Firebase storage rules "unauthorized"

Question

These are my storage rules:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /auction-images/{auctionId} {
      allow read;
      allow write: if request.auth != null && request.resource.size < 1 * 1024 * 1024
                   && request.resource.contentType.matches('image/.*');

    }
  }
}

As you can see, I would like to allow all reads from auction-images/{auctionId}. When i tried running the simulator, it worked as expected.

However, when I start my application and try to load an image, it prints this error:

code: "storage/unauthorized"
code_: "storage/unauthorized"
message: "Firebase Storage: User does not have permission to access 'auction-images/NVOi2jGlfDA5huPUzjSA'."
message_: "Firebase Storage: User does not have permission to access 'auction-images/NVOi2jGlfDA5huPUzjSA'."
name: "FirebaseError"
name_: "FirebaseError"
serverResponse: "{↵  "error": {↵    "code": 403,↵    "message": "Permission denied. Could not perform this operation"↵  }↵}"
serverResponse_: "{↵  "error": {↵    "code": 403,↵    "message": "Permission denied. Could not perform this operation"↵  }↵}"

Even though I published the changes to my rules, they don't seem to take effect. What am I missing?

Here is the code that gives me an error:

this.firestorage.storage.ref(`auction-images/${this.recentAuctions[0].uuid}`).list().then(res => {
    console.log(res)
  })
  .catch(err => {
    console.log(err);
  });

Answer 1

Turns out my rules were wrong. I updated them to this:

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /auction-images/{auctionId}/{image} {
      allow read;
      allow write: if request.auth != null && request.resource.size < 1 * 1024 * 1024
                   && request.resource.contentType.matches('image/.*');
    }
  }
}

I thought that match /auction-images/{auctionId} would make it possible to write rules for the whole folder, but I had to to add /{image} for the rules to apply to the images inside.