Do not allow future channel.created dates

oskarrough · oskarrough · commit 07002baec58a · 2017-10-04T13:00:44.000+02:00
and fix indention
diff --git a/database.rules.json b/database.rules.json
@@ -48,7 +48,7 @@
 							// so instead we just prevent a user to add to himself a radio that already
 							// has tracks in -> so no radio hijack
 							".validate": "root.child('channels').child($channelID).exists() && !root.child('users').child(auth.uid).child('channels').child($channelID).exists() && !root.child('channels').child($channelID).child('tracks').exists()"
-					}
+						}
 				}/*,
 				"$other": {
 					".validate": false
@@ -66,18 +66,18 @@
 				// write: only logged-in-user without a user settings can create a new one to himself
 				".read": "auth != null && (data.child('user').val() === auth.uid)",
 				".write": "auth != null && ((data.child('user').val() === auth.uid) || (root.child('users').child(auth.uid).hasChild('settings') === false))",
-        ".validate": "newData.hasChild('user')",
+				".validate": "newData.hasChild('user')",
 				"user": {
 					".validate": "newData.val() === auth.uid"
 				},
 				"isRemoteActive": {
 					".validate": "newData.isBoolean()"
 				},
-        "playedChannels": {
-          "$channel": {
+				"playedChannels": {
+					"$channel": {
 						".validate": "newData.isBoolean() && root.child('channels').child($channel).exists()"
-          }
-        },
+					}
+				},
 				"$other": {
 					".validate": false
 				}
@@ -105,7 +105,8 @@
 				},
 				"created": {
 					// Ensure type::number and that you can not update it
-          ".validate": "data.exists() && data.val() === newData.val() || newData.val() > now - 1000"
+					// OR allow a timestamp within the last second
+					".validate": "data.exists() && data.val() === newData.val() || (newData.val() >= now -1000 && newData.val() <= now)"
 				},
 				"updated": {
 					// Ensure type::number and that you can not update it
