`getDownloadURL` function fails in emulator mode if storage rules are not allowed

[OutdatedGuy]

Related issues

[REQUIRED] Version info

node: v20.10.0

firebase-functions: 4.8.0

firebase-tools: 13.3.1

firebase-admin: 12.0.0

[REQUIRED] Test case

functions/src/index.ts

import {initializeApp} from "firebase-admin/app";
import {getDownloadURL, getStorage} from "firebase-admin/storage";
import {onRequest} from "firebase-functions/v2/https";
initializeApp();

export const uploadFile = onRequest(async (_req, res) => {
  // Create a CSV string
  const csvData = "Name,Email,Balance";

  // Create a new file in the bucket
  const bucket = getStorage().bucket();
  const file = bucket.file("csvs/temp.csv");

  // Write the csv data to the file
  await file.save(csvData, {
    metadata: {
      contentType: "text/csv",
    },
  });

  // Get the download url
  const downloadUrl = await getDownloadURL(file);

  res.send(`Download URL: ${downloadUrl}`);
});

storage.rules

rules_version = '2';
service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write: if false;
    }
  }
}

[REQUIRED] Steps to reproduce

1. Create a new firebase cloud functions project with typescript and storage emulator
2. Copy the above provided sample codes in functions/src/index.ts and storage.rules respectively.
3. Run firebase emulators:start
4. Send request to the uploadFile function using postman or whatever
5. See error / crash
6. Now update storage.rules to allow all paths (i.e. allow read, write: if true;)
7. Repeat step 4
8. See a download url is sent

[REQUIRED] Expected behavior

As cloud functions don't rely on and basically bypass the firestore.rules, database.rules and storage.rules, a download url should be fetched no matter what the storage.rules are set to.

[REQUIRED] Actual behavior

functions: Error: Permission denied. No READ permission.

Were you able to successfully deploy your functions?

Yes

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[inlined]

Are you connected to the storage emulator or production? If it's the former, I'll connect with that team. If it's the latter, it's probably because your local machine doesn't have production credentials and installing application default credentials locally may fix.

[OutdatedGuy]

I'm connected to the emulator storage.

I'm testing my flutter app locally by connecting it to the locally hosted emulator.

When I upload a file from my flutter app to emulator storage it uploads successfully, then a cloud function runs and I'm unable to get that uploaded file's downloadUrl in the Node.js (Typescript) Cloud Functions backend.

[OutdatedGuy]

@inlined have you forwarded this issue with the relevant team? Can I get some updated on this?

[mp3por]

In the mean time - is there anything I can do with the firestorage.rules file to fix this issue ? I am facing the same issue ? I have a nodejs app which I am testing with local emulators and I can upload to the storage but it hangs on getDownloadUrl later.

[andrewkrippner]

This is a problem for me as well. It doesn't seem that the emulator should check rules at all when requests come in from the admin sdk.

[rvyhvn]

got the same issue

[cabljac]

Hi, this seems to be an issue with the Storage emulator rather than firebase-functions. The source code for the emulator resides in the firebase-tools repo. I'm closing this issue in favour of the issue i've opened there.