How to restricts firebase storage access with my own authentication service

Question

I am using firebase storage in my app, And i am using my own user name and password authentication service, I have changed the rules to public so that i can upload and download data, but now i it gives me this warning

Your security rules are set to public. Anyone can read or write to your storage bucket

How can i protect app data without using any firebase sign-in or authentication methods ??

Answer 1

Since you're using your own service to authenticate users I can think of two options, both involving the admin SDK.

Option 1: Creating a custom token

Assuming you're authenticating users via a service running on your own server, you could slightly edit that system to include custom tokens by using the Firebase Admin SDK. Basically, if the details provided by the user match the details your service expected you can return a custom token that firebase can use to authenticate users. Then you can set Firebase security rules as you normally would. This is what I would recommend doing.

Create custom tokens

Option 2: Restrict access completely and request/upload data via your server

You can set your your security rules to false to restrict access to everyone. The Admin SDK should disregard these rules since it's an administration instance. You could then have your users upload files (or download requests) to your server. Your server would then use the Admin SDK to request the files from Firebase and send them back to the user.

Firebase Admin SDK

Answer 2

Give Read and Write permission only for the authorised users as below,

"rules": {
  ".read":  "auth != null",
  ".write": "auth != null",
 }
 }

Now you wont get any warnings.

Answer 3

Firebase rules are for both read and write

{
  "rules": {
    "foo": {
      ".read": true,
      ".write": false
    }
  }
}

you can make a variable read as true so that others can read the data but they can write into your data. hence your data is safe . Hope you got it