From 8e3e88373c11deedafbaee99e7e88f3e5b24297d Mon Sep 17 00:00:00 2001
From: Raphael Kabo <raphael.kabo@theguardian.com>
Date: Wed, 14 Feb 2024 09:24:03 +0000
Subject: [PATCH] Add comments, fix avatar API call

---
 server/idapiProxy.ts  | 21 +++++++++++++++++++++
 server/routes/aapi.ts |  2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/server/idapiProxy.ts b/server/idapiProxy.ts
index f04f33ea1..f6214b4b2 100644
--- a/server/idapiProxy.ts
+++ b/server/idapiProxy.ts
@@ -100,6 +100,25 @@ const idapiOrOAuthHeaders = ({
 	}
 };
 
+/**
+ * Prepares the options object for a fetch request to IDAPI
+ * or Avatar API (AAPI).
+ *
+ * @param options - The options object to prepare
+ * @param options.sendAuthHeader - Whether to send the access token or IDAPI cookies
+ * in the request
+ * @param options.useOkta - Whether to use Okta for authentication
+ * @param options.path - The path to the IDAPI endpoint (e.g. '/user/me')
+ * @param options.subdomain - The subdomain of the IDAPI endpoint
+ * (e.g. 'idapi' or 'avatar')
+ * @param options.method - The HTTP method to use
+ * @param options.cookies - The cookies coming from the client. These are used to
+ * build the security and cookie headers in the request
+ * @param options.signedCookies - The signed cookies coming from the client, also
+ * used to build the security and cookie headers in the request
+ * @param options.config - The IDAPI configuration object
+ * @returns The options object for the fetch request
+ */
 export const setOptions = ({
 	sendAuthHeader,
 	useOkta,
@@ -170,6 +189,8 @@ export const idapiFetch = async <T>({
  * @param url The IDAPI endpoint to hit
  * @param method The HTTP method to use (default: 'GET')
  * @param processData A function to process the JSON response (optional)
+ * @param sendAuthHeader Whether to send the access token or IDAPI cookies
+ * in the request (default: false)
  * @returns An Express route handler
  */
 export const idapiProxyHandler =
diff --git a/server/routes/aapi.ts b/server/routes/aapi.ts
index 152574e5d..dd0f57edd 100644
--- a/server/routes/aapi.ts
+++ b/server/routes/aapi.ts
@@ -41,7 +41,7 @@ router.get(
 		}
 		const { useOkta } = await getOktaConfig();
 		const options = setOptions({
-			sendAuthHeader: false,
+			sendAuthHeader: true,
 			useOkta,
 			path: '/v1/avatars/user/me/active',
 			subdomain: 'avatar',