fix: skip auth check for options method

Author: tituschewxj

apps/question-service/.env.example

@@ -1 +1,4 @@
 FIREBASE_CREDENTIAL_PATH=cs3219-g24-firebase-adminsdk-9cm7h-b1675603ab.json
+
+# Secret for creating JWT signature
+JWT_SECRET=you-can-replace-this-with-your-own-secret

apps/question-service/middleware/basic-access-control.go

@@ -1,14 +1,22 @@
 package middleware
 
 import (
-	"github.com/golang-jwt/jwt/v4"
+	"log"
 	"net/http"
 	"os"
 	"strings"
+
+	"github.com/golang-jwt/jwt/v4"
 )
 
 func VerifyJWT(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Skip JWT Verification for OPTIONS Requests
+		if r.Method == "OPTIONS" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
 		// Get the token from the Authorization header
 		authHeader := r.Header.Get("Authorization")
 		if authHeader == "" {
@@ -17,7 +25,12 @@ func VerifyJWT(next http.Handler) http.Handler {
 		}
 
 		// Split the header to get the token
-		tokenString := strings.Split(authHeader, " ")[1]
+		parts := strings.Split(authHeader, " ")
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			http.Error(w, "Invalid authorization header format", http.StatusUnauthorized)
+			return
+		}
+		tokenString := parts[1]
 
 		// Retrieve the JWT secret from environment variables
 		jwtSecret := []byte(os.Getenv("JWT_SECRET"))
@@ -36,6 +49,7 @@ func VerifyJWT(next http.Handler) http.Handler {
 
 		if err != nil || !token.Valid {
 			http.Error(w, "Invalid token", http.StatusUnauthorized)
+			log.Printf("Token parse error: %v", err)
 			return
 		}