Merge pull request #1425 from guardian/user-benefits-api

rupertbates · web-flow · commit 0d67bfeb8cf6 · 2024-12-09T15:29:26.000Z
Use user-benefits API to work out newspaper archive entitlement
diff --git a/server/apiProxy.ts b/server/apiProxy.ts
@@ -185,6 +185,7 @@ export const authorizationOrCookieHeader = async ({
 	}
 	switch (host) {
 		case 'members-data-api.' + conf.DOMAIN:
+		case 'user-benefits.' + conf.API_DOMAIN:
 			return {
 				Authorization: `Bearer ${req.signedCookies[OAuthAccessTokenCookieName]}`,
 			};
diff --git a/server/routes/newspaperArchive.ts b/server/routes/newspaperArchive.ts
@@ -18,8 +18,8 @@ const NewspapersResponseSchema = z.object({
 	url: z.string(),
 });
 
-const UserAttributesSchema = z.object({
-	contentAccess: z.record(z.string(), z.boolean()),
+const userBenefitsSchema = z.object({
+	benefits: z.array(z.string()),
 });
 
 type NewspaperArchiveConfig = {
@@ -47,13 +47,16 @@ router.get('/auth', async (req: Request, res: Response) => {
 			return res.sendStatus(500);
 		}
 
+		console.log('Checking supporter entitlement');
 		const hasCorrectEntitlement = await checkSupporterEntitlement(req);
 
 		if (!hasCorrectEntitlement) {
 			// ToDo: show the user an error/info page
+			console.log('User does not have the newspaper archive entitlement');
 			return res.redirect('/');
 		}
 
+		console.log('User has the newspaper archive entitlement');
 		const authHeader = base64(`${authString}`);
 		const requestBody: NewspapersRequestBody = {};
 
@@ -107,22 +110,16 @@ router.get('/auth', async (req: Request, res: Response) => {
 export { router };
 
 async function checkSupporterEntitlement(req: Request): Promise<boolean> {
-	const supporterAttributesResponse = await getSupporterStatus(req);
-	const supporterAttributes = UserAttributesSchema.parse(
-		await supporterAttributesResponse.json(),
-	);
-
-	// ToDo: this should return a flag that represents either Tier 3 or a newspaperArchive specific entitlement
-	return (
-		supporterAttributes.contentAccess['guardianWeeklySubscriber'] &&
-		supporterAttributes.contentAccess['supporterPlus']
-	);
+	const supporterAttributes = await getSupporterStatus(req)
+		.then((res) => res.json())
+		.then((json) => userBenefitsSchema.parse(json));
+	return supporterAttributes.benefits.includes('newspaperArchive');
 }
 
 async function getSupporterStatus(req: Request) {
-	const host = 'members-data-api.' + conf.DOMAIN;
+	const host = 'user-benefits.' + conf.API_DOMAIN;
 
-	return fetch(`https://${host}/user-attributes/me`, {
+	return fetch(`https://${host}/benefits/me`, {
 		method: 'GET',
 		headers: {
 			...(await authorizationOrCookieHeader({ req, host })),

Original file line number	Diff line number	Diff line change
`@@ -185,6 +185,7 @@ export const authorizationOrCookieHeader = async ({`
`185`	`185`	`}`
`186`	`186`	`switch (host) {`
`187`	`187`	`case 'members-data-api.' + conf.DOMAIN:`
	`188`	`+ case 'user-benefits.' + conf.API_DOMAIN:`
`188`	`189`	`return {`
`189`	`190`	Authorization: `Bearer ${req.signedCookies[OAuthAccessTokenCookieName]}`,
`190`	`191`	`};`