Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can debug logging be added to firestore rules functions?

Given that the firestore rules structure allows for functions, is there some way to add debug logs to those rule-functions ? .. in order to verify that the function you expect, is in fact being called.

I see that with the simulator it shows a red X at the line in the rules sturcture, where access is denied for a given simulation-request. However, am curious for verification in production mode so it can be communicated to parties concerned about the rules integrity.

In the example below, I was thinking it might be implemented with that commented-out line:

console.log('ENTER: isAccessOn()');

However this does not work. Asking here in case there's any option for something like this in the platform.. or if not, if there's a suggestion for how to make such verifications with a production deployment. Thanks

service cloud.firestore {
  match /databases/{database}/documents {

    // block client access
    function isAccessOn() {
      // console.log('ENTER: isAccessOn()');
      return false;
    }

    match /{document=**} {
      allow read, write: if isAccessOn();
    }

  }
}
like image 504
Gene Bo Avatar asked Nov 01 '18 00:11

Gene Bo


People also ask

How do you log into firestore rules?

You log in to your Firebase console > Firestore > Rules, then you see your current security rules. The security also has version control, so you can go back to the previous rules anytime you want. The rule above will allow anyone to read and write to your Cloud Firestore.

What file should be used for firestore rules firestore rules?

firestore. rules // is a file used to define the security rules for your Firestore database. firestore.

How do I modify Firebase rules?

Edit and update your rulesOpen the Firebase console and select your project. Then, select Realtime Database, Cloud Firestore or Storage from the product navigation, then click Rules to navigate to the Rules editor. Edit your rules directly in the editor.


2 Answers

Firestore rules now have a debug() function

It's still not brilliant but better than before.

like image 152
Stefan Avatar answered Sep 19 '22 16:09

Stefan


You may want to look into local rules emulation using the Firebase CLI, which is a brand new feature of the CLI. You can do simple logging with the emulator with the debug() function.

However, there is no way to log anything in security rules in production. If you want to verify that your rules work as expected, you should write some integration tests for those and run your tests to make sure access is rejected or allowed according to your specifications.

like image 41
Doug Stevenson Avatar answered Sep 21 '22 16:09

Doug Stevenson