module Ecom module Core class AccessController < ApplicationController skip_before_action :authenticate, only: [:login] def login user = User.find_by(email: auth_params[:email]) if user if user.authenticate(auth_params[:password]) roles = user.user_roles.each_with_object([]) do |role, result| result << role.name end payload = { id: user.id, email: user.email, name: user.full_name, roles: roles } jwt = TokenAuthService.issue(payload) render json: { token: jwt, user: payload, error: nil } else render json: { error: 'Invalid username or password' }, status: 400 end else render json: { error: 'User does not exist' }, status: 400 end end private def auth_params params.require(:auth).permit(:email, :password) end end end end