feat(course): add course online validate GET endpoint

- add route for <int:pk>/online/validate/ to token validate view
- implement authenticated GET returning course, user and metadata
- enforce auth only for GET via get_permissions
- add Swagger docs for the new endpoint

No breaking changes.

apps/course/urls.py

@@ -14,6 +14,7 @@ urlpatterns = [
     path('professors/<slug:slug>/courses/', views.ProfessorCourseListAPIView.as_view(), name='course-professor-course-list'),
     path('professors/<slug:slug>/', views.ProfessorDetailAPIView.as_view(), name='course-professor-detail'),
     path('<int:pk>/online/token/', views.CourseOnlineClassTokenAPIView.as_view(), name='course-online-token'),
+    path('<int:pk>/online/validate/', views.CourseOnlineClassTokenValidateAPIView.as_view(), name='course-online-validate'),
     path('online/token/validate/', views.CourseOnlineClassTokenValidateAPIView.as_view(), name='course-online-token-validate'),
     
     path('<slug:slug>/', views.CourseDetailAPIView.as_view(), name='course-detail'),

apps/course/views/course.py

@@ -367,6 +367,55 @@ class CourseOnlineClassTokenValidateAPIView(GenericAPIView):
     permission_classes = [AllowAny]
     serializer_class = OnlineClassTokenVerifySerializer
 
+    def get_permissions(self):
+        if self.request.method == 'GET':
+            return [IsAuthenticated()]
+        return [AllowAny()]
+
+    @swagger_auto_schema(
+        operation_description="Get course and user data for authenticated user.",
+        manual_parameters=[
+            openapi.Parameter(
+                'pk', openapi.IN_PATH,
+                description="Course ID",
+                type=openapi.TYPE_INTEGER,
+                required=True
+            )
+        ],
+        responses={
+            status.HTTP_200_OK: openapi.Response(
+                description="Course data retrieved.",
+                examples={
+                    "application/json": {
+                        "course": {"id": 1, "title": "Sample Course"},
+                        "user": {"id": 10, "fullname": "John Doe"},
+                        "metadata": {
+                            "status": "ongoing",
+                            "has_started": True,
+                            "professor_in_class": False,
+                            "validated_at": "2024-01-01T10:00:00Z"
+                        }
+                    }
+                }
+            )
+        }
+    )
+    def get(self, request, pk, *args, **kwargs):
+        detail_view = CourseDetailAPIView()
+        queryset = detail_view.get_queryset()
+        course = get_object_or_404(queryset, pk=pk)
+        user = request.user
+
+        course_data = CourseDetailSerializer(course, context={'request': request}).data
+        user_data = UserProfileSerializer(user, context={'request': request}).data
+        metadata = self._build_metadata(course, {'user_id': user.id, 'extra': {}, 'generated_at': timezone.now().isoformat()})
+
+        return Response({
+            'course': course_data,
+            'user': user_data,
+            'metadata': metadata,
+        }, status=status.HTTP_200_OK)
+
     @swagger_auto_schema(
         operation_description="Validate an online class entry token and return course/user data.",
         request_body=OnlineClassTokenVerifySerializer,