diff --git a/backend/src/auth/auth.guard.ts b/backend/src/auth/auth.guard.ts
index 402b07d..21db57f 100644
--- a/backend/src/auth/auth.guard.ts
+++ b/backend/src/auth/auth.guard.ts
@@ -4,7 +4,9 @@ import {
   Injectable,
   UnauthorizedException,
 } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
 import { ConfigService } from '@nestjs/config';
+import { IS_PUBLIC_KEY } from './public.decorator';
 
 interface CacheEntry {
   user: any;
@@ -18,9 +20,18 @@ const MAX_CACHE_SIZE = 1000;
 export class AuthGuard implements CanActivate {
   private readonly cache = new Map<string, CacheEntry>();
 
-  constructor(private readonly configService: ConfigService) {}
+  constructor(
+    private readonly configService: ConfigService,
+    private readonly reflector: Reflector,
+  ) {}
 
   async canActivate(context: ExecutionContext): Promise<boolean> {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+    if (isPublic) return true;
+
     const request = context.switchToHttp().getRequest();
     const token = this.extractToken(request);
 
diff --git a/backend/src/auth/public.decorator.ts b/backend/src/auth/public.decorator.ts
new file mode 100644
index 0000000..b3845e1
--- /dev/null
+++ b/backend/src/auth/public.decorator.ts
@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
diff --git a/backend/src/user/user.controller.ts b/backend/src/user/user.controller.ts
index 49105ee..dcfaf38 100644
--- a/backend/src/user/user.controller.ts
+++ b/backend/src/user/user.controller.ts
@@ -2,12 +2,12 @@ import { Controller, Get, Req, UseGuards } from '@nestjs/common';
 import { UserService } from './user.service';
 import { AuthGuard } from '../auth/auth.guard';
 
+@UseGuards(AuthGuard)
 @Controller('api/user')
 export class UserController {
   constructor(private readonly userService: UserService) {}
 
   @Get('me')
-  @UseGuards(AuthGuard)
   async me(@Req() req: any) {
     const user = await this.userService.findOrCreate({
       id: req.user.id,
diff --git a/backend/src/work/work.controller.ts b/backend/src/work/work.controller.ts
index 4bdff8c..d2d8715 100644
--- a/backend/src/work/work.controller.ts
+++ b/backend/src/work/work.controller.ts
@@ -1,11 +1,15 @@
-import { Controller, Get, Query } from '@nestjs/common';
+import { Controller, Get, Query, UseGuards } from '@nestjs/common';
 import { Throttle } from '@nestjs/throttler';
+import { AuthGuard } from '../auth/auth.guard';
+import { Public } from '../auth/public.decorator';
 import { WorkService } from './work.service';
 
+@UseGuards(AuthGuard)
 @Controller('api/works')
 export class WorkController {
   constructor(private readonly workService: WorkService) {}
 
+  @Public()
   @Throttle([{ ttl: 60000, limit: 20 }])
   @Get('search')
   async search(