From 83d152abeffa45f42250a6ba8b17dd78d0627b78 Mon Sep 17 00:00:00 2001
From: "patrick.lloret@protonmail.com" <patrick.lloret@protonmail.com>
Date: Mon, 14 Apr 2025 22:52:13 +0200
Subject: [PATCH] fix(carbonserver) validate fief token

---
 carbonserver/carbonserver/api/services/auth_service.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/carbonserver/carbonserver/api/services/auth_service.py b/carbonserver/carbonserver/api/services/auth_service.py
index 7173b7496..9d06dc7b2 100644
--- a/carbonserver/carbonserver/api/services/auth_service.py
+++ b/carbonserver/carbonserver/api/services/auth_service.py
@@ -66,7 +66,7 @@ def __init__(self, error_if_not_found=False):
         """
         self.error_if_not_found = error_if_not_found
 
-    def __call__(
+    async def __call__(
         self,
         auth_user_cookie: Optional[FiefUserInfo] = Depends(
             fief_auth_cookie.current_user(optional=True)
@@ -85,6 +85,11 @@ def __call__(
                 algorithms=["HS256", "RS256"],
             )
         elif bearer_token is not None:
+            if settings.environment != "develop":
+                try:
+                    await fief.validate_access_token(bearer_token.credentials)
+                except Exception:
+                    raise HTTPException(status_code=401, detail="Invalid token")
             # cli user using fief token
             self.auth_user = jwt.decode(
                 bearer_token.credentials,