Challenge - 5 Problems

🎖️

Middleware Authentication Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when an unauthenticated user accesses a protected route?

Consider a Next.js middleware that checks for a valid authentication token in cookies. If the token is missing, the middleware redirects the user to the login page.

What will the user experience when trying to access /dashboard without a token?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('authToken');
  if (!token) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = { matcher: ['/dashboard'] };

AThe user sees a blank page because the middleware blocks rendering.

BThe dashboard loads but shows an error message about missing authentication.

CThe user is redirected to the login page before the dashboard loads.

DThe user can access the dashboard without any interruption.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Identify the syntax error in this Next.js middleware for authentication

Which option contains a syntax error that will prevent the middleware from running?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('authToken')
  if (!token) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = { matcher: ['/profile'] };

ANo syntax error; the code runs correctly.

BMissing semicolon after getting the token cookie.

CMissing parentheses in the 'middleware' function declaration.

DUsing 'request.cookies.get' instead of 'request.cookies.get()'.

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this middleware fail to redirect unauthenticated users?

The middleware is intended to redirect users without a valid token to the login page. However, unauthenticated users can still access protected pages. What is the likely cause?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('authToken');
  if (token === undefined) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = { matcher: ['/settings'] };

AThe matcher pattern does not include the protected route.

BThe check should be for falsy value (!token), not only undefined.

CThe middleware is missing an async keyword.

DThe redirect URL is incorrect and causes a silent failure.

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the value of the response status after middleware redirect?

In Next.js middleware, when redirecting unauthenticated users, what HTTP status code does the response have?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('authToken');
  if (!token) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = { matcher: ['/account'] };

A200 (OK)

B301 (Moved Permanently)

C404 (Not Found)

D307 (Temporary Redirect)

Attempts:

2 left

🧠 Conceptual

expert

3:00remaining

Why use middleware for authentication instead of client-side checks in Next.js?

Which reason best explains why authentication is often handled in Next.js middleware rather than only on client-side components?

AMiddleware runs on the server edge, preventing unauthorized page rendering and reducing data exposure.

BMiddleware allows faster client-side rendering by skipping authentication checks.

CClient-side checks are more secure because they run after the page loads.

DMiddleware can modify React component state directly before rendering.

Attempts:

2 left