# typed: true

class SessionsController < ApplicationController
  extend T::Sig

  before_action :require_no_authentication, only: [ :new, :create ]
  before_action :require_authentication, only: [ :destroy ]

  sig { void }
  def new
  end

  sig { void }
  def create
    user = User.find_by(email: params[:email].downcase)

    if user && user.authenticate(params[:password])
      sign_in(user)
      redirect_to dashboard_path, notice: "Welcome back, #{user.username}!"
    else
      flash.now[:alert] = "Invalid email or password"
      render :new, status: :unprocessable_entity
    end
  end

  sig { void }
  def destroy
    sign_out
    redirect_to root_path, notice: "You have been signed out."
  end
end