Firebase Storage Security Rule (Image dimensions)

Question

I am running a problem with my app. I want to check in the backend if the photo which has been uploaded has the allowed dimensions (1024px * 1024px or 1024px * 1980 px, for example), and also that the image is lower than 30MB (for all dimensions).

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /photos/{photo} {
      function hasValidSize() {
        // Max. photo size = 30MB (For all dimensions)
        return request.resource.size < 30 * 1024 * 1024;
      }
      allow read;
      allow write: if request.auth != null && hasValidSize();
    }
  }
}

Is it possible to check the photo dimensions as a security rule too?

Pd: I have already implemented a photo cropper that has 3 possible dimensions, but what if a hacker downloads the client code and modifies it?...

Thanks.

Answer 1

It's not possible to check image dimensions in security rules. The only thing you can check is the total size of the file, which is what request.resource.size is used for.

In fact, Cloud Storage is used for any type of content at all. It's not limited to images, and doesn't have any special considerations for images. To Cloud Storage, everything is just a sequence of bytes.

If you need to place limits on the contents of the file, you'll need to write some backend code for that, and make sure all your clients are using that backend for the upload. Either that, or use Cloud Functions to write a trigger that deletes invalid files after they've been uploaded.