ultralab/firestore.rules at master · ppcvote/ultralab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
rules_version = '2';

service cloud.firestore {
  match /databases/{database}/documents {
    match /inquiries/{docId} {
      // Anyone can create an inquiry (contact form)
      allow create: if
        request.resource.data.keys().hasAll(['name', 'email', 'service']) &&
        request.resource.data.name.size() > 0 &&
        request.resource.data.name.size() < 200 &&
        request.resource.data.email.size() > 0 &&
        request.resource.data.email.size() < 200 &&
        request.resource.data['service'].size() > 0 &&
        ('message' in request.resource.data ? request.resource.data['message'].size() < 5000 : true);

      // Admin can read and update inquiries
      allow read, update: if request.auth != null
        && request.auth.token.email == 'risky9763@gmail.com';

      allow delete: if false;

      // Email records subcollection
      match /emails/{emailId} {
        allow read, create: if request.auth != null
          && request.auth.token.email == 'risky9763@gmail.com';
        allow delete, update: if false;
      }
    }

    // Products — anyone can read active products
    match /products/{productId} {
      allow read: if true;
      allow write: if request.auth != null
        && request.auth.token.email == 'risky9763@gmail.com';
    }

    // Orders — anyone can create, admin can read/update
    match /orders/{orderId} {
      allow create: if
        request.resource.data.keys().hasAll(['items', 'totalAmount', 'customer', 'status']) &&
        request.resource.data.status == 'pending' &&
        request.resource.data.totalAmount is number &&
        request.resource.data.totalAmount > 0;

      allow read, update: if request.auth != null
        && request.auth.token.email == 'risky9763@gmail.com';

      allow delete: if false;
    }

    // UltraProbe — server-side only (via firebase-admin)
    match /rate_limits/{docId} {
      allow read, write: if false;
    }

    match /probe_leads/{docId} {
      allow read, write: if false;
    }

    match /counters/{counterId} {
      allow read, write: if false;
    }

    // UltraProbe API — server-side only
    match /api_keys/{keyId} {
      allow read, write: if false;
    }

    match /api_usage/{keyId}/{document=**} {
      allow read, write: if false;
    }

    match /vulnerability_database/{scanId} {
      allow read, write: if false;
    }

    // Agent activity — public read (displayed on /agent page)
    // Write: server-side only via Admin SDK (sync script)
    match /agent-activity/{docId} {
      allow read: if true;
      allow write: if false;
    }

    match /{document=**} {
      allow read, write: if false;
    }
  }
}