Node.js 测试Firestore安全规则:为什么Firestore-debug.log即使在安全规则中的调试语句之后也是空的
我的firestore安全规则如下所示,我希望在firestore-debug.log中记录调试语句(我意识到所有规则都不会通过,但现在我只希望实际记录): 我正在运行的测试代码如下(使用mocha进行测试):Node.js 测试Firestore安全规则:为什么Firestore-debug.log即使在安全规则中的调试语句之后也是空的,node.js,google-cloud-firestore,firebase-security,Node.js,Google Cloud Firestore,Firebase Security,我的firestore安全规则如下所示,我希望在firestore-debug.log中记录调试语句(我意识到所有规则都不会通过,但现在我只希望实际记录): 我正在运行的测试代码如下(使用mocha进行测试): 为什么我的调试日志即使在运行测试代码之后也是空的?我还尝试删除after和beforeach块,以查看是否有日志记录,但没有任何结果。忘记指定我正在windows 10计算机上运行此功能。注意:也发布在此处 rules_version = '2'; service cloud.fires
为什么我的调试日志即使在运行测试代码之后也是空的?我还尝试删除after和beforeach块,以查看是否有日志记录,但没有任何结果。忘记指定我正在windows 10计算机上运行此功能。注意:也发布在此处
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
function userIsModerator() {
return request.auth.token.isModerator == true;
}
function documentFieldsCheckOut(requiredFields, optionalFields) {
let allFields = requiredFields.concat(optionalFields);
return request.resource.data.keys().hasOnly(allFields) &&
request.resource.data.keys().hasAll(requiredFields);
}
function editOnlyChangesFields(allowedFields) {
return debug(debug(request.resource.data.keys()).hasOnly(allowedFields));
}
match /{document=**} {
allow read, write: if false;
}
match /readonly/{docId} {
allow read: if true;
allow write: if false;
}
match /users/{userId} {
allow write: if (request.auth.uid == userId);
}
match /posts/{postId} {
allow read: if (resource.data.visibility == "public") ||
(resource.data.authorId == request.auth.uid);
allow update: if ((resource.data.authorId == request.auth.uid) ||
userIsModerator()) && editOnlyChangesFields(["visibility", "content"]);
allow create: if (request.resource.data.authorId == request.auth.uid) && documentFieldsCheckOut(["authorId", "visibility", "content", "headline"], [ "photo", "tags", "location"]);
}
match /rooms/{roomId} {
function userIsRoomMod() {
return request.auth.uid in (get(/databases/$(database)/documents/rooms/$(roomId)).data.roomMods);
}
//Security rules for rooms go here
match /posts/{postId} {
allow update: if (resource.data.authorId == request.auth.uid) ||
userIsRoomMod();
}
}
}
}
const assert = require('assert');
const firebase = require('@firebase/testing');
const MY_PROJECT_ID = "my-project-3we3e";
const myId = "user_abc";
const theirId = "user_xyz";
const myAuth = {uid: myId, email: "abc@gmail.com"};
const modId = "user_mod";
const modAuth = {uid: modId, email: "mod@gmail.com", isModerator: true};
function getFirestore(auth) {
return firebase.initializeTestApp({projectId: MY_PROJECT_ID, auth: auth}).firestore();
}
function getAdminFirestore() {
return firebase.initializeAdminApp({projectId: MY_PROJECT_ID}).firestore();
}
beforeEach(async() => {
await firebase.clearFirestoreData({projectId:MY_PROJECT_ID});
});
describe("Treetop App Functions", () => {
it("Enforces Security Rule 1", () => {
assert.equal(2+2,4);
});
it("Can read items in read-only section", async() => {
const db = getFirestore(null);
const testDoc = db.collection("readonly").doc("testDoc");
await firebase.assertSucceeds(testDoc.get());
});
it("Cannot write items in read-only section", async() => {
const db = getFirestore(null);
const testDoc = db.collection("readonly").doc("testDoc2");
await firebase.assertFails(testDoc.set({foo: "bar"}));
});
it("Can write user document with the same ID", async() => {
const db = getFirestore(myAuth);
const testDoc = db.collection("users").doc(myId);
await firebase.assertSucceeds(testDoc.set({foo: "bar"}));
});
it("Cannot write user document with a different ID", async() => {
const db = getFirestore(myAuth);
const testDoc = db.collection("users").doc(theirId);
await firebase.assertFails(testDoc.set({foo: "bar"}));
});
it("Can read posts marked public", async() => {
const db = getFirestore(null);
const testQuery = db.collection("posts").where("visibility", "==", "public");
await firebase.assertSucceeds(testQuery.get());
});
it("Can query all personal posts", async() => {
const db = getFirestore(myAuth);
const testQuery = db.collection("posts").where("authorId", "==", myId);
await firebase.assertSucceeds(testQuery.get());
});
it("Can't query all posts", async() => {
const db = getFirestore(myAuth);
const testQuery = db.collection("posts");
await firebase.assertFails(testQuery.get());
});
it("Can read a single public post", async() => {
const admin = getAdminFirestore();
const postId = "public_post";
const setupDoc = admin.collection("posts").doc(postId);
await setupDoc.set({authorId: theirId, visibility: "public"});
const db = getFirestore(null);
const testRead = db.collection("posts").doc(postId);
await firebase.assertSucceeds(testRead.get());
});
it("Cannot read a private post belonging to another user", async() => {
const admin = getAdminFirestore();
const postId = "private_post";
const setupDoc = admin.collection("posts").doc(postId);
await setupDoc.set({authorId: theirId, visibility: "private"});
const db = getFirestore(myAuth);
const testRead = db.collection("posts").doc(postId);
await firebase.assertFails(testRead.get());
});
it("Can read a private post belonging to that same user", async() => {
const admin = getAdminFirestore();
const postId = "private_post";
const setupDoc = admin.collection("posts").doc(postId);
await setupDoc.set({authorId: myId, visibility: "private"});
const db = getFirestore(myAuth);
const testRead = db.collection("posts").doc(postId);
await firebase.assertSucceeds(testRead.get());
});
it("Allows a user to edit their own post", async() => {
const admin = getAdminFirestore();
const postId = "post_123";
const setupDoc = admin.collection("posts").doc(postId);
await setupDoc.set({content: "before", authorId: myId});
const db = getFirestore(myAuth);
const testDoc = db.collection("posts").doc(postId);
await firebase.assertSucceeds(testDoc.update({content: "after"}));
});
it("Does not allow a user to edit someone else's post", async() => {
const admin = getAdminFirestore();
const postId = "post_123";
const setupDoc = admin.collection("posts").doc(postId);
await setupDoc.set({content: "before", authorId: theirId});
const db = getFirestore(myAuth);
const testDoc = db.collection("posts").doc(postId);
await firebase.assertFails(testDoc.update({content: "after"}));
});
it("Allows a moderator to edit someone else's post", async() => {
const admin = getAdminFirestore();
const postId = "post_123";
const setupDoc = admin.collection("posts").doc(postId);
await setupDoc.set({content: "before", authorId: theirId});
const db = getFirestore(modAuth);
const testDoc = db.collection("posts").doc(postId);
await firebase.assertSucceeds(testDoc.update({content: "after mod edit"}));
});
it("Allows a user to edit their own room post", async() => {
const postPath = "/rooms/room_abc/posts/post_123";
const admin = getAdminFirestore();
const setupDoc = admin.doc(postPath);
await setupDoc.set({content: "before", authorId: myId});
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertSucceeds(testDoc.update({content: "after"}));
});
it("Does not allow a user to edit someone else's room post", async() => {
const postPath = "/rooms/room_abc/posts/post_123";
const admin = getAdminFirestore();
const setupDoc = admin.doc(postPath);
await setupDoc.set({content: "before", authorId: theirId});
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertFails(testDoc.update({content: "after"}));
});
it("Allows a room mod to edit someone else's room post", async() => {
const roomPath = "rooms/room_abc";
const postPath = `${roomPath}/posts/post_123`;
const admin = getAdminFirestore();
await admin.doc(roomPath).set({topic: "Unit Testers", roomMods: [myId, "dummyUser"]});
await admin.doc(postPath).set({content: "before", authorId: theirId});
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertSucceeds(testDoc.update({content: "after"}));
});
it("Allows a user to create a post when they list themselves as the author", async() => {
const postPath = "/posts/post_123";
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertSucceeds(testDoc.set({authorId: myId, visibility: "private", content: "lorem ipsum", headline: "Firebase Rules"}));
});
it("Does not allow a user to create a post when they list someone else as the author", async() => {
const postPath = "/posts/post_123";
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertFails(testDoc.set({authorId: theirId, visibility: "private", content: "lorem ipsum", headline: "Firebase Rules"}));
});
it("Allows a user to create a post with all required fields", async() => {
const postPath = "/posts/post_123";
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertSucceeds(testDoc.set({authorId: myId, visibility: "private", content: "lorem ipsum", headline: "Firebase Rules"}));
});
it("Does not allow a user to create a post without all required fields", async() => {
const postPath = "/posts/post_123";
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertFails(testDoc.set({authorId: myId, content: "lorem ipsum", headline: "Firebase Rules"}));
});
it("Allows a user to edit a post with allowed fields", async() => {
const postPath = "/posts/post_123";
const admin = getAdminFirestore();
await admin.doc(postPath).set({content: "before", authorId: theirId, headline: "before_headline", visibility: "public"});
const db = getFirestore(myAuth);
const testDoc = db.doc(postPath);
await firebase.assertSucceeds(testDoc.update({visibility: "public", content: "new lorem ipsum"}));
});
});
after(async() => {
await firebase.clearFirestoreData({projectId:MY_PROJECT_ID});
});