wedding-planner/app/controllers/application_controller.rb

# Copyright (C) 2024-2025 LibreWeddingPlanner contributors

# frozen_string_literal: true

class ApplicationController < ActionController::Base
  set_current_tenant_through_filter
  before_action :set_tenant
  before_action :authenticate_user!
  after_action :set_csrf_cookie

  skip_before_action :verify_authenticity_token, if: :development_swagger?

  rescue_from ActiveRecord::RecordInvalid do |exception|
    render json: {
      message: 'Record invalid',
      errors: exception.record.errors.full_messages
    }, status: :unprocessable_entity
  end

  rescue_from ActionController::ParameterMissing do |exception|
    render json: {
      message: 'Parameter missing',
      errors: [exception.message]
    }, status: :bad_request
  end

  rescue_from ActiveRecord::RecordNotFound do |exception|
    render json: {
      message: 'Record not found',
      errors: [exception.message]
    }, status: :not_found
  end

  private

  def validate_captcha!
    Rails.logger.info("Captcha params: #{captcha_params}")

    return if LibreCaptcha.new.valid?(id: captcha_params[:id], answer: captcha_params[:answer])

    render json: { error: 'Incorrect CAPTCHA solution' }, status: :unprocessable_entity
  end

  def captcha_params
    params.expect(captcha: %i[id answer])
  end

  def default_url_options(options = {})
    options.merge(path_params: { slug: ActsAsTenant.current_tenant&.slug })
  end

  def set_tenant
    set_current_tenant(Wedding.find_by!(slug: params[:slug]))
  end

  def development_swagger?
    Rails.env.test? ||
      (Rails.env.development? && request.headers['referer']&.include?('/api-docs/index.html'))
  end

  def set_csrf_cookie
    cookies['csrf-token'] = {
      value: form_authenticity_token,
      secure: false,
      same_site: :strict
    }
  end
end