feat(guild): validate bearer tokens via center introspection

src/common/center-auth.ts

@@ -0,0 +1,28 @@
+export async function introspectGuildToken(token: string): Promise<{ active: boolean; user?: { id: string; email?: string } }> {
+  const centerBaseUrl = process.env.CENTER_BASE_URL;
+  const sharedSecret = process.env.CENTER_SHARED_SECRET;
+  const guildNodeId = process.env.GUILD_NODE_ID;
+
+  if (!centerBaseUrl || !sharedSecret || !guildNodeId) {
+    return { active: false };
+  }
+
+  const res = await fetch(`${centerBaseUrl}/api/auth/introspect`, {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json',
+      'x-center-shared-secret': sharedSecret,
+    },
+    body: JSON.stringify({ token, guildNodeId }),
+  });
+
+  if (!res.ok) return { active: false };
+  const data = (await res.json()) as { active?: boolean; user?: { id: string; email?: string } };
+  if (!data.active) return { active: false };
+
+  return {
+    active: true,
+    user: data.user,
+  };
+}
+