firestore.rules

rules_version = '2';
service cloud.firestore {
  function isMySelf(request, user_uid) {
    return request.auth != null && request.auth.uid == user_uid;
  }

  function isValidCard(card) {
    return ('front' in card && card.front is string && card.front.size() < 140) 
      && ('back' in card && card.back is string && card.back.size() < 140) 
      && ('archive' in card && card.archive is bool)
      && ('createdAt' in card && card.createdAt is timestamp)
      && ('updatedAt' in card && card.updatedAt is timestamp)
      && ('lock' in card && card.lock is bool)
      && ('random' in card && card.random is number)
      && ('quizCount' in card && card.quizCount is number)
      && ('wrongCount' in card && card.wrongCount is number)
      && ('wrongRate' in card && card.wrongCount is number)
      || (card.keys.hasAll(['comment']) && card.comment is string && card.comment.size() < 140)
      || (card.keys.hasAll(['tags']) && card.tags is list && card.tags.size() < 10);
  }

  function isValidTags(tags) {
    return ('tags' in tags && tags.tags is list && tags.tags.size() < 10);
  }

  function isValidSetting(setting) {
    return ('locale' in setting && setting.locale is string && setting.locale.matches('(en|ja)'));
  }

  match /databases/{database}/documents {
    match /users/{user_uid}/cards/{card_uid} {
      allow read: if isMySelf(request, user_uid);
      allow create: if isMySelf(request, user_uid) && isValidCard(request.resource.data);
      allow update: if isMySelf(request, user_uid) && isValidCard(request.resource.data);
      allow delete: if isMySelf(request, user_uid);
    }

    match /users/{user_uid} {
      allow read: if isMySelf(request, user_uid);
      allow create: if isMySelf(request, user_uid) && (isValidTags(request.resource.data) || isValidSetting(request.resource.data));
      allow update: if isMySelf(request, user_uid) && (isValidTags(request.resource.data) || isValidSetting(request.resource.data));
    }
  }
}