firestore and storage rules

2026-06-10 12:42:08 +09:00
parent 1f034d72a6
commit efc2a60282
9 changed files with 168 additions and 7 deletions
--- a/firestore.rules
+++ b/firestore.rules
@@ -0,0 +1,26 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+    match /messages/{messageId} {
+
+      // anyone can read messages
+      allow read: if true;
+
+      // anyone can create a message
+      // text must exist and be under 240 characters
+      allow create: if
+        request.resource.data.text is string &&
+        request.resource.data.text.size() <= 240;
+
+      // the only update allowed is an echo 
+      // echoCount and lastEchoAt fields can be changed
+      // this prevents anyone from editing the text of someone else's message
+      allow update: if
+        request.resource.data.diff(resource.data)
+          .affectedKeys().hasOnly(['echoCount', 'lastEchoAt']);
+
+      // nobody can delete messages through the client
+      allow delete: if false;
+    }
+  }
+}