search

firebase / firebase-functions

Firebase SDK for Cloud Functions
https://firebase.google.com/docs/functions/
MIT License
1.02k stars 201 forks source link

`getDownloadURL` function fails in emulator mode if storage rules are not allowed #1547

Open OutdatedGuy opened 6 months ago

OutdatedGuy commented 6 months ago

Related issues

[REQUIRED] Version info

node: v20.10.0

firebase-functions: 4.8.0

firebase-tools: 13.3.1

firebase-admin: 12.0.0

[REQUIRED] Test case

functions/src/index.ts ```ts import {initializeApp} from "firebase-admin/app"; import {getDownloadURL, getStorage} from "firebase-admin/storage"; import {onRequest} from "firebase-functions/v2/https"; initializeApp(); export const uploadFile = onRequest(async (_req, res) => { // Create a CSV string const csvData = "Name,Email,Balance"; // Create a new file in the bucket const bucket = getStorage().bucket(); const file = bucket.file("csvs/temp.csv"); // Write the csv data to the file await file.save(csvData, { metadata: { contentType: "text/csv", }, }); // Get the download url const downloadUrl = await getDownloadURL(file); res.send(`Download URL: ${downloadUrl}`); }); ```
storage.rules ```rules rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write: if false; } } } ```

[REQUIRED] Steps to reproduce

  1. Create a new firebase cloud functions project with typescript and storage emulator
  2. Copy the above provided sample codes in functions/src/index.ts and storage.rules respectively.
  3. Run firebase emulators:start
  4. Send request to the uploadFile function using postman or whatever
  5. See error / crash
  6. Now update storage.rules to allow all paths (i.e. allow read, write: if true;)
  7. Repeat step 4
  8. See a download url is sent

[REQUIRED] Expected behavior

As cloud functions don't rely on and basically bypass the firestore.rules, database.rules and storage.rules, a download url should be fetched no matter what the storage.rules are set to.

[REQUIRED] Actual behavior

functions: Error: Permission denied. No READ permission.

Were you able to successfully deploy your functions?

Yes

google-oss-bot commented 6 months ago

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

inlined commented 5 months ago

Are you connected to the storage emulator or production? If it's the former, I'll connect with that team. If it's the latter, it's probably because your local machine doesn't have production credentials and installing application default credentials locally may fix.

OutdatedGuy commented 5 months ago

I'm connected to the emulator storage.

I'm testing my flutter app locally by connecting it to the locally hosted emulator.

When I upload a file from my flutter app to emulator storage it uploads successfully, then a cloud function runs and I'm unable to get that uploaded file's downloadUrl in the Node.js (Typescript) Cloud Functions backend.

OutdatedGuy commented 3 months ago

@inlined have you forwarded this issue with the relevant team? Can I get some updated on this?

mp3por commented 2 months ago

In the mean time - is there anything I can do with the firestorage.rules file to fix this issue ? I am facing the same issue ? I have a nodejs app which I am testing with local emulators and I can upload to the storage but it hangs on getDownloadUrl later.

andrewkrippner commented 1 month ago

This is a problem for me as well. It doesn't seem that the emulator should check rules at all when requests come in from the admin sdk.