All geek questions in one place

Spam memory

I do not understand how I can set a limit on downloading files per day. I want users to post a maximum of 10 photos per day. On the database side, I set the increment counter. If it reaches a certain size, it does not allow the user to publish other content. but on the storage side this is not possible. An attacker can publish all the files that he wants, without restrictions. Is there a solution to prevent this situation? Thanks in advance. My current safety rules are:

service firebase.storage {
  match /b/projectid/o {
    match /Photo/{user}/{photo}/image.jpg {
      allow write: if request.auth != null && 
                      request.auth.uid == user && (
                      request.resource.size < 5 * 1024 * 1024 && photo.size() < 32 || 
                      request.resource == null);
      allow read: if request.auth != null && 
                     request.auth.uid == user
    }
  }
}
+4
source share
1 answer

Well, there’s a very easy way to do it, and there’s the right way to do it.

- : users/{userid}/0.jpg users/{userid}/9.jpg ( 10 ).

, :

// Match all filenames like 0.jpg
match /users/{userId}/{photoId} {
  allow write: if photoId.matches('^\d\.jpg$')
}

, - :

// Match all filenames like YYY.jpg where YYY is a number less than XXX
match /users/{userId}/{photoId} {
  allow write: if int(photoId.split('\.')[0]) < XXX
}

: , , ? , , - ( ) . :

// Allow files to be overwritten once a day, written if there nothing there, or deleted as often as desired
match /users/{userId}/{photoId} {
  allow write: if request.time > resource.timeCreated + duration.value(1, "d") || resource.size == 0 || request.resource.size == 0
}

:

function isAllowedPhotoId(photoId) {
  return int(photoId.split('\.')[0]) < XXX
}

function canOverwritePhoto() {
  return request.time > resource.timeCreated + duration.value(1, "d") || resource.size == 0 || request.resource.size == 0
}

match /users/{userId}/{photoId} {
  allow write: if isAllowedPhotoId(photoId) && canOverwritePhoto()
}

Storage . , , .

+1

Source: https://habr.com/ru/post/1655646/

More articles:


All Articles