# frozen_string_literal: true

module Api
  # The controller that handles authentications.
  class SessionsController < AuthenticatedController
    skip_before_action :validate_jwt, only: [:create]

    def create
      @user_account = UserAccount.find_by(email: permitted_params[:email])

      unless @user_account&.authenticate(permitted_params[:password])
        render json: { errors: { auth: 'Credenciales incorrectas' } }, status: :unauthorized and return
      end

      render json: generate_token, status: :ok
    end

    def destroy
      current_user_account.update_attribute(:session_key, nil)

      render status: :no_content
    end

    private

    def service_params
      { email: @user_account.email,
        role: @user_account.role }
    end

    def permitted_params
      params.permit(:email, :password)
    end
  end
end