问题
As far as I can see there are no security rules in the Firebase Storage that could limit the number of downloads per user.
I can limit the file size or number of files for writes with a simple trick like this:
match /public/{userId}/{imageId} {
allow write: if request.resource.size < 5 * 1024 * 1024 &&
imageId.matches("[1-5]\.txt");
}
And according to Google Quotas & Limits:
There is an update limit on each object of once per second, so rapid writes to a single object won’t scale.
So this is great but how to prevent too many reads once a download link is known to a malicious user? This is especially important for security as again according to Google Quotas & Limits:
There is no limit to reads of an object. Buckets initially support roughly 5000 reads per second and then scale as needed.
回答1:
There is no configuration for limiting the volume of downloads for files stored in Cloud Storage. If a user has access to read any data at all, they can read it as much as they want. There is no accounting related to the amount of per-user data consumed, or number of times a file is accessed. There are no security rule that let you restrict access in this way. There are no Cloud Functions triggers that let you do the accounting yourself.
The documentation for limits on uploads is not related to what you're trying to do. The limits on scalability have only to do with the performance of the underlying system, not the permissions of the end users.
If you want to limit what end users can do, you will need to route them through some middleware component that you build that tracks how they're using your provided API to download files, and restrict what they can do based on their prior behavior. This is obviously nontrivial to implement, but it's possible.
来源:https://stackoverflow.com/questions/54029847/how-to-limit-number-of-downloads-from-firebase-storage