fix(gateway): security hardening — auth guards, ownership checks, validation, rate limiting

apps/gateway/src/chat/chat.gateway-auth.ts

@@ -0,0 +1,30 @@
+import type { IncomingHttpHeaders } from 'node:http';
+import { fromNodeHeaders } from 'better-auth/node';
+
+export interface SocketSessionResult {
+  session: unknown;
+  user: { id: string };
+}
+
+export interface SessionAuth {
+  api: {
+    getSession(context: { headers: Headers }): Promise<SocketSessionResult | null>;
+  };
+}
+
+export async function validateSocketSession(
+  headers: IncomingHttpHeaders,
+  auth: SessionAuth,
+): Promise<SocketSessionResult | null> {
+  const sessionHeaders = fromNodeHeaders(headers);
+  const result = await auth.api.getSession({ headers: sessionHeaders });
+
+  if (!result) {
+    return null;
+  }
+
+  return {
+    session: result.session,
+    user: { id: result.user.id },
+  };
+}