module TokenVerification
  extend ActiveSupport::Concern
  include ActionController::HttpAuthentication::Token::ControllerMethods

  included do
    before_action :authenticate
  end

  protected
  # Authenticate the user with token based authentication
  def authenticate
    authenticate_token || render_unauthorized
  end

  def authenticate_token
    authenticate_with_http_token do |token, options|
      # Rails.logger.debug "token - " + token.to_s
      if(options.length !=0 && options["from"] == "DOEMAL")
        if(ENV["SERVER_MODE"] === "cloud")
          from = request.subdomain.downcase  + "." + request.domain.downcase #"local"
          aes = MyAesCrypt.new
          return aes.checkKeyForAuth(from, token)
        end
      end

      @user = Employee.authenticate_by_token(token)
      if @user
        return true
        #Maybe log - login?
      end

    end
  end

  def render_unauthorized(realm = "Application")
    self.headers["WWW-Authenticate"] = %(Token realm="#{realm.gsub(/"/, "")}")
    render json: 'Bad credentials', status: :unauthorized
  end

end