From 1c07f430321863a7e0db09e62f83ba30fe5c7b6d Mon Sep 17 00:00:00 2001
From: nav <nav@mgr.hangman-lab.top>
Date: Wed, 13 May 2026 08:36:06 +0000
Subject: [PATCH] refactor(center): introspect relies on api key auth instead
 of shared secret

---
 src/auth/auth.controller.ts | 7 ++-----
 src/auth/auth.service.ts    | 8 +-------
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts
index e4216af..85b5e24 100644
--- a/src/auth/auth.controller.ts
+++ b/src/auth/auth.controller.ts
@@ -37,10 +37,7 @@ export class AuthController {
   }
 
   @Post('introspect')
-  introspect(
-    @Body() body: { token?: string; guildNodeId?: string },
-    @Headers('x-center-shared-secret') sharedSecret?: string,
-  ) {
-    return this.authService.introspectGuildToken(body?.token ?? '', body?.guildNodeId ?? '', sharedSecret);
+  introspect(@Body() body: { token?: string; guildNodeId?: string }) {
+    return this.authService.introspectGuildToken(body?.token ?? '', body?.guildNodeId ?? '');
   }
 }
diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index ae13ea0..859208e 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -1,7 +1,6 @@
 import {
   ConflictException,
   Injectable,
-  ForbiddenException,
   UnauthorizedException,
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
@@ -175,12 +174,7 @@ export class AuthService {
     }
   }
 
-  async introspectGuildToken(token: string, guildNodeId: string, sharedSecret?: string) {
-    const expectedSecret = process.env.CENTER_SHARED_SECRET as string;
-    if (!sharedSecret || sharedSecret !== expectedSecret) {
-      throw new ForbiddenException('invalid shared secret');
-    }
-
+  async introspectGuildToken(token: string, guildNodeId: string) {
     let payload: jwt.JwtPayload;
     try {
       payload = jwt.verify(token, process.env.JWT_ACCESS_SECRET as string) as jwt.JwtPayload;