Skip to content

Feature/challenge 5 — HTTP Authentication Middleware #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
brenoamin wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Feature/challenge 5 — HTTP Authentication Middleware #859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e85e67d
feat: solve the challenge-1
brenoamin Dec 8, 2025
874c7e5
feat: solve the challenge-5
brenoamin Dec 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions challenge-1/submissions/brenoamin/solution-template.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package main

import (
"fmt"
)

func main() {
var a, b int
// Read two integers from standard input
_, err := fmt.Scanf("%d, %d", &a, &b)
if err != nil {
fmt.Println("Error reading input:", err)
return
}

// Call the Sum function and print the result
result := Sum(a, b)
fmt.Println(result)
}

// Sum returns the sum of a and b.
func Sum(a int, b int) int {
return a + b
}
20 changes: 14 additions & 6 deletions challenge-5/solution-template.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,16 @@ const validToken = "secret"
// Otherwise, respond with 401 Unauthorized.
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// TODO: Implement the logic:
// 1) Grab the "X-Auth-Token" header
// 2) Compare against validToken
// 3) If mismatch or missing, respond with 401
// 4) Otherwise pass to next handler
authHeader := r.Header.Get("X-Auth-Token")
if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}

if authHeader == validToken {
next.ServeHTTP(w, r)
}
w.WriteHeader(http.StatusUnauthorized)
})
}
Comment on lines 13 to 26
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Critical logic error: 401 sent even for valid tokens.

Line 24 executes unconditionally after the if block at lines 21-23, which means w.WriteHeader(http.StatusUnauthorized) is called even when the token is valid and next.ServeHTTP(w, r) has already been invoked. This corrupts the response for authorized requests.

Apply this diff to fix the logic:

 func AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		authHeader := r.Header.Get("X-Auth-Token")
 		if authHeader == "" {
 			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 
 		if authHeader == validToken {
 			next.ServeHTTP(w, r)
+			return
 		}
 		w.WriteHeader(http.StatusUnauthorized)
 	})
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// TODO: Implement the logic:
// 1) Grab the "X-Auth-Token" header
// 2) Compare against validToken
// 3) If mismatch or missing, respond with 401
// 4) Otherwise pass to next handler
authHeader := r.Header.Get("X-Auth-Token")
if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}
if authHeader == validToken {
next.ServeHTTP(w, r)
}
w.WriteHeader(http.StatusUnauthorized)
})
}
func AuthMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("X-Auth-Token")
if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
return
}
if authHeader == validToken {
next.ServeHTTP(w, r)
return
}
w.WriteHeader(http.StatusUnauthorized)
})
}
🤖 Prompt for AI Agents 
In challenge-5/solution-template.go around lines 13 to 26 the middleware
unconditionally calls w.WriteHeader(http.StatusUnauthorized) after the
valid-token branch, causing a 401 to be sent even for authorized requests; fix
it by ensuring the function returns immediately after calling next.ServeHTTP for
a valid token (or restructure the conditional with an else), so the unauthorized
header is only written when the token is missing or invalid.


Expand Down Expand Up @@ -47,5 +52,8 @@ func SetupServer() http.Handler {

func main() {
// Optional: you can run a real server for local testing
// http.ListenAndServe(":8080", SetupServer())
err := http.ListenAndServe(":8080", SetupServer())
if err != nil {
fmt.Println(err)
}
}