translateGoogleCloudURl modifies & breaks signed URLs

[neilpoulin]

we're using the igv.js package to render IGV plots in our app. Our data is secured in google cloud storage and is accessed by our app generating a signed URL for the files in each track. However, when the igv library fetches data from these files, the URLs are transformed from the original, signed url to a different url schema which breaks the signing, and thus we get an authentication error.

Looking through the code, it appears igv-utils transforms any URL it determines is a google URL into a different format (see translateGoogleCloudURl here):

// igv-util url schema
https://storage.googleapis.com/storage/v1/b/${bucket}/o/${object}${paramString}

// expected schema - should not be modified
https://storage.googleapis.com/my-private-bucket/some/file/path/bigwig/datafile.bigWig?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=some-credential-string&X-Goog-Date=20220413T031210Z&X-Goog-Expires=299&X-Goog-SignedHeaders=host&X-Goog-Signature=SOME_VALID_SIGNATURE_STRING

Is there a workaround to getting signed URLs working with the igv library?

[jrobinso]

I'll have to investigate to determine why this is done, there's no workaround in the meantime. I'll try to get to this next week.

[neilpoulin]

Thanks for getting back so quickly, Jim! As a workaround we are looking at using a custom domain for our signed urls. The goal is that using a custom url will cause the transformation to get skipped, since it wont match any of the isGoogleURL checks. I'll report back if it works or not.

Thanks again for a great library.

[jrobinso]

I should have a fix for this soon, by the end of next week at the latest. I’m traveling this week.

On Thu, Apr 14, 2022 at 12:33 PM Neil Poulin ***@***.***> wrote: Thanks for getting back so quickly, Jim! As a workaround we are looking at using a custom domain for our signed urls. The goal is that using a custom url will cause the transformation to get skipped, since it wont match any of the isGoogleURL checks. I'll report back if it works or not. Thanks again for a great library. — Reply to this email directly, view it on GitHub <#16 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHD2HAWDP3VJMPLFYW6JPLVFBCEDANCNFSM5TLNR43A> . You are receiving this because you were assigned.Message ID: ***@***.***>

-- Sent from Gmail Mobile