class SessionsController < ApplicationController
  allow_unauthenticated_access only: %i[ new create accept_cookies gift_nico ]
  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." }

  def new
  end

  def create
    if user = User.authenticate_by(params.permit(:email_address, :password))
      start_new_session_for user
      if user.admin
        session[:admin] = true
      end
      redirect_to after_authentication_url
    else
      redirect_to new_session_path, alert: "Try another email address or password."
    end
  end

  def destroy
    terminate_session
    redirect_to new_session_path
  end

  def dismiss_banner
    session[:dismissed_banner] = true
    redirect_to root_path
  end

  def accept_cookies
    session[:dismissed_banner] = true
    redirect_to root_path
  end

  def gift_nico
    session[:dismissed_banner] = true
    redirect_to root_path
  end
end