class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  before_action :validate_session, except: [ :nothing ]

  # TODO: use devise or rails or whatever to implement a real session system
  # for now just make hashes of data and store metadata by token
  @@sessions = {}

  rescue_from Exception do |exception|
    if Rails.env.development?
      error = {message:exception.message}
      error[:application_trace] = Rails.backtrace_cleaner.clean(exception.backtrace)
      error[:full_trace] = exception.backtrace
      puts error
      render :text => error, :status => 500
    else
      render :text => "Internal server error.", :status => 500
    end
  end

  def nothing
    render :nothing => 'true'
  end

  protected

  def json_request?
    request.format == 'application/json'
  end

  def validate_session
    # look for the magic cookie
    session_key = cookies[:hws_token]
    @current_session = @@sessions[session_key]
    head 403 and return false if @current_session.nil?
    if @current_session[:expires] < DateTime.current
      puts 'Expiring session ' + @current_session
      @current_session = nil
      @@sessions.delete(session_key)
      redirect_to login, status: 403 and return false
    end
    # TODO: check other metadata

  end
end