module TokenVerification
  extend ActiveSupport::Concern
  include ActionController::HttpAuthentication::Token::ControllerMethods

  included do
    before_action :authenticate
  end


  protected
  # Authenticate the user with token based authentication
  def authenticate
    authenticate_token || render_unauthorized
  end

  def authenticate_token
    authenticate_with_http_token do |token, options|
      #@current_user = User.find_by(api_key: token)
      Rails.logger.debug "token - " + token.to_s

      @user = Employee.authenticate_by_token(token)
      if @user
        return true
        #Maybe log - login?
      end

    end
  end

  def render_unauthorized(realm = "Application")
    self.headers["WWW-Authenticate"] = %(Token realm="#{realm.gsub(/"/, "")}")
    render json: 'Bad credentials', status: :unauthorized
  end

end