How can I setup Firebase Storage rules to check parameters in Firebase Database?

0
votes

I have the following data structures in Firebase

Firebase Database

House/(id)/Viewers/(UID)/{
    startdate = “Dec 1, 2019”
    endData = “Dec 8, 2019”
}

Firebase Storage

House/(id)/SensitiveImages/sensitiveImage.png

I want to write a rule in Firebase storage that only allows access to the SensitiveImages folder if the users UID is inside of the list of Viewers and the current time is between the startDate and endDate. However, there is no way to access this information from inside the Firebase Storage rules. How can I do this?

1
firebasegoogle-cloud-firestorefirebase-storagefirebase-security
Does this answer your question? Creating Firebase Storage Security Rules Based on Firebase Database Conditionsbastien
@bastien That does not help me because as far as I know, custom claims don't expire and can't be cross checked with a startDate and endDate when they are used.Cameron Henige

1 Answers

2
votes

One possibility is to write a Cloud Function that serves as the "processor" for image requests. Rather than access the image directly, we could expose a Cloud Function as the proxy for the image. The Cloud Function could then evaluate an expression using current date and requestor identity in conjunction with the data stored in the database. If allowed, then the Cloud Function could return the raw data which the Cloud Function is authorized to access.

As an alternative to the Cloud Function returning the data, the Cloud Function could return a URL that could be used to access the data. This could be a signed url from Google Cloud Storage that would give only the possessor of that URL access and would also be time bound to prevent access after expiration.