get '/user/auth' do
  # TODO: do something that makes sense here
  res = User.find_by(id: 1).try(:authenticate, 'spassword')      # => false
  res.to_json
end

post '/user' do
  request.body.rewind
  json = request.body.read

  user = User.new()
  user.from_json(json, false)

  if user.save
    "ok"
  else
    status 400
    user.errors.to_json
  end
end