diff --git a/service/src/db/users/model.rs b/service/src/db/users/model.rs
index 5b2f343..0bbdd27 100644
--- a/service/src/db/users/model.rs
+++ b/service/src/db/users/model.rs
@@ -1,3 +1,37 @@
+use actix_web::{dev::ServiceRequest, Error};
+use actix_web_httpauth::extractors::bearer::BearerAuth;
+use siren::ServiceError;
+
 pub struct User {
-  pub id: i32
+  pub id: i32,
+  pub first_name: String,
+  pub last_name: String,
+  pub email: String
 }
+
+// https://github.com/Sirneij/rust-auth/blob/main/backend/src/routes/users/login.rs
+// https://dev.to/sirneij/authentication-system-using-rust-actix-web-and-sveltekit-user-registration-580h
+// https://github.com/actix/actix-extras/blob/master/actix-session/examples/basic.rs
+// maybe https://github.com/actix/actix-extras/blob/master/actix-identity/examples/identity.rs
+
+pub async fn validator(req: ServiceRequest, credentials: BearerAuth) -> Result<ServiceRequest, (Error, ServiceRequest)> {
+  let token = credentials.token();
+  println!("{:?}", req);
+  match validate_token(token) {
+    Ok(res) => {
+      if res {
+        Ok(req)
+      } else {
+        Err((Error::from(actix_web::error::ErrorUnauthorized("Invalid token")), req))
+      }
+    },
+    Err(err) => {
+      Err((Error::from(actix_web::error::ErrorUnauthorized(err)), req))
+    }
+  }
+}
+
+fn validate_token(token: &str) -> Result<bool, ServiceError> {
+  println!("Validating token: {}", token);
+  Ok(true)
+}
\ No newline at end of file
diff --git a/service/src/main.rs b/service/src/main.rs
index 130b20f..d71d02f 100644
--- a/service/src/main.rs
+++ b/service/src/main.rs
@@ -5,6 +5,8 @@ extern crate diesel_migrations;
 use std::env;
 use std::collections::HashSet;
 use std::sync::Arc;
+use actix_web_httpauth::middleware::HttpAuthentication;
+use db::users::validator;
 use log::{error, warn, info};
 use serenity::client::Cache;
 use serenity::framework::StandardFramework;
@@ -96,32 +98,34 @@ async fn main() -> std::io::Result<()> {
   
   let shard_manager = Arc::clone(&client.shard_manager);
 
-  tokio::spawn(async move {
-    tokio::signal::ctrl_c().await.expect("Could not register ctrl+c handler");
-    shard_manager.lock().await.shutdown_all().await;
-  });
+  // tokio::spawn(async move {
+  //   tokio::signal::ctrl_c().await.expect("Could not register ctrl+c handler");
+  //   shard_manager.lock().await.shutdown_all().await;
+  // });
 
-  tokio::spawn(async move {
-    if let Err(why) = client.start_autosharded().await {
-      error!("An error occurred while running the client: {:?}", why);
-    }
-  });
+  // tokio::spawn(async move {
+  //   if let Err(why) = client.start_autosharded().await {
+  //     error!("An error occurred while running the client: {:?}", why);
+  //   }
+  // });
 
   let host = env::var("SERVICE_HOST").unwrap_or("localhost".to_string());
   let port = env::var("SERVICE_PORT").unwrap_or("5000".to_string());
 
   let server = match HttpServer::new(move || {
+    let auth = HttpAuthentication::bearer(validator);
     let cors = Cors::default()
       .allow_any_origin()
       .allow_any_method()
       .allow_any_header()
       .max_age(3600);
     App::new()
+      .wrap(auth)
+      .wrap(cors)
       .app_data(web::Data::new(Arc::clone(&app_data)))
       .configure(crate::db::messages::init_routes)
       .configure(crate::db::spells::init_routes)
       .configure(crate::bot::api::init_routes)
-      .wrap(cors)
   })
   .bind(format!("{}:{}", host, port)) {
     Ok(b) => {