fix: Check for star actor types when allowing unregistered access (#9037)

packages/framework/framework/src/http/middlewares/authenticate-middleware.ts

@@ -91,7 +91,7 @@ export const authenticate = (
     if (
       authContext?.auth_identity_id &&
       options.allowUnregistered &&
-      actorTypes.includes(authContext?.actor_type)
+      isActorTypePermitted(actorTypes, authContext.actor_type)
     ) {
       req_.auth_context = authContext
       return next()
@@ -162,8 +162,7 @@ const getAuthContextFromSession = (
 
   if (
     session.auth_context &&
-    (actorTypes.includes("*") ||
-      actorTypes.includes(session.auth_context.actor_type))
+    isActorTypePermitted(actorTypes, session.auth_context?.actor_type)
   ) {
     return session.auth_context
   }
@@ -197,10 +196,7 @@ const getAuthContextFromJwtToken = (
       // verify token and set authUser
       try {
         const verified = verify(token, jwtSecret) as JwtPayload
-        if (
-          actorTypes.includes("*") ||
-          actorTypes.includes(verified.actor_type)
-        ) {
+        if (isActorTypePermitted(actorTypes, verified.actor_type)) {
           return verified as AuthContext
         }
       } catch (err) {
@@ -211,3 +207,10 @@ const getAuthContextFromJwtToken = (
 
   return null
 }
+
+const isActorTypePermitted = (
+  actorTypes: string | string[],
+  currentActorType: string
+) => {
+  return actorTypes.includes("*") || actorTypes.includes(currentActorType)
+}