Feature/user scoped requests

[wakonig]

This PR modifies the scan request endpoint to be scoped to the user's personal topic namespace. This allows for a strict validation of the user permissions. Additionally, the scan request metadata has been extended to also include the system username, the hostname and the acl name.

So far, I only implemented it for scan requests (including rpc calls) but not for scan modifications (abort, halt etc). I have the feeling that any authenticated user should be able to stop scans in case of an emergency.

We have a test in BW that checks against the endpoint info, hence the failed tests.

closes #724

full CI against custom branch in BEC Widgets: https://github.com/bec-project/bec/actions/runs/20827977393

[codecov]

Codecov Report

❌ Patch coverage is 94.73684% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
bec_server/bec_server/scan_server/scan_guard.py	92.30%	1 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

[Copilot]

Pull request overview

This PR implements user-scoped scan requests by modifying the scan request endpoint to use a personal topic namespace (personal/{username}/queue/queue_request). This change enforces strict validation of user permissions by ensuring that the username in the topic matches the username in the request metadata, preventing users from submitting scans on behalf of others.

Key Changes:

• Modified scan request endpoint to be user-scoped using personal topic namespace with pattern-based topic registration
• Extended scan request metadata to include client_info with acl_user, system username, and hostname
• Added server-side validation to verify username consistency between topic and metadata
• Refactored ExtendedEncoder into a separate json_extended.py module for better code organization

Reviewed changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
bec_server/bec_server/scan_server/scan_guard.py	Implements pattern-based registration for user-scoped topics and adds username extraction/validation logic
bec_lib/bec_lib/endpoints.py	Changes scan_queue_request endpoint from global to user-scoped path using PERSONAL endpoint type
bec_lib/bec_lib/scans.py	Adds client_info metadata to scan requests and updates endpoint call to use username parameter
bec_lib/bec_lib/device.py	Adds client_info metadata to RPC calls and updates endpoint to be user-scoped
bec_lib/bec_lib/redis_connector.py	Adds username property that returns the authenticated Redis ACL username
bec_lib/bec_lib/client.py	Updates username retrieval to use the new connector property
bec_lib/bec_lib/scan_manager.py	Removes scan queue request callback registration (no longer needed with user-scoped topics)
bec_lib/bec_lib/request_items.py	Removes obsolete comments about response arriving before request
bec_lib/bec_lib/utils/json_extended.py	New file containing refactored ExtendedEncoder class
bec_lib/bec_lib/config_helper.py	Updates import to use new json_extended module
bec_lib/bec_lib/atlas_models.py	Updates import to use new json_extended module
bec_lib/tests/test_utils.py	Updates import to use new json_extended module
bec_lib/tests/test_device_hashing.py	Updates import to use new json_extended module
bec_server/tests/tests_scan_server/test_scan_guard.py	Updates tests to include required username parameter and client_info metadata, adds tests for new validation logic

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.