API to receive a session token for mobile clients

lib/web/controllers/session_token_controller.ex

@@ -0,0 +1,9 @@
+defmodule Web.SessionTokenController do
+  use Web, :controller
+
+  def create(conn = %{assigns: %{session_token: token}}, _params) do
+    conn
+    |> put_status(201)
+    |> json(%{session_token: token})
+  end
+end

lib/web/routers/router.ex

@@ -34,6 +34,7 @@ defmodule Web.Router do
   end
 
   pipeline :session_token do
+    plug(:fetch_session)
     plug Web.Plugs.SessionToken
   end
 
@@ -178,6 +179,12 @@ defmodule Web.Router do
     post("/token", TokenController, :create)
   end
 
+  scope "/", Web do
+    pipe_through([:api, :session_token])
+
+    post("/session_tokens", SessionTokenController, :create)
+  end
+
   if Mix.env() == :dev do
     forward("/emails/sent", Bamboo.SentEmailViewerPlug)
   end

test/web/controllers/session_token_controller_test.exs

@@ -0,0 +1,27 @@
+defmodule Web.SessionTokenControllerTest do
+  use Web.ConnCase
+
+  describe "POST /session_tokens" do
+    test "a session token is returned", %{conn: conn} do
+      conn = post(conn, Routes.session_token_path(Web.Endpoint, :create))
+      assert %{"session_token" => token} = json_response(conn, 201)
+
+      assert {:ok, uuid} =
+               Phoenix.Token.verify(Web.Endpoint, "session token", token, max_age: 86_400)
+
+      assert UUID.info!(uuid)
+    end
+
+    test "an existing session token can be returned", %{conn: conn} do
+      conn =
+        conn
+        |> Plug.Test.init_test_session(session_token: "steve")
+        |> post(Routes.session_token_path(conn, :create))
+
+      assert %{"session_token" => token} = json_response(conn, 201)
+
+      assert Phoenix.Token.verify(Web.Endpoint, "session token", token, max_age: 86_400) ==
+               {:ok, "steve"}
+    end
+  end
+end