Chapter 3 Assignment

Lock down a route

The brief

Add a `/api/admin/stats` endpoint that returns user counts. Protect it with the Auth middleware AND `RequireRoles("admin")`. Verify a regular user gets 404 and an admin gets 200.

You've completed this when

Endpoint exists and is reachable from the admin role
Non-admin users receive 404 (not 403 — see lesson 3.4)
You can paste both responses (curl) into notes.md

Worked through every criterion?

Push your code to GitHub, paste the link in your notes.md, and move on.

Continue to ch.4: Batteries: Jobs, Mail, Storage, AI

Back to chapter