Reputation: 161
Firebase Storage security rules for images in a chat app
In my chat app, I would like images sent in a conversation and profile pictures of users stored in Firebase Storage to only be visible to users that belong to that conversation/are together in a conversation. From what I've read this is only possible with custom claims, but this seems unnecessarily difficult.
Let's say that a user wants to access an image of a conversation, he has to send a claim that he belongs to the conversation. He either has to constantly send a list of conversations he belongs to, and this happens with every request, or claims need to be constantly given or taken away by a Cloud Function that checks if a user belongs to a conversation and then the client has to choose which ones get sent with the auth object.
Besides, a user would have to sign out and sign in to receive the new claim.
Is there a way to make this process simpler, or to solve this problem in an other, easier way?
Upvotes: 2
Views: 513
Answers (1)
Reputation: 784
One approach would be to store the download URL in the chat's database. Use https://firebase.google.com/docs/storage/web/download-files#download_data_via_url to generate the URL after the image is uploaded
Upvotes: 1
Related Questions
- How to add images to firestore storage that follow security rules and cannot be accessed publicly?
- Why are my firebase storage security rules are not enforcing and letting users upload images over the limit?
- Reading firebase storage image security rules
- How to allow access to photos for your web app in firebase
- Firebase Storage Security Rule (Image dimensions)
- Accessing Firebase Storage images without .getDownloadUrl
- Firebase Security Rules for Storage
- Can I use Firebase Storage for images accessible only via my React web app?
- What is the correct rule in firebase that allows any user to save an image and any authenticated user read others users avatars?
- Firebase Storage Rules