# frozen_string_literal: true

class Api::UsersController < Api::ApiController
  skip_before_action :authenticate_user
  before_action :verify_custom_token, only: :create

  def create
    if user_params[:email].nil? || user_params[:password].nil?
      raise ActionController::ParameterMissing.new 'Missing email or password'
    end

    user = Oath::Services::SignUp.new(user_params).perform
    render json: user.slice(:email, :created_at, :first_name, :last_name)
  end

  private

  def user_params
    params.require(:user).permit(%i[
                                   email
                                   password
                                   first_name
                                   last_name
                                 ])
  end

  def verify_custom_token
    if token.blank? || token != ENV['CUSTOM_API_TOKEN']
      unauthorized_entity(:user)
    end
  end

end