class Token < CouchRest::Model::Base

  use_database :tokens

  belongs_to :user

  # timestamps! does not create setters and only sets updated_at
  # if the object has changed and been saved. Instead of triggering
  # that we rather use our own property we have control over:
  property :last_seen_at, Time, accessible: false

  validates :user_id, presence: true

  def authenticate
    if expired?
      destroy
      return nil
    else
      touch
      return user
    end
  end

  def touch
    self.last_seen_at = Time.now
    save
  end

  def expired?
    expires_after and
    last_seen_at + expires_after.minutes < Time.now
  end

  def expires_after
    APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after]
  end

  def initialize(*args)
    super
    self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '')
    self.last_seen_at = Time.now
  end

  design do
  end
end