fix: update OptionalAuth to retrieve user details from authService and ensure user is enabled

2026-02-13 08:20:11 +00:00
parent f4f7194550
commit aa06aa81c8
1 changed files with 8 additions and 2 deletions
--- a/backend/internal/api/middleware/optional_auth.go
+++ b/backend/internal/api/middleware/optional_auth.go
@@ -37,8 +37,14 @@ func OptionalAuth(authService *services.AuthService) gin.HandlerFunc {
 			return
 		}

-		c.Set("userID", claims.UserID)
-		c.Set("role", claims.Role)
+		user, err := authService.GetUserByID(claims.UserID)
+		if err != nil || !user.Enabled {
+			c.Next()
+			return
+		}
+
+		c.Set("userID", user.ID)
+		c.Set("role", user.Role)
 		c.Next()
 	}
 }