require_dependency 'mks/auth/application_controller'

module Mks
  module Auth
    class AccessController < ApplicationController
      before_action :confirm_logged_in, :except => [:attempt_login, :logout, :menu, :csrf_token]

      def csrf_token
        cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
        render json: {success: true}
      end

      def attempt_login
        code = Rails.configuration.app_code
        app_module = ApplicationModule.find_by(code: code)
        user = User.find_by(email: params[:email].downcase)

        if user && user.application_module.id == app_module.id
          if user.authenticate(params[:password])
            login_user user
            roles = user.roles.map(&:name)
            response = { success: true, data: {user_id: user.id, user_full_name: user.full_name, roles: roles }}
            render json: response
          else
            render json: {success: false, errors: "Invalid username or password"}
          end
        else
          render json: {success: false, errors: "User doesn't exist or is not allowed!"}
        end
      end

      def logout
        logout_user if logged_in?
        render json: { success: true }
      end

      def menu
        render json: {success: true, data: fetch_menus}
      end

      def check_login
        if session[:user_id]
          user = User.find(session[:user_id])
          render json: {success: true, data: user.full_name}
        else
          render json: {success: false}
        end
      end
    end
  end
end