memegoat/backend/src/auth/guards/optional-auth.guard.ts

import {
	CanActivate,
	ExecutionContext,
	Injectable,
} from "@nestjs/common";
import { ConfigService } from "@nestjs/config";
import { getIronSession } from "iron-session";
import { JwtService } from "../../crypto/services/jwt.service";
import { getSessionOptions, SessionData } from "../session.config";

@Injectable()
export class OptionalAuthGuard implements CanActivate {
	constructor(
		private readonly jwtService: JwtService,
		private readonly configService: ConfigService,
	) {}

	async canActivate(context: ExecutionContext): Promise<boolean> {
		const request = context.switchToHttp().getRequest();
		const response = context.switchToHttp().getResponse();

		const session = await getIronSession<SessionData>(
			request,
			response,
			getSessionOptions(this.configService.get("SESSION_PASSWORD") as string),
		);

		const token = session.accessToken;

		if (!token) {
			return true;
		}

		try {
			const payload = await this.jwtService.verifyJwt(token);
			request.user = payload;
		} catch {
			// Ignore invalid tokens for optional auth
		}

		return true;
	}
}