Scratch project saving and loading outline

app/controllers/api/projects_controller.rb

@@ -4,12 +4,15 @@
 
 module Api
   class ProjectsController < ApiController
+    include ActionController::Cookies
+
     before_action :authorize_user, only: %i[create update index destroy]
     before_action :load_project, only: %i[show update destroy show_context]
     before_action :load_projects, only: %i[index]
     load_and_authorize_resource
     before_action :verify_lesson_belongs_to_school, only: :create
     after_action :pagination_link_header, only: %i[index]
+    before_action :set_auth_cookie_for_scratch, only: %i[show]
 
     def index
       @paginated_projects = @projects.page(params[:page])
@@ -59,6 +62,18 @@ def show_context
 
     private
 
+    def set_auth_cookie_for_scratch
+      return unless @project.project_type == Project::Types::CODE_EDITOR_SCRATCH
+      return unless Flipper.enabled?(:cat_mode, school)
+
+      cookies[:scratch_auth] = {
+        value: request.headers['Authorization'],
+        secure: Rails.env.production?,
+        same_site: :strict,
+        http_only: true
+      }
+    end
+
     def verify_lesson_belongs_to_school
       return if base_params[:lesson_id].blank?
       return if school&.lessons&.pluck(:id)&.include?(base_params[:lesson_id])

app/controllers/api/scratch/assets_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Api
+  module Scratch
+    class AssetsController < ScratchController
+      skip_before_action :authorize_user, only: [:show]
+      skip_before_action :check_scratch_feature, only: [:show]
+
+      def show
+        render :show, formats: [:svg]
+      end
+
+      def create
+        render json: { status: 'ok', 'content-name': params[:id] }, status: :created
+      end
+    end
+  end
+end

app/controllers/api/scratch/projects_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Api
+  module Scratch
+    class ProjectsController < ScratchController
+      skip_before_action :authorize_user, only: [:show]
+      skip_before_action :check_scratch_feature, only: [:show]
+
+      def show
+        render :show, formats: [:json]
+      end
+
+      def update
+        render json: { status: 'ok' }, status: :ok
+      end
+    end
+  end
+end

app/controllers/api/scratch/scratch_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Api
+  module Scratch
+    class ScratchController < ApiController
+      include IdentifiableByCookie
+
+      before_action :authorize_user
+      before_action :check_scratch_feature
+
+      def check_scratch_feature
+        return if current_user.nil?
+
+        school = current_user&.schools&.first
+        return if Flipper.enabled?(:cat_mode, school)
+
+        raise ActiveRecord::RecordNotFound, 'Not Found'
+      end
+    end
+  end
+end

app/controllers/concerns/identifiable_by_cookie.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module IdentifiableByCookie
+  extend ActiveSupport::Concern
+  include ActionController::Cookies
+
+  def identify_user
+    token = cookies[:scratch_auth]
+    User.from_token(token:) if token
+  end
+
+  def current_user
+    @current_user ||= identify_user
+  end
+end

app/models/project.rb

@@ -5,6 +5,7 @@ module Types
     PYTHON = 'python'
     HTML = 'html'
     SCRATCH = 'scratch'
+    CODE_EDITOR_SCRATCH = 'code_editor_scratch'
   end
 
   belongs_to :school, optional: true