Restrict certificates route to Grover middleware

Grover turns the html output of the certificates#show action into a PDF response, but we don't want to expose HTML format as a valid response.
So limit the route to Grover middleware requests.

Gemfile.lock

@@ -147,10 +147,10 @@ GEM
     cgi (0.4.1)
     childprocess (5.0.0)
     coderay (1.1.3)
-    concurrent-ruby (1.3.3)
     combine_pdf (1.0.26)
       matrix
       ruby-rc4 (>= 0.1.5)
+    concurrent-ruby (1.3.3)
     connection_pool (2.4.1)
     console1984 (0.2.0)
       irb (~> 1.13)
@@ -343,6 +343,8 @@ GEM
     nio4r (2.7.3)
     nokogiri (1.16.6-arm64-darwin)
       racc (~> 1.4)
+    nokogiri (1.16.6-x86_64-darwin)
+      racc (~> 1.4)
     nokogiri (1.16.6-x86_64-linux)
       racc (~> 1.4)
     notifications-ruby-client (6.0.0)
@@ -652,6 +654,7 @@ PLATFORMS
   arm64-darwin-22
   arm64-darwin-23
   arm64-darwin-24
+  x86_64-darwin-23
   x86_64-linux
 
 DEPENDENCIES

app/controllers/qualifications/certificates_controller.rb

@@ -31,6 +31,10 @@ def render_certificate?
         teacher.passed_induction?
       when :qts
         teacher.qts_awarded?
+      when :eyts
+        teacher.eyts_awarded?
+      when :npq
+        teacher.npq.present
       else
         qualification.awarded_at.present?
       end

app/views/qualifications/certificates/_npq.html.erb

@@ -0,0 +1,12 @@
+<img src="/qts-certificate.jpg" class="header-image" alt="Department for Education" />
+
+<div class="content">
+
+  <p class="text">This is to certify that: <strong><%= teacher.name %></strong></p>
+  <p>&#160;</p>
+  <p class="text">has been awarded the</p>
+  <p>&#160;</p>
+  <h2 class="heading"> <strong><%= qualification.name %></strong></h2>
+  <p>&#160;</p>
+  <p class="text">Any potential employer can independently confirm your teacher status online at:<br/>https://teacherservices.education.gov.uk</p>
+</div>

config/routes/aytq.rb

@@ -16,7 +16,9 @@
 
   resource :start, only: [:show]
 
-  resources :certificates, only: [:show]
+  resources :certificates, only: [:show],
+    constraints: ->(req) { req.env["Rack-Middleware-Grover"] == "true" }
+
   resource :identity_user, only: [:show]
   resource :one_login_user, only: [:show], path: "one-login-user" do
     resources :name_changes,

package.json

@@ -2,8 +2,8 @@
   "name": "app",
   "private": "true",
   "dependencies": {
-    "esbuild": "^0.20.2",
-    "govuk-frontend": "^5.2.0",
+    "esbuild": "^0.23.0",
+    "govuk-frontend": "^5.4.1",
     "puppeteer": "22.6.1",
     "sass": "^1.74.1"
   },

yarn.lock

@@ -2,10 +2,6 @@
 # yarn lockfile v1
 
 
-"@esbuild/[email protected]":
-  version "0.23.0"
-  resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.23.0.tgz#145b74d5e4a5223489cabdc238d8dad902df5259"
-  integrity sha512-3sG8Zwa5fMcA9bgqB8AfWPQ+HFke6uD3h1s3RIwUNK8EG7a4buxvuFTs3j1IMs2NXAk9F30C/FF4vxRgQCcmoQ==
 "@babel/code-frame@^7.0.0":
   version "7.24.2"
   resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.2.tgz#718b4b19841809a58b29b68cde80bc5e1aa6d9ae"
@@ -29,10 +25,10 @@
     js-tokens "^4.0.0"
     picocolors "^1.0.0"
 
-"@esbuild/aix-ppc64@0.20.2":
-  version "0.20.2"
-  resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.20.2.tgz#a70f4ac11c6a1dfc18b8bbb13284155d933b9537"
-  integrity sha512-D+EBOJHXdNZcLJRBkhENNG8Wji2kgc9AZ9KiPr1JuZjsNtyHzrsfLRrY0tk2H2aoFu6RANO1y1iPPUCDYWkb5g==
+"@esbuild/aix-ppc64@0.23.0":
+  version "0.23.0"
+  resolved "https://registry.yarnpkg.com/@esbuild/aix-ppc64/-/aix-ppc64-0.23.0.tgz#145b74d5e4a5223489cabdc238d8dad902df5259"
+  integrity sha512-3sG8Zwa5fMcA9bgqB8AfWPQ+HFke6uD3h1s3RIwUNK8EG7a4buxvuFTs3j1IMs2NXAk9F30C/FF4vxRgQCcmoQ==
 
 "@esbuild/[email protected]":
   version "0.23.0"
@@ -430,10 +426,10 @@ error-ex@^1.3.1:
   dependencies:
     is-arrayish "^0.2.1"
 
-esbuild@^0.20.2:
-  version "0.20.2"
-  resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.20.2.tgz#9d6b2386561766ee6b5a55196c6d766d28c87ea1"
-  integrity sha512-WdOOppmUNU+IbZ0PaDiTst80zjnrOkyJNHoKupIcVyU8Lvla3Ugx94VzkQ32Ijqd7UhHJy75gNWDMUekcrSJ6g==
+esbuild@^0.23.0:
+  version "0.23.0"
+  resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.23.0.tgz#de06002d48424d9fdb7eb52dbe8e95927f852599"
+  integrity sha512-1lvV17H2bMYda/WaFb2jLPeHU3zml2k4/yagNMG8Q/YtfMjCwEUZa2eXXMgZTVSL5q1n4H7sQ0X6CdJDqqeCFA==
   optionalDependencies:
     "@esbuild/aix-ppc64" "0.23.0"
     "@esbuild/android-arm" "0.23.0"
@@ -859,11 +855,6 @@ readdirp@~3.6.0:
   dependencies:
     picomatch "^2.2.1"
 
-sass@^1.77.8:
-  version "1.77.8"
-  resolved "https://registry.yarnpkg.com/sass/-/sass-1.77.8.tgz#9f18b449ea401759ef7ec1752a16373e296b52bd"
-  integrity sha512-4UHg6prsrycW20fqLGPShtEvo/WyHRVRHwOP4DzkUrObWoWI05QBSfzU71TVB7PFaL104TwNaHpjlWXAZbQiNQ==
-
 require-directory@^2.1.1:
   version "2.1.1"
   resolved "https://registry.yarnpkg.com/require-directory/-/require-directory-2.1.1.tgz#8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"