From 8b24560bc03c7d126ea4b0e4387d0e38c93032c6 Mon Sep 17 00:00:00 2001
From: Lorenzo Blasa <lblasa@meta.com>
Date: Wed, 18 Oct 2023 08:53:46 -0700
Subject: [PATCH] Verify token before return

Summary: If the token has already expired, generate another one.

Reviewed By: aigoncharov

Differential Revision: D50410431

fbshipit-source-id: 108a3b344a1bcafd93a8d9bc94cba5c133d099d7
---
 .../certificate-exchange/certificate-utils.tsx        | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx b/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
index e75f91240..ba7f9e326 100644
--- a/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
+++ b/desktop/flipper-server-core/src/app-connectivity/certificate-exchange/certificate-utils.tsx
@@ -338,6 +338,17 @@ export const getAuthToken = async (): Promise<string> => {
   }
 
   const token = await fs.readFile(serverAuthToken);
+
+  try {
+    console.info('Verify authentication token');
+    const serverCertificate = await fs.readFile(serverCert);
+    jwt.verify(token.toString(), serverCertificate);
+    console.info('Token verification succeeded');
+  } catch (_) {
+    console.warn('Either token has expired or is invalid');
+    return generateAuthToken();
+  }
+
   return token.toString();
 };