Add endpoint for Profile API authorisation check

mwtrew · mwtrew · commit c344ea4e3a44 · 2026-02-24T14:20:01.000Z
diff --git a/app/controllers/api/profile_auth_check_controller.rb b/app/controllers/api/profile_auth_check_controller.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Api
+  class ProfileAuthCheckController < ApiController
+    def index
+      authorised = ProfileApiClient.check_auth(token: current_user&.token)
+
+      render json: { can_use_profile_api: authorised }, status: :ok
+    rescue ProfileApiClient::UnauthorizedError
+      render json: { can_use_profile_api: false }, status: :ok
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -92,6 +92,8 @@
     post '/google/auth/exchange-code', to: 'google_auth#exchange_code', defaults: { format: :json }
 
     resources :features, only: %i[index]
+
+    resources :profile_auth_check, only: %i[index]
   end
 
   resource :github_webhooks, only: :create, defaults: { formats: :json }
diff --git a/lib/profile_api_client.rb b/lib/profile_api_client.rb
@@ -36,12 +36,21 @@ def initialize(response)
       @response_status = response.status
       @response_headers = response.headers
       @response_body = response.body
-
       super("Unexpected response from Profile API (status code #{response.status})")
     end
   end
 
   class << self
+    def check_auth(token:)
+      return true if ENV['BYPASS_OAUTH'].present?
+
+      response = connection(token).get('/api/v1/access')
+
+      response.status == 200
+    rescue Faraday::BadRequestError, Faraday::UnauthorizedError
+      false
+    end
+
     def create_school(token:, id:, code:)
       return { 'id' => id, 'schoolCode' => code } if ENV['BYPASS_OAUTH'].present?
 
