rules_version = "2";
service firebase.storage {
match /b/{bucket}/o {
match /user-files/{uid}/{allPaths=**} {
allow read: if resource.metadata[request.auth.uid] == "1"; // the uploading user can get a downloadURL
allow create, update: if request.auth.uid == uid // User can only upload to the users own folder
&& request.auth.token.storageLeft >= request.resource.size
&& request.auth.token.path == request.resource.name
allow delete: if false; // files are only deleted by cloud functions
}
}
}