rules_version = '2';

service firebase.storage {
  match /b/{bucket}/o {
    match /private-images/{userId}/{allPaths=**} {
      allow read: if request.auth.uid == userId;
      allow write: if request.auth.uid == userId && request.resource.size <= 20 * 1024 * 1024; // 20MB
    }
  }
}