Track client and server sources

Co-authored-by: Cursor <cursoragent@cursor.com>

messenger-server/src/common/guards/session-owner.guard.ts

@@ -0,0 +1,22 @@
+import { Injectable, CanActivate, ExecutionContext, ForbiddenException } from '@nestjs/common'
+import { SessionsService } from 'src/modules/sessions/sessions.service'
+import { PARAMS } from '../constants/param.constants'
+import { SessionId } from '../types/session-id.type'
+
+@Injectable()
+export class SessionOwnerGuard implements CanActivate {
+    constructor(private readonly sessionsService: SessionsService) { }
+
+    async canActivate(context: ExecutionContext) {
+        const request = context.switchToHttp().getRequest()
+        const user = request.user
+        const sessionId: SessionId = request.params[PARAMS.SESSION_ID]
+
+        const isOwner = await this.sessionsService.isOwner(sessionId, user.id)
+        if (!isOwner) {
+            throw new ForbiddenException('You are not allowed to delete this session')
+        }
+
+        return true
+    }
+}