Prevent api requests from skipping queue

[freddyaboulton]

Description

Fixes #2452

Summary:

• Requests made to /api endpoint will be blocked if the queue is enabled for that event, unless a special auth token is passed in the header. This is to allow the queue to make requests.
• Developers can keep the api "open" by setting queue(api_open=True).

Added some unit tests but you can test yourself as well:

import gradio as gr
import time

def iteration(steps):
    for i in range(steps):
       time.sleep(0.5)
       yield i

gr.Interface(iteration,
             inputs=gr.Slider(minimum=1, maximum=10, step=1, value=5),
             outputs=gr.Number()).queue(api_open=False).launch()

In a separate process

assert requests.post(
"http://127.0.0.1:7861/api/predict/",
json={"fn_index": 0, "data": [5], "session_hash": 0}).reason == 'Unauthorized'

Checklist:

• I have performed a self-review of my own code
• I have added a short summary of my change to the CHANGELOG.md
• My code follows the style guidelines of this project
• I have commented my code in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

A note about the CHANGELOG

Hello 👋 and thank you for contributing to Gradio!

All pull requests must update the change log located in CHANGELOG.md, unless the pull request is labeled with the "no-changelog-update" label.

Please add a brief summary of the change to the Upcoming Release > Full Changelog section of the CHANGELOG.md file and include
a link to the PR (formatted in markdown) and a link to your github profile (if you like). For example, "* Added a cool new feature by [@myusername](link-to-your-github-profile) in [PR 11111](https://github.com/gradio-app/gradio/pull/11111)".

If you would like to elaborate on your change further, feel free to include a longer explanation in the other sections.
If you would like an image/gif/video showcasing your feature, it may be best to edit the CHANGELOG file using the
GitHub web UI since that lets you upload files directly via drag-and-drop.

[github-actions]

All the demos for this PR have been deployed at https://huggingface.co/spaces/gradio-pr-deploys/pr-2493-all-demos

[freddyaboulton]

Just a refactor to reduce dupe code

[freddyaboulton]

I think Bearer {token} in the Authorization header is the standard way of providing these tokens.

[abidlabs]

My feeling is that the API should be open by default to preserve the current behavior.

[abidlabs]

Thanks for adding!

[abidlabs]

Thanks @freddyaboulton, this looks really good to me. One addition: can we hide the "view API" page link in the footer if queue is enabled and api_open is False?

[abidlabs]

This is also very timely as we currently have issues with an app on Spaces whose API endpoint is being called from an external endpoint, degrading the experience for regular users of the Space. I'm going to release a beta version so that we can try this out on the Space itself. cc @AK391 @osanseviero

Internal discussion: https://huggingface.slack.com/archives/C02136Y252P/p1666447456974249

Also did some more testing and confirmedthat if you have a Space that sets api_open=False, you can still gr.Interface.load() it. The loaded Interface's requests are still correctly added to the end of the original Space's queue ✅

[freddyaboulton]

@abidlabs I made it so that the api is open by default and api_open will take precedence over show_api if the queue is enabled! Should be good for another look now!

[abidlabs]

LGTM @freddyaboulton very nice PR!

[freddyaboulton]

Thank you for the review @abidlabs !