docs: update guard

site/docs/guard.md

@@ -6,8 +6,6 @@
 
 普通的应用程序中，一般会在中间件中处理这些逻辑，但是中间件的逻辑过于通用，同时也无法很优雅的去和路由方法进行结合，为此我们在中间件之后，进入路由方法之前设计了守卫，可以方便的进行方法鉴权等处理。
 
-守卫会在中间件 **之后**，路由方法 **之前** 执行。
-
 下面的代码，我们将以 `@midwayjs/koa` 举例。
 
 
@@ -55,17 +53,11 @@ export class AuthGuard implements IGuard<Context> {
 
 `canActivate` 方法用于在请求中验证是否可以访问后续的方法，当返回 true 时，后续的方法会被执行，当 `canActivate` 返回 false 时，会抛出 403 错误码。
 
-:::tip
-
-注意，当前只有类 Controller 才能使用守卫。
-
-:::
-
 
 
 ## 使用守卫
 
-守卫可以被应用到不同的框架上，在 http 下，可以应用到全局，Controller 和方法上。
+守卫可以被应用到不同的框架上，在 http 下，可以应用到全局，Controller 和方法上，在其他的 Framework 实现中，仅能在方法上使用。
 
 
 
@@ -87,7 +79,7 @@ export class HomeController {
 ```
 
 
-Midway 同时也在 `@Get` 、 `@Post` 等路由装饰器上都提供了 middleware 参数，方便对单个路由做中间件拦截。
+在方法上应用守卫。
 
 ```typescript
 import { Controller, Get } from '@midwayjs/core';
@@ -166,10 +158,28 @@ export class AuthGuard implements IGuard<Context> {
     if (methodName ==='xxx') {
       throw new httpError.ForbiddenError();
     }
+
+    return true;
   }
 }
 ```
 
+:::tip
+
+注意全局错误处理器也会拦截守卫抛出的错误。
+
+:::
+
+
+
+## 和中间件的区别
+
+守卫会在全局中间件 **之后**，路由方法业务逻辑 **之前** 执行。
+
+中间件一般编写通用的处理逻辑，比如登录，用户识别，安全校验等，而守卫由于在路由内部，更适合做基于路由的权限控制。
+
+中间件中虽然有路由信息，但是无法明确得知具体进入的是哪个实际的路由控制器（除非额外查询匹配），而守卫已经进入了路由方法，在性能方面有比较大的优势。
+
 
 
 ## 基于角色的鉴权示例

site/i18n/en/docusaurus-plugin-content-docs/current/guard.md

@@ -6,8 +6,6 @@ The guard determines whether a given request is handled by the routing handler b
 
 In ordinary applications, these logics are usually processed in the middleware, but the logic of the middleware is too common, and it cannot be combined with routing methods gracefully. For this reason, we have designed guards after the middleware and before entering the routing method, which can facilitate method authentication and other processing.
 
-The guard will execute **after** the middleware and **before** the routing method.
-
 For the following code, we will take `@midwayjs/koa` as an example.
 
 
@@ -55,17 +53,11 @@ export class AuthGuard implements IGuard<Context> {
 
 `canActivate` method is used to verify whether subsequent methods can be accessed in the request. When true is returned, subsequent methods will be executed. When false is `canActivate`, 403 error codes will be thrown.
 
-:::tip
-
-Note that currently only class Controller can use guards.
-
-:::
-
 
 
 ## Use guards
 
-Guards can be applied to different frameworks, under http, can be applied to globals, controllers and methods.
+Guards can be applied to different frameworks. In http, they can be applied globally, to Controllers, and to methods. In other Framework implementations, they can only be used on methods.
 
 
 
@@ -87,7 +79,7 @@ export class HomeController {
 ```
 
 
-Midway also provides middleware parameters on route decorators such as `@Get` and `@Post` to facilitate middleware interception of a single route.
+Apply guards on methods.
 
 ```typescript
 import { Controller, Get } from '@midwayjs/core';
@@ -165,10 +157,28 @@ export class AuthGuard implements IGuard<Context> {
     if (methodName ==='xxx') {
       throw new httpError.ForbiddenError();
     }
+
+    return true;
   }
 }
 ```
 
+:::tip
+
+Note that the global error handler will also intercept errors thrown by guards.
+
+:::
+
+
+
+## Difference from middleware
+
+Guards will be executed **after** the global middleware and **before** the business logic of the routing method.
+
+Middleware generally writes general processing logic, such as login, user identification, security verification, etc., while guards are more suitable for routing-based permission control because they are inside the routing.
+
+Although there is routing information in the middleware, it is impossible to clearly know which actual routing controller is entered (unless additional query matching), while guards have entered the routing method, which has a relatively large advantage in performance.
+
 
 
 ## Example of Role-Based Authentication