fixes wrong product_name

Author: pcrespov

services/api-server/src/simcore_service_api_server/api/dependencies/webserver_http.py

@@ -5,13 +5,17 @@
 from cryptography.fernet import Fernet
 from fastapi import Depends, FastAPI, HTTPException, status
 from fastapi.requests import Request
-from servicelib.rest_constants import X_PRODUCT_NAME_HEADER
 
 from ..._constants import MSG_BACKEND_SERVICE_UNAVAILABLE
 from ...core.settings import ApplicationSettings, WebServerSettings
 from ...services_http.webserver import AuthSession
 from .application import get_app, get_settings
-from .authentication import Identity, get_active_user_email, get_current_identity
+from .authentication import (
+    Identity,
+    get_active_user_email,
+    get_current_identity,
+    get_product_name,
+)
 
 
 def _get_settings(
@@ -63,19 +67,18 @@ def get_webserver_session(
     app: Annotated[FastAPI, Depends(get_app)],
     session_cookies: Annotated[dict, Depends(get_session_cookie)],
     identity: Annotated[Identity, Depends(get_current_identity)],
+    product_name: Annotated[str, Depends(get_product_name)],
 ) -> AuthSession:
     """
     Lifetime of AuthSession wrapper is one request because it needs different session cookies
     Lifetime of embedded client is attached to the app lifetime
     """
-    product_header: dict[str, str] = {X_PRODUCT_NAME_HEADER: f"{identity.product_name}"}
-    session = AuthSession.create(app, session_cookies, product_header)
+    assert identity.product_name == product_name  # nosec
+    session = AuthSession.create(
+        app,
+        session_cookies=session_cookies,
+        product_name=product_name,
+        user_id=identity.user_id,
+    )
     assert isinstance(session, AuthSession)  # nosec
     return session
-
-
-__all__: tuple[str, ...] = (
-    "AuthSession",
-    "get_session_cookie",
-    "get_webserver_session",
-)

services/api-server/src/simcore_service_api_server/services_http/webserver.py

@@ -2,10 +2,9 @@
 
 import logging
 import urllib.parse
-from collections.abc import Mapping
 from dataclasses import dataclass
 from functools import partial
-from typing import Any
+from typing import Any, Self
 from uuid import UUID
 
 import httpx
@@ -36,16 +35,19 @@
 )
 from models_library.api_schemas_webserver.wallets import WalletGet
 from models_library.generics import Envelope
+from models_library.products import ProductName
 from models_library.projects import ProjectID
 from models_library.projects_nodes_io import NodeID
 from models_library.rest_pagination import Page, PageLimitInt, PageOffsetInt
+from models_library.users import UserID
 from models_library.utils.fastapi_encoders import jsonable_encoder
 from pydantic import PositiveInt
 from servicelib.common_headers import (
     X_SIMCORE_PARENT_NODE_ID,
     X_SIMCORE_PARENT_PROJECT_UUID,
 )
 from servicelib.long_running_tasks.models import TaskStatus
+from servicelib.rest_constants import X_PRODUCT_NAME_HEADER
 from settings_library.tracing import TracingSettings
 from tenacity import TryAgain, retry_if_exception_type
 from tenacity.asyncio import AsyncRetrying
@@ -128,7 +130,7 @@ class LongRunningTasksClient(BaseServiceClientApi):
     "Client for requesting status and results of long running tasks"
 
 
-@dataclass
+@dataclass(frozen=True)
 class AuthSession:
     """
     - wrapper around thin-client to simplify webserver's API
@@ -140,8 +142,12 @@ class AuthSession:
     SEE services/api-server/src/simcore_service_api_server/api/dependencies/webserver.py
     """
 
+    _product_name: ProductName
+    _user_id: UserID
+
     _api: WebserverApi
     _long_running_task_client: LongRunningTasksClient
+
     vtag: str
     session_cookies: dict | None = None
 
@@ -150,26 +156,45 @@ def create(
         cls,
         app: FastAPI,
         session_cookies: dict,
-        product_extra_headers: Mapping[str, str],
-    ) -> "AuthSession":
+        user_id: UserID,
+        product_name: ProductName,
+    ) -> Self:
+
+        # WARNING: this client lifespan is tied to the app
         api = WebserverApi.get_instance(app)
         assert api  # nosec
         assert isinstance(api, WebserverApi)  # nosec
 
-        api.client.headers = product_extra_headers  # type: ignore[assignment]
+        # WARNING: this client lifespan is tied to the app
         long_running_tasks_client = LongRunningTasksClient.get_instance(app=app)
-
         assert long_running_tasks_client  # nosec
         assert isinstance(long_running_tasks_client, LongRunningTasksClient)  # nosec
 
-        long_running_tasks_client.client.headers = product_extra_headers  # type: ignore[assignment]
         return cls(
+            _product_name=product_name,
+            _user_id=user_id,
             _api=api,
             _long_running_task_client=long_running_tasks_client,
             vtag=app.state.settings.API_SERVER_WEBSERVER.WEBSERVER_VTAG,
             session_cookies=session_cookies,
         )
 
+    def _get_session_headers(
+        self,
+        *,
+        parent_project_uuid: ProjectID | None = None,
+        parent_node_id: NodeID | None = None,
+    ) -> dict[str, str]:
+        headers = {X_PRODUCT_NAME_HEADER: self._product_name}
+
+        if parent_project_uuid is not None:
+            headers[X_SIMCORE_PARENT_PROJECT_UUID] = str(parent_project_uuid)
+
+        if parent_node_id is not None:
+            headers[X_SIMCORE_PARENT_NODE_ID] = str(parent_node_id)
+
+        return headers
+
     # OPERATIONS
 
     @property
@@ -212,6 +237,7 @@ async def _page_projects(
                     **optional,
                 },
                 cookies=self.session_cookies,
+                headers=self._get_session_headers(),
             )
             resp.raise_for_status()
 
@@ -230,7 +256,9 @@ async def _wait_for_long_running_task_results(self, lrt_response: httpx.Response
         ):
             with attempt:
                 get_response = await self.long_running_task_client.get(
-                    url=status_url, cookies=self.session_cookies
+                    url=status_url,
+                    cookies=self.session_cookies,
+                    headers=self._get_session_headers(),
                 )
                 get_response.raise_for_status(
                     # NOTE: stops retrying if the response in not 2xx
@@ -244,7 +272,9 @@ async def _wait_for_long_running_task_results(self, lrt_response: httpx.Response
                     raise TryAgain(msg)
 
         result_response = await self.long_running_task_client.get(
-            f"{result_url}", cookies=self.session_cookies
+            f"{result_url}",
+            cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         result_response.raise_for_status()
         return Envelope.model_validate_json(result_response.text).data
@@ -253,7 +283,11 @@ async def _wait_for_long_running_task_results(self, lrt_response: httpx.Response
 
     @_exception_mapper(http_status_map=_PROFILE_STATUS_MAP)
     async def get_me(self) -> Profile:
-        response = await self.client.get("/me", cookies=self.session_cookies)
+        response = await self.client.get(
+            "/me",
+            cookies=self.session_cookies,
+            headers=self._get_session_headers(),
+        )
         response.raise_for_status()
 
         got: WebProfileGet | None = (
@@ -284,6 +318,7 @@ async def update_me(self, *, profile_update: ProfileUpdate) -> Profile:
             "/me",
             json=update.model_dump(exclude_unset=True),
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         profile: Profile = await self.get_me()
@@ -302,17 +337,15 @@ async def create_project(
     ) -> ProjectGet:
         # POST /projects --> 202 Accepted
         query_params = {"hidden": is_hidden}
-        headers = {
-            X_SIMCORE_PARENT_PROJECT_UUID: parent_project_uuid,
-            X_SIMCORE_PARENT_NODE_ID: parent_node_id,
-        }
 
         response = await self.client.post(
             "/projects",
             params=query_params,
-            headers={k: f"{v}" for k, v in headers.items() if v is not None},
             json=jsonable_encoder(project, by_alias=True, exclude={"state"}),
             cookies=self.session_cookies,
+            headers=self._get_session_headers(
+                parent_project_uuid=parent_project_uuid, parent_node_id=parent_node_id
+            ),
         )
         response.raise_for_status()
         result = await self._wait_for_long_running_task_results(response)
@@ -329,16 +362,14 @@ async def clone_project(
     ) -> ProjectGet:
         # POST /projects --> 202 Accepted
         query_params = {"from_study": project_id, "hidden": hidden}
-        _headers = {
-            X_SIMCORE_PARENT_PROJECT_UUID: parent_project_uuid,
-            X_SIMCORE_PARENT_NODE_ID: parent_node_id,
-        }
 
         response = await self.client.post(
             "/projects",
             cookies=self.session_cookies,
             params=query_params,
-            headers={k: f"{v}" for k, v in _headers.items() if v is not None},
+            headers=self._get_session_headers(
+                parent_project_uuid=parent_project_uuid, parent_node_id=parent_node_id
+            ),
         )
         response.raise_for_status()
         result = await self._wait_for_long_running_task_results(response)
@@ -349,6 +380,7 @@ async def get_project(self, *, project_id: UUID) -> ProjectGet:
         response = await self.client.get(
             f"/projects/{project_id}",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = Envelope[ProjectGet].model_validate_json(response.text).data
@@ -379,6 +411,7 @@ async def delete_project(self, *, project_id: ProjectID) -> None:
         response = await self.client.delete(
             f"/projects/{project_id}",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
 
@@ -395,6 +428,7 @@ async def get_project_metadata_ports(
         response = await self.client.get(
             f"/projects/{project_id}/metadata/ports",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = Envelope[list[StudyPort]].model_validate_json(response.text).data
@@ -411,6 +445,7 @@ async def get_project_metadata(
         response = await self.client.get(
             f"/projects/{project_id}/metadata",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = Envelope[ProjectMetadataGet].model_validate_json(response.text).data
@@ -422,6 +457,7 @@ async def patch_project(self, *, project_id: UUID, patch_params: ProjectPatch):
         response = await self.client.patch(
             f"/projects/{project_id}",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
             json=jsonable_encoder(patch_params, exclude_unset=True),
         )
         response.raise_for_status()
@@ -435,6 +471,7 @@ async def update_project_metadata(
         response = await self.client.patch(
             f"/projects/{project_id}/metadata",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
             json=jsonable_encoder(ProjectMetadataUpdate(custom=metadata)),
         )
         response.raise_for_status()
@@ -451,6 +488,7 @@ async def get_project_node_pricing_unit(
         response = await self.client.get(
             f"/projects/{project_id}/nodes/{node_id}/pricing-unit",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
 
         response.raise_for_status()
@@ -472,6 +510,7 @@ async def connect_pricing_unit_to_project_node(
         response = await self.client.put(
             f"/projects/{project_id}/nodes/{node_id}/pricing-plan/{pricing_plan}/pricing-unit/{pricing_unit}",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
 
@@ -494,6 +533,7 @@ async def start_project(
         response = await self.client.post(
             f"/computations/{project_id}:start",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
             json=jsonable_encoder(body, exclude_unset=True, exclude_defaults=True),
         )
         response.raise_for_status()
@@ -508,6 +548,7 @@ async def update_project_inputs(
         response = await self.client.patch(
             f"/projects/{project_id}/inputs",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
             json=jsonable_encoder(new_inputs),
         )
         response.raise_for_status()
@@ -526,6 +567,7 @@ async def get_project_inputs(
         response = await self.client.get(
             f"/projects/{project_id}/inputs",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
 
         response.raise_for_status()
@@ -547,6 +589,7 @@ async def get_project_outputs(
         response = await self.client.get(
             f"/projects/{project_id}/outputs",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
 
         response.raise_for_status()
@@ -566,6 +609,7 @@ async def update_node_outputs(
         response = await self.client.patch(
             f"/projects/{project_id}/nodes/{node_id}/outputs",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
             json=jsonable_encoder(new_node_outputs),
         )
         response.raise_for_status()
@@ -577,6 +621,7 @@ async def get_default_wallet(self) -> WalletGetWithAvailableCreditsLegacy:
         response = await self.client.get(
             "/wallets/default",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = (
@@ -594,6 +639,7 @@ async def get_wallet(
         response = await self.client.get(
             f"/wallets/{wallet_id}",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = (
@@ -609,6 +655,7 @@ async def get_project_wallet(self, *, project_id: ProjectID) -> WalletGet:
         response = await self.client.get(
             f"/projects/{project_id}/wallet",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = Envelope[WalletGet].model_validate_json(response.text).data
@@ -624,6 +671,7 @@ async def get_product_price(self) -> GetCreditPriceLegacy:
         response = await self.client.get(
             "/credits-price",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         data = Envelope[GetCreditPriceLegacy].model_validate_json(response.text).data
@@ -643,6 +691,7 @@ async def get_service_pricing_plan(
         response = await self.client.get(
             f"/catalog/services/{service_key}/{version}/pricing-plan",
             cookies=self.session_cookies,
+            headers=self._get_session_headers(),
         )
         response.raise_for_status()
         pricing_plan_get = (