Challenge - 5 Problems

🎖️

Next.js Middleware Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when an unauthenticated user accesses a protected route?

Consider a Next.js app using middleware to protect routes under /dashboard. The middleware checks for a valid token cookie. What is the expected behavior when a user without a token tries to access /dashboard/profile?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('token')?.value;
  if (!token) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = {
  matcher: '/dashboard/:path*',
};

AThe user is redirected to the /login page.

BThe user is shown a 404 Not Found error.

CThe middleware throws a runtime error due to missing token.

DThe user sees the dashboard page content without restrictions.

Attempts:

2 left

📝 Syntax

intermediate

2:00remaining

Identify the syntax error in this Next.js middleware code

Which option contains the correct syntax for accessing cookies in Next.js middleware?

NextJS

export function middleware(request) {
  const token = request.cookies.get('token')?.value;
  if (!token) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

Aconst token = request.cookies.get('token')?.value;

Bconst token = request.cookies['token'];

Cconst token = request.cookies.get('token');

Dconst token = request.cookies.token.value;

Attempts:

2 left

❓ state_output

advanced

2:00remaining

What is the output when middleware allows access with a valid token?

Given this middleware, what will the user see when accessing /dashboard/settings with a valid token cookie?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('token')?.value;
  if (!token) {
    return NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = {
  matcher: '/dashboard/:path*',
};

// Assume /dashboard/settings page returns <h1>Settings Page</h1>

AThe user is redirected to /login.

BThe user sees the <h1>Settings Page</h1> content.

CThe user sees a blank page with no content.

DThe middleware throws an error and the page does not load.

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Why does this middleware fail to protect the route?

Review this middleware code. Why does it fail to redirect unauthenticated users?

NextJS

import { NextResponse } from 'next/server';

export function middleware(request) {
  const token = request.cookies.get('token');
  if (!token) {
    NextResponse.redirect(new URL('/login', request.url));
  }
  return NextResponse.next();
}

export const config = {
  matcher: '/dashboard/:path*',
};

AThe matcher pattern does not match the route correctly.

BThe cookie access syntax is incorrect and throws an error.

CNextResponse.next() should be called before the redirect.

DThe redirect response is not returned, so the middleware continues and allows access.

Attempts:

2 left

🧠 Conceptual

expert

3:00remaining

How does Next.js middleware improve protected route performance?

Which statement best explains how Next.js middleware enhances the performance of protected routes compared to client-side checks?

AMiddleware caches protected pages on the client to speed up future loads.

BMiddleware delays page rendering until client-side JavaScript verifies authentication.

CMiddleware runs on the edge before the page loads, preventing unauthorized requests early and reducing client load.

DMiddleware duplicates authentication logic on both server and client, increasing security checks.

Attempts:

2 left