From 901fef1e8448531cd374d17c3a6940a25fd37ef4 Mon Sep 17 00:00:00 2001
From: elitikka <elin.tikkanen@gmail.com>
Date: Fri, 20 Feb 2026 18:43:19 +0200
Subject: [PATCH] changes to auth token for avatars

---
 backend/src/middleware/authenticateToken.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/src/middleware/authenticateToken.js b/backend/src/middleware/authenticateToken.js
index 2a0da43..16ad814 100644
--- a/backend/src/middleware/authenticateToken.js
+++ b/backend/src/middleware/authenticateToken.js
@@ -5,9 +5,14 @@ const { verifyToken } = require('../utils/generateToken');
  */
 const authenticateToken = (req, res, next) => {
   try {
-    // Get token from Authorization header
-    const authHeader = req.headers['authorization'];
-    const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+    // Get token from Authorization header OR query parameter
+    let authHeader = req.headers['authorization'];
+    let token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+
+    // Fallback to query parameter (for image URLs that can't send headers)
+    if (!token && req.query.token) {
+      token = req.query.token;
+    }
 
     if (!token) {
       return res.status(401).json({