diff --git a/src/auth.ts b/src/auth.ts
index 1288d43..11d4325 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -1,5 +1,9 @@
 export function validateToken(token: string): boolean {
-  return token.length > 0
+  if (!token || token.length === 0) return false
+  const parts = token.split('.')
+  if (parts.length !== 3) return false
+  const payload = JSON.parse(atob(parts[1]))
+  return payload.exp > Date.now() / 1000
 }
 
 export function login(username: string, password: string) {