diff --git a/upload.lua b/upload.lua
index 1c5b077..95ecbf1 100644
--- a/upload.lua
+++ b/upload.lua
@@ -1,6 +1,9 @@
-local upload = require "resty.upload"
+local upload    = require "resty.upload"
 local uuid      = require "resty.jit-uuid"
 local cjson     = require "cjson"
+local jwt       = require "resty.jwt"
+
+
 
 local chunk_size = 4096
 local form = upload:new(chunk_size)
@@ -17,6 +20,34 @@ local file
 local file_name
 local files = {}
 
+local jwt_key = "0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE0xCAFEBABE"
+
+function LuaReomve(str,remove)
+    local lcSubStrTab = {}
+    while true do
+        local lcPos = string.find(str,remove)
+        if not lcPos then
+            lcSubStrTab[#lcSubStrTab+1] =  str
+            break
+        end
+        local lcSubStr  = string.sub(str,1,lcPos-1)
+        lcSubStrTab[#lcSubStrTab+1] = lcSubStr
+        str = string.sub(str,lcPos+1,#str)
+    end
+    local lcMergeStr =""
+    local lci = 1
+    while true do
+        if lcSubStrTab[lci] then
+            lcMergeStr = lcMergeStr .. lcSubStrTab[lci]
+            lci = lci + 1
+        else
+            break
+        end
+    end
+    return lcMergeStr
+end
+
+
 while true do
     local typ, res, err = form:read()
 
@@ -28,6 +59,35 @@ while true do
     local authorization = ngx.req.get_headers()["Authorization"]
     if authorization then
         ngx.log(ngx.INFO, 'Check request authorization Authorization -> ', ngx.req.get_headers().Authorization)
+
+        local jwt_obj = jwt:verify(jwt_key, authorization)
+        if jwt_obj.verified == false then
+            ngx.log(ngx.WARN, "Invalid token: ".. jwt_obj.reason)
+
+            ngx.status = ngx.HTTP_UNAUTHORIZED
+            ngx.header.content_type = "application/json; charset=utf-8"
+            ngx.say(cjson.encode(jwt_obj))
+            ngx.exit(ngx.HTTP_UNAUTHORIZED)
+        end
+
+        ngx.log(ngx.INFO, "JWT: " .. cjson.encode(jwt_obj))
+
+        local jwt_payload_sub = jwt_obj.payload.sub
+
+        ngx.log(ngx.INFO, "jwt object : payload : sub " .. jwt_payload_sub)
+
+        local temp_string = LuaReomve(jwt_payload_sub,"\\")
+
+        ngx.log(ngx.INFO, "temp_string is " .. temp_string)
+
+        local htytoken = cjson.decode(temp_string)
+
+        ngx.log(ngx.INFO, "htytoken : token_id " .. htytoken.token_id)
+        ngx.log(ngx.INFO, "htytoken : hty_id " .. htytoken.hty_id)
+        --ngx.log(ngx.INFO, "htytoken : app_id " .. htytoken.app_id)
+        ngx.log(ngx.INFO, "htytoken : ts " .. htytoken.ts)
+        --ngx.log(ngx.INFO, "htytoken : roles " .. htytoken.roles)
+
     else
         ngx.log(ngx.ERR, 'Request header no authorization ! ')
         ngx.status = 500