Add wrapper scripts to make import and status checking easier.

Author: fspeirs

docs/import/school_import_csm_guide.md

@@ -2,16 +2,16 @@
 
 ## Prerequisites
 
-1. You must have the `experience-cs-admin` or `profile-admin` role
-2. School owners must have existing Code Editor for Education accounts
+1. You must have the `experience-cs-admin` or `profile-admin` role in Editor-API.
+2. School owners must have existing Code Editor for Education accounts.
 3. School owners must be unique within the CSV, and in the existing database.
 4. CSV file must be properly formatted (see template)
 
 ## Step-by-Step Process
 
 ### 1. Prepare the CSV File
 
-Download the template: `docs/school_import_template.csv`
+Download the template: `docs/import/school_import_template.csv`
 
 Required columns:
 - `name` - School name
@@ -33,6 +33,20 @@ Before importing, verify that all owner emails in your CSV correspond to existin
 
 ### 3. Upload the CSV
 
+**Prerequisite**
+
+In order to use the scripts, you have to have an OAuth token from `editor-api`.
+
+TODO: Explain how to get such a token, or write a tool to do it.
+
+You can supply this token to the scripts mentioned below by:
+
+```bash
+export TOKEN=ory_ac_a2i-3ayKjE_8YcGqRlGXdaKrZ4yWkSdfG6vwQmLEsMg.bUdeff5re2vDLd6kRffaGp8NNX6ry8Yzm7wf7aaMKWM
+```
+
+Obviously, don't use this value - use your own.
+
 **Via API:**
 
 ```bash
@@ -50,10 +64,46 @@ curl -X POST https://editor-api.raspberrypi.org/api/schools/import \
 }
 ```
 
+**Via Script:**
+
+```bash
+$ $scripts/import.sh ./docs/import/school_import_template.csv
+════════════════════════════════════════════════════════════════
+  School Import
+════════════════════════════════════════════════════════════════
+
+CSV File:        ./docs/import/school_import_template.csv
+Schools to Import: 3
+API URL:         http://localhost:3009/api/schools/import
+
+Starting import...
+
+════════════════════════════════════════════════════════════════
+  ✓ Import Job Started Successfully
+════════════════════════════════════════════════════════════════
+
+Job ID:          8a24adf7-c705-451a-8bb3-051ec5d8fdd8
+Total Schools:   3
+Status:          Import job started successfully
+
+────────────────────────────────────────────────────────────────
+  Next Steps
+────────────────────────────────────────────────────────────────
+
+Check import status with:
+  ./scripts/status.sh 8a24adf7-c705-451a-8bb3-051ec5d8fdd8
+
+Or manually with curl:
+  curl -sS -H "Authorization: $TOKEN" \
+    http://localhost:3009/api/school_import_jobs/8a24adf7-c705-451a-8bb3-051ec5d8fdd8 | jq '.'
+```
+
 ### 4. Track Progress
 
 Use the job_id from the response:
 
+**Via API**
+
 ```bash
 curl https://editor-api.raspberrypi.org/api/school_import_jobs/550e8400-e29b-41d4-a716-446655440000 \
   -H "Authorization: YOUR_TOKEN"
@@ -85,9 +135,13 @@ curl https://editor-api.raspberrypi.org/api/school_import_jobs/550e8400-e29b-41d
 }
 ```
 
-### 5. Review Results
+**Via Script**
 
-Once the job completes, the results will show:
+```bash
+[f@rpi] ➜ editor-api (U!@ fs-implement-school-import-endpoint) ./scripts/status.sh 8a24adf7-c705-451a-8bb3-051ec5d8fdd8
+════════════════════════════════════════════════════════════════
+  School Import Job Status
+════════════════════════════════════════════════════════════════
 
 ```
 Job ID:      8a24adf7-c705-451a-8bb3-051ec5d8fdd8
@@ -117,7 +171,7 @@ Capital City Academy                     32-91-93     headteacher@capital-city-a
 ════════════════════════════════════════════════════════════════
 ```
 
-### 6. Handle Failures
+### 5. Handle Failures
 
 Common failure reasons and solutions:
 
@@ -245,5 +299,5 @@ If you encounter issues:
 6. Review results: 148 succeeded, 2 failed
 7. Fix issues with 2 failed schools (duplicate references)
 8. Create those 2 schools manually or re-import
-9. Notify district admin that all schools are ready
+9. Notify district admin that all schools are ready and supply the generated codes
 10. District admin can now invite teachers to their schools

scripts/get_oauth_token.rb

@@ -0,0 +1,207 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Script to obtain an OAuth token by going through the same login flow
+# that /admin uses. This will open a browser to authenticate and then
+# start a local server to capture the callback.
+#
+# NOTE: This script listens on port 3009 (same as editor-api) at /auth/callback.
+# Make sure the editor-api server is NOT running when you use this script.
+
+require 'socket'
+require 'uri'
+require 'net/http'
+require 'json'
+require 'securerandom'
+require 'dotenv'
+
+# Load environment variables from .env file
+Dotenv.load(File.expand_path('../.env', __dir__))
+
+# Configuration
+HYDRA_URL = ENV.fetch('HYDRA_PUBLIC_URL', 'http://localhost:9001')
+CLIENT_ID = ENV.fetch('HYDRA_CLIENT_ID', 'editor-dashboard-dev')
+CLIENT_SECRET = ENV.fetch('HYDRA_CLIENT_SECRET', 'secret')
+HOST_URL = ENV.fetch('HOST_URL', 'http://localhost:3009')
+CALLBACK_PORT = 3009
+CALLBACK_URL = "#{HOST_URL}/auth/callback".freeze
+
+# Disable some Rails rubocop rules for this script since it's not part of the app
+# and a very temporary script.
+# rubocop:disable Rails/Output, Rails/Exit, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/ParameterLists
+# Simple HTTP server using raw sockets
+def start_callback_server(port, state, hydra_url, client_id, client_secret, callback_url)
+  server = TCPServer.new(port)
+
+  loop do
+    client = server.accept
+    request = client.gets
+    break unless request
+
+    # Parse request line
+    method, path_with_query, _version = request.split
+    next unless method == 'GET' && path_with_query.start_with?('/auth/callback')
+
+    # Parse query string
+    uri = URI.parse("http://localhost#{path_with_query}")
+    query_params = URI.decode_www_form(uri.query || '').to_h
+
+    # Handle errors
+    if query_params['error']
+      html = <<~HTML
+        <html><body>
+          <h1>Authentication Error</h1>
+          <p>Error: #{query_params['error']}</p>
+          <p>Description: #{query_params['error_description']}</p>
+          <p>You can close this window.</p>
+        </body></html>
+      HTML
+      send_response(client, '400 Bad Request', html)
+      puts "\nError: #{query_params['error']}"
+      puts "Description: #{query_params['error_description']}"
+      return nil
+    end
+
+    # Check state
+    if query_params['state'] != state
+      html = '<html><body><h1>State mismatch error</h1><p>You can close this window.</p></body></html>'
+      send_response(client, '400 Bad Request', html)
+      puts "\nError: State mismatch"
+      return nil
+    end
+
+    # Get authorization code
+    code = query_params['code']
+    unless code
+      html = '<html><body><h1>No authorization code received</h1><p>You can close this window.</p></body></html>'
+      send_response(client, '400 Bad Request', html)
+      puts "\nError: No authorization code received"
+      return nil
+    end
+
+    # Exchange code for token
+    token_url = URI("#{hydra_url}/oauth2/token")
+    token_request = Net::HTTP::Post.new(token_url)
+    token_request.basic_auth(client_id, client_secret)
+    token_request.set_form_data(
+      'grant_type' => 'authorization_code',
+      'code' => code,
+      'redirect_uri' => callback_url
+    )
+
+    begin
+      token_response = Net::HTTP.start(token_url.hostname, token_url.port) do |http|
+        http.request(token_request)
+      end
+
+      if token_response.code == '200'
+        token_data = JSON.parse(token_response.body)
+        result_token = token_data['access_token']
+
+        html = <<~HTML
+          <html><body>
+            <h1>Authentication Successful!</h1>
+            <p>You can close this window and return to your terminal.</p>
+          </body></html>
+        HTML
+        send_response(client, '200 OK', html)
+        return result_token
+      else
+        html = <<~HTML
+          <html><body>
+            <h1>Token Exchange Error</h1>
+            <p>Status: #{token_response.code}</p>
+            <p>#{token_response.body}</p>
+            <p>You can close this window.</p>
+          </body></html>
+        HTML
+        send_response(client, '500 Internal Server Error', html)
+        puts "\nToken exchange error: #{token_response.code}"
+        puts token_response.body
+        return nil
+      end
+    rescue StandardError => e
+      html = <<~HTML
+        <html><body>
+          <h1>Error</h1>
+          <p>#{e.message}</p>
+          <p>You can close this window.</p>
+        </body></html>
+      HTML
+      send_response(client, '500 Internal Server Error', html)
+      puts "\nError exchanging code for token: #{e.message}"
+      return nil
+    end
+  end
+ensure
+  server&.close
+end
+
+def send_response(client, status, html)
+  client.puts "HTTP/1.1 #{status}"
+  client.puts 'Content-Type: text/html'
+  client.puts "Content-Length: #{html.bytesize}"
+  client.puts
+  client.puts html
+ensure
+  client&.close
+end
+
+# OAuth parameters
+state = SecureRandom.hex(16)
+
+puts 'Starting OAuth flow...'
+puts "Hydra URL: #{HYDRA_URL}"
+puts "Client ID: #{CLIENT_ID}"
+puts "Callback URL: #{CALLBACK_URL}"
+puts
+
+# Build authorization URL
+auth_params = URI.encode_www_form(
+  'client_id' => CLIENT_ID,
+  'response_type' => 'code',
+  'scope' => 'openid email profile roles force-consent',
+  'redirect_uri' => CALLBACK_URL,
+  'state' => state
+)
+auth_url = "#{HYDRA_URL}/oauth2/auth?#{auth_params}"
+
+# Open browser
+puts 'Opening browser for authentication...'
+puts "If the browser doesn't open automatically, visit:"
+puts auth_url
+puts
+
+case RbConfig::CONFIG['host_os']
+when /darwin/
+  system("open '#{auth_url}'")
+when /linux/
+  system("xdg-open '#{auth_url}'")
+when /mswin|mingw|cygwin/
+  system("start '#{auth_url}'")
+else
+  puts 'Unable to detect OS to open browser. Please open the URL manually.'
+end
+
+# Start server and wait for callback
+trap('INT') do
+  puts "\nShutting down..."
+  exit 1
+end
+
+access_token = start_callback_server(CALLBACK_PORT, state, HYDRA_URL, CLIENT_ID, CLIENT_SECRET, CALLBACK_URL)
+
+# Print token
+if access_token
+  puts "\n#{'=' * 80}"
+  puts 'ACCESS TOKEN:'
+  puts '=' * 80
+  puts access_token
+  puts '=' * 80
+  puts "\nYou can use this token with:"
+  puts "  curl -H 'Authorization: #{access_token}' http://localhost:3009/api/projects"
+else
+  puts "\nFailed to obtain access token"
+  exit 1
+end
+# rubocop:enable Rails/Output, Rails/Exit, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/ParameterLists