Instead of using just strings, this change converts the scopes to a
`StrEnum`, to be compatible with places where a string is expected. This
avoids typos when using these scopes, simplifies searching for usages,
and improves type hints.
An extra change was the fix to the Firmware download endpoint, which
wasn't respecting the `DISABLE_DOWNLOAD_ENDPOINT_AUTH` flag.
The `add_user` endpoint was querying the database at import time, to
decide whether to enforce the `users.write` scope or not. This is
problematic because the database might not be ready at import time.
Also, the decided `scopes` was being maintained for the entire
application lifetime, which is not ideal, as users can be created
without having the `users.write` scope, until the application is
restarted.
According to multiple FastAPI discussions [1], FastAPI only includes a
built-in mechanism to redirect requests including a trailing slash, to
its variation without slash, using a `307` status code.
This can be an issue when certain clients do not send the same headers
on the redirected request.
This change adds a custom FastAPI `APIRouter`, that registers both route
path variations (with and without trailing slash), while only marking
the path without slash for being included in the OpenAPI schema.
[1] https://github.com/fastapi/fastapi/discussions/7298
Pytest v8.2 introduced the `PYTEST_VERSION` environment variable [1],
that can be used to check if code is running from within a pytest run.
This way, we can avoid checking the loaded `sys` modules.
[1] https://docs.pytest.org/en/stable/changelog.html#id57
`ASYNC` rules [1] tries to find issues regarding asynchronous code. This
change enables `ruff` to start reporting these issues, and fixes
existing warnings.
[1] https://docs.astral.sh/ruff/rules/#flake8-async-async
