Adiciona primeiros Guards de autenticacao

src/auth/keycloak-auth.guard.ts

@@ -0,0 +1,18 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+import type { JwtPayload } from './keycloak.strategy';
+
+@Injectable()
+export class KeycloakAuthGuard extends AuthGuard('jwt') {
+  handleRequest(err: unknown, user: JwtPayload): JwtPayload {
+    if (err || !user) {
+      if (err instanceof UnauthorizedException) {
+        throw err;
+      }
+
+      throw new UnauthorizedException('Usuário não autenticado');
+    }
+
+    return user;
+  }
+}