class Api::V1::LeaderboardController < ApplicationController
  skip_before_action :verify_authenticity_token
  ACCESS_TOKEN = "ikea-tomato-2026"

  before_action :set_cors_headers, :set_locale_to_default, :verify_access_token

  def index
    request.format = :json

    @leaderboard = I18n.t("countries").keys.map do |code|
      { country_code: code.upcase, score: rand(1000..9999) }
    end.sort_by { |e| -e[:score] }
    @updated_at = Time.current
  end

  private

  def set_locale_to_default
    I18n.locale = I18n.default_locale
  end


  def verify_access_token
    unless request.headers["Authorization"] == "Bearer #{ACCESS_TOKEN}"
      render json: { error: "Unauthorized" }, status: :unauthorized
    end
  end

  def set_cors_headers
    response.headers["Access-Control-Allow-Origin"] = "*"
  end
end