From 4b7b61fbefa7d0d3aa1cf1ba024c4108db492881 Mon Sep 17 00:00:00 2001 From: "go-interview-practice-bot[bot]" <230190823+go-interview-practice-bot[bot]@users.noreply.github.com> Date: Wed, 19 Nov 2025 10:58:56 +0000 Subject: [PATCH] Add solution for Challenge 5 --- .../submissions/yz4230/solution-template.go | 53 +++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 challenge-5/submissions/yz4230/solution-template.go diff --git a/challenge-5/submissions/yz4230/solution-template.go b/challenge-5/submissions/yz4230/solution-template.go new file mode 100644 index 00000000..9897e8df --- /dev/null +++ b/challenge-5/submissions/yz4230/solution-template.go @@ -0,0 +1,53 @@ +package main + +import ( + "crypto/subtle" + "fmt" + "net/http" +) + +const validToken = "secret" + +// AuthMiddleware checks the "X-Auth-Token" header. +// If it's "secret", call the next handler. +// Otherwise, respond with 401 Unauthorized. +func AuthMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + token := r.Header.Get("X-Auth-Token") + if subtle.ConstantTimeCompare([]byte(token), []byte(validToken)) == 0 { + w.WriteHeader(http.StatusUnauthorized) + return + } + next.ServeHTTP(w, r) + }) +} + +// helloHandler returns "Hello!" on GET /hello +func helloHandler(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, "Hello!") +} + +// secureHandler returns "You are authorized!" on GET /secure +func secureHandler(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, "You are authorized!") +} + +// SetupServer configures the HTTP routes with the authentication middleware. +func SetupServer() http.Handler { + mux := http.NewServeMux() + + // Public route: /hello (no auth required) + mux.HandleFunc("/hello", helloHandler) + + // Secure route: /secure + // Wrap with AuthMiddleware + secureRoute := http.HandlerFunc(secureHandler) + mux.Handle("/secure", AuthMiddleware(secureRoute)) + + return mux +} + +func main() { + // Optional: you can run a real server for local testing + // http.ListenAndServe(":8080", SetupServer()) +}