SecureChat/firebase-rules.json at main · DevBot667/SecureChat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{
  "rules": {
    "conversations": {
      "$conversationId": {
        ".read": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
        ".write": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists() && !newData.exists()",
        "participants": {
          ".read": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
          "$uid": {
            ".write": "auth != null && auth.uid === $uid",
            ".validate": "newData.isBoolean()"
          }
        },
        "messages": {
          ".read": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
          ".write": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
          ".indexOn": ["createdAt"],
          "$messageId": {
            ".validate": "newData.hasChildren(['ciphertext', 'iv', 'createdAt', 'senderUid']) && newData.child('ciphertext').isString() && newData.child('ciphertext').val().length > 0 && newData.child('ciphertext').val().length < 65536 && newData.child('iv').isString() && newData.child('iv').val().length > 0 && newData.child('iv').val().length < 100 && newData.child('senderUid').isString() && newData.child('senderUid').val().length === 32 && newData.child('createdAt').isNumber() && newData.child('createdAt').val() <= now + 60000 && (!newData.hasChild('ephemeralKey') || newData.child('ephemeralKey').isString()) && (!newData.hasChild('kemCiphertext') || newData.child('kemCiphertext').isString())"
          }
        },
        "settings": {
          ".read": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
          ".write": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
          "ephemeralDuration": {
            ".validate": "newData.isNumber() && newData.val() >= 0"
          }
        }
      }
    },
    "inbox": {
      "$recipientHash": {
        ".read": "auth != null",
        ".write": "auth != null && (!data.exists() || !newData.exists())",
        "$requestId": {
          ".validate": "newData.hasChildren(['e', 'createdAt']) && newData.child('e').isString() && newData.child('e').val().length > 0 && newData.child('e').val().length < 8192 && newData.child('createdAt').isNumber() && newData.child('createdAt').val() <= now + 60000"
        }
      }
    },
    "accepted": {
      "$conversationId": {
        ".read": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
        ".write": "root.child('conversations').child($conversationId).child('participants').child(auth.uid).exists()",
        "acceptedBy": { ".validate": "newData.isString() && newData.val().length < 500" },
        "createdAt": { ".validate": "newData.isNumber()" }
      }
    },
    "users": {
      ".indexOn": ["publicKey"],
      "$uid": {
        ".read": "auth != null",
        ".write": "auth.uid === $uid",
        "publicKey":        { ".validate": "newData.isString() && newData.val().length < 500" },
        "fcm_token":        {
          ".read":     "auth.uid === $uid",
          ".validate": "newData.isString() && newData.val().length < 500"
        },
        "signingPublicKey": { ".validate": "newData.isString() && newData.val().length < 500" },
        "mlkemPublicKey":   { ".validate": "newData.isString() && newData.val().length < 3000" }
      }
    },
    "signing_keys": {
      "$pubKeyHash": {
        ".read":     "auth != null",
        ".write":    "auth != null && (!data.exists() || !newData.exists())",
        ".validate": "newData.isString() && newData.val().length > 0 && newData.val().length < 3000"
      }
    },
    "mlkem_keys": {
      "$pubKeyHash": {
        ".read":     "auth != null",
        ".write":    "auth != null && (!data.exists() || !newData.exists())",
        ".validate": "newData.isString() && newData.val().length > 0 && newData.val().length < 3000"
      }
    }
  }
}