From cabb33096685599f9fcada70ee069b4ba0883197 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leon=20B=C3=B6sche?= <leonboesche1999@gmail.com>
Date: Thu, 29 Jan 2026 21:19:15 +0100
Subject: [PATCH] Fix JWTManager access in getUserAvatarHandler

---
 go_cloud/internal/http/routes.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/go_cloud/internal/http/routes.go b/go_cloud/internal/http/routes.go
index c84e150..afd69d4 100644
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -260,7 +260,7 @@ func NewRouter(cfg *config.Config, db *database.DB, jwtManager *jwt.Manager, aut
 			uploadUserAvatarHandler(w, req, db, auditLogger, cfg)
 		})
 		r.Get("/user/avatar", func(w http.ResponseWriter, req *http.Request) {
-			getUserAvatarHandler(w, req, db, cfg)
+			getUserAvatarHandler(w, req, db, jwtManager, cfg)
 		})
 		r.Options("/user/avatar", func(w http.ResponseWriter, req *http.Request) {
 			w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -4080,14 +4080,14 @@ func uploadUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *databas
 }
 
 // getUserAvatarHandler serves the user's avatar image
-func getUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *database.DB, cfg *config.Config) {
+func getUserAvatarHandler(w http.ResponseWriter, r *http.Request, db *database.DB, jwtManager *jwt.Manager, cfg *config.Config) {
 	tokenString := r.URL.Query().Get("token")
 	if tokenString == "" {
 		errors.WriteError(w, errors.CodeUnauthenticated, "Unauthorized", http.StatusUnauthorized)
 		return
 	}
 
-	claims, err := cfg.JWTManager.ValidateToken(tokenString)
+	claims, err := jwtManager.ValidateToken(tokenString)
 	if err != nil {
 		errors.WriteError(w, errors.CodeUnauthenticated, "Unauthorized", http.StatusUnauthorized)
 		return