fixtureqa 0.3.4__tar.gz → 0.4.0__tar.gz

{fixtureqa-0.3.4/fixtureqa.egg-info → fixtureqa-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: fixtureqa
-Version: 0.3.4
+Version: 0.4.0
 Summary: FIXture — FIX Protocol Testing Tool
 Requires-Python: >=3.10
 License-File: LICENSE

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/app.py

@@ -30,6 +30,7 @@ async def lifespan(app: FastAPI):
     loop = asyncio.get_running_loop()
     app.state.loop = loop
     app.state.scenario_runner.set_loop(loop)
+    app.state.connection_manager.set_loop(loop)
     # Register event bridge with SessionManager
     sm: SessionManager = app.state.session_manager
     cm: ConnectionManager = app.state.connection_manager

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/connection_manager.py

@@ -5,6 +5,7 @@ fixcore callbacks fire on the asyncio event loop — no thread-crossing needed.
 """
 
 import asyncio
+import json
 import logging
 from datetime import datetime, timezone
 
@@ -79,6 +80,9 @@ class ConnectionManager:
 
     def __init__(self):
         self._clients: dict[str, dict[WebSocket, _ConnInfo]] = {}
+        # The FastAPI/uvicorn event loop, bound in the app lifespan — needed to
+        # schedule broadcasts submitted from worker threads (scenario runner).
+        self._loop: asyncio.AbstractEventLoop | None = None
         # Hold strong references to in-flight broadcast tasks. asyncio only keeps
         # a weak reference to tasks, so a fire-and-forget create_task() can be
         # garbage-collected mid-execution, silently dropping a broadcast.
@@ -185,63 +189,77 @@ class ConnectionManager:
             }
             await self._broadcast(sid, payload, c["owner"])
 
+    def set_loop(self, loop: asyncio.AbstractEventLoop) -> None:
+        """Bind the event loop that off-loop callers submit broadcasts to."""
+        self._loop = loop
+
     def broadcast_scenario_event(self, uid: str, data: dict) -> None:
-        """Schedule delivery to all WS connections for uid."""
-        self._spawn(self._broadcast_to_user(uid, data))
+        """Schedule delivery to all WS connections for uid.
+
+        Thread-safe: the scenario runner calls this from its worker threads,
+        where create_task raises RuntimeError (no running loop in that thread)
+        — which killed the run thread on its very first scenario_start
+        broadcast after the fixcore migration dropped call_soon_threadsafe.
+        """
+        coro = self._broadcast_to_user(uid, data)
+        try:
+            asyncio.get_running_loop()
+        except RuntimeError:
+            loop = self._loop
+            if loop is None or loop.is_closed():
+                coro.close()
+                return
+            try:
+                asyncio.run_coroutine_threadsafe(coro, loop)
+            except RuntimeError:
+                # Loop closed between the check and the submit (app shutting
+                # down while a scenario run is mid-flight) — drop the broadcast
+                # rather than killing the run thread.
+                coro.close()
+            return
+        self._spawn(coro)
 
     # ------------------------------------------------------------------
     # Internal async broadcast
     # ------------------------------------------------------------------
 
-    async def _broadcast(self, session_id: str, payload: dict, owner_uid: str) -> None:
-        specific = dict(self._clients.get(session_id, {}))
-        wildcard = dict(self._clients.get("*", {}))
-
-        logger.debug("_broadcast: type=%s session=%s owner=%r clients_specific=%d wildcard=%d",
-                     payload.get("type"), session_id, owner_uid, len(specific), len(wildcard))
-
-        # Build target set: connections that may receive this event
-        # A connection receives the event if:
-        #   - it is an admin, OR
-        #   - its uid matches the session owner
-        targets: dict[WebSocket, _ConnInfo] = {}
-        for ws, info in {**specific, **wildcard}.items():
-            if info.is_admin or info.uid == owner_uid:
-                targets[ws] = info
-
-        logger.debug("_broadcast: %d target(s) for owner=%r", len(targets), owner_uid)
-
-        dead: list[tuple[WebSocket, str]] = []
-        for ws in targets:
-            try:
-                if ws.client_state == WebSocketState.CONNECTED:
-                    await ws.send_json(payload)
-            except Exception:
-                for key, sockets in self._clients.items():
-                    if ws in sockets:
-                        dead.append((ws, key))
+    async def _send_text(self, ws: WebSocket, text: str) -> bool:
+        """Send pre-serialized JSON to one socket. False = socket is dead."""
+        try:
+            if ws.client_state == WebSocketState.CONNECTED:
+                await ws.send_text(text)
+            return True
+        except Exception:
+            return False
+
+    def _prune(self, dead: list[WebSocket]) -> None:
+        for ws in dead:
+            for sockets in self._clients.values():
+                sockets.pop(ws, None)
+
+    async def _fan_out(self, targets: list[WebSocket], payload: dict) -> None:
+        """Serialize once and send concurrently — per-socket send_json would
+        re-encode the same payload per client, and sequential awaits let one
+        slow client head-of-line-block delivery to everyone else."""
+        if not targets:
+            return
+        text = json.dumps(payload)
+        oks = await asyncio.gather(*(self._send_text(ws, text) for ws in targets))
+        self._prune([ws for ws, ok in zip(targets, oks) if not ok])
 
-        for ws, key in dead:
-            self._clients.get(key, {}).pop(ws, None)
+    async def _broadcast(self, session_id: str, payload: dict, owner_uid: str) -> None:
+        # A connection receives the event if it is an admin, or its uid
+        # matches the session owner.
+        targets = [ws for ws, info in {**self._clients.get(session_id, {}),
+                                       **self._clients.get("*", {})}.items()
+                   if info.is_admin or info.uid == owner_uid]
+        await self._fan_out(targets, payload)
 
     async def _broadcast_to_user(self, uid: str, data: dict) -> None:
-        """Send data to all WS connections belonging to uid."""
-        all_clients = {}
+        """Send data to all WS connections belonging to uid (admins included)."""
+        all_clients: dict[WebSocket, _ConnInfo] = {}
         for sockets in self._clients.values():
-            for ws, info in sockets.items():
-                all_clients[ws] = info
-
-        dead: list[tuple[WebSocket, str]] = []
-        for ws, info in all_clients.items():
-            if info.uid != uid and not info.is_admin:
-                continue
-            try:
-                if ws.client_state == WebSocketState.CONNECTED:
-                    await ws.send_json(data)
-            except Exception:
-                for key, sockets in self._clients.items():
-                    if ws in sockets:
-                        dead.append((ws, key))
-
-        for ws, key in dead:
-            self._clients.get(key, {}).pop(ws, None)
+            all_clients.update(sockets)
+        targets = [ws for ws, info in all_clients.items()
+                   if info.uid == uid or info.is_admin]
+        await self._fan_out(targets, data)

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/deps.py

@@ -59,6 +59,23 @@ def require_platform_admin(user: User = Depends(get_current_user)) -> User:
     return user
 
 
+def get_owned_session(
+    session_id: str,
+    request: HTTPConnection,
+    user: User = Depends(get_current_user),
+):
+    """Resolve the `session_id` path param to its SessionConfig, enforcing
+    that the caller owns it (or is admin). One dependency instead of a
+    _check_ownership copy in every session-scoped router."""
+    sm: SessionManager = request.app.state.session_manager
+    cfg = sm.get_config(session_id)
+    if cfg is None:
+        raise HTTPException(status_code=404, detail="Session not found")
+    if not user.is_admin and cfg.owner_uid != user.uid:
+        raise HTTPException(status_code=403, detail="Access denied")
+    return cfg
+
+
 def get_housekeeping(request: HTTPConnection) -> HousekeepingService:
     return request.app.state.housekeeping
 

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/routers/messages.py

@@ -4,38 +4,29 @@ from typing import Annotated, Optional
 from fastapi import APIRouter, Depends, HTTPException, Query
 from fastapi.responses import StreamingResponse
 
+from ...core.models import SessionConfig
 from ...core.session_manager import SessionManager
 from ...core.user_store import User
 from ..schemas import MessageEntryResponse
-from ..deps import get_session_manager, get_current_user
+from ..deps import get_session_manager, get_owned_session
 
 router = APIRouter(tags=["messages"])
 
 SM = Annotated[SessionManager, Depends(get_session_manager)]
-CurrentUser = Annotated[User, Depends(get_current_user)]
-
-
-def _check_ownership(sm: SessionManager, session_id: str, user: User) -> None:
-    configs = sm.list_sessions()
-    cfg = next((c for c in configs if c.session_id == session_id), None)
-    if cfg is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-    if not user.is_admin and cfg.owner_uid != user.uid:
-        raise HTTPException(status_code=403, detail="Access denied")
+OwnedSession = Annotated[SessionConfig, Depends(get_owned_session)]
 
 
 @router.get("/{session_id}/messages", response_model=list[MessageEntryResponse])
 def get_messages(
     session_id: str,
+    _cfg: OwnedSession,
     sm: SM,
-    user: CurrentUser,
     direction: Optional[str] = Query(default=None, description="IN or OUT"),
     admin: Optional[bool] = Query(default=None),
     msg_type: Optional[str] = Query(default=None),
     limit: int = Query(default=200, ge=1, le=5000),
     before_id: Optional[int] = Query(default=None, description="Cursor: return rows with id < before_id"),
 ):
-    _check_ownership(sm, session_id, user)
     try:
         state = sm.get_state(session_id)
     except KeyError:
@@ -72,11 +63,10 @@ def get_messages(
 @router.get("/{session_id}/messages/export")
 def export_messages(
     session_id: str,
+    _cfg: OwnedSession,
     sm: SM,
-    user: CurrentUser,
     fmt: str = Query(default="csv", description="Export format: csv or fix"),
 ):
-    _check_ownership(sm, session_id, user)
     try:
         state = sm.get_state(session_id)
     except KeyError:
@@ -127,8 +117,7 @@ def export_messages(
 
 
 @router.delete("/{session_id}/messages", status_code=204)
-def clear_messages(session_id: str, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+def clear_messages(session_id: str, _cfg: OwnedSession, sm: SM):
     try:
         state = sm.get_state(session_id)
     except KeyError:

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/routers/scenarios.py

@@ -3,14 +3,17 @@ from typing import Annotated
 
 from ...core.scenario_store import ScenarioStore
 from ...core.scenario_runner import ScenarioRunner
+from ...core.session_manager import SessionManager
 from ...core.user_store import User
-from ..deps import get_current_user, get_scenario_store, get_scenario_runner
+from ..deps import (get_current_user, get_scenario_store, get_scenario_runner,
+                    get_session_manager)
 from ..schemas import ScenarioRequest, ScenarioResponse
 
 router = APIRouter(tags=["scenarios"])
 
 SS = Depends(get_scenario_store)
 SR = Depends(get_scenario_runner)
+SM = Depends(get_session_manager)
 CurrentUser = Depends(get_current_user)
 
 
@@ -50,16 +53,27 @@ def run_scenario(
     scenario_id: str,
     store: ScenarioStore = SS,
     runner: ScenarioRunner = SR,
+    sm: SessionManager = SM,
     user: User = CurrentUser,
 ):
     scenario = store.get_scenario(user.uid, scenario_id)
     if scenario is None:
         raise HTTPException(status_code=404, detail="Scenario not found")
+    # The session_id is scenario data, not a path param — enforce ownership
+    # here or any user could drive another user's session through a scenario.
+    cfg = sm.get_config(scenario.get("session_id", ""))
+    if cfg is None:
+        raise HTTPException(status_code=404, detail="Session not found")
+    if not user.is_admin and cfg.owner_uid != user.uid:
+        raise HTTPException(status_code=403, detail="Access denied")
     run_id = runner.run(scenario, user.uid)
     return {"run_id": run_id}
 
 
 @router.delete("/runs/{run_id}", status_code=status.HTTP_204_NO_CONTENT)
 def abort_run(run_id: str, runner: ScenarioRunner = SR, user: User = CurrentUser):
-    runner.abort(run_id)
+    try:
+        runner.abort(run_id, uid=user.uid, is_admin=user.is_admin)
+    except PermissionError:
+        raise HTTPException(status_code=403, detail="Access denied")
     return Response(status_code=status.HTTP_204_NO_CONTENT)

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/routers/sessions.py

@@ -1,30 +1,53 @@
 from typing import Annotated, Optional
 from fastapi import APIRouter, Depends, HTTPException, Query
 
+from ...core.message_store import MessageStore
 from ...core.session_manager import SessionManager
 from ...core.models import SessionConfig, ConnectionType, SessionRole
 from ...core.user_store import User, UserStore
 from ..schemas import SessionConfigRequest, SessionResponse, UpdateSessionRequest, SendMessageRequest, SeqNumRequest, SeqNumResponse
-from ..deps import get_session_manager, get_current_user, get_user_store
+from ..deps import get_session_manager, get_current_user, get_owned_session, get_user_store
 
 router = APIRouter(tags=["sessions"])
 
 SM = Annotated[SessionManager, Depends(get_session_manager)]
 US = Annotated[UserStore, Depends(get_user_store)]
 CurrentUser = Annotated[User, Depends(get_current_user)]
+OwnedSession = Annotated[SessionConfig, Depends(get_owned_session)]
 
 
-def _session_response(sm: SessionManager, session_id: str, us: Optional[UserStore] = None) -> SessionResponse:
-    cfg_list = [c for c in sm.list_sessions() if c.session_id == session_id]
-    if not cfg_list:
+def _config_from_request(body: SessionConfigRequest, owner_uid: str) -> SessionConfig:
+    """Map the request schema onto SessionConfig in one place — create and
+    import used to hand-copy 24 fields each, and a field missed in one copy
+    silently lost its value on that path."""
+    try:
+        ct = ConnectionType(body.connection_type)
+    except ValueError:
+        raise HTTPException(status_code=422, detail=f"Invalid connection_type: {body.connection_type!r}")
+    try:
+        role = SessionRole(body.session_role)
+    except ValueError:
+        raise HTTPException(status_code=422, detail=f"Invalid session_role: {body.session_role!r}")
+    data = body.model_dump(exclude={"connection_type", "session_role", "auto_start"})
+    return SessionConfig(**data, connection_type=ct, session_role=role, owner_uid=owner_uid)
+
+
+def _session_response(sm: SessionManager, session_id: str, us: Optional[UserStore] = None,
+                      counts: Optional[dict] = None) -> SessionResponse:
+    cfg = sm.get_config(session_id)
+    if cfg is None:
         raise HTTPException(status_code=404, detail="Session not found")
-    cfg = cfg_list[0]
     state = sm.get_state(session_id)
     log = state.message_log
     owner_username: Optional[str] = None
     if us is not None:
         owner = us.get_by_uid(cfg.owner_uid)
         owner_username = owner.username if owner else None
+    if counts is not None and isinstance(log, MessageStore):
+        # List endpoint: one GROUP BY for all sessions instead of COUNT(*) each.
+        message_count = counts.get(session_id, 0)
+    else:
+        message_count = len(log) if log else 0
     return SessionResponse(
         session_id=cfg.session_id,
         display_name=cfg.display_name,
@@ -53,68 +76,29 @@ def _session_response(sm: SessionManager, session_id: str, us: Optional[UserStor
         status=state.status.name,
         last_sent_seq_num=state.last_sent_seq_num,
         last_recv_seq_num=state.last_recv_seq_num,
-        message_count=len(log) if log else 0,
+        message_count=message_count,
         status_changed_at=state.status_changed_at,
         last_heartbeat_at=state.last_heartbeat_at,
         owner_username=owner_username,
     )
 
 
-def _check_ownership(sm: SessionManager, session_id: str, user: User) -> SessionConfig:
-    """Return the SessionConfig if the user owns it (or is admin). Raises 404/403 otherwise."""
-    configs = sm.list_sessions()
-    cfg = next((c for c in configs if c.session_id == session_id), None)
-    if cfg is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-    if not user.is_admin and cfg.owner_uid != user.uid:
-        raise HTTPException(status_code=403, detail="Access denied")
-    return cfg
+def _owner_store(us: UserStore, user: User) -> Optional[UserStore]:
+    """Only admin responses carry owner_username (the UI owner badge / Mine filter)."""
+    return us if user.is_admin else None
 
 
 @router.get("/", response_model=list[SessionResponse])
 def list_sessions(sm: SM, us: US, user: CurrentUser):
     configs = sm.list_sessions_for_user(user.uid, is_admin=user.is_admin)
-    user_store = us if user.is_admin else None
-    return [_session_response(sm, cfg.session_id, user_store) for cfg in configs]
+    user_store = _owner_store(us, user)
+    counts = sm.message_counts()
+    return [_session_response(sm, cfg.session_id, user_store, counts) for cfg in configs]
 
 
 @router.post("/", response_model=SessionResponse, status_code=201)
-async def create_session(body: SessionConfigRequest, sm: SM, user: CurrentUser):
-    try:
-        ct = ConnectionType(body.connection_type)
-    except ValueError:
-        raise HTTPException(status_code=422, detail=f"Invalid connection_type: {body.connection_type!r}")
-    try:
-        role = SessionRole(body.session_role)
-    except ValueError:
-        raise HTTPException(status_code=422, detail=f"Invalid session_role: {body.session_role!r}")
-
-    cfg = SessionConfig(
-        display_name=body.display_name,
-        begin_string=body.begin_string,
-        sender_comp_id=body.sender_comp_id,
-        target_comp_id=body.target_comp_id,
-        connection_type=ct,
-        host=body.host,
-        port=body.port,
-        heartbeat_interval=body.heartbeat_interval,
-        reconnect_interval=body.reconnect_interval,
-        data_dictionary_path=body.data_dictionary_path,
-        use_file_log=body.use_file_log,
-        start_time=body.start_time,
-        end_time=body.end_time,
-        reset_on_logon=body.reset_on_logon,
-        reset_on_logout=body.reset_on_logout,
-        durable_seqnums=body.durable_seqnums,
-        log_messages=body.log_messages,
-        validate_inbound=body.validate_inbound,
-        session_role=role,
-        auto_ack=body.auto_ack,
-        auto_ack_delay_ms=body.auto_ack_delay_ms,
-        auto_fill=body.auto_fill,
-        auto_fill_delay_ms=body.auto_fill_delay_ms,
-        owner_uid=user.uid,
-    )
+async def create_session(body: SessionConfigRequest, sm: SM, us: US, user: CurrentUser):
+    cfg = _config_from_request(body, owner_uid=user.uid)
 
     try:
         session_id = sm.add_session(cfg)
@@ -127,75 +111,46 @@ async def create_session(body: SessionConfigRequest, sm: SM, user: CurrentUser):
         except Exception as e:
             raise HTTPException(status_code=500, detail=f"Session added but failed to start: {e}")
 
-    return _session_response(sm, session_id)
+    return _session_response(sm, session_id, _owner_store(us, user))
 
 
 @router.post("/import", response_model=list[SessionResponse], status_code=201)
-def import_sessions(body: list[SessionConfigRequest], sm: SM, user: CurrentUser):
+def import_sessions(body: list[SessionConfigRequest], sm: SM, us: US, user: CurrentUser):
     """
     Bulk-create sessions from an exported config file.
-    Each entry is processed independently; invalid entries are skipped.
-    Returns the list of successfully created sessions.
+    Each entry is processed independently; invalid entries (bad enums, port
+    conflicts, duplicate ids) are skipped. Returns the successfully created
+    sessions.
     """
     created = []
     for item in body:
         try:
-            ct = ConnectionType(item.connection_type)
-            role = SessionRole(item.session_role)
-            cfg = SessionConfig(
-                display_name=item.display_name,
-                begin_string=item.begin_string,
-                sender_comp_id=item.sender_comp_id,
-                target_comp_id=item.target_comp_id,
-                connection_type=ct,
-                host=item.host,
-                port=item.port,
-                heartbeat_interval=item.heartbeat_interval,
-                reconnect_interval=item.reconnect_interval,
-                data_dictionary_path=item.data_dictionary_path,
-                use_file_log=item.use_file_log,
-                start_time=item.start_time,
-                end_time=item.end_time,
-                reset_on_logon=item.reset_on_logon,
-                reset_on_logout=item.reset_on_logout,
-                durable_seqnums=item.durable_seqnums,
-                log_messages=item.log_messages,
-                validate_inbound=item.validate_inbound,
-                session_role=role,
-                auto_ack=item.auto_ack,
-                auto_ack_delay_ms=item.auto_ack_delay_ms,
-                auto_fill=item.auto_fill,
-                auto_fill_delay_ms=item.auto_fill_delay_ms,
-                owner_uid=user.uid,
-            )
+            cfg = _config_from_request(item, owner_uid=user.uid)
             session_id = sm.add_session(cfg)
-            created.append(_session_response(sm, session_id))
-        except Exception:
-            pass  # skip invalid / conflicting entries
+        except (HTTPException, ValueError, KeyError):
+            continue  # invalid / conflicting entry — skip just this one
+        created.append(_session_response(sm, session_id, _owner_store(us, user)))
     return created
 
 
 @router.get("/{session_id}", response_model=SessionResponse)
-def get_session(session_id: str, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
-    return _session_response(sm, session_id)
+def get_session(session_id: str, _cfg: OwnedSession, sm: SM, us: US, user: CurrentUser):
+    return _session_response(sm, session_id, _owner_store(us, user))
 
 
 @router.patch("/{session_id}", response_model=SessionResponse)
-def update_session(session_id: str, body: UpdateSessionRequest, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+def update_session(session_id: str, body: UpdateSessionRequest, _cfg: OwnedSession, sm: SM, us: US, user: CurrentUser):
     try:
         sm.update_session(session_id, body)
     except RuntimeError as e:
         raise HTTPException(status_code=409, detail=str(e))
     except (ValueError, KeyError) as e:
         raise HTTPException(status_code=422, detail=str(e))
-    return _session_response(sm, session_id)
+    return _session_response(sm, session_id, _owner_store(us, user))
 
 
 @router.delete("/{session_id}", status_code=204)
-async def remove_session(session_id: str, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+async def remove_session(session_id: str, _cfg: OwnedSession, sm: SM):
     try:
         await sm.remove_session(session_id)
     except KeyError:
@@ -203,36 +158,35 @@ async def remove_session(session_id: str, sm: SM, user: CurrentUser):
 
 
 @router.post("/{session_id}/start", response_model=SessionResponse)
-async def start_session(session_id: str, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+async def start_session(session_id: str, _cfg: OwnedSession, sm: SM, us: US, user: CurrentUser):
     try:
         await sm.start_session(session_id)
     except RuntimeError as e:
         raise HTTPException(status_code=409, detail=str(e))
-    return _session_response(sm, session_id)
+    return _session_response(sm, session_id, _owner_store(us, user))
 
 
 @router.post("/{session_id}/stop", response_model=SessionResponse)
 async def stop_session(
     session_id: str,
+    _cfg: OwnedSession,
     sm: SM,
+    us: US,
     user: CurrentUser,
     force: bool = Query(default=False),
 ):
-    _check_ownership(sm, session_id, user)
     await sm.stop_session(session_id, force=force)
-    return _session_response(sm, session_id)
+    return _session_response(sm, session_id, _owner_store(us, user))
 
 
 @router.post("/{session_id}/send")
-async def send_message(session_id: str, body: SendMessageRequest, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+async def send_message(session_id: str, body: SendMessageRequest, _cfg: OwnedSession, sm: SM):
     from ...core.fix_builder import build_message_from_raw
-    from datetime import datetime, timezone
+    from ...core.fix_time import utc_timestamp
 
     # Build group-aware using the session's DataDictionary so repeating groups
     # (e.g. NoAllocs rows) survive instead of collapsing to their last instance.
-    ts = None if body.no_auto_ts else datetime.now(timezone.utc).strftime("%Y%m%d-%H:%M:%S")
+    ts = None if body.no_auto_ts else utc_timestamp()
     try:
         msg = build_message_from_raw(body.raw, sm.get_data_dictionary(session_id), transact_time=ts)
     except ValueError as e:
@@ -245,8 +199,7 @@ async def send_message(session_id: str, body: SendMessageRequest, sm: SM, user:
 
 
 @router.get("/{session_id}/seqnums", response_model=SeqNumResponse)
-def get_seqnums(session_id: str, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+def get_seqnums(session_id: str, _cfg: OwnedSession, sm: SM):
     try:
         sender, target = sm.get_seqnums(session_id)
     except KeyError:
@@ -255,8 +208,7 @@ def get_seqnums(session_id: str, sm: SM, user: CurrentUser):
 
 
 @router.patch("/{session_id}/seqnums", response_model=SeqNumResponse)
-def set_seqnums(session_id: str, body: SeqNumRequest, sm: SM, user: CurrentUser):
-    _check_ownership(sm, session_id, user)
+def set_seqnums(session_id: str, body: SeqNumRequest, _cfg: OwnedSession, sm: SM):
     if body.sender is None and body.target is None:
         raise HTTPException(status_code=422, detail="Provide sender, target, or both")
     try:

{fixtureqa-0.3.4 → fixtureqa-0.4.0}/fixture/api/routers/ws.py

@@ -81,7 +81,10 @@ async def ws_all_sessions(
     """Subscribe to events from all sessions."""
     uid, is_admin, subprotocol = _authenticate_ws(websocket, token)
     if not uid:
-        logger.warning("WS /ws: auth failed (no token or invalid JWT)")
+        # Routine, not actionable: pre-login tabs, expired tokens, or a proxy
+        # stripping Sec-WebSocket-Protocol all land here and the client retries
+        # — at WARNING this used to flood the log with one line per attempt.
+        logger.debug("WS /ws: auth failed (no token or invalid JWT)")
         await websocket.close(code=4003, reason="Unauthorized")
         return
 
@@ -122,7 +125,7 @@ async def ws_single_session(
     """Subscribe to events from a single session."""
     uid, is_admin, subprotocol = _authenticate_ws(websocket, token)
     if not uid:
-        logger.warning("WS /ws/%s: auth failed (no token or invalid JWT)", session_id)
+        logger.debug("WS /ws/%s: auth failed (no token or invalid JWT)", session_id)
         await websocket.close(code=4003, reason="Unauthorized")
         return
 
@@ -134,8 +137,7 @@ async def ws_single_session(
         return
 
     # Check ownership of this specific session
-    configs = sm.list_sessions()
-    cfg = next((c for c in configs if c.session_id == session_id), None)
+    cfg = sm.get_config(session_id)
     if cfg is None or (not is_admin and cfg.owner_uid != uid):
         logger.warning("WS /ws/%s: access denied for uid=%s", session_id, uid)
         await websocket.close(code=4003, reason="Access denied")