Created
July 16, 2024 20:44
-
-
Save sorokinvj/96b8390cbbdebebc9a86e3452918744b to your computer and use it in GitHub Desktop.
Cosmic Firestore rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rules_version = '2'; | |
| service cloud.firestore { | |
| match /databases/{database}/documents { | |
| function getAgentSign(missionId) { | |
| let signs = get(/databases/$(database)/documents/missions/$(missionId)).data.agentSigns; | |
| return signs[request.auth.uid] ?? 'Ophiuchus'; | |
| } | |
| function isAstroSpymaster() { | |
| return request.auth.token.role == 'astro-spymaster'; | |
| } | |
| function isMoonPhaseAuthenticated() { | |
| return request.auth.token.moonPhase == 'full'; | |
| } | |
| function isWithinCosmicWindow(celestialWindows) { | |
| let now = request.time.toMillis(); | |
| return celestialWindows.hasAny([w => now >= w.start && now <= w.end]); | |
| } | |
| match /missions/{missionId} { | |
| allow read: if resource.data.clearanceLevel == 'public' || | |
| (resource.data.clearanceLevel == 'classified' && getAgentSign(missionId) != null) || | |
| (resource.data.clearanceLevel == 'ultra-secret' && getAgentSign(missionId) != null && isMoonPhaseAuthenticated()); | |
| allow create: if isAstroSpymaster(); | |
| allow update: if (getAgentSign(missionId) in ['Scorpio', 'Gemini']) && | |
| isWithinCosmicWindow(resource.data.celestialWindows) && | |
| (resource.data.clearanceLevel != 'ultra-secret' || isMoonPhaseAuthenticated()); | |
| allow delete: if isAstroSpymaster() && isMoonPhaseAuthenticated(); | |
| } | |
| match /missions/{missionId}/intel/{intelId} { | |
| allow read: if get(/databases/$(database)/documents/missions/$(missionId)).data.clearanceLevel == 'public' || | |
| getAgentSign(missionId) != null; | |
| allow create, update: if getAgentSign(missionId) in ['Scorpio', 'Gemini', 'Aquarius'] && | |
| isWithinCosmicWindow(get(/databases/$(database)/documents/missions/$(missionId)).data.celestialWindows); | |
| allow delete: if getAgentSign(missionId) in ['Scorpio', 'Gemini']; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Today, I challenged Claude, an AI assistant (Sonnet 3.5) to showcase the most awesome example of Firestore security rules. He came up with a brilliant example (and also wrote this post).
The response? A spy-worthy system that would make James Bond jealous!
Imagine a top-secret mission planning system where:
Here's the full, action-packed security ruleset (you could copy-paste it from the comments)
Now, you're probably wondering, "Why the cosmic time windows?" Well, Claude and I took a journey through the astral plane, and here's what we discovered:
It's not just about global security—it's about celestial security. Our top astro-cryptographers have discovered that certain planetary alignments create 'Cosmic Blind Spots' in enemy surveillance. These rare windows, which we call 'Mercury's Shadow,' occur when Mercury isn't in retrograde (because even spies fear Mercury retrograde).
During 'Mercury's Shadow,' our quantum encryption satellites align perfectly with the constellation Scorpio (known for its secrecy), creating an unbreakable cosmic VPN. This celestial phenomenon typically lasts for 108 minutes every 36 hours.
Our isWithinMissionWindow() function ensures updates only happen during these astrologically auspicious periods. After all, in the world of espionage, your horoscope might just save your life!
This is what happens when you mix NoSQL databases, spy novels, and a dash of cosmic humor. Who knew database security could be so... out of this world? 🌠🔐🕵️♂️
P.S. No AIs were intoxicated in the making of this post. But we can't speak for the planets.