const jwt = require('jsonwebtoken'); const config = require('../config/config'); const { GuestSession } = require('../models'); /** * Middleware to verify guest session token */ exports.verifyGuestToken = async (req, res, next) => { try { // Get token from header const guestToken = req.headers['x-guest-token']; if (!guestToken) { return res.status(401).json({ success: false, message: 'No guest token provided. X-Guest-Token header is required.' }); } // Verify token const decoded = jwt.verify(guestToken, config.jwt.secret); // Check if guestId exists in payload if (!decoded.guestId) { return res.status(401).json({ success: false, message: 'Invalid guest token. Missing guestId.' }); } // Verify guest session exists in database const guestSession = await GuestSession.findOne({ where: { guestId: decoded.guestId } }); if (!guestSession) { return res.status(404).json({ success: false, message: 'Guest session not found.' }); } // Check if session is expired if (new Date() > new Date(guestSession.expiresAt)) { return res.status(410).json({ success: false, message: 'Guest session has expired. Please start a new session.' }); } // Check if session was converted to user account if (guestSession.isConverted) { return res.status(410).json({ success: false, message: 'Guest session has been converted to a user account. Please login with your credentials.' }); } // Attach guest session to request req.guestSession = guestSession; req.guestId = decoded.guestId; next(); } catch (error) { if (error.name === 'TokenExpiredError') { return res.status(401).json({ success: false, message: 'Guest token expired. Please start a new session.' }); } else if (error.name === 'JsonWebTokenError') { return res.status(401).json({ success: false, message: 'Invalid guest token. Please start a new session.' }); } else { return res.status(500).json({ success: false, message: 'Error verifying guest token', error: error.message }); } } };