UNPKG

targaryen

Version:

Test Firebase security rules without connecting to Firebase.

github.com/goldibex/targaryen

goldibex/targaryen

226 lines (154 loc) 7.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
## Standalone Install Targaryen locally and run it like so: ```bash $ npm install -g targaryen ... $ targaryen path/to/rules.json path/to/tests.json 0 failures in 20 tests ``` [See the docs](https://github.com/goldibex/targaryen/blob/master/docs/targaryen) or [take a look at Targaryen's own integration tests](https://github.com/goldibex/targaryen/blob/master/test/integration/tests.json) to learn more. targaryen exits with a non-zero error code if the tests failed, or zero if they passed. ## With a test framework To use either Jasmine or Chai, you'll need to get the Targaryen API. This is as simple as ```bash npm install --save-dev targaryen@3 ``` followed by ```js var targaryen = require('targaryen'); ``` Before your tests start, you need to call two different methods: `targaryen.setFirebaseData(data)`: set the database state for the test. `data` is a plain old Javascript object containing whatever data you want to be accessible via the `root` and `data` objects in the security rules. You can either use the data format of Firebase's `exportVal` (i.e., with ".value" and ".priority" keys) or just a plain Javascript object. The plain object will be converted to the Firebase format. `targaryen.setFirebaseRules(rules)`: set the database rules for the test. `rules` is a plain old Javascript object with the contents `rules.json`, so you can just say `targaryen.setFirebaseRules(require('./rules.json'))` and be on your way. ### Chai Docs are at [docs/chai](https://github.com/goldibex/targaryen/blob/master/docs/chai). A quick example: ```js var chai = require('chai'), expect = chai.expect, targaryen = require('targaryen'); chai.use(targaryen.chai); describe('A set of rules and data', function() { before(function() { // when you call setFirebaseData, you can either use the data format // of `exportVal` (i.e., with ".value" and ".priority" keys) or just a plain // Javascript object. The plain object will be converted to the Firebase format. targaryen.setFirebaseData({ users: { 'password:500f6e96-92c6-4f60-ad5d-207253aee4d3': { name: { '.value': 'Rickard Stark', '.priority': 2 } }, 'password:3403291b-fdc9-4995-9a54-9656241c835d': { name: 'Mad Aerys', king: true } } }); // any logged-in user can read a user object, but only the king can write them! targaryen.setFirebaseRules({ rules: { users: { '.read': 'auth !== null', '.write': "root.child('users').child(auth.uid).child('king').val() === true" } } }); }); it('can be tested', function() { expect(targaryen.users.unauthenticated) .cannot.read.path('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3'); expect(targaryen.users.password) .can.read.path('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3'); expect(targaryen.users.password) .cannot.write(true).to.path('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent'); expect({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d' }) .can.write(true).to.path('users/password:3403291b-fdc9-4995-9a54-9656241c835d/on-fire'); expect(targaryen.users.password) .cannot.patch('/', { 'users/password:3403291b-fdc9-4995-9a54-9656241c835d/on-fire': null, 'users/password:3403291b-fdc9-4995-9a54-9656241c835d/innocent': true }); expect({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d' }) .can.patch('/', { 'users/password:3403291b-fdc9-4995-9a54-9656241c835d/on-fire': true, 'users/password:3403291b-fdc9-4995-9a54-9656241c835d/innocent': null }); }); }); ``` ### Jasmine Docs are at [docs/jasmine](https://github.com/goldibex/targaryen/blob/master/docs/jasmine). A quick example: ```js var targaryen = require('targaryen'); // see Chai example above for format targaryen.setFirebaseData(...); targaryen.setFirebaseRules(...); describe('A set of rules and data', function() { beforeEach(function() { jasmine.addMatchers(targaryen.jasmine.matchers); }); it('can be tested', function() { expect(targaryen.users.unauthenticated) .cannotRead('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3'); expect(targaryen.users.password) .canRead('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3'); expect(targaryen.users.password) .cannotWrite('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent', true); expect({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d'}) .canWrite('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/onFire', true); expect({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d'}) .canPatch('/', { 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/onFire': true, 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent': null }); expect({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d'}) .cannotPatch('/', { 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/onFire': null, 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent': true }); }); }); ``` ### Jest Docs are at [docs/jest](https://github.com/goldibex/targaryen/blob/master/docs/jest). A quick example: ```js const targaryen = require('targaryen/plugins/jest'); // see Chai example above for format const rules = targaryen.json.loadSync(RULES_PATH); const data = require(DATA_PATH); expect.extend({ toAllowRead: targaryen.toAllowRead, toAllowUpdate: targaryen.toAllowUpdate, toAllowWrite: targaryen.toAllowWrite }); describe('A set of rules and data', function() { const database = targaryen.getDatabase(rules, data); it('should allow authenticated user to read all data', function() { expect(database.as({uid: 'foo'})).toAllowRead('/'); expect(database.as(null)).not.toAllowRead('/'); }) it('can be tested', function() { expect(database.as(targaryen.users.unauthenticated)) .not.toAllowRead('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3'); expect(database.as(targaryen.users.password)) .toAllowRead('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3'); expect(database.as(targaryen.users.password)) .not.toAllowWrite('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent', true); expect(database.as({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d'})) .toAllowWrite('users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/onFire', true); expect(database.as({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d'})) .toAllowUpdate('/', { 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/onFire': true, 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent': null }); expect(database.as({ uid: 'password:3403291b-fdc9-4995-9a54-9656241c835d'})) .not.toAllowUpdate('/', { 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/onFire': null, 'users/password:500f6e96-92c6-4f60-ad5d-207253aee4d3/innocent': true }); }); }); ```