2016-12-15 18:07:51 +08:00
|
|
|
class SessionsController < ApplicationController
|
|
|
|
|
2016-12-16 13:55:32 +08:00
|
|
|
# 除登录之外,其余接口必须在登录状态下访问
|
|
|
|
before_action :authenticate, except: [ :create ]
|
2016-12-27 22:44:50 +08:00
|
|
|
skip_before_action :verify_authenticity_token, :only => [:create,:destroy,:show]
|
|
|
|
|
2016-12-16 13:55:32 +08:00
|
|
|
|
2016-12-15 18:07:51 +08:00
|
|
|
def create
|
|
|
|
user = User.find_by(email: params[:email])
|
|
|
|
if user && user.authenticate(params[:password])
|
|
|
|
session[:user_id] = user.id
|
2016-12-27 22:44:50 +08:00
|
|
|
render status: :ok, text: 'ok'
|
2016-12-15 18:07:51 +08:00
|
|
|
else
|
2016-12-27 22:44:50 +08:00
|
|
|
render status: :unauthorized, text: 'account or password is not correct'
|
2016-12-15 18:07:51 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def destroy
|
2016-12-16 13:55:32 +08:00
|
|
|
session.delete :user_id
|
2016-12-15 18:07:51 +08:00
|
|
|
@current_user &&= nil
|
|
|
|
render status: :ok, nothing: true
|
|
|
|
end
|
2016-12-16 13:55:32 +08:00
|
|
|
|
|
|
|
def show
|
|
|
|
render 'show'
|
|
|
|
end
|
2016-12-15 18:07:51 +08:00
|
|
|
end
|