class SessionsController < ApplicationController
  before_action :set_session, only: %i[ show destroy ]

  skip_before_action :authenticate, only: :create

  def index
    render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
  end

  def show
    render json: @session
  end

  def create
    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])

    if @<%= singular_table_name %> && @<%= singular_table_name %>.authenticate(params[:password])
      session = @<%= singular_table_name %>.sessions.create!(session_params)
      response.set_header("X-Session-Token", session.signed_id)

      render json: session, status: :created
    else
      render json: { error: "That email or password is incorrect" }, status: :unauthorized
    end
  end

  def destroy
    @session.destroy
  end

  private
    def set_session
      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
    end

    def session_params
      { user_agent: request.user_agent, ip_address: request.remote_ip }
    end
end