firebase - How can I upload files to Cloud Storage through Cloud Functions and use Firestore to control access to Cloud Storage?

Question

I'm trying to implement a system that allows react-native clients to upload files to a specific folder in Cloud Storage and allows clients to download from them. I can't do this directly from the client because I first need to query Firestore to validate that the user is 'friends' with the owner of the folder which will allow for read/write permissions.

I decided to use Cloud Functions as a middle layer to encapsulate this business logic and I expected to also be able to use it as a middle layer to upload the files. However, I feel like I may be misunderstanding how to best use these services together to solve this problem.

Current Plan:

1. Client uploads file to Cloud Function (assuming they are permitted after Cloud Function queries Firestore and validates)
2. Cloud Function uploads file to Cloud Storage
3. Client can then request file from Cloud Function, which validates permissions using Firestore and downloads file from CloudStorage
4. Cloud Function sends file to client

---

Questions:

• Can/Should I use Cloud Functions in this way as a middle layer to upload files after validating permissions store in Firestore?
• Is there an alternative solution using firebase that would mitigate the 10MB download limit with Cloud Functions but still allow me to authenticate uploads/downloads to and from Cloud Storage using my custom business logic on relationships in Firestore?

---

Any help or guidance here is appreciated! I'm very new to firebase, cloud architecture, and architecture in general.

Answer 1

This is definitely a valid and technically feasible approach. Whether you should do it, only you can determine of course.

An alternative is to use Firebase Storage's security rules to enforce the access control on the files. But you won't be able to read anything from Firestore in those rules, so you'll have to ensure everything needed to grant/deny access is in the path of the requested file, in the file's metadata, and/or in the user's token.

Even if you implement the download of files in Cloud Functions, you can still perform uploads through Firebase. You could in that case for example have the user write to a temporary location, which then triggers a Cloud Function that can do whatever additional checks you want on the file.