Skip to main content

A month of Flutter: set up Firestore rules tests


Originally published on bendyworks.com.


One aspect of using Firestore for my data backend means I need to be certain my security rules are configured correctly. Otherwise users might be able to read or write date they shouldn't have access to.
A few days ago I set up Firestore in the server directory. I'm going to continue that work and configure tests to run on the Firestore emulator based off of the typescript-qickstart example.
In package.json I'll add some devDependencies and define several scriptsNode package scripts can be run with npm run <name>.
  • postinstall will set up the Firestore emulator after npm install is run in the scripts directory
  • start-emulator will will do just that
  • pretest will compile the project's TypeScript files before the test script is run
  • test will run the actual tests within the test directory using mocha test runner
  • posttest will cleanup the test *.js and *.js.map files created during pretest
  • ci uses a handy Node package start-server-and-test to start the emulator, wait for it to be ready, run the tests, and then shut down
I created a new tsconfig.json file with npx tsc --init. The two main changes I made were to target es6 instead of es5 and enable experimentalDecorators for the mocha-typescript package.
Within test/firestore.ts I'm defining a FirestoreTest class that will handle loading the rules, and setting up and tearing down test databases. mocha-typescript will use a new instance of this class for each test. Each instance will use a different projectId to avoid different test runs from interfering with each other.
The Cloud Firestore emulator persists data. This might impact your results. To run tests independently, assign a different project ID for each, independent test. When you call firebase.initializeAdminApp or firebase.initializeTestApp, append a user ID, timestamp, or random integer to the projectID.
I changed firestore.rules so there was an allowed rule and a denied rule. These will be updated with real rules before the next deploy.
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
      allow write: if false;
    }
  }
}
The initial tests for the user collection in user_rules_test.ts look like this:
@suite
class Users extends FirestoreTest {
  @test
  async 'can read'() {
    const user = this.db().collection('users').doc('alice');
    await firebase.assertSucceeds(user.get());
  }

  @test
  async 'can not write'() {
    const user = this.db().collection('users').doc('alice');
    await firebase.assertFails(user.set({ nickname: 'alice' }));
  }
}
The @suite@test, and class style is supported by mocha-typescript. One of the reasons I chose TypeScript instead of JavaScript is because the types are similar to Dart much of the time.
I created a success test and a failure test to as proof of concept while setting up all the tooling. They get a database handle and assert that it can be read or written to.
I can now run npm run ci and see the following:
  Users
    ✓ can read (162ms)
    ✓ can not write (95ms)
  2 passing (462ms)
The next step will be to get these tests running along with the existing CI.

Code changes

Comments

Popular posts from this blog

Sync is currently experiencing problems

Update : I now recommend you install Google Chrome  and  disable  the built in Browser as it supports encrypting all synced data. After picking up a gorgeous  Galaxy Nexus yesterday I was running into an issue where my browser data wasn't syncing to the phone. After a little Googling I found this is commonly caused by having all of my synced Chrome data encrypted instead of the default of only encrypting the passwords. These are the steps I went through to get my dat syncing again without losing any of it. The exact error I was getting was "Sync is currently experiencing problems. It will be back shortly." In Google Chrome open the personal stuff settings page by clicking this link or by opening the wrench menu, and click on "signed in with example@gmail.com".  Hit "disconnect your Google Account" to temporarily disable syncing from your browser. Visit the Google Dashboard and "Stop sync and delete data from Google". I waite

Installing Storytlr the lifestreaming platform

" Storytlr  is an open source lifestreaming and micro blogging platform. You can use it for a single user or it can act as a host for many people all from the same installation." I've been looking for something like Storytlr for a few months now or at least trying to do it with Drupal . While I love Drupal and FeedAPI  I did not want to spend all that time building a lifestream website. So I've been playing around with Storytlr instead and found it very easy. Here is how I got it up and running on a Ubuntu EC2 server. You can also check out the official Storytlr install instructions . Assumptions: LAMP stack installed and running. Domain setup for a directory. MySQL database and user ready to go. Lets get started! Get the code : wget http://storytlr.googlecode.com/files/storytlr-0.9.2.tgz tar -xvzf storytlr-0.9.2.tgz You can find out the  latest stable release  on Storytlr's downloads page. Import the database : Within protected/install is database.sq

A month of Flutter: a look back

Originally published on bendyworks.com . This is it. 31 blog posts in 31 days. Writing  a month of flutter  has been a ton of work but also lots of fun and a good learning experience. I really appreciate how supportive and and positive everyone as been. Publishing experience For the series I've been posting on  bendyworks.com ,  DEV ,  my personal blog , and  Medium . After publishing to these sites, I would put the Bendyworks link on  Twitter ,  Reddit , and the  Flutter Study Group Slack . Posting to DEV was easy as they use Markdown just like the Bendworks blog. DEV also has built in support for a  series of posts  so it's easy to read the entire series. I did have to manually upload any embedded images. DEV also has a number of  liquid tags  for embedding things like GitHub issues that I didn't make as much use of as I should have. Blogger is rich text so it was easy to copy/paste the rendered posts. This would hotlink all the images though so I had to rem