class SessionsController < ApplicationController skip_before_action :authenticate, only: :create before_action :set_session, only: %i[ show destroy ] def index render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc) end def show render json: @session end def create <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email]) if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password]) @session = <%= singular_table_name %>.sessions.create!(session_params) response.set_header("X-Session-Token", @session.signed_id) render json: @session, status: :created else render json: { error: "That email or password is incorrect" }, status: :unauthorized end end def destroy @session.destroy end private def set_session @session = Current.<%= singular_table_name %>.sessions.find(params[:id]) end def session_params { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current } end end