From 889fc74ffb10be36447937bfe93e2c5d56b72b4c Mon Sep 17 00:00:00 2001
From: Andy Matuschak <andy@andymatuschak.org>
Date: Thu, 18 Apr 2024 13:30:20 -0700
Subject: [PATCH] Disabling all access to Firebase storage; all data now routes
 through the admin SDK via API endpoints

---
 packages/backend/storage.rules | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/backend/storage.rules b/packages/backend/storage.rules
index 230c7474..49eb0100 100644
--- a/packages/backend/storage.rules
+++ b/packages/backend/storage.rules
@@ -1,9 +1,9 @@
 rules_version = '2';
 service firebase.storage {
   match /b/{bucket}/o {
-    match /attachments/{id} {
-      allow get;
-      allow create: if request.auth != null && request.resource.contentType != null && request.resource.size < 10 * 1024 * 1024 && resource == null;
+    match /{allPaths=**} {
+      // All access through admin SDK via APIs
+      allow read, write: if false;
     }
   }
 }