-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathstorage.rules.test.mjs
116 lines (94 loc) · 4.51 KB
/
storage.rules.test.mjs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import { assertFails, assertSucceeds, initializeTestEnvironment } from '@firebase/rules-unit-testing';
import { Buffer } from 'buffer';
import { readFileSync } from 'fs';
import { afterAll, beforeAll, beforeEach, describe, it } from 'vitest';
let testEnv;
const userId = 'user_abc';
const blmPoint = 'point_abc';
const contentType = 'image/png';
const loadImage = () => readFileSync('./tests/image.png');
const createMBImage = (mb) => Buffer.alloc(mb * 1024 * 1024);
const getPaths = (storage) => {
return {
submitterImage: storage.ref(`submitters/new`).child('submitterFolder.png'),
submitter: storage.ref(`submitters/new`),
userImage: storage.ref(`submitters/${userId}/new`).child('userFolder.png'),
user: storage.ref(`submitters/${userId}/new`),
pointImage: storage.ref(`submitters/${userId}/new/${blmPoint}`).child('pointFolder.png'),
point: storage.ref(`submitters/${userId}/new/${blmPoint}`),
};
};
describe('storage', () => {
beforeAll(async () => {
testEnv = await initializeTestEnvironment({
projectId: 'test-project',
storage: {
rules: readFileSync('./storage.rules', 'utf8'),
host: '127.0.0.1',
port: 9199,
},
});
await testEnv.withSecurityRulesDisabled(async (context) => {
const storage = context.storage();
const { submitterImage, userImage, pointImage } = getPaths(storage);
await submitterImage.put(loadImage(), { contentType });
await userImage.put(loadImage(), { contentType });
await pointImage.put(loadImage(), { contentType });
});
});
beforeEach(async () => await testEnv.clearStorage());
afterAll(async () => {
await testEnv.cleanup();
});
it('disallows read access for unauthorized users', async () => {
const storage = testEnv.unauthenticatedContext().storage();
const { submitterImage, userImage, pointImage } = getPaths(storage);
await assertFails(submitterImage.getDownloadURL());
await assertFails(userImage.getDownloadURL());
await assertFails(pointImage.getDownloadURL());
});
it('disallows write access for unauthorized users', async () => {
const storage = testEnv.unauthenticatedContext().storage();
const { submitter, user, point } = getPaths(storage);
await assertFails(submitter.child('test.png').put(loadImage(), { contentType }));
await assertFails(user.child('test.png').put(loadImage(), { contentType }));
await assertFails(point.child('test.png').put(loadImage(), { contentType }));
});
it('disallows metadata access for unauthorized users', async () => {
const storage = testEnv.unauthenticatedContext().storage();
const { submitter, user, point } = getPaths(storage);
await assertFails(submitter.listAll());
await assertFails(user.listAll());
await assertFails(point.listAll());
});
it('allows read access for authorized users to their folder', async () => {
const storage = testEnv.authenticatedContext(userId).storage();
const { submitterImage, userImage, pointImage } = getPaths(storage);
await assertFails(submitterImage.getDownloadURL());
await assertSucceeds(userImage.getDownloadURL());
await assertSucceeds(pointImage.getDownloadURL());
});
it('disallows write access for authorized users to their folder when uploading non image file', async () => {
const storage = testEnv.authenticatedContext(userId).storage();
const { submitter, user, point } = getPaths(storage);
await assertFails(submitter.child('test.doc').put(loadImage(), { contentType: 'text/plain' }));
await assertFails(user.child('test.doc').put(loadImage(), { contentType: 'text/plain' }));
await assertFails(point.child('test.doc').put(loadImage(), { contentType: 'text/plain' }));
});
it('allows write access for authorized users to their folder when uploading image files', async () => {
const storage = testEnv.authenticatedContext(userId).storage();
const { submitter, user, point } = getPaths(storage);
await assertFails(submitter.child('test.png').put(loadImage(), { contentType }));
await assertFails(user.child('test.png').put(loadImage(), { contentType }));
await assertSucceeds(point.child('test.png').put(loadImage(), { contentType }));
});
it('disallows files greater than 5MB', async () => {
const storage = testEnv.authenticatedContext(userId).storage();
const getRef = (submitter, imageName) => storage.ref(`submitters/${submitter}`).child(imageName);
await assertFails(
getRef(userId, 'big.png').put(createMBImage(5.1), {
contentType,
}),
);
});
});