Improve security

OpenRedSoftware · Feb 24, 2024 · 1e83110 · 1e83110
1 parent 61d86d9
commit 1e83110
Showing 1 changed file with 23 additions and 4 deletions.
diff --git a/database.rules.json b/database.rules.json
@@ -1,7 +1,26 @@
 {
-  /* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
   "rules": {
-    ".read": true,
-    ".write": true
+    "polls": {
+      "$pollId": {
+        // Allow read access to everyone
+        ".read": "true",
+
+        // Existing polls cannot be modified or deleted
+        ".write": "!data.exists() && newData.exists()",
+
+        // Validate the poll structure
+        ".validate": "newData.hasChildren(['id', 'question', 'options', 'votes'])"
+      }
+    },
+    "nextPollId": {
+      // Allow read access
+      ".read": "true",
+
+      // Increment operation only
+      ".write": "!data.exists() && newData.val() === 1 || newData.val() === data.val() + 1",
+
+      // Validate that the nextPollId is a number
+      ".validate": "newData.isNumber()"
+    }
   }
-}
+}