# frozen_string_literal: true

class SessionsController < ApplicationController
  skip_before_action :ensure_authentication

  def new; end

  def create
    user = User.find_or_initialize_by(email: params[:email])
    if user.authenticate(params[:password])
      session[:current_user_id] = user.id
      redirect_to root_path
    else
      render :new, status: :unauthorized
    end
  end

  def destroy
    session[:current_user_id] = nil
    redirect_to login_path
  end
end