验证角色，现在是由中间件来帮忙添加用户角色信息，跟进头部信息来的。实际的话可能就是跟进用户ID查数据库来得到。

src/core/guards/demo-roles.guard.ts

@@ -14,6 +14,15 @@ export class DemoRolesGuard implements CanActivate {
 
     const roles = this.reflector.get<string[]>('roles', context.getHandler())
     console.log(roles)
-    return false;
+
+    if (!roles) {
+      return true
+    }
+
+    const request = context.switchToHttp().getRequest();
+    const { user } = request;
+    const hasRole = () => user.roles.some(item => roles.includes(item))
+
+    return user && user.roles && hasRole();
   }
 }

src/core/middleware/demo.middleware.ts

@@ -4,6 +4,21 @@ import { Injectable, NestMiddleware } from '@nestjs/common';
 export class DemoMiddleware implements NestMiddleware {
   use(req: any, res: any, next: () => void) {
     console.log('hello ~')
+    req.user = {
+      roles: [
+        'guest'
+      ]
+    }
+
+    if (req.header('x-demo') === 'secret') {
+      req.user = {
+        roles: [
+          'member'
+        ]
+      }
+    }
+
+
     next();
   }
 }