diff --git a/src/core/guards/demo-roles.guard.ts b/src/core/guards/demo-roles.guard.ts
index 9f4ead8..2c75c26 100644
--- a/src/core/guards/demo-roles.guard.ts
+++ b/src/core/guards/demo-roles.guard.ts
@@ -14,6 +14,15 @@ export class DemoRolesGuard implements CanActivate {
 
     const roles = this.reflector.get<string[]>('roles', context.getHandler())
     console.log(roles)
-    return false;
+
+    if (!roles) {
+      return true
+    }
+
+    const request = context.switchToHttp().getRequest();
+    const { user } = request;
+    const hasRole = () => user.roles.some(item => roles.includes(item))
+
+    return user && user.roles && hasRole();
   }
 }
diff --git a/src/core/middleware/demo.middleware.ts b/src/core/middleware/demo.middleware.ts
index 18c0a06..942e278 100644
--- a/src/core/middleware/demo.middleware.ts
+++ b/src/core/middleware/demo.middleware.ts
@@ -4,6 +4,21 @@ import { Injectable, NestMiddleware } from '@nestjs/common';
 export class DemoMiddleware implements NestMiddleware {
   use(req: any, res: any, next: () => void) {
     console.log('hello ~')
+    req.user = {
+      roles: [
+        'guest'
+      ]
+    }
+
+    if (req.header('x-demo') === 'secret') {
+      req.user = {
+        roles: [
+          'member'
+        ]
+      }
+    }
+
+
     next();
   }
 }