Implement user isolation for session queue and socket events

[Copilot]

Summary

Multi-user setups were leaking queue events and field values across users. When User A started a generation, User B would see the preview/progress events and generated images would appear on both boards. Field values from any user's queue items were visible to all users.

Backend:

• Socket authentication via JWT tokens with user context storage (user_id, is_admin)
• Event filtering: queue item events only emit to owner or admins
• Field value sanitization: sanitize_queue_item_for_user() clears values for non-admins viewing others' items
• Database queries enhanced with LEFT JOIN users to fetch display names

Frontend:

• Added "User" column to queue list (display_name → email → user_id priority)
• "Hidden for privacy" indicator when field values are sanitized
• User tooltip on hover

Example socket event filtering logic:

async def _handle_queue_event(self, event: FastAPIEvent[QueueEventBase]):
    event_name, event_data = event
    
    if isinstance(event_data, QueueItemEventBase) and hasattr(event_data, "user_id"):
        room_sids = await self._sio.manager.get_participants("/", event_data.queue_id)
        for sid in room_sids:
            session = await self._sio.get_session(sid)
            if session:
                session_user_id = session.get("user_id", "system")
                is_admin = session.get("is_admin", False)
                
                # Emit only to owner or admins
                if session_user_id == event_data.user_id or is_admin:
                    await self._sio.emit(event=event_name, data=event_data.model_dump(mode="json"), room=sid)

Related Issues / Discussions

Addresses enhancement request for multi-user isolation improvements.

QA Instructions

Multi-user event isolation:

1. Log in as User A in Browser 1, User B in Browser 2
2. Start generation as User A
3. Verify User B does not see progress events or images
4. Log in as admin in Browser 3, verify admin sees all events

Field value privacy:

1. User A enqueues items with field values
2. User B views queue list
3. Verify "Hidden for privacy" appears for User A's items
4. Admin views queue list, verifies all field values visible

User display:

1. Verify "User" column shows display names when available
2. Fallback to email, then user_id as expected

Merge Plan

TypeScript types must be regenerated after merge:

cd invokeai/frontend/web
python ../../../scripts/generate_openapi_schema.py | pnpm typegen

Checklist

• The PR has a short but descriptive title, suitable for a changelog
• Tests added / updated (if applicable)
• ❗Changes to a redux slice have a corresponding migration
• Documentation added / updated (if applicable)
• Updated What's New copy (if doing a release after this PR)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[enhancement]: Improve user isolation in session queue and processing</issue_title>
<issue_description>### Is there an existing issue for this?

• I have searched the existing issues

Contact Details

No response

What should this feature add?

Several enhancement requests were identified during testing of PR #26

1. When two users, A and B, are logged in simultaneously and A initiates a generation, the generation preview shows up in both A and B's browsers and the generated image gets saved to both A and B's image boards. Non-administrative users should never see the images being generated by another user.
2. When displaying the job queue, users should not be able to see Batch Field Values from generation processes launched by other users. The values should be blurred out if possible. Only the Administrator should be able to see values from generations launched by other users.
3. When the job queue tab is open in multiple browsers and a generation is begun in one browser window, the queue does not update in the other window.
4. New columns should be added to the job queue table showing the account name of the user who launched the job. If the account name is not set, then show the login name.

Alternatives

No response

Additional Content

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [enhancement]: Improve user isolation in session queue and processing #29

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.