Concept Flow - Combining multiple guards
Request comes in
Guard 1 runs
Guard 2 runs
The request passes through Guard 1 first. If it passes, Guard 2 runs. If all guards pass, access is allowed; if any guard fails, the request is rejected.
0
0
Combining multiple guards in NestJS - Step-by-Step Execution
Execution Sample
NestJS
import { UseGuards } from '@nestjs/common'; import { Controller, Get } from '@nestjs/common'; @Controller() export class AppController { @UseGuards(AuthGuard, RolesGuard) @Get('profile') getProfile() { return 'User Profile'; } }
This code applies two guards, AuthGuard and RolesGuard, to protect the 'profile' route. Both must pass for access.
Execution Table
| Step | Guard | Guard Result | Action | Request Outcome |
|---|---|---|---|---|
| 1 | AuthGuard | Pass | Continue to next guard | Pending |
| 2 | RolesGuard | Pass | Allow access | Access granted |
| 3 | End | - | - | Request handled successfully |
💡 Execution stops after all guards pass and access is granted.
Variable Tracker
| Variable | Start | After AuthGuard | After RolesGuard | Final |
|---|---|---|---|---|
| requestAllowed | false | true | true | true |
Key Moments - 2 Insights
Why does the request get rejected if the first guard fails?
Because guards run in order, and if any guard returns false (see Step 1 in execution_table), the request is immediately rejected without running later guards.
Can the second guard run if the first guard fails?
No. The second guard only runs if the first guard passes, as shown in the flow and execution_table steps 1 and 2.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the requestAllowed value after AuthGuard passes?
💡 Hint
Check variable_tracker row for requestAllowed after AuthGuard
At which step does the request get access granted?
💡 Hint
See execution_table 'Request Outcome' column for Step 2
If AuthGuard fails, what happens to RolesGuard?
💡 Hint
Refer to concept_flow and key_moments about guard order
Concept Snapshot
Use @UseGuards(Guard1, Guard2) to combine guards. Guards run in order; if any guard returns false, request is denied. All guards must pass to allow access. Useful for layered security checks. Easy to add or remove guards as needed.
Full Transcript
In NestJS, you can protect routes by combining multiple guards using the @UseGuards decorator. When a request comes in, the first guard runs. If it passes, the next guard runs. This continues until all guards pass, then the request is allowed. If any guard fails, the request is rejected immediately. For example, using @UseGuards(AuthGuard, RolesGuard) means the request must pass authentication and role checks. The execution table shows each guard's result and the final outcome. The variable tracker shows the requestAllowed state changing from false to true after guards pass. Remember, guards run in order and stop on failure. This helps build secure and layered access control in your NestJS apps.