You're viewing the legacy docs. They are deprecated as of May 18, 2016.
Go to current docs

5 minute quickstart

Bolt Quickstart

The Bolt Compiler is a Type-based modeling and authorization language that compiles to JSON based security rules.

Installation

Bolt is used from the command-line. Install the npm packages firebase-tools and firebase-bolt.

npm install --global firebase-tools
npm install --global firebase-bolt

Create a Bolt file

Bolt files are named with a .bolt extension. Most Bolt files are named rules.bolt.

Inside of Bolt file is where you can specify your database's permissions. By default, your app has rules which grants every request full read and write permissions to your database:

path / {
  read() = true;
  write() = true;
}

Create a schema using types

Your Bolt rules can model types that verify the structure of the data you have stored in your database. For example, say you are keeping track of a list of messages and that your data looks like this:

{
  "messages": {
    "message0": {
      "content": "Hello",
      "timestamp": 1405704370369
    },
    "message1": {
      "content": "Goodbye",
      "timestamp": 1405704395231
    },
    ...
  }
}

Using a type statement in Bolt allows you to specify a schema.

type Message {
  content: String,
  timestamp: Number,
}

To enforce a schema at a path in Bolt, you specify what type applies to a path.

type Message {
  content: String,
  timestamp: Number,
}

path /messages/$message is Message {
  read() = this.timestamp > (now - 600000);
}

Define a function

Bolt supports user-defined functions to make it easier to reuse rules logic. We can update our previous read() rule to use a function.

hasNotExpired(timestamp) = timestamp > (now - 600000);

path /messages/$message is Message {
  read() = hasNotExpired(this.timestamp);
  write() = hasNotExpired(this.timestamp);
}

The function takes in a timestamp and checks that it is greater than the current timestamp minus 10 minutes ago. This function returns an expression so it can be assigned to either a read() or a write() rule.

Compile and Upload

Bolt is designed to output idiomatic Firebase JSON Rules. To see the JSON rules result, compile the rules with the command-line tool.

// rules.bolt
hasNotExpired(timestamp) = timestamp > (now - 600000);

type Message {
  content: String,
  timestamp: Number,
}

path /messages/$message is Message {
  read() = hasNotExpired(this.timestamp);
  write() = hasNotExpired(this.timestamp);
}
// save the output to a rules.json file
firebase-bolt < rules.bolt > rules.json
// rules.json
{
  "rules": {
    "messages": {
      "$message": {
        ".validate": "newData.hasChildren(['content', 'timestamp'])",
        "content": {
          ".validate": "newData.isString()"
        },
        "timestamp": {
          ".validate": "newData.isNumber()"
        },
        "$other": {
          ".validate": "false"
        },
        ".read": "data.child('timestamp').val() > now - 600000",
        ".write": "newData.child('timestamp').val() > now - 600000"
      }
    }
  }
}

After rules.json has been created, you can upload the rules to your Firebase using the firebase-tools command-line tool. Make sure you have specified your rules file in your firebase.json configuration.

firebase deploy:rules

You can also copy-and-paste the compiled JSON rules to the Firebase App Dashboard under the security tab.

Next Steps

This just gave you a quick summary of the basics of the Bolt compiler. Continue reading on through the Bolt guide for more detailed explanations. You can also check out the full Bolt language specification.