refactor(center): introspect relies on api key auth instead of shared secret

src/auth/auth.controller.ts

@@ -37,10 +37,7 @@ export class AuthController {
   }
 
   @Post('introspect')
-  introspect(
-    @Body() body: { token?: string; guildNodeId?: string },
-    @Headers('x-center-shared-secret') sharedSecret?: string,
-  ) {
-    return this.authService.introspectGuildToken(body?.token ?? '', body?.guildNodeId ?? '', sharedSecret);
+  introspect(@Body() body: { token?: string; guildNodeId?: string }) {
+    return this.authService.introspectGuildToken(body?.token ?? '', body?.guildNodeId ?? '');
   }
 }

src/auth/auth.service.ts

@@ -1,7 +1,6 @@
 import {
   ConflictException,
   Injectable,
-  ForbiddenException,
   UnauthorizedException,
 } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
@@ -175,12 +174,7 @@ export class AuthService {
     }
   }
 
-  async introspectGuildToken(token: string, guildNodeId: string, sharedSecret?: string) {
-    const expectedSecret = process.env.CENTER_SHARED_SECRET as string;
-    if (!sharedSecret || sharedSecret !== expectedSecret) {
-      throw new ForbiddenException('invalid shared secret');
-    }
-
+  async introspectGuildToken(token: string, guildNodeId: string) {
     let payload: jwt.JwtPayload;
     try {
       payload = jwt.verify(token, process.env.JWT_ACCESS_SECRET as string) as jwt.JwtPayload;