The guards are injectable classes that shall implement the CanExecute interface. Guards contain the logic and the context which will decide if a request will be handled or not.

Typical use cases can be JWT validation, user roles, permission, and like.

Global Guard Class
Controller /page
Controller Guard Class
Route Guard Class
Route Guard Class
Route Guard Class
Route Handler
Route Handler
Route Handler
export class TestGuard implements CanExecute {
  async canExecute(context: RequestContext): Promise<boolean> {
    return await validateRequest(context);

Once created, the guards can be applied at Controller level, Route level, by using the @Guard() decorator.

export class TestController {
  constructor(private readonly loggerService: LoggerService) {
  async helloWorld() {
    this.loggerService.log({level: 'info', data: 'Test log from /hello-world'});
    return { test: 'hello world' };

Guards can be also globals via the Server configuration.

async function startUp() {
  await PequeFactory.createServer({
    rootModule: TestRootModule,
    guards: [TestServerGuard]


When the guard is not allowing the route, it will return an HTTP 403 error with the following payload.

  "message": "Forbidden resource"