class ApiController < ApplicationController
  skip_before_action :verify_authenticity_token
  respond_to :json
  rescue_from UserAuthenticationService::NotAuthorized, with: :not_authorized
  rescue_from ActiveRecord::RecordNotFound, with: :not_found
  before_filter :api_session_token_authenticate!

  private

  def signed_in?
    !!current_api_session_token.user
  end

  def current_user
    current_api_session_token.user
  end

  def api_session_token_authenticate!
    return not_authorized unless authorization_header && current_api_session_token.valid?
  end

  def ensure_signed_in!
    return not_authorized unless current_user
  end

  def current_factory
    raise NoFactoryError unless current_user.factory
    current_user.factory
  end

  def current_api_session_token(token=authorization_header)
    @current_api_session_token ||= ApiSessionToken.new(token)
  end

  def authorization_header
    request.headers['HTTP_AUTHORIZATION']
  end

  def not_authorized message = "Not Authorized"
    error message, 401
  end

  def not_found message = "Not Found"
    error message, 404
  end

  def not_acceptable message = "Not acceptable"
    error message, 406
  end

  def bad_request message = "Bad request"
    error message, 400
  end

  def error message, status
    render json: { error: message }, status: status
  end
end