class SessionsController < ApplicationController
  skip_before_action :authenticate, except: :destroy

  def create
    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])

    if @<%= singular_table_name %>.try(:authenticate, params[:password])
      render json: { session_token: @<%= singular_table_name %>.signed_session_token }, status: :ok
    else
      render json: { error: "Invalid email or password" }, status: :unauthorized
    end
  end

  def destroy
    Current.<%= singular_table_name %>.regenerate_session_token
  end
end