firestore and storage rules

2026-06-10 12:42:08 +09:00
parent 1f034d72a6
commit efc2a60282
9 changed files with 168 additions and 7 deletions
--- a/.firebaserc
+++ b/.firebaserc
@@ -0,0 +1,5 @@
+{
+  "projects": {
+    "default": "overheard-d7396"
+  }
+}
--- a/firebase.json
+++ b/firebase.json
@@ -0,0 +1,12 @@
+{
+  "firestore": {
+    "rules": "firestore.rules",
+    "indexes": "firestore.indexes.json"
+  },
+  "storage": [
+    {
+      "bucket": "overheard-d7396.firebasestorage.app",
+      "rules": "storage.rules"
+    }
+  ]
+}
--- a/firestore.indexes.json
+++ b/firestore.indexes.json
@@ -0,0 +1,4 @@
+{
+  "indexes": [],
+  "fieldOverrides": []
+}
--- a/firestore.rules
+++ b/firestore.rules
@@ -0,0 +1,26 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+    match /messages/{messageId} {
+
+      // anyone can read messages
+      allow read: if true;
+
+      // anyone can create a message
+      // text must exist and be under 240 characters
+      allow create: if
+        request.resource.data.text is string &&
+        request.resource.data.text.size() <= 240;
+
+      // the only update allowed is an echo 
+      // echoCount and lastEchoAt fields can be changed
+      // this prevents anyone from editing the text of someone else's message
+      allow update: if
+        request.resource.data.diff(resource.data)
+          .affectedKeys().hasOnly(['echoCount', 'lastEchoAt']);
+
+      // nobody can delete messages through the client
+      allow delete: if false;
+    }
+  }
+}
--- a/public/index.html
+++ b/public/index.html
@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Welcome to Firebase Hosting</title>
+
+    <!-- update the version number as needed -->
+    <script defer src="/__/firebase/12.14.0/firebase-app-compat.js"></script>
+    <!-- include only the Firebase features as you need -->
+    <script defer src="/__/firebase/12.14.0/firebase-auth-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-database-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-firestore-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-functions-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-messaging-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-storage-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-analytics-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-remote-config-compat.js"></script>
+    <script defer src="/__/firebase/12.14.0/firebase-performance-compat.js"></script>
+    <!-- 
+      initialize the SDK after all desired features are loaded, set useEmulator to false
+      to avoid connecting the SDK to running emulators.
+    -->
+    <script defer src="/__/firebase/init.js?useEmulator=true"></script>
+
+    <style media="screen">
+      body { background: #ECEFF1; color: rgba(0,0,0,0.87); font-family: Roboto, Helvetica, Arial, sans-serif; margin: 0; padding: 0; }
+      #message { background: white; max-width: 360px; margin: 100px auto 16px; padding: 32px 24px; border-radius: 3px; }
+      #message h2 { color: #ffa100; font-weight: bold; font-size: 16px; margin: 0 0 8px; }
+      #message h1 { font-size: 22px; font-weight: 300; color: rgba(0,0,0,0.6); margin: 0 0 16px;}
+      #message p { line-height: 140%; margin: 16px 0 24px; font-size: 14px; }
+      #message a { display: block; text-align: center; background: #039be5; text-transform: uppercase; text-decoration: none; color: white; padding: 16px; border-radius: 4px; }
+      #message, #message a { box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24); }
+      #load { color: rgba(0,0,0,0.4); text-align: center; font-size: 13px; }
+      @media (max-width: 600px) {
+        body, #message { margin-top: 0; background: white; box-shadow: none; }
+        body { border-top: 16px solid #ffa100; }
+      }
+    </style>
+  </head>
+  <body>
+    <div id="message">
+      <h2>Welcome</h2>
+      <h1>Firebase Hosting Setup Complete</h1>
+      <p>You're seeing this because you've successfully setup Firebase Hosting. Now it's time to go build something extraordinary!</p>
+      <a target="_blank" href="https://firebase.google.com/docs/hosting/">Open Hosting Documentation</a>
+    </div>
+    <p id="load">Firebase SDK Loading&hellip;</p>
+
+    <script>
+      document.addEventListener('DOMContentLoaded', function() {
+        const loadEl = document.querySelector('#load');
+        // // 🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
+        // // The Firebase SDK is initialized and available here!
+        //
+        // firebase.auth().onAuthStateChanged(user => { });
+        // firebase.database().ref('/path/to/ref').on('value', snapshot => { });
+        // firebase.firestore().doc('/foo/bar').get().then(() => { });
+        // firebase.functions().httpsCallable('yourFunction')().then(() => { });
+        // firebase.messaging().requestPermission().then(() => { });
+        // firebase.storage().ref('/path/to/ref').getDownloadURL().then(() => { });
+        // firebase.analytics(); // call to activate
+        // firebase.analytics().logEvent('tutorial_completed');
+        // firebase.performance(); // call to activate
+        //
+        // // 🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
+
+        try {
+          let app = firebase.app();
+          let features = [
+            'auth', 
+            'database', 
+            'firestore',
+            'functions',
+            'messaging', 
+            'storage', 
+            'analytics', 
+            'remoteConfig',
+            'performance',
+          ].filter(feature => typeof app[feature] === 'function');
+          loadEl.textContent = `Firebase SDK loaded with ${features.join(', ')}`;
+        } catch (e) {
+          console.error(e);
+          loadEl.textContent = 'Error loading the Firebase SDK, check the console.';
+        }
+      });
+    </script>
+  </body>
+</html>
--- a/src/lib/Firebase/messages.js
+++ b/src/lib/Firebase/messages.js
@@ -7,6 +7,7 @@ import ngeohash from 'ngeohash';
 export async function getNearbyMessages(lat, lng) {
    const prefix = getQueryPrefix(lat, lng);

+    // filter by the geohash
    const q = query(
        collection(db, 'messages'),
        where('geohash', '>=', prefix),
@@ -30,7 +31,7 @@ export async function getNearbyMessages(lat, lng) {
    return active;
 }

-
+// update the echo counter
 export async function echoMessage(messageId) {
    const ref = doc(db, 'messages', messageId);
    await updateDoc(ref, {
@@ -39,6 +40,7 @@ export async function echoMessage(messageId) {
    });
 }

+// adding the message location 
 export async function addMessage(lat, lng, text, imageUrl = ''){
    const geohash = ngeohash.encode(lat, lng, 6);

@@ -55,6 +57,7 @@ export async function addMessage(lat, lng, text, imageUrl = ''){
    });
 }

+// session ID (temporary)
 function getSessionId() {
    let id = localStorage.getItem('overheard_session');
    if (!id) {
--- a/src/lib/Firebase/storage.js
+++ b/src/lib/Firebase/storage.js
@@ -1,6 +1,7 @@
 import { ref, uploadBytes, getDownloadURL } from 'firebase/storage'
 import { storage } from './config.js';

+
 export async function uploadImage(file) {
    //create unique file name and stores them in one folder in firebase
    const filename = `messages/${Date.now()}_${file.name}`;
--- a/src/lib/components/MapView.Svelte
+++ b/src/lib/components/MapView.Svelte
@@ -8,15 +8,16 @@
    // export let longitude;
    // ^ this didn't work for some reason, so instead we get the props like this: (based on internet research this is the fix)
    let { lat, lng } = $props();
-
+s
    let mapDiv;
+    let map = $state(null);

    let markers = []; // keep track of pins on map
    let userMarker;
    let AdvancedMarkerElement;

    /** Jisu Legacy - 내 위치 마커 (메시지 핀과 구분되는 파란 점) */
-    function addUserLocationMarker(map, centerLat, centerLng) {
+    function addUserLocationMarker(centerLat, centerLng) {
        const dot = document.createElement('div');
        dot.style.cssText = 'width:20px;height:20px;border-radius:50%;background:#4285F4;border:3px solid #fff;box-shadow:0 2px 6px rgba(0,0,0,0.3)';
        userMarker = new AdvancedMarkerElement({
@@ -41,7 +42,7 @@
        const { Map } = await importLibrary('maps');
        ({ AdvancedMarkerElement } = await importLibrary('marker'));

-        mapDiv = new Map(mapDiv, {
+        map = new Map(mapDiv, {
            center: { lat: centerLat, lng: centerLng },
            zoom: 15,
            disableDefaultUI: true,
@@ -49,7 +50,7 @@
            mapId: 'DEMO_MAP_ID'
        });

-        addUserLocationMarker(mapDiv, centerLat, centerLng);
+        addUserLocationMarker(centerLat, centerLng);
    });

    // function to render pins
@@ -61,7 +62,7 @@
        messages.forEach(message => {
            const marker = new AdvancedMarkerElement({
                position: { lat: message.lat, lng: message.lng },
-                map: mapDiv,
+                map,
                title: message.text
            });

@@ -75,7 +76,7 @@

    // this is a reactive statement so anytime the store changes it updates
    $effect(() => {
-        if (mapDiv && $messagesStore.length > 0 ){ // if they both exist
+        if (map && $messagesStore.length > 0 ){ // if they both exist
            renderPins($messagesStore); // we put pins on the map
        }
    })
--- a/storage.rules
+++ b/storage.rules
@@ -0,0 +1,20 @@
+rules_version = '2';
+
+service firebase.storage {
+  match /b/{bucket}/o {
+    match /messages/{fileName} {
+
+      // anyone can view uploaded images
+      allow read: if true;
+
+      // anyone can upload an image attached to a message
+      // must be an image under 5MB
+      allow create: if
+        request.resource.size < 5 * 1024 * 1024 &&
+        request.resource.contentType.matches('image/.*');
+
+      // no edits or deletes through the client
+      allow update, delete: if false;
+    }
+  }
+}