wedding-planner/app/controllers/sessions_controller.rb

# Copyright (C) 2024 Manuel Bustillo

class SessionsController < ApplicationController
  allow_unauthenticated_access only: :create
  rate_limit to: 10, within: 3.minutes, only: :create,
             with: -> { render json: { errors: ['Rate limit exceeded'] }, status: :too_many_requests }

  def create
    if user = User.authenticate_by(params.permit(:email_address, :password))
      start_new_session_for user
      render json: {}, status: :created
    else
      render json: { errors: ['Invalid email address or password'] }, status: :unauthorized
    end
  end

  def destroy
    terminate_session
    render json: {}, status: :ok
  end
end
Add copyright notice 2024-11-18 23:27:50 +00:00			`# Copyright (C) 2024 Manuel Bustillo`

Install Rails' authentication generator 2024-11-19 00:26:44 +01:00			`class SessionsController < ApplicationController`
Refine controllers 2024-11-19 00:32:24 +01:00			`allow_unauthenticated_access only: :create`
			`rate_limit to: 10, within: 3.minutes, only: :create,`
			`with: -> { render json: { errors: ['Rate limit exceeded'] }, status: :too_many_requests }`
Install Rails' authentication generator 2024-11-19 00:26:44 +01:00
			`def create`
			`if user = User.authenticate_by(params.permit(:email_address, :password))`
			`start_new_session_for user`
Refine controllers 2024-11-19 00:32:24 +01:00			`render json: {}, status: :created`
Install Rails' authentication generator 2024-11-19 00:26:44 +01:00			`else`
Refine controllers 2024-11-19 00:32:24 +01:00			`render json: { errors: ['Invalid email address or password'] }, status: :unauthorized`
Install Rails' authentication generator 2024-11-19 00:26:44 +01:00			`end`
			`end`

			`def destroy`
			`terminate_session`
Refine controllers 2024-11-19 00:32:24 +01:00			`render json: {}, status: :ok`
Install Rails' authentication generator 2024-11-19 00:26:44 +01:00			`end`
			`end`