Use DB for auth sessions (#1233)

* DB sessions

* Validations for profile image

app/models/current.rb

@@ -1,5 +1,7 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :user
+  attribute :session
+  attribute :user_agent, :ip_address
 
+  delegate :user, to: :session, allow_nil: true
   delegate :family, to: :user, allow_nil: true
 end

app/models/session.rb

@@ -0,0 +1,8 @@
+class Session < ApplicationRecord
+  belongs_to :user
+
+  before_create do
+    self.user_agent = Current.user_agent
+    self.ip_address = Current.ip_address
+  end
+end

app/models/user.rb

@@ -2,9 +2,11 @@ class User < ApplicationRecord
   has_secure_password
 
   belongs_to :family
+  has_many :sessions, dependent: :destroy
   accepts_nested_attributes_for :family
 
   validates :email, presence: true, uniqueness: true
+  validate :ensure_valid_profile_image
   normalizes :email, with: ->(email) { email.strip.downcase }
 
   normalizes :first_name, :last_name, with: ->(value) { value.strip.presence }
@@ -72,6 +74,14 @@ class User < ApplicationRecord
   end
 
   private
+    def ensure_valid_profile_image
+      return unless profile_image.attached?
+
+      unless profile_image.content_type.in?(%w[image/jpeg image/png])
+        errors.add(:profile_image, "must be a JPEG or PNG")
+        profile_image.purge
+      end
+    end
 
     def last_user_in_family?
       family.users.count == 1