turbovault-app/app/models/api_token.rb

# typed: true

class ApiToken < ApplicationRecord
  extend T::Sig

  belongs_to :user

  # Validations
  validates :token, presence: true, uniqueness: true

  # Callbacks
  before_validation :generate_token, on: :create

  # Scopes
  scope :active, -> { where("expires_at IS NULL OR expires_at > ?", Time.current) }

  # Instance methods
  sig { returns(T::Boolean) }
  def expired?
    expires_at.present? && expires_at < Time.current
  end

  sig { void }
  def touch_last_used!
    update_column(:last_used_at, Time.current)
  end

  private

  sig { void }
  def generate_token
    self.token ||= SecureRandom.urlsafe_base64(32)
  end
end