Security rules in version control
199 views
Skip to first unread message
Matthew Huebert
Mar 30, 2014, 3:10:51 PM3/30/14
to fireba...@googlegroups.com
I'm writing my first Firebase app and see that a lot of important code will exist only in security rules, which are written directly in a browser app (Forge).
Since this is the mission-critical code that all of my data depends on, I'd like it to be in version control. Is copy/pasting these rules into a text file in my repo whenever I make changes the recommended way to do this? (It would be nice if I could just push a git repo with security rules somewhere!)
Matt
Michael Wulf
Mar 30, 2014, 3:29:34 PM3/30/14
to fireba...@googlegroups.com
Hi Matthew,
Great suggestion!
I store mine locally in VCS and copy/paste them to Forge for all of my projects. One thing that may help you is putting a version number in a comment at the top of the file. If that were automagically updated by your build script with the file's last modify time, or the current project version, it would be easy to detect if the two ever become out of sync.
Regards,
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Beni Cherniavsky-Paskin
Mar 30, 2014, 5:49:30 PM3/30/14
to fireba...@googlegroups.com
You can use `firebase deploy` command-line tool <https://www.firebase.com/docs/hosting.html>
to push the rules from a file.
Apparently you can't push rules without pushing hosted files?
But all it does is write to .settings/rules.json: https://www.firebase.com/docs/rest-api.html#retrieving-and-updating-security-rules
so you can roll your own - but it makes sense to reuse the implementation (especially I like that it stores the secret token in ~/.firebaserc so it won't accidentally get into my VCS).
Matthew Huebert
Mar 30, 2014, 8:15:15 PM3/30/14
to fireba...@googlegroups.com
Oh, excellent.
I guess setting "public" to an empty directory in firebase.json would avoid uploading files.
Thanks!
Chris Raynor
Apr 1, 2014, 5:25:25 PM4/1/14
to fireba...@googlegroups.com
Hi Matthew,
currently setting "public" to an empty directory in firebase.json will upload an empty tarball to Firebase Hosting, which will trigger the site to be removed. But if there's nothing there in the first place there shouldn't be any issues
Chris
(engineer building the Firebase Hosting beta and the firebase-tools package)
Reply all
Reply to author
Forward
0 new messages