class Api::V1::ApiController < ::ActionController::API

  before_action :authenticate_user

  def route_options
    cors_preflight_check
  end

  private

    def authenticate_user
      set_hash
      if @instance_hash.nil?
        render :json => {errors: "User is not logged in, register or log in"} , status: :unauthorized
      end
    end

    def authenticate_password
      if current_user.nil?
        return true
      end
      if !current_user.authenticate(params[:user][:password]) 
        return true
      else
        return false
      end
    end

    def set_hash
      #["current_owner","current_token"] Make this true to check for email also
      #@instance_hash = ::Arcadex::Authentication.get_instance(params,request,"Auth-Token")
      @instance_hash = ::Arcadex::Authentication.authenticate_owner_with_index(params,request,"Auth-Token","Email","email",true)
      #Ignore the token if the user's account is locked
      if !current_user.nil? && current_user.locked
        @instance_hash = nil
      end
    end

    def current_user
      if !@instance_hash.nil?
        return @instance_hash["current_owner"]
      else
        return nil
      end
    end

    def current_token
      if !@instance_hash.nil?
        return @instance_hash["current_token"]
      else
        return nil
      end
    end
    
end