# sessions_controller.rb
class Api::V1::SessionsController < ApplicationController
def create
user = User.authenticate(params[:email], params[:password])
if user
token = user.generate_token_for("auth_token")
render json: {
session: { id: user.id, email: user.email, token: token }
}
else
render json: { errors: "invalid email id or password" }, status: 420
end
end
def kurrent_user
begin
User.find_by_token("auth_token", request.headers["HTTP_TOKEN"]) if request.headers["HTTP_TOKEN"]
rescue
nil
end
end
end
#user.rb
class User < ActiveRecord::Base
def self.authenticate(email, password)
user = find_by(email: email)
if user && user.valid_password?(password)
user
else
nil
end
end
def generate_token_for(token_type)
self.class.verifier("User-#{token_type}").generate([id, Time.now])
end
def self.find_by_token(token_type, token)
user_id, timestamp = verifier("User-#{token_type}").verify(token)
case token_type
when "auth_token"
raise "Token expired" if timestamp < 10.days.ago
when "password_reset_token"
raise "Token expired" if timestamp < 1.day.ago
end
User.find(user_id)
end
def self.verifier(sign)
Rails.application.message_verifier(sign)
end
end
Nice 👍