SecureChat/storage.rules at main · DevBot667/SecureChat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// Firebase Storage Security Rules for SecureChat
// Files are E2E encrypted client-side before upload.
// These rules enforce authentication, size limits, and ownership.

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /encrypted_files/{conversationId}/{fileName} {
      // Only authenticated users can read
      allow read: if request.auth != null;

      // Write: authenticated, max 50 MB, must tag uploaderUid with own UID
      allow write: if request.auth != null
                   && request.resource.size < 50 * 1024 * 1024
                   && request.resource.metadata['uploaderUid'] == request.auth.uid;

      // Delete: only the original uploader can delete
      allow delete: if request.auth != null
                    && resource.metadata['uploaderUid'] == request.auth.uid;
    }

    // Deny everything else
    match /{allPaths=**} {
      allow read, write: if false;
    }
  }
}