From 8fc12ed796affc37ce2c6bd57549a9c403e2dbd2 Mon Sep 17 00:00:00 2001
From: Ruidy Nemausat <ruidy.nemausat@gmail.com>
Date: Sun, 17 May 2020 09:15:07 +0200
Subject: [PATCH] track config files

---
 .firebaserc                  |  5 +++
 .github/workflows/deploy.yml | 11 ++++--
 .gitignore                   |  6 +--
 firebase.json                | 23 +++++++++++
 firestore.rules              | 75 ++++++++++++++++++++++++++++++++++++
 storage.rules                |  8 ++++
 6 files changed, 119 insertions(+), 9 deletions(-)
 create mode 100644 .firebaserc
 create mode 100644 firebase.json
 create mode 100644 firestore.rules
 create mode 100644 storage.rules

diff --git a/.firebaserc b/.firebaserc
new file mode 100644
index 0000000..e3f68a3
--- /dev/null
+++ b/.firebaserc
@@ -0,0 +1,5 @@
+{
+  "projects": {
+    "default": "devprojects-4749c"
+  }
+}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 98a10ef..33c23ec 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -4,6 +4,7 @@ on: [push]
 jobs:
   test:
     name: Test
+    if: ${{ github.ref == 'refs/heads/master' }}
     runs-on: ubuntu-latest
     env:
       REACT_APP_STORAGE_BUCKET: ${{ secrets.REACT_APP_STORAGE_BUCKET }}
@@ -37,7 +38,9 @@ jobs:
         run: yarn install --frozen-lockfile
       - name: Build
         run: yarn build
-      - name: Install Firebase CLI tools
-        run: yarn global add firebase-tools
-      - name: Deploy
-        run: firebase deploy --token ${{ secrets.FIREBASE_TOKEN }}
+      - name: Deploy to Firebase
+        uses: w9jds/firebase-action@master
+        with:
+          args: deploy --only hosting
+        env:
+          FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
diff --git a/.gitignore b/.gitignore
index f73c45d..3948fa9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,8 +28,4 @@ yarn-debug.log*
 yarn-error.log*
 
 .env
-.firebase
-firebase.json
-firestore.indexes.json
-*rules
-.firebaserc
\ No newline at end of file
+.firebase
\ No newline at end of file
diff --git a/firebase.json b/firebase.json
new file mode 100644
index 0000000..f860077
--- /dev/null
+++ b/firebase.json
@@ -0,0 +1,23 @@
+{
+  "firestore": {
+    "rules": "firestore.rules",
+    "indexes": "firestore.indexes.json"
+  },
+  "hosting": {
+    "public": "build",
+    "ignore": [
+      "firebase.json",
+      "**/.*",
+      "**/node_modules/**"
+    ],
+    "rewrites": [
+      {
+        "source": "**",
+        "destination": "/index.html"
+      }
+    ]
+  },
+  "storage": {
+    "rules": "storage.rules"
+  }
+}
\ No newline at end of file
diff --git a/firestore.rules b/firestore.rules
new file mode 100644
index 0000000..20e02b7
--- /dev/null
+++ b/firestore.rules
@@ -0,0 +1,75 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+  	// Restaurants:
+    //   - Authenticated user can read
+    //   - Authenticated user can create/update (for demo)
+    //   - Validate updates
+    //   - Deletes are not allowed
+    match /restaurants/{restaurantId} {
+      allow read, create: if request.auth != null;
+      allow update: if request.auth != null
+                    && request.resource.data.name == resource.data.name
+      allow delete: if false;
+      
+      // Ratings:
+      //   - Authenticated user can read
+      //   - Authenticated user can create if userId matches
+      //   - Deletes and updates are not allowed
+      match /ratings/{ratingId} {
+        allow read: if request.auth != null;
+        allow create: if request.auth != null
+                      && request.resource.data.userId == request.auth.uid;
+        allow update, delete: if false;
+        
+        }
+    }
+    
+    // MealPlannerUsers:
+    //		 - Anyone can read
+    //		 - Authenticated users can create and edit their account
+    // 		 - Deletes are not allowed
+    match /mealPlannerUsers/{userID} {
+      allow read: if true;
+      allow create, update, write: if true;
+      allow delete: if false;
+      
+      // Favs: 
+      //		 - Anyone can read
+      //		 - Authenticated users can create and edit their account
+      // 		 - Deletes are not allowed
+      match /favs/{favID} {
+        allow read, create, update, write: if true;
+        allow delete: if false;
+      }
+    }
+
+    // Messages:
+    //   - Anyone can read.
+    //   - Authenticated users can add and edit messages.
+    //   - Validation: Check name is same as auth token and text length below 300 char or that imageUrl is a URL.
+    //   - Deletes are not allowed.
+    match /messages/{messageId} {
+      allow read;
+      allow create, update: if request.auth != null
+                    && request.resource.data.name == request.auth.token.name
+                    && (request.resource.data.text is string
+                      && request.resource.data.text.size() <= 300
+                      || request.resource.data.imageUrl is string
+                      && request.resource.data.imageUrl.matches('https?://.*'));
+      allow delete: if false;
+    }
+
+    // FcmTokens:
+    //    - anyone can save its token
+    //    - access is forbidden
+    match /fcmTokens/{tokenID} {
+      allow write;
+      allow read: if false;
+    }
+    // Users: DevBook app
+    match /users/{userID} {
+    	allow read,write :if true;
+    }
+  }
+}
\ No newline at end of file
diff --git a/storage.rules b/storage.rules
new file mode 100644
index 0000000..4eda34f
--- /dev/null
+++ b/storage.rules
@@ -0,0 +1,8 @@
+rules_version = '2';
+service firebase.storage {
+  match /b/{bucket}/o {
+    match /{allPaths=**} {
+      allow read, write: if request.auth!=null;
+    }
+  }
+}