class UsersController < ApplicationController
  before_action :require_no_authentication, only: [ :new, :create ]
  before_action :require_authentication, only: [ :edit, :update, :settings ]
  before_action :set_user, only: [ :edit, :update ]

  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)

    if @user.save
      sign_in(@user)
      redirect_to dashboard_path, notice: "Welcome to TurboVault, #{@user.username}!"
    else
      render :new, status: :unprocessable_entity
    end
  end

  def edit
  end

  def update
    if @user.update(user_params)
      redirect_to settings_path, notice: "Your profile has been updated."
    else
      render :edit, status: :unprocessable_entity
    end
  end

  def settings
    @user = current_user
    @api_tokens = current_user.api_tokens.order(created_at: :desc)
  end

  private

  def set_user
    @user = current_user
  end

  def user_params
    params.require(:user).permit(:email, :username, :password, :password_confirmation, :bio, :profile_public, :igdb_sync_enabled, :theme)
  end
end