API and Database Deployment Update

backend/internal/api/middleware.go

@@ -1,16 +1,12 @@
 package api
-
 import (
 	"net/http"
 	"strings"
-
 	"clickploy/internal/auth"
 	"clickploy/internal/db"
 	"clickploy/internal/models"
-
 	"github.com/gin-gonic/gin"
 )
-
 func AuthMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		authHeader := c.GetHeader("Authorization")
@@ -19,21 +15,25 @@ func AuthMiddleware() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
-
 		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
 		claims, err := auth.ValidateToken(tokenString)
 		if err != nil {
+			var user models.User
+			if result := db.DB.Where("api_key = ?", tokenString).First(&user); result.Error == nil {
+				c.Set("userID", user.ID)
+				c.Set("email", user.Email)
+				c.Next()
+				return
+			}
 			c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
 			c.Abort()
 			return
 		}
-
 		c.Set("userID", claims.UserID)
 		c.Set("email", claims.Email)
 		c.Next()
 	}
 }
-
 func AdminMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		userID, exists := c.Get("userID")
@@ -42,20 +42,17 @@ func AdminMiddleware() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
-
 		var user models.User
 		if err := db.DB.Where("id = ?", userID).First(&user).Error; err != nil {
 			c.JSON(http.StatusUnauthorized, gin.H{"error": "User not found"})
 			c.Abort()
 			return
 		}
-
 		if !user.IsAdmin {
 			c.JSON(http.StatusForbidden, gin.H{"error": "Admin privileges required"})
 			c.Abort()
 			return
 		}
-
 		c.Next()
 	}
 }