Challenge - 5 Problems

🎖️

Auth Middleware Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when a user without a valid token accesses a protected route?

Consider this Express middleware that checks for a token in the request headers before allowing access to a route.

function authMiddleware(req, res, next) {
  const token = req.headers['authorization'];
  if (!token) {
    return res.status(401).send('Access denied. No token provided.');
  }
  next();
}

app.get('/dashboard', authMiddleware, (req, res) => {
  res.send('Welcome to your dashboard');
});

What will the server respond if a request to /dashboard has no authorization header?

AThe server crashes with an error because token is undefined

BThe server responds with status 200 and message 'Welcome to your dashboard'

CThe server responds with status 401 and message 'Access denied. No token provided.'

DThe server responds with status 403 and message 'Forbidden'

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Identify the syntax error in this auth middleware

Look at this Express middleware code meant to protect routes:

function auth(req, res, next) {
  const token = req.headers.authorization
  if (!token) {
    res.status(401).send('Unauthorized')
  } else {
    next()
  }
}

What is the syntax error that will cause this code to fail?

AMissing semicolon after <code>const token = req.headers.authorization</code>

BMissing <code>return</code> before <code>res.status(401).send(...)</code> causing response to continue

CMissing parentheses in <code>next</code> call

DNo syntax error; code is valid

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this auth middleware allow access without a token?

Review this middleware:

function authMiddleware(req, res, next) {
  const token = req.headers['authorization'];
  if (token) {
    next();
  }
  res.status(401).send('Unauthorized');
}

What is the problem with this code?

AIt always sends 401 after calling next(), causing headers to be sent twice

BIt never calls next(), so requests hang

CIt allows access even without a token because next() is always called

DIt throws a runtime error because res.status is undefined

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the value of req.user after this auth middleware runs?

Given this middleware that verifies a token and adds user info:

function authMiddleware(req, res, next) {
  const token = req.headers['authorization'];
  if (!token) {
    return res.status(401).send('No token');
  }
  // Simulate token verification
  if (token === 'valid-token') {
    req.user = { id: 123, name: 'Alice' };
    next();
  } else {
    res.status(403).send('Invalid token');
  }
}

What will req.user be inside the route handler if the request header authorization is valid-token?

AThrows an error because req.user is not set

B{ id: 123, name: 'Alice' }

Cnull

Dundefined

Attempts:

2 left

🧠 Conceptual

expert

3:00remaining

Which option correctly protects multiple routes with the same auth middleware?

You want to protect these routes so only authenticated users can access them:

app.get('/profile', authMiddleware, (req, res) => { res.send('Profile page'); });
app.get('/settings', authMiddleware, (req, res) => { res.send('Settings page'); });

Which approach is best to avoid repeating authMiddleware on every route?

ADefine a new router, apply <code>authMiddleware</code> to it, then mount the router for those routes

BUse <code>app.use(authMiddleware)</code> before defining the routes to apply it globally

CWrap each route handler in a function that calls <code>authMiddleware</code> manually

DAdd <code>authMiddleware</code> only to the first route; others inherit it automatically

Attempts:

2 left