Add POC for RUTv2 with JS v9 modular SDK. (#209)

* Add POC for RUTv2 with JS v9 modular SDK.

* Add more Firestore unit tests

* Add database tests

* Define tests contexts in individual tests

* Fix and cleanup.

Co-authored-by: Rachel Myers <rachelmyers@google.com>

Author: yuchenshi

unit-test-security-rules-v9/.firebaserc

@@ -0,0 +1,5 @@
+{
+  "projects": {
+    "default": "demo-example-testing"
+  }
+}

unit-test-security-rules-v9/.gitignore

@@ -0,0 +1,65 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+firebase-debug.log*
+
+# Firebase cache
+.firebase/
+
+# Firebase config
+
+# Uncomment this if you'd like others to create their own Firebase project.
+# For a team working on the same Firebase project(s), it is recommended to leave
+# it commented so all members can deploy to the same project(s) in .firebaserc.
+# .firebaserc
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env

unit-test-security-rules-v9/README.md

@@ -0,0 +1,24 @@
+# Unit Test Security Rules with JS SDK v9
+
+This sample demonstrates how to write **unit tests** for security rules
+using the Firebase Emulator Suite, with latest modular JS SDK v9 and
+`@firebase/rules-unit-testing` v2.
+
+## Setup
+
+To install the dependencies for this sample run `npm install` inside this directory.
+You will also need the [Firebase CLI](https://firebase.google.com/docs/cli).
+
+## Run
+
+To run the Realtime Database tests:
+
+```
+firebase emulators:exec --only database "npm run test-database"
+```
+
+To run the Cloud Firestore tests:
+
+```
+firebase emulators:exec --only firestore "npm run test-firestore"
+```

unit-test-security-rules-v9/database.rules.json

@@ -0,0 +1,30 @@
+{
+  "rules": {
+    "users": {
+      "$userId": {
+        ".read": true,
+        ".write": "auth.uid == $userId"
+      }
+    },
+    "rooms": {
+      "$roomId": {
+        ".write": "data.child('owner').val() == auth.uid || !data.exists()",
+        ".validate": "newData.hasChild('owner')",
+        "owner": {
+          ".validate": "newData.isString() && newData.val() == auth.uid"
+        },
+        "members": {
+          "$memberId": {
+            ".write": "!newData.exists() && auth.uid == $memberId"
+          }
+        },
+        "messages": {
+          ".read": "auth != null && data.parent().child('members').child(auth.uid).exists()",
+          "$messageId": {
+            ".write": "auth != null && data.parent().child('members').child(auth.uid).exists()"
+          }
+        }
+      }
+    }
+  }
+}

unit-test-security-rules-v9/firebase.json

@@ -0,0 +1,26 @@
+{
+  "database": {
+    "rules": "database.rules.json"
+  },
+  "storage": {
+    "rules": "storage.rules"
+  },
+  "firestore": {
+    "rules": "firestore.rules",
+    "indexes": "firestore.indexes.json"
+  },
+  "emulators": {
+    "firestore": {
+      "port": 8080
+    },
+    "database": {
+      "port": 9000
+    },
+    "ui": {
+      "enabled": true
+    },
+    "storage": {
+      "port": 9199
+    }
+  }
+}

unit-test-security-rules-v9/firestore.rules

@@ -0,0 +1,16 @@
+rules_version = '2';
+service cloud.firestore {
+  match /databases/{database}/documents {
+    match /users/{userId} {
+      allow read;
+      allow create: if request.auth.uid == userId && request.resource.data.createdAt == request.time;
+    }
+    match /rooms/{roomId} {
+      allow read;
+      // If you create a room, you must set yourself as the owner.
+      allow create: if request.resource.data.owner == request.auth.uid;
+      // Only the room owner is allowed to modify it, and owner mustn't be able to assign his room to other user.
+      allow update: if resource.data.owner == request.auth.uid && request.resource.data.owner == request.auth.uid;
+    }
+  }
+}