Authentication for static files (and mjpeg)

[beasteers]

There isn't really a way to enforce authentication for images and videos. I was thinking ideally we could get authentication working through cookies?

I was trying it out, but was struggling with it and eventually just disabled authentication for static files and for the mjpeg endpoint.

I also enabled token through query parameters but obvs that's a slight security issue.

Added cookie checking here:

ptg-api-server/app/auth.py

Lines 14 to 21 in 6e71749

	def get_authorization(self, request: Request) -> str:
	# get authorization from token query param, auth header, or cookie
	token = request.query_params.get('token')
	auth = f'Bearer {token}' if token else None
	auth = auth or request.headers.get("Authorization")
	auth = auth or request.cookies.get("authorization")
	#print(auth, flush=True)
	return auth

This is where static file authentication is disabled:

ptg-api-server/app/static.py

Lines 7 to 12 in 6e71749

	class AuthStaticFiles(RangedStaticFiles):
	async def __call__(self, scope, receive, send) -> None:
	assert scope["type"] == "http"
	#request = Request(scope, receive)
	#await UserAuth.require_authorization(await oauth2(request))
	await super().__call__(scope, receive, send)

The mjpeg just exists in a separate router without auth but I had originally planned on putting it with the data endpoint
https://github.com/VIDA-NYU/ptg-api-server/blob/main/app/routers/mjpeg.py