Firestore Security Rule denying read/write on firebase-storage

Question

Trying to add security rules to storage. When I add a security rule to make sure only authenticated users should be allowed with read/write, simulator is working. But when I try to add another constraint on the size of a file, I'm encountering an error.

The following is the Security Rule:

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if request.auth != null && request.resource.size < 5 * 1024 * 1024;
    }
  }
}

I have files under files\ I get the following error in simulator:

Simulated read denied

Error details:

Error: simulator.rules line [4], column [29]. Property resource is undefined on object.

Issue happens if I try to simulate write as well.

EDIT1: IMPORTANT

OK! I found this question and tried experimenting a bit on that line and got the simulator allowing read/write! I made the following change:

allow read, write: if request.auth != null && (request != null 
                                                || request.resource.size < 5 * 1024 * 1024);

That's basically I added a null check. So, at the moment, I'm not clear what's going on here!

Answer 1

I was able to work around this with a rule like

    match /users/{uid}/{document=**} {
      allow read, create, update: if
          request.auth != null &&
          request.auth.uid == uid &&
          (!("resource" in request) || request.resource.data.uid == request.auth.uid);
    }

In this case I wanted to ensure that the "uid" property in the update matches the user's uid. However, if in the simulator you don't do "Build Document" first then request.resource is undefined (I think this is a bug; it should be defined but null IMO).

I believe this really only applies in the simulator, and is not a realistic scenario since create/update requests will always contain a document, even an empty one. But I think I'll keep it in my rule just in case.