23 lines
2.3 KiB
JavaScript
23 lines
2.3 KiB
JavaScript
|
|
const admin=require('firebase-admin'),path=require('path')
|
||
|
|
const SA=path.join(__dirname,'..','closer-app-22014-firebase-adminsdk-fbsvc-ed20bf6003.json')
|
||
|
|
const PROJECT='closer-app-22014',APIKEY='AIzaSyDAD7FnEYzhMsil41SzJ1XMjUNnJWmjie8',COUPLE='Xal3Kw3gjSdn0niERYKJ'
|
||
|
|
const QA='Y05AKO2IlTPMa0JQW1BiNIM0uzK2'
|
||
|
|
admin.initializeApp({credential:admin.credential.cert(require(SA))}); const db=admin.firestore()
|
||
|
|
const base=`https://firestore.googleapis.com/v1/projects/${PROJECT}/databases/(default)/documents`
|
||
|
|
const arr=u=>({arrayValue:u.length?{values:u.map(x=>({stringValue:x}))}:{}})
|
||
|
|
;(async()=>{
|
||
|
|
const custom=await admin.auth().createCustomToken(QA)
|
||
|
|
const tr=await fetch(`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${APIKEY}`,{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({token:custom,returnSecureToken:true})})
|
||
|
|
const tok=(await tr.json()).idToken
|
||
|
|
const snap=await db.collection('couples').doc(COUPLE).collection('sessions').get()
|
||
|
|
let pos=null,fc=null
|
||
|
|
snap.forEach(d=>{const x=d.data(); const j=x.joinedByUsers||[]; if(!pos && d.id!=='_active' && !j.includes(QA)) pos={id:d.id,j}; if(!fc && d.id!=='_active') fc={id:d.id,c:x.completedByUsers||[]}})
|
||
|
|
if(pos){
|
||
|
|
const r=await fetch(`${base}/couples/${COUPLE}/sessions/${pos.id}?updateMask.fieldPaths=joinedByUsers`,{method:'PATCH',headers:{Authorization:`Bearer ${tok}`,'Content-Type':'application/json'},body:JSON.stringify({fields:{joinedByUsers:arr([...new Set([...pos.j,QA])])}})})
|
||
|
|
console.log(` ${r.status===200?'✅':'❌❌'} own-uid add joinedByUsers: ${r.status===200?'ALLOWED(200)':'DENIED('+r.status+')'} (expected allow) [${pos.id}]`)
|
||
|
|
} else console.log(' (no session without QA in joinedByUsers to test own-add)')
|
||
|
|
const r2=await fetch(`${base}/couples/${COUPLE}/sessions/${fc.id}?updateMask.fieldPaths=completedByUsers`,{method:'PATCH',headers:{Authorization:`Bearer ${tok}`,'Content-Type':'application/json'},body:JSON.stringify({fields:{completedByUsers:arr([...new Set([...fc.c,'bogus-'+Date.now()])])}})})
|
||
|
|
console.log(` ${r2.status!==200?'✅':'❌❌'} foreign-add completedByUsers: ${r2.status!==200?'DENIED('+r2.status+')':'ALLOWED(200)'} (expected deny) [${fc.id}]`)
|
||
|
|
process.exit(0)
|
||
|
|
})().catch(e=>{console.error('FATAL',e.message);process.exit(2)})
|