Embargo compatability #112
Comments
|
Thanks @CodyCBakerPhD I'll work on this soon - we will definitely need to support embargoed datasets. |
|
Here's an example of a view of an nwb asset from an embargoed dandiset As expected, it doesn't load, because access is denied to the s3 bucket. I don't expect to be able to easily get that to download directly. But maybe there's hope to get it from this URL: https://api-staging.dandiarchive.org/api/assets/203750ef-018f-45a4-b8cb-f990b09e20ba/download/ When I curl that, I get How can I provide my dandi key? Do I use the header? |
|
Looking at the dandi API code, you might try this: |
That sort of did the trick in that I no longer get the |
|
Oh, I needed to use -L to follow redirects. That seems to be working. |
|
I DANDI-shared the following embargoed dataset with you Here is a neurosift link to one of the nwb assets ...which will not load UNTIL you have provided neurosift with your DANDI "Staging" API Key, which you can now do in the GUI. See the key icon in the top menu.
After you paste in your keys, you can reload the page. FYI, the keys are stored in local browser storage. It's okay for now, but maybe we'll want to think of a better way. Note: we'll probably want to modify the dandi neurosift plugin to use the dandiarchive api url rather than the s3 bucket url. |
For the example you have shared, this works - but was there something specific you had to do for this particular embargoed DANDI set? I ask because I tried the same approach on another embargoed dataset and it did not work on that (gets stuck on loading and at the bottom says unable to connect to the rtcshare
We've been dealing with this on the NWB GUIDE as well, check out NeurodataWithoutBorders/nwb-guide#389 |
It won't work directly from neurosift the menu option in DANDI. That's because the s3 bucket url won't work with the authentication. You need to feed it the DANDI api asset url (the one that ends with /download/). I think we'll want to have that changed in dandiarchive. |
I see now - the DANDI menu option gives a URL that points to the S3 directly instead of through the DANDI API Would you be able to make that change on the DANDI side? Would you like me to make a separate issue for that specifically? |
I'll create a DANDI PR for that. |
|
Created PR dandi/dandi-archive#1690 |
|
Thank you! I'll try it again once that gets merged |
|
I wanted to offer an alternative solution strategy, a variant of using the In that case, there's one extra step for the client to perform to get that URL, and then everything after that point should "just work". But I may not be fully understanding the problem here--let me know if I'm missing anything. |
|
@waxlamp thanks. Yes I believe that's what I'm doing here, although I might be misunderstanding what you are suggesting: neurosift/gui/src/pages/NwbPage/NwbPage.tsx Lines 191 to 201 in c19b83c neurosift/gui/src/pages/NwbPage/NwbPage.tsx Lines 203 to 216 in c19b83c I do a head request, get the new s3 signed URL and then use that from that point forward. |
|
Ah, no, you are doing exactly what I suggested. If I have it right, the remaining problem is that outgoing links from DANDI Archive don't supply the right URL for embargoed assets, and it doesn't make sense in those situations for you to somehow modify that URL into one that works, hence the need for changes in the archive codebase. I will continue this discussion on your dandi-archive PR--I think I have a simpler solution that introduces less technical debt to that codebase. Thanks for indulging my questions here. |
|
I believe this has been resolved now? |
|
Yes thanks @CodyCBakerPhD . Closing |
It's possible to attach DANDI credentials with curl API calls to DANDI to grant permissions to access embargo'd contents; I think in theory it ought to work here as well
So I'd like to request the ability (or instructions if already an ability) to run Neurosift on an embargoed DANDI set
The text was updated successfully, but these errors were encountered: