Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 21f75ec

Browse files
cp-nirali-scp-nirali-s
committedJan 10, 2025·
Added firestore rule&added ses client inside mail_service
1 parent 59aef69 commit 21f75ec

File tree

2 files changed

+40
-29
lines changed

2 files changed

+40
-29
lines changed
 

‎firestore.rules

+20-13
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,11 @@ service cloud.firestore {
3535

3636
// For Share Codes Collection
3737
match /shared_codes/{sharedCodeId} {
38-
allow read: if isAuthorized();
38+
allow read: if isAuthorized();
3939

40-
allow create: if isUserPartOfGroup(request.resource.data.group_id);
40+
allow create: if isUserPartOfGroup(request.resource.data.group_id);
4141

42-
allow delete: if isUserPartOfGroup(resource.data.group_id);
42+
allow delete: if isUserPartOfGroup(resource.data.group_id);
4343
}
4444

4545
// For Groups Collection
@@ -48,22 +48,22 @@ service cloud.firestore {
4848

4949
allow create: if isAuthorized() && isCurrentUser(request.resource.data.created_by);
5050

51-
allow update: if isAuthorized() && (resource.data.members.hasAny([request.auth.uid]) ||
52-
(!resource.data.members.hasAny([request.auth.uid]) &&
53-
request.resource.data.diff(resource.data).affectedKeys().hasOnly(["members"])))
54-
|| request.resource.data.keys().hasAny(["updated_at", "updated_by"]
55-
);
51+
allow update: if isAuthorized() &&
52+
(resource.data.members.hasAny([request.auth.uid]) ||
53+
(!resource.data.members.hasAny([request.auth.uid]) &&
54+
request.resource.data.diff(resource.data).affectedKeys().hasOnly(["members"]))) ||
55+
request.resource.data.keys().hasAny(["updated_at", "updated_by"]);
5656

5757
allow delete: if isAuthorized() &&
58-
resource.data.members.hasAny([request.auth.uid]);
58+
resource.data.members.hasAny([request.auth.uid]);
5959
}
6060

6161
// For Expenses Collection
6262
match /groups/{groupId}/expenses/{expenseId} {
6363
allow read: if isAuthorized();
6464

6565
allow create: if isCurrentUser(request.resource.data.added_by) &&
66-
isUserPartOfGroup(groupId);
66+
isUserPartOfGroup(groupId);
6767

6868
allow update: if isUserPartOfGroup(groupId);
6969

@@ -72,7 +72,7 @@ request.resource.data.diff(resource.data).affectedKeys().hasOnly(["members"])))
7272

7373
// For Transactions Collection
7474
match /groups/{groupId}/transactions/{transactionId} {
75-
allow read: if isAuthorized();
75+
allow read: if isAuthorized();
7676

7777
allow create: if isUserPartOfGroup(groupId) &&
7878
isMemberPartOfGroup(groupId, request.resource.data.payer_id) &&
@@ -85,15 +85,22 @@ request.resource.data.diff(resource.data).affectedKeys().hasOnly(["members"])))
8585
allow delete: if isUserPartOfGroup(groupId);
8686
}
8787

88+
// For Feedback Collection
89+
match /feedbacks/{feedbackId} {
90+
allow create: if isAuthorized();
91+
92+
allow read: if isAuthorized();
93+
}
94+
8895
// Use for sub-collection as it'll not have parent's data
8996
function isUserPartOfGroup(groupId) {
9097
let memberIds = get(/databases/$(database)/documents/groups/$(groupId)).data.members;
91-
return isAuthorized() && memberIds.hasAny([request.auth.uid]);
98+
return isAuthorized() && memberIds.hasAny([request.auth.uid]);
9299
}
93100

94101
function isMemberPartOfGroup(groupId, memberId) {
95102
let memberIds = get(/databases/$(database)/documents/groups/$(groupId)).data.members;
96103
return isAuthorized() && memberIds.hasAny([memberId]);
97104
}
98105
}
99-
}
106+
}

‎functions/src/mail/mail_service.ts

+20-16
Original file line numberDiff line numberDiff line change
@@ -3,24 +3,28 @@
33
import { SendEmailCommand, SESClient } from "@aws-sdk/client-ses";
44
require('dotenv').config()
55

6-
// Fetch AWS credentials securely from environment variable
7-
const AWS_ACCESS_KEY_ID = process.env.AWS_ACCESS_KEY_ID;
8-
const AWS_SECRET_ACCESS_KEY = process.env.AWS_SECRET_ACCESS_KEY;
9-
const REGION = "ap-south-1";
6+
export class MailService {
7+
private sesClient: SESClient;
108

11-
if (!AWS_ACCESS_KEY_ID || !AWS_SECRET_ACCESS_KEY) {
12-
throw new Error('AWS credentials are missing');
13-
}
9+
constructor() {
10+
const AWS_ACCESS_KEY_ID = process.env.AWS_ACCESS_KEY_ID;
11+
const AWS_SECRET_ACCESS_KEY = process.env.AWS_SECRET_ACCESS_KEY;
12+
const REGION = "ap-south-1";
1413

15-
const sesClient = new SESClient({
16-
credentials: {
17-
accessKeyId: AWS_ACCESS_KEY_ID,
18-
secretAccessKey: AWS_SECRET_ACCESS_KEY,
19-
},
20-
region: REGION,
21-
});
14+
// Check if the necessary credentials are present before initializing the client
15+
if (!AWS_ACCESS_KEY_ID || !AWS_SECRET_ACCESS_KEY) {
16+
throw new Error('AWS credentials are missing. Please provide AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY');
17+
}
18+
19+
this.sesClient = new SESClient({
20+
credentials: {
21+
accessKeyId: AWS_ACCESS_KEY_ID,
22+
secretAccessKey: AWS_SECRET_ACCESS_KEY,
23+
},
24+
region: REGION,
25+
});
26+
}
2227

23-
export class MailService {
2428
private createSendEmailCommand(toAddresses: string[], fromAddress: string, subject: string, body: string): SendEmailCommand {
2529
return new SendEmailCommand({
2630
Destination: {
@@ -48,6 +52,6 @@ export class MailService {
4852

4953
async sendEmail(to: string[], from: string, subject: string, body: string): Promise<void> {
5054
const mail = this.createSendEmailCommand(to, from, subject, body);
51-
await sesClient.send(mail);
55+
await this.sesClient.send(mail);
5256
}
5357
}

0 commit comments

Comments
 (0)
Please sign in to comment.