turbovault-app/app/controllers/api_tokens_controller.rb

# typed: true

class ApiTokensController < ApplicationController
  extend T::Sig
  before_action :require_authentication

  def index
    @api_tokens = current_user.api_tokens.order(created_at: :desc)
    @api_token = ApiToken.new
  end

  def create
    @api_token = current_user.api_tokens.build(api_token_params)

    if @api_token.save
      redirect_to settings_api_tokens_path, notice: "API token created successfully. Make sure to copy it now!"
    else
      @api_tokens = current_user.api_tokens.order(created_at: :desc)
      render :index, status: :unprocessable_entity
    end
  end

  def destroy
    @api_token = current_user.api_tokens.find(params[:id])
    @api_token.destroy
    redirect_to settings_api_tokens_path, notice: "API token was deleted."
  end

  private

  def api_token_params
    params.require(:api_token).permit(:name, :expires_at)
  end
end