From 14823ed76948e438e3c4ca0eb54f2daba9c4511b Mon Sep 17 00:00:00 2001
From: Tetardtek <kvnn64@gmail.com>
Date: Sun, 5 Apr 2026 07:52:16 +0200
Subject: [PATCH] security: AuthGuard classe sur controllers + @Public()
 decorator pour search

---
 backend/src/auth/auth.guard.ts       | 13 ++++++++++++-
 backend/src/auth/public.decorator.ts |  4 ++++
 backend/src/user/user.controller.ts  |  2 +-
 backend/src/work/work.controller.ts  |  6 +++++-
 4 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100644 backend/src/auth/public.decorator.ts

diff --git a/backend/src/auth/auth.guard.ts b/backend/src/auth/auth.guard.ts
index 66d3cc5..bba049a 100644
--- a/backend/src/auth/auth.guard.ts
+++ b/backend/src/auth/auth.guard.ts
@@ -4,7 +4,9 @@ import {
   Injectable,
   UnauthorizedException,
 } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
 import { ConfigService } from '@nestjs/config';
+import { IS_PUBLIC_KEY } from './public.decorator';
 
 interface CacheEntry {
   user: any;
@@ -17,9 +19,18 @@ const TOKEN_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
 export class AuthGuard implements CanActivate {
   private readonly cache = new Map<string, CacheEntry>();
 
-  constructor(private readonly configService: ConfigService) {}
+  constructor(
+    private readonly configService: ConfigService,
+    private readonly reflector: Reflector,
+  ) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (isPublic) return true;
+
     const request = context.switchToHttp().getRequest();
     const token = this.extractToken(request);
 
diff --git a/backend/src/auth/public.decorator.ts b/backend/src/auth/public.decorator.ts
new file mode 100644
index 0000000..b3845e1
--- /dev/null
+++ b/backend/src/auth/public.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
diff --git a/backend/src/user/user.controller.ts b/backend/src/user/user.controller.ts
index 49105ee..dcfaf38 100644
--- a/backend/src/user/user.controller.ts
+++ b/backend/src/user/user.controller.ts
@@ -2,12 +2,12 @@ import { Controller, Get, Req, UseGuards } from '@nestjs/common';
 import { UserService } from './user.service';
 import { AuthGuard } from '../auth/auth.guard';
 
+@UseGuards(AuthGuard)
 @Controller('api/user')
 export class UserController {
   constructor(private readonly userService: UserService) {}
 
   @Get('me')
-  @UseGuards(AuthGuard)
   async me(@Req() req: any) {
     const user = await this.userService.findOrCreate({
       id: req.user.id,
diff --git a/backend/src/work/work.controller.ts b/backend/src/work/work.controller.ts
index e84e935..84f63ad 100644
--- a/backend/src/work/work.controller.ts
+++ b/backend/src/work/work.controller.ts
@@ -1,10 +1,14 @@
-import { Controller, Get, Query } from '@nestjs/common';
+import { Controller, Get, Query, UseGuards } from '@nestjs/common';
+import { AuthGuard } from '../auth/auth.guard';
+import { Public } from '../auth/public.decorator';
 import { WorkService } from './work.service';
 
+@UseGuards(AuthGuard)
 @Controller('api/works')
 export class WorkController {
   constructor(private readonly workService: WorkService) {}
 
+  @Public()
   @Get('search')
   async search(
     @Query('q') query: string,