Add a iiif v2 probe service (#1067)

Co-authored-by: Peter Mangiafico <peter@mangiafico.org>

Gemfile.lock

@@ -404,6 +404,7 @@ GEM
       zip_tricks (>= 4.2.1, < 6.0)
 
 PLATFORMS
+  x86_64-darwin-19
   x86_64-darwin-20
   x86_64-darwin-22
   x86_64-linux

app/controllers/iiif/auth/v2/probe_service_controller.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Iiif
+  module Auth
+    # API to create IIIF Authentication access tokens
+    module V2
+      # Check access for IIIF auth v2
+      # https://iiif.io/api/auth/2.0/#probe-service
+      class ProbeServiceController < ApplicationController
+        def show
+          # Example call:
+          # /iiif/auth/v2/probe?id=https://stacks-uat.stanford.edu/file/druid:bb461xx1037/folder/SC0193_1982-013_b06_f01_1981-09-29.pdf
+          stacks_uri = params[:id] # this is a fully qualified URI to the resource on the stacks that the user is requesting access to
+          parsed_uri = parse_uri(stacks_uri)
+
+          file = StacksFile.new(id: parsed_uri[:druid], file_name: parsed_uri[:file_name], download: true)
+
+          response = { '@context': 'http://iiif.io/api/auth/2/context.json', type: 'AuthProbeResult2' }
+
+          if can? :access, file
+            response[:status] = 200
+          else
+            response[:status] = 401
+            response.merge!(add_detail(file))
+          end
+
+          render json: response
+        end
+
+        private
+
+        # add details to response for when access is denied
+        # rubocop:disable Metrics/AbcSize
+        def add_detail(file)
+          detail = {}
+          if file.stanford_restricted? && !file.embargoed?
+            detail[:heading] = { en: [I18n.t('probe_service.stanford')] }
+            detail[:auth_url] = iiif_auth_api_url
+          elsif file.stanford_restricted? && file.embargoed?
+            detail[:heading] = { en: [I18n.t('probe_service.stanford_and_embargoed', date: file.embargo_release_date.to_date)] }
+          elsif file.embargoed?
+            detail[:heading] = { en: [I18n.t('probe_service.embargoed', date: file.embargo_release_date.to_date)] }
+          elsif file.restricted_by_location?
+            detail[:heading] = { en: [I18n.t('probe_service.location', location: Settings.user.locations.labels.send(file.location))] }
+          end
+          detail[:note] = { en: [I18n.t('probe_service.access_restricted')] }
+          detail
+        end
+        # rubocop:enable Metrics/AbcSize
+
+        # parse the stacks resource URI by taking just full path, removing the '/file/' and then separating druid from filename (with paths)
+        def parse_uri(uri)
+          uri_parts = URI(uri).path.delete_prefix('/file/').split('/')
+          druid = uri_parts.first.delete_prefix('druid:')
+          file_name = uri_parts[1..].join('/')
+          { druid:, file_name: }
+        end
+      end
+    end
+  end
+end

app/models/stacks_file.rb

@@ -46,5 +46,6 @@ def druid_parts
   def stacks_rights
     @stacks_rights ||= StacksRights.new(id:, file_name:)
   end
-  delegate :rights, :cocina_rights, to: :stacks_rights
+  delegate :rights, :cocina_rights, :restricted_by_location?, :stanford_restricted?, :embargoed?,
+           :embargo_release_date, :location, to: :stacks_rights
 end

app/services/media_authentication_json.rb

@@ -22,17 +22,6 @@ def initialize(auth_url)
       @result = { status: [] }
     end
 
-    # Codes from https://github.com/sul-dlss/cocina-models/blob/8fc7b5b9b0e3592a5c81f4c0e4ebff5c926669c6/openapi.yml#L1330-L1339
-    # labels from https://consul.stanford.edu/display/chimera/Rights+Metadata+Locations
-    LOCATION_LABELS = {
-      'spec' => 'Special Collections reading room',
-      'music' => 'Music Library - main area',
-      'ars' => 'Archive of Recorded Sound listening room',
-      'art' => 'Art Library',
-      'hoover' => 'Hoover Library',
-      'm&m' => 'Media & Microtext'
-    }.freeze
-
     attr_reader :result, :auth_url
 
     def as_json
@@ -50,7 +39,7 @@ def add_stanford_restricted!
 
     def add_location_restricted!(location)
       add_status(:location_restricted)
-      result[:location] = { code: location, label: LOCATION_LABELS.fetch(location) }
+      result[:location] = { code: location, label: Settings.user.locations.labels.send(location) }
     end
 
     def add_embargo!(embargo_release_date)

config/locales/en.yml

@@ -30,4 +30,9 @@
 # available at https://guides.rubyonrails.org/i18n.html.
 
 en:
-  hello: "Hello world"
+  probe_service:
+    access_restricted: "Access restricted"
+    stanford: "Stanford-affiliated? Login to play"
+    stanford_and_embargoed: "Content is both Stanford restricted and embargoed until %{date}"
+    embargoed: "Content is embargoed until %{date}"
+    location: "Content is restricted to location %{location}"

config/routes.rb

@@ -80,4 +80,8 @@
     get '/image/auth/:id/:file_name.:format' => 'legacy_image_service#show'
     get '/image/auth/:id/:file_name' => 'legacy_image_service#show'
   end
+
+  # IIIF Probe Service
+  get '/iiif/auth/v2/probe' => 'iiif/auth/v2/probe_service#show'
+
 end

config/settings.yml

@@ -38,6 +38,15 @@ user:
     - sulair:proxy-access
     - lane:proxy-access
   locations:
+    # Codes from https://github.com/sul-dlss/cocina-models/blob/8fc7b5b9b0e3592a5c81f4c0e4ebff5c926669c6/openapi.yml#L1330-L1339
+    # labels from https://consul.stanford.edu/display/chimera/Rights+Metadata+Locations
+    labels:
+      spec: 'Special Collections reading room'
+      music: 'Music Library - main area'
+      ars: 'Archive of Recorded Sound listening room'
+      art: 'Art Library'
+      hoover: 'Hoover Library'
+      m&m: 'Media & Microtext'
     spec:
       - an.ip.address