-
Notifications
You must be signed in to change notification settings - Fork 0
/
storage-rules.spec.ts
56 lines (44 loc) · 1.7 KB
/
storage-rules.spec.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import {
RulesTestEnvironment,
assertFails,
initializeTestEnvironment,
} from '@firebase/rules-unit-testing';
import { deleteObject, getDownloadURL, ref, updateMetadata } from 'firebase/storage';
import { readFileSync } from 'node:fs';
import { afterAll, beforeAll, beforeEach, describe, test } from 'vitest';
import { TEST_PROJECT_ID } from '../helpers/constants';
import { getStorageMeta } from '../helpers/storage';
let testEnv: RulesTestEnvironment;
beforeAll(async () => {
const { host, port } = getStorageMeta();
testEnv = await initializeTestEnvironment({
projectId: TEST_PROJECT_ID,
storage: {
port,
host,
rules: readFileSync('storage.rules', 'utf8'),
},
});
});
afterAll(async () => {
await testEnv.cleanup();
});
beforeEach(async () => {
await testEnv.clearStorage();
});
describe('Storage security rules', () => {
test('does not allow any reads, writes or deletes to an unused object by an unauthenticated user', async () => {
const storage = testEnv.unauthenticatedContext().storage();
const objectRef = ref(storage, 'unused.jpg');
await assertFails(getDownloadURL(objectRef));
await assertFails(updateMetadata(objectRef, { cacheControl: 'public, max-age=300' }));
await assertFails(deleteObject(objectRef));
});
test('does not allow any reads, writes or deletes to an unused object by an authenticated user', async () => {
const storage = testEnv.authenticatedContext('alice').storage();
const objectRef = ref(storage, 'unused.jpg');
await assertFails(getDownloadURL(objectRef));
await assertFails(updateMetadata(objectRef, { cacheControl: 'public, max-age=300' }));
await assertFails(deleteObject(objectRef));
});
});