This question is regarding Firebase Cloud Storage security rules, documented at https://firebase.google.com/docs/storage/security and related pages.
The statement to match a generic bucket is match /b/{bucket}/o: the documents explain that {bucket} is a wildcard (akin to *) to match any bucket name, but to me it seems that the meaning of the leading /b/ and trailing /o are left unexplained, can anyone help me understand the meaning of those path segments?
The /b signals the next component of the URI is the relevant bucket: /b/{bucket}.
The /o signals the next component of the URI is the name (or path) of the relevant object in that bucket: /o/path/to/object.png
Note: Storage Buckets don't have a concept of folders, an object's name can include slashes, but to the server, the slash is just part of the file name and has no special meaning.
So a rule that names /b/{bucket}/o/publicUserFiles/{request.auth.uid}/profile.png would define a rule for the profile.png file, stored in a "folder" named with the relevant user's UID, under another "folder" called publicUserFiles, in the relevant bucket.
Instead of putting /b/{bucket}/o at the front of every rule, you can lift it out to the top of the file.
i.e.
service firebase.storage {
match /b/{bucket}/o/images/{imageId} {
allow write: // some rule here;
}
match /b/{bucket}/o/profileImages/{imageId} {
allow write: // some rule here;
}
}
becomes
service firebase.storage {
match /b/{bucket}/o {
match /images/{imageId} {
allow write: // some rule here;
}
match /profileImages/{imageId} {
allow write: // some rule here;
}
}
}