# Copyright (C) 2024 Manuel Bustillo

class ApplicationController < ActionController::Base
  before_action :authenticate_user!
  after_action :set_csrf_cookie

  skip_before_action :verify_authenticity_token, if: :development_swagger?

  rescue_from ActiveRecord::RecordInvalid do |exception|
    render json: {
      message: 'Record invalid',
      errors: exception.record.errors.full_messages
    }, status: :unprocessable_entity
  end

  rescue_from ActionController::ParameterMissing do |exception|
    render json: {
      message: 'Parameter missing',
      errors: [exception.message]
    }, status: :bad_request
  end

  rescue_from ActiveRecord::RecordNotFound do |exception|
    render json: {
      message: 'Record not found',
      errors: [exception.message]
    }, status: :not_found
  end

  private

  def development_swagger?
    Rails.env.test? ||
      Rails.env.development? && request.headers['referer']&.include?('/api-docs/index.html')
  end

  def set_csrf_cookie
    cookies['csrf-token'] = {
      value: form_authenticity_token,
      secure: Rails.env.production?,
      same_site: :strict
    }
  end
end