320 lines
12 KiB
JavaScript
320 lines
12 KiB
JavaScript
/*! firebase-admin v11.0.1 */
|
|
"use strict";
|
|
/*!
|
|
* Copyright 2019 Google Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.SecurityRules = exports.Ruleset = exports.RulesetMetadataList = void 0;
|
|
const validator = require("../utils/validator");
|
|
const security_rules_api_client_internal_1 = require("./security-rules-api-client-internal");
|
|
const security_rules_internal_1 = require("./security-rules-internal");
|
|
/**
|
|
* A page of ruleset metadata.
|
|
*/
|
|
class RulesetMetadataList {
|
|
/**
|
|
* @internal
|
|
*/
|
|
constructor(response) {
|
|
if (!validator.isNonNullObject(response) || !validator.isArray(response.rulesets)) {
|
|
throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', `Invalid ListRulesets response: ${JSON.stringify(response)}`);
|
|
}
|
|
this.rulesets = response.rulesets.map((rs) => {
|
|
return {
|
|
name: stripProjectIdPrefix(rs.name),
|
|
createTime: new Date(rs.createTime).toUTCString(),
|
|
};
|
|
});
|
|
if (response.nextPageToken) {
|
|
this.nextPageToken = response.nextPageToken;
|
|
}
|
|
}
|
|
}
|
|
exports.RulesetMetadataList = RulesetMetadataList;
|
|
/**
|
|
* A set of Firebase security rules.
|
|
*/
|
|
class Ruleset {
|
|
/**
|
|
* @internal
|
|
*/
|
|
constructor(ruleset) {
|
|
if (!validator.isNonNullObject(ruleset) ||
|
|
!validator.isNonEmptyString(ruleset.name) ||
|
|
!validator.isNonEmptyString(ruleset.createTime) ||
|
|
!validator.isNonNullObject(ruleset.source)) {
|
|
throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', `Invalid Ruleset response: ${JSON.stringify(ruleset)}`);
|
|
}
|
|
this.name = stripProjectIdPrefix(ruleset.name);
|
|
this.createTime = new Date(ruleset.createTime).toUTCString();
|
|
this.source = ruleset.source.files || [];
|
|
}
|
|
}
|
|
exports.Ruleset = Ruleset;
|
|
/**
|
|
* The Firebase `SecurityRules` service interface.
|
|
*/
|
|
class SecurityRules {
|
|
/**
|
|
* @param app - The app for this SecurityRules service.
|
|
* @constructor
|
|
* @internal
|
|
*/
|
|
constructor(app) {
|
|
this.app = app;
|
|
this.client = new security_rules_api_client_internal_1.SecurityRulesApiClient(app);
|
|
}
|
|
/**
|
|
* Gets the {@link Ruleset} identified by the given
|
|
* name. The input name should be the short name string without the project ID
|
|
* prefix. For example, to retrieve the `projects/project-id/rulesets/my-ruleset`,
|
|
* pass the short name "my-ruleset". Rejects with a `not-found` error if the
|
|
* specified `Ruleset` cannot be found.
|
|
*
|
|
* @param name - Name of the `Ruleset` to retrieve.
|
|
* @returns A promise that fulfills with the specified `Ruleset`.
|
|
*/
|
|
getRuleset(name) {
|
|
return this.client.getRuleset(name)
|
|
.then((rulesetResponse) => {
|
|
return new Ruleset(rulesetResponse);
|
|
});
|
|
}
|
|
/**
|
|
* Gets the {@link Ruleset} currently applied to
|
|
* Cloud Firestore. Rejects with a `not-found` error if no ruleset is applied
|
|
* on Firestore.
|
|
*
|
|
* @returns A promise that fulfills with the Firestore ruleset.
|
|
*/
|
|
getFirestoreRuleset() {
|
|
return this.getRulesetForRelease(SecurityRules.CLOUD_FIRESTORE);
|
|
}
|
|
/**
|
|
* Creates a new {@link Ruleset} from the given
|
|
* source, and applies it to Cloud Firestore.
|
|
*
|
|
* @param source - Rules source to apply.
|
|
* @returns A promise that fulfills when the ruleset is created and released.
|
|
*/
|
|
releaseFirestoreRulesetFromSource(source) {
|
|
return Promise.resolve()
|
|
.then(() => {
|
|
const rulesFile = this.createRulesFileFromSource('firestore.rules', source);
|
|
return this.createRuleset(rulesFile);
|
|
})
|
|
.then((ruleset) => {
|
|
return this.releaseFirestoreRuleset(ruleset)
|
|
.then(() => {
|
|
return ruleset;
|
|
});
|
|
});
|
|
}
|
|
/**
|
|
* Applies the specified {@link Ruleset} ruleset
|
|
* to Cloud Firestore.
|
|
*
|
|
* @param ruleset - Name of the ruleset to apply or a `RulesetMetadata` object
|
|
* containing the name.
|
|
* @returns A promise that fulfills when the ruleset is released.
|
|
*/
|
|
releaseFirestoreRuleset(ruleset) {
|
|
return this.releaseRuleset(ruleset, SecurityRules.CLOUD_FIRESTORE);
|
|
}
|
|
/**
|
|
* Gets the {@link Ruleset} currently applied to a
|
|
* Cloud Storage bucket. Rejects with a `not-found` error if no ruleset is applied
|
|
* on the bucket.
|
|
*
|
|
* @param bucket - Optional name of the Cloud Storage bucket to be retrieved. If not
|
|
* specified, retrieves the ruleset applied on the default bucket configured via
|
|
* `AppOptions`.
|
|
* @returns A promise that fulfills with the Cloud Storage ruleset.
|
|
*/
|
|
getStorageRuleset(bucket) {
|
|
return Promise.resolve()
|
|
.then(() => {
|
|
return this.getBucketName(bucket);
|
|
})
|
|
.then((bucketName) => {
|
|
return this.getRulesetForRelease(`${SecurityRules.FIREBASE_STORAGE}/${bucketName}`);
|
|
});
|
|
}
|
|
/**
|
|
* Creates a new {@link Ruleset} from the given
|
|
* source, and applies it to a Cloud Storage bucket.
|
|
*
|
|
* @param source - Rules source to apply.
|
|
* @param bucket - Optional name of the Cloud Storage bucket to apply the rules on. If
|
|
* not specified, applies the ruleset on the default bucket configured via
|
|
* {@link firebase-admin.app#AppOptions}.
|
|
* @returns A promise that fulfills when the ruleset is created and released.
|
|
*/
|
|
releaseStorageRulesetFromSource(source, bucket) {
|
|
return Promise.resolve()
|
|
.then(() => {
|
|
// Bucket name is not required until the last step. But since there's a createRuleset step
|
|
// before then, make sure to run this check and fail early if the bucket name is invalid.
|
|
this.getBucketName(bucket);
|
|
const rulesFile = this.createRulesFileFromSource('storage.rules', source);
|
|
return this.createRuleset(rulesFile);
|
|
})
|
|
.then((ruleset) => {
|
|
return this.releaseStorageRuleset(ruleset, bucket)
|
|
.then(() => {
|
|
return ruleset;
|
|
});
|
|
});
|
|
}
|
|
/**
|
|
* Applies the specified {@link Ruleset} ruleset
|
|
* to a Cloud Storage bucket.
|
|
*
|
|
* @param ruleset - Name of the ruleset to apply or a `RulesetMetadata` object
|
|
* containing the name.
|
|
* @param bucket - Optional name of the Cloud Storage bucket to apply the rules on. If
|
|
* not specified, applies the ruleset on the default bucket configured via
|
|
* {@link firebase-admin.app#AppOptions}.
|
|
* @returns A promise that fulfills when the ruleset is released.
|
|
*/
|
|
releaseStorageRuleset(ruleset, bucket) {
|
|
return Promise.resolve()
|
|
.then(() => {
|
|
return this.getBucketName(bucket);
|
|
})
|
|
.then((bucketName) => {
|
|
return this.releaseRuleset(ruleset, `${SecurityRules.FIREBASE_STORAGE}/${bucketName}`);
|
|
});
|
|
}
|
|
/**
|
|
* Creates a {@link RulesFile} with the given name
|
|
* and source. Throws an error if any of the arguments are invalid. This is a local
|
|
* operation, and does not involve any network API calls.
|
|
*
|
|
* @example
|
|
* ```javascript
|
|
* const source = '// Some rules source';
|
|
* const rulesFile = admin.securityRules().createRulesFileFromSource(
|
|
* 'firestore.rules', source);
|
|
* ```
|
|
*
|
|
* @param name - Name to assign to the rules file. This is usually a short file name that
|
|
* helps identify the file in a ruleset.
|
|
* @param source - Contents of the rules file.
|
|
* @returns A new rules file instance.
|
|
*/
|
|
createRulesFileFromSource(name, source) {
|
|
if (!validator.isNonEmptyString(name)) {
|
|
throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Name must be a non-empty string.');
|
|
}
|
|
let content;
|
|
if (validator.isNonEmptyString(source)) {
|
|
content = source;
|
|
}
|
|
else if (validator.isBuffer(source)) {
|
|
content = source.toString('utf-8');
|
|
}
|
|
else {
|
|
throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Source must be a non-empty string or a Buffer.');
|
|
}
|
|
return {
|
|
name,
|
|
content,
|
|
};
|
|
}
|
|
/**
|
|
* Creates a new {@link Ruleset} from the given {@link RulesFile}.
|
|
*
|
|
* @param file - Rules file to include in the new `Ruleset`.
|
|
* @returns A promise that fulfills with the newly created `Ruleset`.
|
|
*/
|
|
createRuleset(file) {
|
|
const ruleset = {
|
|
source: {
|
|
files: [file],
|
|
},
|
|
};
|
|
return this.client.createRuleset(ruleset)
|
|
.then((rulesetResponse) => {
|
|
return new Ruleset(rulesetResponse);
|
|
});
|
|
}
|
|
/**
|
|
* Deletes the {@link Ruleset} identified by the given
|
|
* name. The input name should be the short name string without the project ID
|
|
* prefix. For example, to delete the `projects/project-id/rulesets/my-ruleset`,
|
|
* pass the short name "my-ruleset". Rejects with a `not-found` error if the
|
|
* specified `Ruleset` cannot be found.
|
|
*
|
|
* @param name - Name of the `Ruleset` to delete.
|
|
* @returns A promise that fulfills when the `Ruleset` is deleted.
|
|
*/
|
|
deleteRuleset(name) {
|
|
return this.client.deleteRuleset(name);
|
|
}
|
|
/**
|
|
* Retrieves a page of ruleset metadata.
|
|
*
|
|
* @param pageSize - The page size, 100 if undefined. This is also the maximum allowed
|
|
* limit.
|
|
* @param nextPageToken - The next page token. If not specified, returns rulesets
|
|
* starting without any offset.
|
|
* @returns A promise that fulfills with a page of rulesets.
|
|
*/
|
|
listRulesetMetadata(pageSize = 100, nextPageToken) {
|
|
return this.client.listRulesets(pageSize, nextPageToken)
|
|
.then((response) => {
|
|
return new RulesetMetadataList(response);
|
|
});
|
|
}
|
|
getRulesetForRelease(releaseName) {
|
|
return this.client.getRelease(releaseName)
|
|
.then((release) => {
|
|
const rulesetName = release.rulesetName;
|
|
if (!validator.isNonEmptyString(rulesetName)) {
|
|
throw new security_rules_internal_1.FirebaseSecurityRulesError('not-found', `Ruleset name not found for ${releaseName}.`);
|
|
}
|
|
return this.getRuleset(stripProjectIdPrefix(rulesetName));
|
|
});
|
|
}
|
|
releaseRuleset(ruleset, releaseName) {
|
|
if (!validator.isNonEmptyString(ruleset) &&
|
|
(!validator.isNonNullObject(ruleset) || !validator.isNonEmptyString(ruleset.name))) {
|
|
const err = new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'ruleset must be a non-empty name or a RulesetMetadata object.');
|
|
return Promise.reject(err);
|
|
}
|
|
const rulesetName = validator.isString(ruleset) ? ruleset : ruleset.name;
|
|
return this.client.updateOrCreateRelease(releaseName, rulesetName)
|
|
.then(() => {
|
|
return;
|
|
});
|
|
}
|
|
getBucketName(bucket) {
|
|
const bucketName = (typeof bucket !== 'undefined') ? bucket : this.app.options.storageBucket;
|
|
if (!validator.isNonEmptyString(bucketName)) {
|
|
throw new security_rules_internal_1.FirebaseSecurityRulesError('invalid-argument', 'Bucket name not specified or invalid. Specify a default bucket name via the ' +
|
|
'storageBucket option when initializing the app, or specify the bucket name ' +
|
|
'explicitly when calling the rules API.');
|
|
}
|
|
return bucketName;
|
|
}
|
|
}
|
|
exports.SecurityRules = SecurityRules;
|
|
SecurityRules.CLOUD_FIRESTORE = 'cloud.firestore';
|
|
SecurityRules.FIREBASE_STORAGE = 'firebase.storage';
|
|
function stripProjectIdPrefix(name) {
|
|
return name.split('/').pop();
|
|
}
|