/*! firebase-admin v8.9.2 */ "use strict"; /*! * Copyright 2019 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ Object.defineProperty(exports, "__esModule", { value: true }); var validator = require("../utils/validator"); var security_rules_api_client_1 = require("./security-rules-api-client"); var security_rules_utils_1 = require("./security-rules-utils"); var RulesetMetadataListImpl = /** @class */ (function () { function RulesetMetadataListImpl(response) { if (!validator.isNonNullObject(response) || !validator.isArray(response.rulesets)) { throw new security_rules_utils_1.FirebaseSecurityRulesError('invalid-argument', "Invalid ListRulesets response: " + JSON.stringify(response)); } this.rulesets = response.rulesets.map(function (rs) { return { name: stripProjectIdPrefix(rs.name), createTime: new Date(rs.createTime).toUTCString(), }; }); if (response.nextPageToken) { this.nextPageToken = response.nextPageToken; } } return RulesetMetadataListImpl; }()); /** * Represents a set of Firebase security rules. */ var Ruleset = /** @class */ (function () { function Ruleset(ruleset) { if (!validator.isNonNullObject(ruleset) || !validator.isNonEmptyString(ruleset.name) || !validator.isNonEmptyString(ruleset.createTime) || !validator.isNonNullObject(ruleset.source)) { throw new security_rules_utils_1.FirebaseSecurityRulesError('invalid-argument', "Invalid Ruleset response: " + JSON.stringify(ruleset)); } this.name = stripProjectIdPrefix(ruleset.name); this.createTime = new Date(ruleset.createTime).toUTCString(); this.source = ruleset.source.files || []; } return Ruleset; }()); exports.Ruleset = Ruleset; /** * SecurityRules service bound to the provided app. */ var SecurityRules = /** @class */ (function () { /** * @param {object} app The app for this SecurityRules service. * @constructor */ function SecurityRules(app) { this.app = app; this.INTERNAL = new SecurityRulesInternals(); this.client = new security_rules_api_client_1.SecurityRulesApiClient(app); } /** * Gets the Ruleset identified by the given name. The input name should be the short name string without * the project ID prefix. For example, to retrieve the `projects/project-id/rulesets/my-ruleset`, pass the * short name "my-ruleset". Rejects with a `not-found` error if the specified Ruleset cannot be found. * * @param {string} name Name of the Ruleset to retrieve. * @returns {Promise} A promise that fulfills with the specified Ruleset. */ SecurityRules.prototype.getRuleset = function (name) { return this.client.getRuleset(name) .then(function (rulesetResponse) { return new Ruleset(rulesetResponse); }); }; /** * Gets the Ruleset currently applied to Cloud Firestore. Rejects with a `not-found` error if no Ruleset is * applied on Firestore. * * @returns {Promise} A promise that fulfills with the Firestore Ruleset. */ SecurityRules.prototype.getFirestoreRuleset = function () { return this.getRulesetForRelease(SecurityRules.CLOUD_FIRESTORE); }; /** * Creates a new ruleset from the given source, and applies it to Cloud Firestore. * * @param {string|Buffer} source Rules source to apply. * @returns {Promise} A promise that fulfills when the ruleset is created and released. */ SecurityRules.prototype.releaseFirestoreRulesetFromSource = function (source) { var _this = this; return Promise.resolve() .then(function () { var rulesFile = _this.createRulesFileFromSource('firestore.rules', source); return _this.createRuleset(rulesFile); }) .then(function (ruleset) { return _this.releaseFirestoreRuleset(ruleset) .then(function () { return ruleset; }); }); }; /** * Makes the specified ruleset the currently applied ruleset for Cloud Firestore. * * @param {string|RulesetMetadata} ruleset Name of the ruleset to apply or a RulesetMetadata object containing * the name. * @returns {Promise} A promise that fulfills when the ruleset is released. */ SecurityRules.prototype.releaseFirestoreRuleset = function (ruleset) { return this.releaseRuleset(ruleset, SecurityRules.CLOUD_FIRESTORE); }; /** * Gets the Ruleset currently applied to a Cloud Storage bucket. Rejects with a `not-found` error if no Ruleset is * applied on the bucket. * * @param {string=} bucket Optional name of the Cloud Storage bucket to be retrieved. If not specified, * retrieves the ruleset applied on the default bucket configured via `AppOptions`. * @returns {Promise} A promise that fulfills with the Cloud Storage Ruleset. */ SecurityRules.prototype.getStorageRuleset = function (bucket) { var _this = this; return Promise.resolve() .then(function () { return _this.getBucketName(bucket); }) .then(function (bucketName) { return _this.getRulesetForRelease(SecurityRules.FIREBASE_STORAGE + "/" + bucketName); }); }; /** * Creates a new ruleset from the given source, and applies it to a Cloud Storage bucket. * * @param {string|Buffer} source Rules source to apply. * @param {string=} bucket Optional name of the Cloud Storage bucket to apply the rules on. If not specified, * applies the ruleset on the default bucket configured via `AppOptions`. * @returns {Promise} A promise that fulfills when the ruleset is created and released. */ SecurityRules.prototype.releaseStorageRulesetFromSource = function (source, bucket) { var _this = this; return Promise.resolve() .then(function () { // Bucket name is not required until the last step. But since there's a createRuleset step // before then, make sure to run this check and fail early if the bucket name is invalid. _this.getBucketName(bucket); var rulesFile = _this.createRulesFileFromSource('storage.rules', source); return _this.createRuleset(rulesFile); }) .then(function (ruleset) { return _this.releaseStorageRuleset(ruleset, bucket) .then(function () { return ruleset; }); }); }; /** * Makes the specified ruleset the currently applied ruleset for a Cloud Storage bucket. * * @param {string|RulesetMetadata} ruleset Name of the ruleset to apply or a RulesetMetadata object containing * the name. * @param {string=} bucket Optional name of the Cloud Storage bucket to apply the rules on. If not specified, * applies the ruleset on the default bucket configured via `AppOptions`. * @returns {Promise} A promise that fulfills when the ruleset is released. */ SecurityRules.prototype.releaseStorageRuleset = function (ruleset, bucket) { var _this = this; return Promise.resolve() .then(function () { return _this.getBucketName(bucket); }) .then(function (bucketName) { return _this.releaseRuleset(ruleset, SecurityRules.FIREBASE_STORAGE + "/" + bucketName); }); }; /** * Creates a `RulesFile` with the given name and source. Throws if any of the arguments are invalid. This is a * local operation, and does not involve any network API calls. * * @param {string} name Name to assign to the rules file. * @param {string|Buffer} source Contents of the rules file. * @returns {RulesFile} A new rules file instance. */ SecurityRules.prototype.createRulesFileFromSource = function (name, source) { if (!validator.isNonEmptyString(name)) { throw new security_rules_utils_1.FirebaseSecurityRulesError('invalid-argument', 'Name must be a non-empty string.'); } var content; if (validator.isNonEmptyString(source)) { content = source; } else if (validator.isBuffer(source)) { content = source.toString('utf-8'); } else { throw new security_rules_utils_1.FirebaseSecurityRulesError('invalid-argument', 'Source must be a non-empty string or a Buffer.'); } return { name: name, content: content, }; }; /** * Creates a new `Ruleset` from the given `RulesFile`. * * @param {RulesFile} file Rules file to include in the new Ruleset. * @returns {Promise} A promise that fulfills with the newly created Ruleset. */ SecurityRules.prototype.createRuleset = function (file) { var ruleset = { source: { files: [file], }, }; return this.client.createRuleset(ruleset) .then(function (rulesetResponse) { return new Ruleset(rulesetResponse); }); }; /** * Deletes the Ruleset identified by the given name. The input name should be the short name string without * the project ID prefix. For example, to delete the `projects/project-id/rulesets/my-ruleset`, pass the * short name "my-ruleset". Rejects with a `not-found` error if the specified Ruleset cannot be found. * * @param {string} name Name of the Ruleset to delete. * @returns {Promise} A promise that fulfills when the Ruleset is deleted. */ SecurityRules.prototype.deleteRuleset = function (name) { return this.client.deleteRuleset(name); }; /** * Retrieves a page of rulesets. * * @param {number=} pageSize The page size, 100 if undefined. This is also the maximum allowed limit. * @param {string=} nextPageToken The next page token. If not specified, returns rulesets starting * without any offset. * @returns {Promise} A promise that fulfills a page of rulesets. */ SecurityRules.prototype.listRulesetMetadata = function (pageSize, nextPageToken) { if (pageSize === void 0) { pageSize = 100; } return this.client.listRulesets(pageSize, nextPageToken) .then(function (response) { return new RulesetMetadataListImpl(response); }); }; SecurityRules.prototype.getRulesetForRelease = function (releaseName) { var _this = this; return this.client.getRelease(releaseName) .then(function (release) { var rulesetName = release.rulesetName; if (!validator.isNonEmptyString(rulesetName)) { throw new security_rules_utils_1.FirebaseSecurityRulesError('not-found', "Ruleset name not found for " + releaseName + "."); } return _this.getRuleset(stripProjectIdPrefix(rulesetName)); }); }; SecurityRules.prototype.releaseRuleset = function (ruleset, releaseName) { if (!validator.isNonEmptyString(ruleset) && (!validator.isNonNullObject(ruleset) || !validator.isNonEmptyString(ruleset.name))) { var err = new security_rules_utils_1.FirebaseSecurityRulesError('invalid-argument', 'ruleset must be a non-empty name or a RulesetMetadata object.'); return Promise.reject(err); } var rulesetName = validator.isString(ruleset) ? ruleset : ruleset.name; return this.client.updateRelease(releaseName, rulesetName) .then(function () { return; }); }; SecurityRules.prototype.getBucketName = function (bucket) { var bucketName = (typeof bucket !== 'undefined') ? bucket : this.app.options.storageBucket; if (!validator.isNonEmptyString(bucketName)) { throw new security_rules_utils_1.FirebaseSecurityRulesError('invalid-argument', 'Bucket name not specified or invalid. Specify a default bucket name via the ' + 'storageBucket option when initializing the app, or specify the bucket name ' + 'explicitly when calling the rules API.'); } return bucketName; }; SecurityRules.CLOUD_FIRESTORE = 'cloud.firestore'; SecurityRules.FIREBASE_STORAGE = 'firebase.storage'; return SecurityRules; }()); exports.SecurityRules = SecurityRules; var SecurityRulesInternals = /** @class */ (function () { function SecurityRulesInternals() { } SecurityRulesInternals.prototype.delete = function () { return Promise.resolve(); }; return SecurityRulesInternals; }()); function stripProjectIdPrefix(name) { return name.split('/').pop(); }