# frozen_string_literal: true

class ApiController < ApplicationController
  API_LOGGER = Logger.new("log/api.log")

  before_action :check_for_access
  before_action :log

  private

  def check_for_access
    authorization_token = request.headers["HTTP_AUTHORIZATION"].sub("Bearer ", "")
    return unauthorized if authorization_token.blank? || authorization_token.size != 32

    @token = ApiToken.where(token: authorization_token).first
    return unauthorized if @token.nil?
  end

  def unauthorized
    render json: {code: 401, message: "401 Unauthorized"}, status: :unauthorized
  end

  def log
    API_LOGGER.info("#{@token.comment} [C:#{request.client_ip} - R:#{request.remote_ip}] - #{request.url}")
  end
end