← Projects

Next.js + Firebase

storage.rules

Files

36 files

storage.rulesLines 88-88
Theme:
Section 1 of 16
Section 1/16 • Lines 88-88

Firebase Storage Security Rules

These rules control access to your Firebase Storage buckets and file uploads.

Key Concepts

ConceptDescription
Storage RulesProtect files in Cloud Storage
Path-BasedAccess control based on file paths
File ValidationValidate type, size, and metadata
User-ScopedOrganize files by user for easy access control
## Storage vs Firestore Rules

AspectFirestore RulesStorage Rules
ProtectsDatabase documentsFiles and blobs
StructureCollection/Document pathsFile paths
ValidationField types, sizesFile types, sizes, metadata
Nested Securityget() functionNo nested lookups
## Recommended Storage Structure

Organize files by user ID for easy security rules:

/profile-pictures/{userId}/{filename}

/todo-attachments/{userId}/{todoId}/{filename}

Why Organize by User?

  • Easy rules: Simple ownership checks

  • Easy deletion: Delete all user's files at once
  • Clear ownership: Path shows who owns the file
  • Security: Prevents path traversal attacks

    • Bad structure: 

    /files/{filename}  // Can't tell who owns it

    Good structure: 

    /files/{userId}/{filename}  // Clear ownership

    Deployment

    Via Firebase Console

  • Firebase Console → Storage → Rules
  • Paste these rules
  • Click "Publish"

    • Via Firebase CLI

    firebase deploy --only storage

    How Storage Rules Differ from Firestore

  • No get() function: Cannot fetch other documents
  • No nested checks: Must rely on path structure
  • File metadata: Access to contentType, size, metadata
  • Simpler queries: Just path matching and file properties

    • Storage Rules Version

    Specifies which version of Firebase Storage Rules to use.

    Version 2

    Always use version 2 for:

  • Better error messages
  • Consistent with Firestore rules
  • Support for modern features
  • Required for new projects
    • ↓ Next Section
    Lines 112-113
    # Storage Service Declaration Declares rules for the Firebase Storage service. ## Service Structu...
    Loading Monaco Editor...
    TypeScript support initializing...