1
00:00:00,090 --> 00:00:04,920
In this lecture, we're going to review the rules for the Firebase storage service.

2
00:00:05,220 --> 00:00:09,420
There are some modifications I'd like to make before moving forward.

3
00:00:09,780 --> 00:00:15,720
You can find the rules under the Rules tab in the storage section of the Firebase console.

4
00:00:16,079 --> 00:00:18,600
You'll come across a page similar to mine.

5
00:00:19,170 --> 00:00:25,110
The rules may look familiar to you because they use a similar syntax as the database rules.

6
00:00:25,440 --> 00:00:27,720
So let's run through them line by line.

7
00:00:27,930 --> 00:00:30,060
The first line is setting the version.

8
00:00:30,300 --> 00:00:34,230
Different versions support different syntax rules and features.

9
00:00:34,530 --> 00:00:36,120
Version two is the latest.

10
00:00:36,360 --> 00:00:39,120
It's the version we'll be working with in this course.

11
00:00:39,750 --> 00:00:44,070
The following line is selecting the Firebase storage service.

12
00:00:44,400 --> 00:00:48,870
The rules written inside the curly brackets will be applying to this service.

13
00:00:49,200 --> 00:00:52,260
Anything inside curly brackets is grouped together.

14
00:00:52,590 --> 00:00:58,050
We're able to apply some rules or make some further selections afterward.

15
00:00:58,230 --> 00:01:04,410
We're using the match keyword to instruct the rules to select any bucket in the Firebase application.

16
00:01:04,800 --> 00:01:09,510
The bucket variable is a placeholder for the current bucket being accessed.

17
00:01:09,930 --> 00:01:16,470
Firebase allows you to create multiple buckets, but the free version limits us to one another.

18
00:01:16,470 --> 00:01:19,740
Match is made for any paths inside the buckets.

19
00:01:20,040 --> 00:01:23,880
You can think of both match statements as wildcard selections.

20
00:01:24,480 --> 00:01:28,920
Lastly, we're adding rules to both the read and write permissions.

21
00:01:29,220 --> 00:01:33,810
Requests performed by non authenticated users will be rejected.

22
00:01:34,200 --> 00:01:40,560
There's one thing I want to note about this rule we didn't have to tell Firebase that the user was authenticated.

23
00:01:40,890 --> 00:01:43,770
There wasn't anything we needed to do on our part.

24
00:01:44,070 --> 00:01:46,360
That's the beauty of using the SDK.

25
00:01:46,650 --> 00:01:49,380
It's able to send the token with our requests.

26
00:01:49,860 --> 00:01:55,200
Earlier, I stated that I wanted to modify the rules Firebase has provided us.

27
00:01:55,500 --> 00:01:57,810
There are three changes we're going to make.

28
00:01:58,140 --> 00:02:01,770
First, we want to allow anyone to access the files.

29
00:02:02,130 --> 00:02:05,850
Visitors should be able to watch clips without having an account.

30
00:02:06,180 --> 00:02:11,670
However, we want to continue to limit upload permissions to authenticated users.

31
00:02:12,180 --> 00:02:14,850
Secondly, we want to check the file type.

32
00:02:15,180 --> 00:02:20,310
We performed validation on the client, but it doesn't hurt to perform it on the server.

33
00:02:20,670 --> 00:02:23,790
The third thing we'll check for is the file size.

34
00:02:24,090 --> 00:02:28,650
We want to limit how large a file can be because storage space is limited.

35
00:02:29,010 --> 00:02:32,070
A single file can theoretically increase the bill.

36
00:02:32,340 --> 00:02:35,610
Setting a file size limit can prevent that from happening.

37
00:02:36,360 --> 00:02:41,880
Server validation is an action to be performed by a back end developer of your application.

38
00:02:42,240 --> 00:02:48,630
This step isn't necessary, but if you plan on using Firebase for your applications, this may be nice

39
00:02:48,630 --> 00:02:49,110
to know.

40
00:02:49,440 --> 00:02:56,070
If you don't plan on using Firebase, you can skip this part and move on to the next lecture in the

41
00:02:56,070 --> 00:02:56,640
rules.

42
00:02:56,700 --> 00:02:59,730
We're going to separate the read and write rules.

43
00:02:59,970 --> 00:03:02,700
Currently, they're combined into one rule.

44
00:03:05,340 --> 00:03:09,840
The Reid Rule will be updated to allow anyone to read the files.

45
00:03:09,990 --> 00:03:14,130
We aren't too concerned with the contents of the files being uploaded.

46
00:03:14,520 --> 00:03:17,730
We won't be storing files that require restrictions.

47
00:03:18,060 --> 00:03:24,780
You can add rules for that if you'd like, but it's unnecessary for this application for the right rule.

48
00:03:24,870 --> 00:03:28,230
We want to continue to check if the user is authenticated.

49
00:03:28,590 --> 00:03:32,700
We're going to add on to this by checking for the type and file size.

50
00:03:33,030 --> 00:03:37,260
We can add additional conditions by using double ampersand symbols.

51
00:03:37,650 --> 00:03:46,080
The second statement will be the following request Dot Resource Dot Content Type equals equals video

52
00:03:46,100 --> 00:03:47,490
slash MP for.

53
00:03:50,120 --> 00:03:56,930
The request object refers to the request being made to the Firebase storage service, we're accessing

54
00:03:56,930 --> 00:04:00,950
the resource object, which represents the file being uploaded.

55
00:04:01,340 --> 00:04:05,240
We're using the resource to grab the content type of the file.

56
00:04:05,630 --> 00:04:08,240
This object is where the mime type is stored.

57
00:04:08,510 --> 00:04:15,470
We're checking if its value is equal to video slash MP for this condition takes care of checking the

58
00:04:15,470 --> 00:04:16,160
file type.

59
00:04:16,790 --> 00:04:19,970
The following conditions should check for the file size.

60
00:04:20,269 --> 00:04:22,580
Add another condition to the right rule.

61
00:04:22,940 --> 00:04:31,490
The condition will be the following request Typekit Resource Excise Less than 10 asterisk one thousand

62
00:04:31,580 --> 00:04:33,230
asterisk one thousand.

63
00:04:35,840 --> 00:04:38,150
We're using the resource object again.

64
00:04:38,420 --> 00:04:44,210
It has another property called size, the science property stores the size of the file.

65
00:04:44,510 --> 00:04:46,370
The size is measured bites.

66
00:04:46,640 --> 00:04:50,360
We're checking if the size is less than the equation on the right.

67
00:04:50,720 --> 00:04:55,430
The equation we're using will calculate the maximum upload size in megabytes.

68
00:04:55,760 --> 00:05:00,800
There are 1000 bytes and akilah byte and there are 1000 kilobytes in a megabyte.

69
00:05:01,190 --> 00:05:05,510
This condition will limit the maximum upload file size two megabytes.

70
00:05:05,810 --> 00:05:11,240
If a file is larger than that, the file will be rejected if the file is rejected.

71
00:05:11,360 --> 00:05:15,830
Firebase will throw an error will handle errors in a future lecture.

72
00:05:16,550 --> 00:05:20,720
If the three conditions return true, the file will get uploaded.

73
00:05:21,110 --> 00:05:25,280
There is one cool trick I want to show you before we publish the changes.

74
00:05:25,670 --> 00:05:28,580
The second condition is checking for the file type.

75
00:05:28,880 --> 00:05:32,510
In some cases, you may want to allow multiple types.

76
00:05:32,780 --> 00:05:35,150
Writing each type can be cumbersome.

77
00:05:35,510 --> 00:05:40,760
Firebase has a function for checking multiple types if they're in a similar category.

78
00:05:41,270 --> 00:05:47,840
Instead of checking the type, we can run a function on the content type property called matches.

79
00:05:48,200 --> 00:05:51,680
This function allows you to pass in a time with a wild card.

80
00:05:51,980 --> 00:05:56,240
For example, we can pass in video slash asterisk.

81
00:05:58,880 --> 00:06:02,570
This is a custom function defined by the Firebase API.

82
00:06:02,910 --> 00:06:05,810
It'll shake off the type is in the video category.

83
00:06:06,110 --> 00:06:09,140
The asterisk character acts as a wildcard.

84
00:06:09,440 --> 00:06:12,740
It'll allow for any subtype for this course.

85
00:06:12,830 --> 00:06:16,340
We're going to be dealing exclusively with MP for files.

86
00:06:16,610 --> 00:06:19,820
I'm going to revert this condition back to the original.

87
00:06:22,360 --> 00:06:27,700
If you would like more information about these values, you can check out the link I provided in the

88
00:06:27,700 --> 00:06:29,800
resource section of this lecture.

89
00:06:30,220 --> 00:06:36,190
This documentation page will provide the details you'll need to secure files in your bucket.

90
00:06:36,640 --> 00:06:40,450
Back in the Firebase console, we're going to publish the rules.

91
00:06:40,690 --> 00:06:43,120
Make sure your rules match mine.

92
00:06:45,660 --> 00:06:47,310
The rules have been published.

93
00:06:47,550 --> 00:06:50,730
We should still be able to continue to upload files.

94
00:06:50,970 --> 00:06:52,800
Try testing out the uploader.

95
00:06:57,110 --> 00:07:02,660
We won't be able to see if the upload was a success because we haven't handled the response.

96
00:07:02,960 --> 00:07:06,740
Switch to the console to check the storage for the file.

97
00:07:09,260 --> 00:07:16,010
The file was successfully uploaded great, we're able to continue uploading files, but with additional

98
00:07:16,010 --> 00:07:21,950
restrictions in place in the next couple of lectures will continue working with the uploader.