This question is regarding Firebase Cloud Storage security rules, documented at https://firebase.google.com/docs/storage/security and related pages.

The statement to match a generic bucket is match /b/{bucket}/o: the documents explain that {bucket} is a wildcard (akin to *) to match any bucket name, but to me it seems that the meaning of the leading /b/ and trailing /o are left unexplained, can anyone help me understand the meaning of those path segments?

CodePudding user response：

The /b signals the next component of the URI is the relevant bucket: /b/{bucket}.

The /o signals the next component of the URI is the name (or path) of the relevant object in that bucket: /o/path/to/object.png

Note: Storage Buckets don't have a concept of folders, an object's name can include slashes, but to the server, the slash is just part of the file name and has no special meaning.

So a rule that names /b/{bucket}/o/publicUserFiles/{request.auth.uid}/profile.png would define a rule for the profile.png file, stored in a "folder" named with the relevant user's UID, under another "folder" called publicUserFiles, in the relevant bucket.

Instead of putting /b/{bucket}/o at the front of every rule, you can lift it out to the top of the file.

i.e.

service firebase.storage {
  match /b/{bucket}/o/images/{imageId} {
    allow write: // some rule here;
  }
  match /b/{bucket}/o/profileImages/{imageId} {
    allow write: // some rule here;
  }
}

becomes

service firebase.storage {
  match /b/{bucket}/o {
    match /images/{imageId} {
      allow write: // some rule here;
    }

    match /profileImages/{imageId} {
      allow write: // some rule here;
    }
  }
}