RezaSi · yz4230 · Nov 19, 2025
diff --git a/challenge-5/submissions/yz4230/solution-template.go b/challenge-5/submissions/yz4230/solution-template.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"crypto/subtle"
+	"fmt"
+	"net/http"
+)
+
+const validToken = "secret"
+
+// AuthMiddleware checks the "X-Auth-Token" header.
+// If it's "secret", call the next handler.
+// Otherwise, respond with 401 Unauthorized.
+func AuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token := r.Header.Get("X-Auth-Token")
+		if subtle.ConstantTimeCompare([]byte(token), []byte(validToken)) == 0 {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
+
+// helloHandler returns "Hello!" on GET /hello
+func helloHandler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprint(w, "Hello!")
+}
+
+// secureHandler returns "You are authorized!" on GET /secure
+func secureHandler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprint(w, "You are authorized!")
+}
+
+// SetupServer configures the HTTP routes with the authentication middleware.
+func SetupServer() http.Handler {
+	mux := http.NewServeMux()
+
+	// Public route: /hello (no auth required)
+	mux.HandleFunc("/hello", helloHandler)
+
+	// Secure route: /secure
+	// Wrap with AuthMiddleware
+	secureRoute := http.HandlerFunc(secureHandler)
+	mux.Handle("/secure", AuthMiddleware(secureRoute))
+
+	return mux
+}
+
+func main() {
+	// Optional: you can run a real server for local testing
+	// http.ListenAndServe(":8080", SetupServer())
+}