Tasks/backend/middleware/guest.middleware.js

const jwt = require('jsonwebtoken');
const config = require('../config/config');
const { GuestSession } = require('../models');

/**
 * Middleware to verify guest session token
 */
exports.verifyGuestToken = async (req, res, next) => {
  try {
    // Get token from header
    const guestToken = req.headers['x-guest-token'];
    
    if (!guestToken) {
      return res.status(401).json({
        success: false,
        message: 'No guest token provided. X-Guest-Token header is required.'
      });
    }

    // Verify token
    const decoded = jwt.verify(guestToken, config.jwt.secret);
    
    // Check if guestId exists in payload
    if (!decoded.guestId) {
      return res.status(401).json({
        success: false,
        message: 'Invalid guest token. Missing guestId.'
      });
    }

    // Verify guest session exists in database
    const guestSession = await GuestSession.findOne({
      where: { guestId: decoded.guestId }
    });

    if (!guestSession) {
      return res.status(404).json({
        success: false,
        message: 'Guest session not found.'
      });
    }

    // Check if session is expired
    if (new Date() > new Date(guestSession.expiresAt)) {
      return res.status(410).json({
        success: false,
        message: 'Guest session has expired. Please start a new session.'
      });
    }

    // Check if session was converted to user account
    if (guestSession.isConverted) {
      return res.status(410).json({
        success: false,
        message: 'Guest session has been converted to a user account. Please login with your credentials.'
      });
    }

    // Attach guest session to request
    req.guestSession = guestSession;
    req.guestId = decoded.guestId; // The guest_id string for display/logging
    req.guestSessionId = guestSession.id; // The UUID for database foreign keys
    
    next();
  } catch (error) {
    if (error.name === 'TokenExpiredError') {
      return res.status(401).json({
        success: false,
        message: 'Guest token expired. Please start a new session.'
      });
    } else if (error.name === 'JsonWebTokenError') {
      return res.status(401).json({
        success: false,
        message: 'Invalid guest token. Please start a new session.'
      });
    } else {
      return res.status(500).json({
        success: false,
        message: 'Error verifying guest token',
        error: error.message
      });
    }
  }
};