I have connected this app with my firebase console. I am trying to upload videos from the app to firebase storage so that another app connect to same console (which has authentication) can display it
I am getting this error when I upload:
W/System (10365): Ignoring header X-Firebase-Locale because its value was null.
I went through this question(W/System: Ignoring header X-Firebase-Locale because its value was null) on stack overflow but I am unable to remove the authentication requirement still
My firebase storage rules are:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if
true;
}
}
}
I don't understand why I am still unable to upload without authentication.(App is connected to internet too and has permission)
I have an image link that I want to protect for only authorize users but the issue whenever I try to get the link I can see the picture, even if I specify the rule for it ?
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /profiles/{userId}/{image} {
// Read from storage !!
allow get : if request.auth != null // Authorized users only
}
}
}
If you're referring to download URLs, those are not at all controlled by security rules or any form of authentication. Anyone who has the link can view the content. That behavior can't be changed.
I have restricted rules:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if false;
}
}
}
but every one can access and download file from this link.
how should I restrict downloading from this link?
Download URLs by definition give read-only access to the file, and are not affected by the security rules.
If you want to control access to the file, you should not generate a download URL and instead access the file through the SDK only.
i'll publish my app on Google Play Store but in test phases (Alpha Version), i was using this rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// This rule allows anyone on the internet to view, edit, and delete
// all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// your app will lose access to your Firestore database
match /{document=**} {
// allow read, write: if request.time < timestamp.date(2020, 3, 25);
allow read, write: if request.auth.uid != null;
}
}
}
But, when the app must be published to public i can't know the best path or the best rules that my app must have.
My app have a login screen and after login screen each user have your respectives documents and collections in your document generated from sign up.
I can't got think on a form to protect my app of invasors.
I am testing out using the Firebase SDK for iOS/macOS in my app (macOS app). i have installed the SDK´s using:
pod 'FirebaseCore', :git => 'https://github.com/firebase/firebase-ios-sdk.git', :tag => '4.8.2'
pod 'FirebaseAuth', :git => 'https://github.com/firebase/firebase-ios-sdk.git', :tag => '4.8.2'
pod 'FirebaseStorage', :git => 'https://github.com/firebase/firebase-ios-sdk.git', :tag => '4.8.2'
The installation works well and I can configure my app in AppDelegate using [FIRApp configure];
I wonder if I can use the SDK to log in the user to his/hers private Google Cloud storage (GCS)? I understand I can use the SDK for storing to GCS in the apps storage, but it would be nice to log in to the users own GCS to retrieve a list of buckets and files. If anyone has an example as for how to do this I would appreciate it. All examples I find are for anonymous storage logins.
Update:
I could specify that I was hoping that Firebase SDK would contain an authentication method that allowed me access to my own Google cloud storage account. Perhaps Firebase is not the right choice for this, but then I would be very interested in suggestions for alternative SDKs for Swift/objective-c login/upload/download to Google cloud storage.
You can indeed use the Firebase SDK for iOS to work with Firebase Cloud Storage (which in fact stores data in Google Cloud Platform Cloud Storage's buckets), using both Swift and Objective-C.
Firebase Cloud Storage in iOS
Regarding the usage of Cloud Storage buckets in your Firebase application, you can get started with this documentation page. First of all, you have to set up the proper security rules to the bucket: you can allow public access, access to only authenticated users, or even per-userID access. There are some sample rules that you can use to start working with this.
Once you have set up the appropriate access for Storage buckets (if each user has its own bucket, then I assume each user will have a GCP account with a private bucket and they will have to set up the configuration access themselves, as you will not have access to them), you can add the Cloud Storage dependencies to your iOS app:
pod 'Firebase/Core'
pod 'Firebase/Storage'
Then run pod install and you can already create the reference to Cloud Storage after initializing Firebase in your app (here you have a Swift sample code, but you can have a look at the Objective-C samples in the documentation too):
// Import and set up Firebase
import Firebase
FirebaseApp.configure()
// Create a storage reference
let storage = Storage.storage()
let storageRef = storage.reference()
// Refer to a child directory or even a file
let folderRef = storageRef.child("my_folder")
var fileRef = folderRef.child("my_file.txt")
And once you have all this, you can proceed to more complex guides, such as uploading files, downloading files or (important) handling errors. Bear in mind that these are just some examples of the things you can do following the step-by-step documentation, but feel free to move through all the pages in order to have a deeper understanding about how all this works.
Firebase Authentication for Cloud Storage in iOS
Also, regarding authentication, you can follow the same rules that you are probably already using for the rest of your Firebase application. Let me share this other page talking about some mechanisms to provide Firebase Authentication, and specifically how to provide Firebase Authetication on iOS.
I'm not sure I fully understand what you're asking. But if I do... This may help. I've used Google Storage to save photos. To access those photos I needed to store the URL to locate those photos. I did this in the Firebase Realtime Database. If you store a different type of file to a GCS, all you need is that URL to retrieve the data.
if let photoData = UIImageJPEGRepresentation(jpegRepresentation!, 1.0) {
storePhoto(photoData, angel.name!, completion: { (url, err) in
if err != nil {
print(err?.localizedDescription)
angelToSave["photo"] = nil
myAngelsRef.updateChildValues(angelToSave, withCompletionBlock: { (error, ref) in
if error != nil {
completion(error!)
} else {
completion(nil)
}
})
} else {
// ### HERE ####
angelToSave["photo"] = url?.absoluteString
angelNameRef.updateChildValues(angelToSave)
completion(nil)
}
})
}
func storePhoto(_ photo: Data, _ name: String, completion: #escaping (_ result: URL?, _ error: NSError?) -> Void) {
let storageRef = Storage.storage().reference().child(name)
storageRef.putData(photo, metadata: nil) { (storageMetaData, err) in
if err != nil {
completion(nil, NSError(domain: (err?.localizedDescription)!, code: 0, userInfo: nil))
} else {
completion(storageMetaData?.downloadURL(), nil)
}
}
}
After I saved the photo I was able to get the URL location and save that to an object I stored in the RTDB. Now when I pull the data from the use's RTDB I get the URL for the Storage data.