fhurtado14
--- a/backend/config/auth/authenticateJWT.js

+ 24

− 0
+++ b/backend/config/auth/authenticateJWT.js

+ 24

− 0
 @@ -30,6 +30,18 @@ Function to authenticate admin only functions
 (create, delete, searchByName)
 */
 const authenticateAdminOnly = (req, res, next) => {
+  // Check for bypass header - used in Postman
+  const bypassToken = req.headers["x-dev-bypass"];
+
+  if (bypassToken === "allow-dev-access") {
+    console.log("Bypassing authentication due to Postman bypass header.");
+    req.user = {
+      role: "admin",
+      peopleId: 1,
+    };
+    return next();
+  }
+
  // Get token from Authorization header
  const token = req.headers.authorization?.split(" ")[1];
  // return early if no token provided
 @@ -73,6 +85,18 @@ users themselves
 (update, fullInfo)
 */
 const authenticateAdminAndPersonal = (req, res, next) => {
+  // Check for bypass header - used in Postman
+  const bypassToken = req.headers["x-dev-bypass"];
+
+  if (bypassToken === "allow-dev-access") {
+    console.log("Bypassing authentication due to Postman bypass header.");
+    req.user = {
+      role: "admin",
+      peopleId: 1,
+    };
+    return next();
+  }
+
  // Get token from Authorization header
  const token = req.headers.authorization?.split(" ")[1];