Use different auth procedures for different endpoints (#601)

* Allow different auth routes for instrument server and frontend routers
* Split token auth mechanisms for two different groups of endpoints
* Major refactor of 'murfey.server.api.auth', rearranging functions by purpose and splitting the authentication of instrument and frontend tokens into separate functions
* Updated URL paths for 'auth' and 'clem' routers
* Refactored 'murfey.server.api.file_manip' into 'file_io_instrument', 'file_io_frontend', and 'file_io_shared', as frontend and instrument both access the same functions; moved 'process_gain()' into 'file_io_shared' so that it can be called from both with proper validation
* Updated route manifest and client-side URL lookups
* Used FastAPI's 'APIKeyCookie' object for cookie authentication
* Split session access validation function for instrument server and frontend into separate functions
* Fixed logic for 'create_access_token' and 'generate_token' for handling authentication using either 'password' or 'cookie'
* 'simple_token_validation()' should be using instrument server validation function instead
* Created new annotated ints for type hinting in endpoints receiving requests from frontend and instrument server; updates the other server routers to use the newly created annotated ints

---------

Co-authored-by: Eu Pin Tien <[email protected]>

Author: d-j-hatton

pyproject.toml

@@ -96,8 +96,6 @@ GitHub = "https://github.com/DiamondLightSource/python-murfey"
 "murfey.spa_inject" = "murfey.cli.inject_spa_processing:run"
 "murfey.spa_ispyb_entries" = "murfey.cli.spa_ispyb_messages:run"
 "murfey.transfer" = "murfey.cli.transfer:run"
-[project.entry-points."murfey.auth.token_validation"]
-"password" = "murfey.server.api.auth:password_token_validation"
 [project.entry-points."murfey.config.extraction"]
 "murfey_machine" = "murfey.util.config:get_extended_machine_config"
 [project.entry-points."murfey.workflows"]

src/murfey/client/contexts/spa.py

@@ -567,7 +567,7 @@ def post_transfer(
                         )
                         if not environment.movie_counters.get(str(source)):
                             movie_counts_get = capture_get(
-                                f"{environment.url.geturl()}{url_path_for('session_info.router', 'count_number_of_movies')}",
+                                f"{environment.url.geturl()}{url_path_for('session_control.router', 'count_number_of_movies')}",
                             )
                             if movie_counts_get is not None:
                                 environment.movie_counters[str(source)] = count(
@@ -581,7 +581,7 @@ def post_transfer(
                         eer_fractionation_file = None
                         if file_transferred_to.suffix == ".eer":
                             response = capture_post(
-                                f"{str(environment.url.geturl())}{url_path_for('file_manip.router', 'write_eer_fractionation_file', visit_name=environment.visit, session_id=environment.murfey_session)}",
+                                f"{str(environment.url.geturl())}{url_path_for('file_io_instrument.router', 'write_eer_fractionation_file', visit_name=environment.visit, session_id=environment.murfey_session)}",
                                 json={
                                     "eer_path": str(file_transferred_to),
                                     "fractionation": environment.data_collection_parameters[

src/murfey/client/contexts/tomo.py

@@ -317,7 +317,7 @@ def _add_tilt(
             eer_fractionation_file = None
             if environment.data_collection_parameters.get("num_eer_frames"):
                 response = requests.post(
-                    f"{str(environment.url.geturl())}{url_path_for('file_manip.router', 'write_eer_fractionation_file', visit_name=environment.visit, session_id=environment.murfey_session)}",
+                    f"{str(environment.url.geturl())}{url_path_for('file_io_instrument.router', 'write_eer_fractionation_file', visit_name=environment.visit, session_id=environment.murfey_session)}",
                     json={
                         "num_frames": environment.data_collection_parameters[
                             "num_eer_frames"

src/murfey/client/multigrid_control.py

@@ -251,7 +251,7 @@ def _start_rsyncer(
         log.info(f"starting rsyncer: {source}")
         if transfer:
             # Always make sure the destination directory exists
-            make_directory_url = f"{self.murfey_url}{url_path_for('file_manip.router', 'make_rsyncer_destination', session_id=self.session_id)}"
+            make_directory_url = f"{self.murfey_url}{url_path_for('file_io_instrument.router', 'make_rsyncer_destination', session_id=self.session_id)}"
             capture_post(make_directory_url, json={"destination": destination})
         if self._environment:
             self._environment.default_destinations[source] = destination
@@ -437,7 +437,7 @@ def _start_dc(self, json, from_form: bool = False):
             log.info("Registering tomography processing parameters")
             if self._environment.data_collection_parameters.get("num_eer_frames"):
                 eer_response = requests.post(
-                    f"{str(self._environment.url.geturl())}{url_path_for('file_manip.router', 'write_eer_fractionation_file', visit_name=self._environment.visit, session_id=self._environment.murfey_session)}",
+                    f"{str(self._environment.url.geturl())}{url_path_for('file_io_instrument.router', 'write_eer_fractionation_file', visit_name=self._environment.visit, session_id=self._environment.murfey_session)}",
                     json={
                         "num_frames": self._environment.data_collection_parameters[
                             "num_eer_frames"

src/murfey/client/tui/app.py

@@ -209,7 +209,7 @@ def _start_rsyncer(
         log.info(f"starting rsyncer: {source}")
         if transfer:
             # Always make sure the destination directory exists
-            make_directory_url = f"{str(self._url.geturl())}{url_path_for('file_manip.router', 'make_rsyncer_destination', session_id=self._environment.murfey_session)}"
+            make_directory_url = f"{str(self._url.geturl())}{url_path_for('file_io_instrument.router', 'make_rsyncer_destination', session_id=self._environment.murfey_session)}"
             capture_post(make_directory_url, json={"destination": destination})
         if self._environment:
             self._environment.default_destinations[source] = destination
@@ -488,7 +488,7 @@ def _start_dc(self, json, from_form: bool = False):
             log.info("Registering tomography processing parameters")
             if self.app._environment.data_collection_parameters.get("num_eer_frames"):
                 eer_response = requests.post(
-                    f"{str(self.app._environment.url.geturl())}{url_path_for('file_manip.router', 'write_eer_fractionation_file', visit_name=self.app._environment.visit, session_id=self.app._environment.murfey_session)}",
+                    f"{str(self.app._environment.url.geturl())}{url_path_for('file_io_instrument.router', 'write_eer_fractionation_file', visit_name=self.app._environment.visit, session_id=self.app._environment.murfey_session)}",
                     json={
                         "num_frames": self.app._environment.data_collection_parameters[
                             "num_eer_frames"

src/murfey/client/tui/screens.py

@@ -110,7 +110,7 @@ def determine_default_destination(
                                 _default = environment.destination_registry[source_name]
                             else:
                                 suggested_path_response = capture_post(
-                                    url=f"{str(environment.url.geturl())}{url_path_for('file_manip.router', 'suggest_path', visit_name=visit, session_id=environment.murfey_session)}",
+                                    url=f"{str(environment.url.geturl())}{url_path_for('file_io_instrument.router', 'suggest_path', visit_name=visit, session_id=environment.murfey_session)}",
                                     json={
                                         "base_path": f"{destination}/{visit}/{mid_path.parent if include_mid_path else ''}/raw",
                                         "touch": touch,
@@ -906,7 +906,7 @@ def on_button_pressed(self, event):
                         f"Gain reference file {posix_path(self._dir_tree._gain_reference)!r} was not successfully transferred to {visit_path}/processing"
                     )
             process_gain_response = requests.post(
-                url=f"{str(self.app._environment.url.geturl())}{url_path_for('file_manip.router', 'process_gain', session_id=self.app._environment.murfey_session)}",
+                url=f"{str(self.app._environment.url.geturl())}{url_path_for('file_io_instrument.router', 'process_gain', session_id=self.app._environment.murfey_session)}",
                 json={
                     "gain_ref": str(self._dir_tree._gain_reference),
                     "eer": bool(

src/murfey/instrument_server/api.py

@@ -51,6 +51,9 @@
 def validate_session_token(
     session_id: int, token: Annotated[str, Depends(oauth2_scheme)]
 ):
+    """
+    Validates the token received from the backend server
+    """
     try:
         decoded_data = jwt.decode(
             token,
@@ -62,7 +65,7 @@ def validate_session_token(
     except JWTError:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Could not validate credentials",
+            detail="Could not validate credentials from backend",
             headers={"WWW-Authenticate": "Bearer"},
         )
     return session_id