Challenge 1: Refactor Chapter 5's Auth Check — Possible Solution ==================================================================== // Server interceptor — runs once, before ANY method handler function authInterceptor(call, next) { const token = call.metadata.get('authorization')[0]; if (!isValidToken(token)) { throw new Error(grpc.status.UNAUTHENTICATED); } return next(call); } server.use(authInterceptor); // getProduct handler — no auth-checking code at all now function getProduct(call, callback) { const id = call.request.id; const product = database.findProduct(id); callback(null, product); } server.addService(ProductService.service, { GetProduct: getProduct }); WHY THIS WORKS AS AN ANSWER ------------------------------ The auth check — reading the authorization metadata and validating the token — moves entirely into authInterceptor, registered once via server.use() (or the equivalent server-setup call for the specific gRPC library in use), rather than being written inline inside getProduct. getProduct itself is now IDENTICAL to Chapter 3's original version — it goes straight to the business logic (looking up the product) with no auth code at all, because by the time getProduct runs, the interceptor has already guaranteed the call passed authentication (if it hadn't, the interceptor would have thrown before next(call) ever reached getProduct). Crucially, this same interceptor now protects EVERY method registered on the server, not just GetProduct — a new CreateProduct or DeleteProduct method added later automatically gets the same auth protection with zero extra code, exactly the benefit centralizing this logic in an interceptor was meant to provide.