From 41a375c6bb79c26e283a5bf5926bb2ba12914f76 Mon Sep 17 00:00:00 2001
From: juancarmore <juancar_more2@hotmail.com>
Date: Thu, 24 Apr 2025 11:23:07 +0200
Subject: [PATCH] backend: Enhance participant token validation to include
 authenticated user retrieval

---
 backend/src/middlewares/auth.middleware.ts | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/backend/src/middlewares/auth.middleware.ts b/backend/src/middlewares/auth.middleware.ts
index 3f178b5..fea5c6c 100644
--- a/backend/src/middlewares/auth.middleware.ts
+++ b/backend/src/middlewares/auth.middleware.ts
@@ -96,8 +96,11 @@ export const participantTokenValidator = async (req: Request) => {
 
 	try {
 		const payload = await tokenService.verifyToken(token);
+		const user = await getAuthenticatedUserOrAnonymous(req);
+		
 		req.session = req.session || {};
 		req.session.tokenClaims = payload;
+		req.session.user = user;
 	} catch (error) {
 		throw errorInvalidToken();
 	}
@@ -126,6 +129,14 @@ export const apiKeyValidator = async (req: Request) => {
 
 // Allow anonymous access
 export const allowAnonymous = async (req: Request) => {
+	const user = await getAuthenticatedUserOrAnonymous(req);
+
+	req.session = req.session || {};
+	req.session.user = user;
+};
+
+// Return the authenticated user if available, otherwise return an anonymous user
+const getAuthenticatedUserOrAnonymous = async (req: Request) => {
 	let user: User | null = null;
 
 	// Check if there is a user already authenticated
@@ -151,8 +162,7 @@ export const allowAnonymous = async (req: Request) => {
 		};
 	}
 
-	req.session = req.session || {};
-	req.session.user = user;
+	return user;
 };
 
 // Limit login attempts to avoid brute force attacks