "name": {
          ".validate": "(newData.isString() && ((newData.val().length > 0) && (newData.val().length < 24)))"
        },
        "created_at": {
          ".validate": "(newData.isNumber() && (!data.exists() || (data.isNumber() && (data.val() === newData.val()))))"
        },
        "$other": {
          ".validate": false
        },
        ".write": "($userId === auth.uid)",
        ".validate": "newData.hasChildren([\"name\",\"created_at\"])"
      },
      ".read": true
    }
  }
}

For more thorough examples, see the tests.

API

For complete API documentation, see the documentation website.

License

MIT

You can’t perform that action at this time.