I'm uploading an image from the Firebase Admin. I'm using Firebase Cloud Functions as backend and Busbuy node package to handle the form part. This is the code:
getStorage().bucket().file(filePath).save();
It's working and now I can see the file is successfully uploaded on the Firebase Console Storage section.
This is the issue:
In the Storage rules I have set:
allow read: if false;
Which means no one can see the files.
Issue 1: In the Firebase Console if I click on the link, the image opens, but it shouldn't because the permissions are set to deny.
Issue 2: The same way, if I upload the image from the Firebase Admin the same happens.
So I guess if when uploading whether via the Firebase admin or manually in the console these actions override the Storage rules, would be that?
If so, how can I set the same Storage rules to the file I upload with the Admin SDK?
NOTE 1: I couldn't use the method etStorage().bucket().upload(filePath) because I was unable to create the path, but the other method works. Maybe the upload method puts the permissions like I wish... but I'm not sure.
NOTE 2: In the Firebase Console I tried to revoke the public url but it generates a new one. In any case that's not the solution, what I need is to not upload the files publicly
Any hint?
The goal of my app is only letting authenticated users access to the storage files.
