Skip to content

Feature/challenge 5 — HTTP Authentication Middleware #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
brenoamin wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature/challenge 5 — HTTP Authentication Middleware #859

brenoamin wants to merge 2 commits into from

Conversation

@brenoamin
Copy link
Contributor

@brenoamin brenoamin commented Dec 8, 2025

This challenge implements a simple HTTP authentication middleware in Go. The middleware intercepts incoming requests and validates the "X-Auth-Token" header before allowing access to protected routes.

What was required

  • Check each request for the X-Auth-Token header.
  • Accept the request only if the token matches the predefined value "secret".
  • If the token is missing or invalid, return 401 Unauthorized.
  • Public route:
    • GET /hello → returns "Hello!"
  • Protected route (uses middleware):
    • GET /secure → returns "You are authorized!" only with a valid token.

The challenge includes test cases covering valid tokens, missing headers, invalid values, and correct routing behavior.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 8, 2025
edited
Loading

Walkthrough

This PR adds a complete solution for Challenge 1 with a Sum function that adds two integers, and implements authentication middleware for Challenge 5 that validates X-Auth-Token headers with proper error handling.

Changes

Cohort / File(s) Summary
Challenge 1 Solution
challenge-1/submissions/brenoamin/solution-template.go		 Adds new Go program with exported Sum(a int, b int) int function and main that reads two integers via fmt.Scanf, handles input errors, computes sum, and prints result.
Challenge 5 Authentication
challenge-5/solution-template.go		 Implements AuthMiddleware to validate X-Auth-Token header (returns 401 if missing/invalid, calls next handler on match) and adds error handling for ListenAndServe.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Both changes implement straightforward logic without complex control flow or error paths. Challenge 1 is basic arithmetic and input parsing; Challenge 5 is standard HTTP header validation middleware. Limited scope with consistent, homogeneous additions.

Possibly related PRs

Pre-merge checks

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main focus of the pull request—implementing HTTP authentication middleware for challenge 5.
Description check ✅ Passed The description is directly related to the changeset, providing clear context about the authentication middleware implementation and requirements.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot requested changes Dec 8, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between daf4fa9 and 874c7e5.

📒 Files selected for processing (2)
  • challenge-1/submissions/brenoamin/solution-template.go (1 hunks)
  • challenge-5/solution-template.go (2 hunks)
🔇 Additional comments (2)
challenge-5/solution-template.go (1)

53-59: Good improvement to error handling.

Properly handling and logging the error from ListenAndServe improves debuggability when the server fails to start.

challenge-1/submissions/brenoamin/solution-template.go (1)

1-24: LGTM!

The implementation is straightforward and correct. The Sum function properly adds two integers, and the main function handles input reading with appropriate error checking.

challenge-5/solution-template.go
Comment on lines 13 to 26
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// TODO: Implement the logic:
// 1) Grab the "X-Auth-Token" header
// 2) Compare against validToken
// 3) If mismatch or missing, respond with 401
// 4) Otherwise pass to next handler
authHeader := r.Header.Get("X-Auth-Token")
if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}

if authHeader == validToken {
next.ServeHTTP(w, r)
}
w.WriteHeader(http.StatusUnauthorized)
})
}
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Critical logic error: 401 sent even for valid tokens.

Line 24 executes unconditionally after the if block at lines 21-23, which means w.WriteHeader(http.StatusUnauthorized) is called even when the token is valid and next.ServeHTTP(w, r) has already been invoked. This corrupts the response for authorized requests.

Apply this diff to fix the logic:

 func AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		authHeader := r.Header.Get("X-Auth-Token")
 		if authHeader == "" {
 			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 
 		if authHeader == validToken {
 			next.ServeHTTP(w, r)
+			return
 		}
 		w.WriteHeader(http.StatusUnauthorized)
 	})
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// TODO: Implement the logic:
// 1) Grab the "X-Auth-Token" header
// 2) Compare against validToken
// 3) If mismatch or missing, respond with 401
// 4) Otherwise pass to next handler
authHeader := r.Header.Get("X-Auth-Token")
if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}
if authHeader == validToken {
next.ServeHTTP(w, r)
}
w.WriteHeader(http.StatusUnauthorized)
})
}
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("X-Auth-Token")
if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}
if authHeader == validToken {
next.ServeHTTP(w, r)
return
}
w.WriteHeader(http.StatusUnauthorized)
})
}
🤖 Prompt for AI Agents 
In challenge-5/solution-template.go around lines 13 to 26 the middleware
unconditionally calls w.WriteHeader(http.StatusUnauthorized) after the
valid-token branch, causing a 401 to be sent even for authorized requests; fix
it by ensuring the function returns immediately after calling next.ServeHTTP for
a valid token (or restructure the conditional with an else), so the unauthorized
header is only written when the token is missing or invalid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brenoamin