Using Firebase Auth Credentials to Access FirebaseStorage REST API - firebase

I am trying to use Firebase Auth credentials to access FirebaseStorage bucket. I have been successful in using the REST API https://firebasestorage.googleapis.com/v0/b/BUCKET_NAME/o/ to perform uploads and downloads; even though the official documentation requires to use https://storage.googleapis.com/upload/storage/v1/b/BUCKET_NAME/o?uploadType=media&name=OBJECT_NAME for uploads and https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME?alt=media for downloads, I am unable to use Firebase Auth credentials for them.
I am trying to implement resumable uploads and initiating it using https://firebasestorage.googleapis.com/v0/b/BUCKET_NAME/o?uploadType=resumable&name=OBJECT_NAME but there is no SESSION-URI that is returned. I tried to create my own URI using the id from the X-GUploader-UploadID header to create the URI in the format https://firebasestorage.googleapis.com/v0/b/BUCKET_NAME/o?uploadType=resumable&name=OBJECT_NAME&upload_id=UPLOAD_ID to start a single chunk upload but I got a Not Found error.
I need help on either rectifying that or using Firebase Auth to access the https://storage.googleapis.com/upload/storage/v1/b/BUCKET_NAME REST API

Related

Accessing Google Sheet to Create a sheet(GCP)

I want to Fetch data from firestore and append all the data in a new Google sheet.
Creating sheet is where i am finding problem.
as far as i have researched, i ve found out there are 3 methods to access google api,
1)API key
2)Service account
3)Oauth
Ignoring API key,
While using service account, i have found out that sheet which is getting created will be owned by service account so no one else can remove it.
when using Oauth, i have used OAuth json credential from GCP , in which when i try to use it in local host, it shows me Google's Logging screen, but when i deploy it in app engine, it doesnt redirect it to logging screen.
https://developers.google.com/sheets/api/quickstart/nodejs
this is the document where i find the approach.
One more method i have found i.e. Access token. i.e. putting access token in
const sheets = google.sheets({ version: "v4",headers:{ Authorization:`Bearer ${accessToken}` }});
but that wont be possible, as in Front end i am using
auth.onAuthStateChanged
which doesnt provide me Access token just the ID token.
Please help!
Based on your auth.onAuthStateChanged code it looks like you're using Firebase Authentication to sign in on the frontend.
Firebase Authentication is based around JWT ID tokens, which are not the same as OAuth tokens. You can't use such an ID token to make calls to the Google Sheets API.
If you're signing in with Google or another OAuth provider on the frontend, you can capture the OAuth token from that provider before you sign in to Firebase with it, and then use the OAuth token to call the Google Sheets API.

Firebase (Flutter) - App Check fails when trying to access resource on Cloud Storage through getDownloadUrl()

I am using getDownloadUrl() to get the download URL for a Cloud Storage resource. Recently, I just enabled AppCheck on my Firebase app, and this download URL is requiring a AppCheck token to access. This behavior makes sense, but I was wondering if there is a built in way to do this? For most Firebase SDKs, the AppCheck token is passed automatically, but there does not seem to be a built in method to get that same automatic behavior with a download URL.
I have a theoretical solution in mind, and this is to pass the AppCheck token as a header in the request for the URL, but there's no documenation on this and I have no idea what header to pass this token in. I am using Flutter, and I am accessing an image resource through a CachedNetworkImage. Any insight in how I could pass AppCheck without using a Firebase SDK would be greatly appreciated.
You're supposed to be able to use getBlob or getBytes but I can't get it to work. CORS fails for me.
https://firebase.google.com/docs/storage/web/download-files#download_data_directly_from_the_sdk

Getting a client URL to Firebase Cloud Storage that comply with storage rules

I have a web application on Firebase where I create a Firestore document with a reference to a Firebase Storage file.
I've setup rules on Firebase Storage to only allow read: if request.auth != null.
Since Firestore complies with similar rules I am able to ensure that access to my Firestore document is only possible, when a user is authenticated, but how do I best about enforcing the same rule in my web application to the Firebase Storage file?
I can use getDownloadUrl() when I've uploaded the file and store the URL in my Firestore document. - But URL is always public to anyone
I can create a Firebase Function that on each request checks authentication and if authenticated, generate a getSignedUrl() with an expiration of say 5 minutes and then do a 302 redirect to the temp public URL - but that does not comply with Firebase Storage rules so I need to replicate any new rulesets in the function
Why can't Firebase Storage not simply behave like Firestore and check the auth on a http request and return the file is it complies with rules?
Am I totally missing a 3) and better option to make sure a user is logged in before accessing a file from storage?
According to the Cloud Storage for Firebase Documentation you can now access files through the Web SDK.
From version 9.5 and higher, the SDK provides these functions for
direct download:
getBlob()
getBytes()
getStream()
Using these functions, you can bypass
downloading from a URL, and instead return data in your code. This
allows for finer-grained access control via Firebase Security Rules.
I can use getDownloadUrl() when I've uploaded the file and store the URL in my Firestore document. - But URL is always public to anyone
It may not be very clear from the documentation, but that's exactly the way download URLs were designed to work.
Why can't Firebase Storage not simply behave like Firestore and check the auth on a http request and return the file is it complies with rules?
It behaves like that when you use the provided client SDK to download files (not using download URLs). Unfortunately, the web SDK doesn't have a file download API (while Android and iOS do).
If you would like to file a feature request for the web SDK, that should go to Firebase support. For now, you have to use download URLs, which are publicly accessible. Or you can create your own backend endpoint that verifies an auth token provided by the client using the Firebase Admin SDK. The backend code can decide if the user should get be able to get the file contents.

How to get Firebase storage URL

I am sending FCM notifications with image links from my backend written in Go. The images are stored in Firebase-storage. I need to resolve the bucket path into a Url that I can use to create the FCM notification.
There seems to be a Javascript function (getDownloadUrl) to do this. How do I get the download URL in Go?
getDownloadUrl is a feature of Firebase client SDKs that read and write Cloud Storage. There is no direct equivalent for backend and server SDKs.
Cloud Storage has a similar concept called signed URLs that you can use to create URLs that directly access content in Cloud Storage. You can use the REST APIs directly as shown in the documentation, or if you're using the Go SDK, you can simply call SignedURL directly to get a URL that meets your specifications.

How to upload the files to firebase storage with uid using Post Url?

I found one solution to upload the file to firebase storage without any authentication using this link How to upload objects to Firebase Storage using Postman for testing?
The above-mentioned case works only when my firebase storage looks like this, (Without any security restriction)
allow read, write;
But, Now I want to achieve this with some security restrictions.
Is there any way to upload the files to firebase storage by POST URL (Postman) with some security restriction.
I tried to achieve this by
https://firebasestorage.googleapis.com/v0/b/projectName.bucketName.com/o?uploadType=media&name=picture2&auth=uid
But it shows 403 - forbidden error.
There is no public REST API for uploading file to Cloud Storage for Firebase. The end point you're trying to reach is meant for use by the Firebase SDK only, and is neither documented, nor supported for use beyond that.
That said, you may be able to mint a token using the Firebase Authentication REST API, and pass that along to the request you have. But as said, it won't be supported and may change without warning.
The most common approach for REST uploads is through the Google Cloud Storage API, around which the Firebase APIs are a friendly wrapper. But these APIs are meant for access from trusted code, so wouldn't be using the Firebase Authentication UID of your users. The best I can think of is to write a Cloud Function that handles the user authentication and authorization, and then use the Google Cloud Storage Node.js or REST API to upload the file.
I use this endpoint on my project
https://firebasestorage.googleapis.com/v0/b/YOUR_BUCKET/o?uploadType=media&name=YOUR_FILE_PATH_AND_NAME
and add headers on your post
headers.Add("Authorization", "Bearer " + FirebaseAuthIDToken);
headers.Add("Content-Type", "application/octet-stream");

Resources