# NestJS Endpoint Missing Authentication Guard

- ID: nestjs-missing-auth-guard
- Severity: HIGH
- CWE: CWE-306 (CWE-306)
- Languages: TypeScript
- Frameworks: nestjs

## Description

Endpoints without @UseGuards or @Public decorators are accessible to
unauthenticated users, enabling unauthorized access.

## Detection Message

NestJS endpoint has no @UseGuards() decorator for authentication

## Remediation

Add @UseGuards decorator at controller or method level.

```typescript
import { UseGuards } from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';

@Controller('users')
@UseGuards(JwtAuthGuard)
export class UsersController {
  @Get(':id')
  findOne(@Param('id') id: string) {
    return this.usersService.findOne(id);
  }
}
```

Learn more: https://shoulder.dev/learn/typescript/cwe-306/missing-auth-guard

## Documentation

[object Object]

## Related Rules

- **Django View Missing Authentication** [HIGH]: 
- **FastAPI Endpoint Missing Authentication** [HIGH]: 
- **Echo Missing JWT Middleware** [HIGH]: 
- **Fiber Missing JWT Middleware** [HIGH]: 
- **Gin Missing JWT Middleware** [HIGH]: