# frozen_string_literal: true

module Api
  # The controller that handles authentications.
  class SessionsController < ApplicationController
    def create
      @user_account = UserAccount.find_by(email: permitted_params[:email])

      unless @user_account&.authenticate(permitted_params[:password])
        render json: { error_message: 'Credenciales incorrectas' }, status: :unauthorized and return
      end

      render json: generate_token, status: :ok
    end

    def destroy
      user_account.update_attribute(:session_key, nil)

      render status: :no_content
    end

    private

    def service_params
      { email: @user_account.email,
        role: @user_account.role }
    end

    def permitted_params
      params.require(:credentials).permit(:email, :password)
    end
  end
end