From cb8a8303457a3f1ec02c05cda2457c7df5c91db3 Mon Sep 17 00:00:00 2001
From: Efril <efril.mulanda@gmail.com>
Date: Thu, 14 May 2026 13:54:15 +0700
Subject: [PATCH] fix pointer

---
 internal/middleware/auth_middleware.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/internal/middleware/auth_middleware.go b/internal/middleware/auth_middleware.go
index 96a9467..bb8b814 100644
--- a/internal/middleware/auth_middleware.go
+++ b/internal/middleware/auth_middleware.go
@@ -11,6 +11,7 @@ import (
 	"apskel-pos-be/internal/service"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 )
 
 type AuthMiddleware struct {
@@ -45,9 +46,13 @@ func (m *AuthMiddleware) RequireAuth() gin.HandlerFunc {
 		setKeyInContext(c, appcontext.OrganizationIDKey, userResponse.OrganizationID.String())
 		setKeyInContext(c, appcontext.UserIDKey, userResponse.ID.String())
 
-		if userResponse.Role != "superadmin" {
-			setKeyInContext(c, appcontext.OutletIDKey, userResponse.OutletID.String())
+		// Always override OutletID from token to prevent header injection.
+		// Set empty string if user has no outlet, so PopulateContext header value is ignored.
+		outletIDStr := ""
+		if userResponse.OutletID != nil && *userResponse.OutletID != uuid.Nil {
+			outletIDStr = userResponse.OutletID.String()
 		}
+		setKeyInContext(c, appcontext.OutletIDKey, outletIDStr)
 
 		logger.FromContext(c.Request.Context()).Infof("AuthMiddleware::RequireAuth -> User authenticated: %s", userResponse.Email)
 		c.Next()
-- 
2.47.2