Home > Blockchain >  How to apply firebase storage rule so only Google cloud run API can write?
How to apply firebase storage rule so only Google cloud run API can write?

Time:01-28

My goal is to block any write requests that don't come directly from my API in google cloud run.

I think my firebase Web API key from the general project settings could help but I can't find the right storage rule that can do this.

I found the storage rule for authenicated users etc but I don't use firebase authentication. Instead I authenticate users in the API that is hosted in google cloud run.

I think it is in this direction but please correct me if I am wrong.

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read: if true;
      allow write: if request comes from my API with the Web API key;
    }
  }
}

sources:

https://firebase.google.com/docs/storage/security/rules-conditions

https://firebase.google.com/docs/storage/gcp-integration

CodePudding user response:

There is no way to check what API key is used in the call to Cloud Storage.

But access from Cloud Run usually happens through one of the GCP SDKs/APIs and those access the project with administrative privileges and bypass your security rules altogether.

So you might as well deny all write access from untrusted clients with:

allow write: if false;

Page link:https//www.codepudding.com/Blockchain/279588.html

Prev:Do firestore queries with a where clause reduce network usage?
Next:Functional Programming: How does one create a new column to a dataframe that contains a multiindex c
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding