// Extract JWT token from "Authorization: Bearer" header
function getJWTToken(request) {
const authorizationHeader = request.headers.get('Authorization')
if (authorizationHeader && authorizationHeader.startsWith('Bearer ')) {
return authorizationHeader.substring(7, authorizationHeader.length)
// Validate that JWT token has correct format: header.payload.signature (for example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjI0OTkyMDAwLCJleHAiOjE2MjI1MDAwMDB9.TldRGokRHJvG69SefbxIqAlQ6nnco6aLa3y7jsYXHMI")
function validateJWT(token) {
const [header, payload, signature] = token.split('.')
if (!header || !payload || !signature) {
throw new Error('Invalid JWT format')
// Decode the JWT payload and header to JSON
const decodedHeader = JSON.parse(atob(header))
const decodedPayload = JSON.parse(atob(payload))
// Here you would implement the logic to verify the JWT signature.
// This example assumes a simple validation that just checks the payload.
// Replace the following lines with your actual validation logic.
// Ensure that JWT token hasn't expired (to test, try sending a request with an expired token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjI0OTkyMDAwLCJleHAiOjE2MjI1MDAwMDB9.TldRGokRHJvG69SefbxIqAlQ6nnco6aLa3y7jsYXHMI")
if (decodedPayload.exp < Math.floor(Date.now() / 1000)) {
throw new Error('JWT has expired')
// Optionally, you could add more validation checks here (issuer, audience, etc.).
// Also, implement actual signature validation with a custom function.
// Execute the function to extract JWT token
const jwtToken = getJWTToken(request)
// If the token is not provided, serve 401 Forbidden
return new Response('Missing JWT token', { status: 401 })
// Execute the function to validate the token
const validToken = await validateJWT(jwtToken)
// If the token is valid, serve actual response
// An example of a valid token that will expire in 2033 is "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjI0OTkyMDAwLCJleHAiOjIwMDExMjAwMDB9._qgQ_TMrGfYgOoA8HtTZwEGoj8zAPWxsz8CT1jEAGzo"
return new Response('Invalid JWT token', { status: 401 })
return new Response('Error validating token: ' + error.message, { status: 500 })