class ApplicationController < ActionController::Base
  # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
  allow_browser versions: :modern

  def authenticate
    unless authenticate_api_key?
      unauthorized_response
    end
  end

  def authenticate_api_key?
    api_key = request.headers["X-API-KEY"]
    if api_key.present? && ApiKey.exists?(key: api_key)
      @apikey = ApiKey.find_by(key: api_key)
      return true
    end
    false
  end

  def unauthorized_response
    render json: { error: "API key is missing or empty" }, status: :unauthorized
  end

  def authenticate_admin
    unless session[:user_id]
      redirect_to admin_login_path, alert: "Login first"
    end
  end
end