diff --git a/internal/helper.go b/internal/helper.go
index a984b8d..5cc8f38 100644
--- a/internal/helper.go
+++ b/internal/helper.go
@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/golang-jwt/jwt"
 	"github.com/graph-gophers/dataloader"
 	"github.com/minio/minio-go/v7"
 	log "github.com/sirupsen/logrus"
@@ -108,3 +109,17 @@ func getParentDir(id string) string {
 
 	return nomalizeID(parent)
 }
+
+func isAuth(ctx context.Context) (bool, error) {
+	token, ok := ctx.Value("jwt").(*jwt.Token)
+
+	if !ok {
+		return false, fmt.Errorf("Unauthorized")
+	}
+
+	if token.Valid {
+		return true, nil
+	} else {
+		return false, fmt.Errorf("Unauthorized")
+	}
+}
diff --git a/internal/httpServer.go b/internal/httpServer.go
index 35e7fdd..ed07a21 100644
--- a/internal/httpServer.go
+++ b/internal/httpServer.go
@@ -53,7 +53,9 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 				parsedToken, err := parseJWT(token)
 
 				if err == nil && parsedToken.Valid {
-					r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
+					newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
+					h.ServeHTTP(rw, newRequest)
+					return
 				}
 			}
 
@@ -62,7 +64,8 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 	})
 
 	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
-		gqlHandler.ContextHandler(resolveContext, rw, r)
+		token := r.Context().Value("jwt")
+		gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
 	})
 
 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
@@ -82,6 +85,11 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 }
 
 func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
+	if is, _ := isAuth(r.Context()); !is {
+		rw.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	s3Client := ctx.Value("s3Client").(*minio.Client)
 	id := r.URL.Query().Get("id")
 
@@ -121,6 +129,11 @@ func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
 }
 
 func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
+	if is, _ := isAuth(r.Context()); !is {
+		rw.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	s3Client := ctx.Value("s3Client").(*minio.Client)
 
 	id := r.URL.Query().Get("id")
diff --git a/internal/schema.go b/internal/schema.go
index 9622188..f73c5bc 100644
--- a/internal/schema.go
+++ b/internal/schema.go
@@ -21,6 +21,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 
 				if !ok {
@@ -42,6 +46,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 
 				if !ok {
@@ -63,6 +71,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				id, ok := p.Args["id"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -86,6 +98,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				id, ok := p.Args["id"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -107,6 +123,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				src, ok := p.Args["src"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -132,6 +152,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				src, ok := p.Args["src"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -154,6 +178,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -172,6 +200,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 
 				if !ok {