# frozen_string_literal: true

# The father class of all the controllers that require authentication.
class AuthenticatedController < ApplicationController
  before_action :validate_jwt

  private

  def validate_jwt
    return if valid_token

    render json: { error_message: 'Token inválido' }, status: :unauthorized
  end

  def valid_token
    !(decoded_token.nil? || current_user_account&.session_key.nil? || invalid_jti)
  end

  def invalid_jti
    return false if current_user_account.nil? || decoded_token.nil?

    current_user_account.session_key != decoded_token[0]['jti']
  end
end