Include the Monarch link app as a service on IMAGE-server

[VenissaCarolQuadros]

This PR merges a containerized version of the Monarch web application that links the IMAGE-TactileAuthoring tool to the Monarch client.

As per discussions, this application has been made into a service on the IMAGE-server. New channels can be created and existing channels can be updated by the authoring tool by posting to https://monarch.unicorn.cim.mcgill.ca/create/<subscribed_code>. The JSON can be accessed by the Monarch client by getting from https://monarch.unicorn.cim.mcgill.ca/display/<subscribed_code>. Resolves #888.

Testing:

• Checked that restarting container clears previously created channel
• Checked that a new channel can be created using publish on the authoring tool and getting the same on the Monarch

<svg width="254.00000000000003" height="105.83333" xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg" version="1.1" xml:space="preserve">
<g class="layer" data-image-layer="Layer 1">
<ellipse cx="59.5" cy="27.82" fill="#FF0000" id="svg_1" rx="27" ry="25" stroke="#000000" stroke-width="5"/>
</g>
</svg>

was published on code 123456.

• Checked that a channel can be updated when the code and secret id is correct
  Graphic on 123456 was updated to

<svg width="254.00000000000003" height="105.83333" xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg" version="1.1" xml:space="preserve">
 <g class="layer" data-image-layer="Layer 1">
  <rect fill="#FF0000" height="34.62" id="svg_2" stroke="#000000" stroke-width="5" width="84.83" x="26.47" y="33.31"/>
 </g>
</svg>

and the change was observed on the Monarch

• Checked that update fails when the secret id is incorrect
  The update failed when the secret key was changed

---

Required Information

• I referenced the issue addressed in this PR.
• I described the changes made and how these address the issue.
• I described how I tested these changes.

Coding/Commit Requirements

• I followed applicable coding standards where appropriate (e.g., PEP8)
• I have not committed any models or other large files.

New Component Checklist (mandatory for new microservices)

• I added an entry to docker-compose.yml and build.yml.
• I created A CI workflow under .github/workflows.
• I have created a README.md file that describes what the component does and what it depends on (other microservices, ML models, etc.).

OR

• I have not added a new component in this PR.

[JRegimbal]

Comments within the file, plus the inputs are not checked. I was able to cause an internal server error by omitting or incorrectly entering fields in the POST requests.

[JRegimbal]

The current versions is 3.13 - why are you using 3.10?

[JRegimbal]

OK for quick prototyping, but this should not be used in production. Would suggest something like sqlite3 that may scale better.

[VenissaCarolQuadros]

Created #897 to keep track of this

[JRegimbal]

Are there restrictions on what "id" can be here?

[JRegimbal]

Also - any reason why the create and update methods were combined?

[VenissaCarolQuadros]

I haven't limited this currently but I typically use a 6-digit numeric code. Flask has options to limit this something generic like 'int' or we can also build custom 'converters' if we want to enforce this.

EDIT: I have added in a custom converter.

[JRegimbal]

Generally considered bad practice to save this in plain text...compare using something like bcrypt?

[JRegimbal]

Unauthorized access should return 401 code.

[JRegimbal]

In the model we discussed earlier, the ID and secret was generated on the server and returned to the client. Create only allowed the client to specify a title. Any reason for the changes?

[VenissaCarolQuadros]

Oops, it looks like I've somehow completely messed up the implementation here! :')
Will probably need to touch base in person to sort this out.

[JRegimbal]

Any reason for the change in name from receive? Also should check the ID.

[JRegimbal]

Suggest setting only what you use directly with semver and allowing some newer verisons. pip freeze output is almost always overly restrictive.

[JRegimbal]

Nice!

[VenissaCarolQuadros]

I ran additional tests with POST requests with incorrect/ omitted fields. It now returns 400 in these cases.

[JRegimbal]

Putting a pin in this for later updates.

[JRegimbal]

It looks like randint(a, b) returns a value n where a <= n <= b. This conflicts with the check for values between 1 and 8 on line 71.

https://docs.python.org/3/library/random.html

[VenissaCarolQuadros]

Oopsies! I referred numpy randint docs 😶

[JRegimbal]

Ah yes, the legally distinct randint. No worries!

[JRegimbal]

Suggest updating the pattern to include line start/end (^[1-8]{6}$) to avoid the separate length check.

[JRegimbal]

I wouldn't have put the title as part of the path here. This makes more sense as part of the request body.

[VenissaCarolQuadros]

Made the requested changes.
I also noticed that I was not saving 'title' to JSON- I've included it and also made it possible to change this when 'update/' is called.

Also, an exception was being raised when 'display/' was called on a valid ID that didn't exist in the JSON since abort() raises an exception.

[JRegimbal]

Looks good! We should chat tomorrow during the meeting about merging this.

[jeffbl]

Marking for deploy on pegasus since I haven't noticed any ill effects on unicorn. @JRegimbal @VenissaCarolQuadros please push back if you think this could cause issues.

[VenissaCarolQuadros]

Unless there is already some cleanup happening on Pegasus, we need have a way to clear the .json file this app creates since this could bulk up over time. (It is cleared on Unicorn every time the container is rebuilt)

[jeffbl]

Is there a work item for doing this? (If so, please link here, otw it sounds like we should create one?)

And I assume deploying this is also blocked on Shared-Reality-Lab/IMAGE-website#73?