Challenge - 5 Problems

🎖️

NestJS Guard Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What does this guard do when canActivate returns false?

Consider a NestJS guard where the canActivate method returns false. What happens to the request?

NestJS

import { CanActivate, ExecutionContext } from '@nestjs/common';

export class SampleGuard implements CanActivate {
  canActivate(context: ExecutionContext): boolean {
    return false;
  }
}

AThe request is blocked and a 403 Forbidden response is sent.

BThe request proceeds to the route handler normally.

CThe request causes a server error and crashes the app.

DThe request is redirected to the login page automatically.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Which option correctly implements canActivate to allow only requests with a header 'x-api-key' equal to 'secret'?

Choose the correct implementation of canActivate that checks if the request header x-api-key equals secret.

canActivate(context: ExecutionContext): boolean {
  const request = context.getRequest();
  return request.headers['x-api-key'] === 'secret';
}

canActivate(context: ExecutionContext): boolean {
  const request = context.switchToHttp().getRequest();
  return request.header('x-api-key') === 'secret';
}

canActivate(context: ExecutionContext): boolean {
  const request = context.switchToHttp().getRequest();
  return request.headers['x-api-key'] === 'secret';
}

canActivate(context: ExecutionContext): boolean {
  const request = context.switchToHttp().getRequest();
  return request.headers.xApiKey === 'secret';
}

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the output when canActivate returns a Promise resolving to false?

If canActivate returns Promise.resolve(false), what does NestJS do with the request?

NestJS

import { CanActivate, ExecutionContext } from '@nestjs/common';

export class AsyncGuard implements CanActivate {
  canActivate(context: ExecutionContext): Promise<boolean> {
    return Promise.resolve(false);
  }
}

AThe request is delayed indefinitely and times out.

BThe request proceeds to the route handler normally.

CThe request causes a runtime error because canActivate must return boolean synchronously.

DThe request is blocked and a 403 Forbidden response is sent.

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this guard always allow requests even when it should block some?

Identify the bug in this guard code that causes it to always allow requests.

NestJS

import { CanActivate, ExecutionContext } from '@nestjs/common';

export class BuggyGuard implements CanActivate {
  canActivate(context: ExecutionContext): boolean {
    const request = context.switchToHttp().getRequest();
    if (request.headers['authorization']) {
      true;
    }
    return true;
  }
}

AThe if block does not return false when authorization header is missing, so it always returns true.

BThe guard throws a syntax error because of missing return in the if block.

CThe guard returns false always because the if block is ignored.

DThe guard returns undefined causing a runtime error.

Attempts:

2 left

🧠 Conceptual

expert

2:00remaining

Which statement about canActivate guards is true?

Select the true statement about the behavior of multiple guards applied to a single route in NestJS.

AAll guards run in parallel and the request proceeds if any guard returns true.

BGuards run sequentially and the request proceeds only if all guards return true.

COnly the first guard runs and its result decides the request outcome.

DGuards run after the route handler executes to validate the response.

Attempts:

2 left