diff --git a/.env.example b/.env.example
index f14e063..ec019d8 100644
--- a/.env.example
+++ b/.env.example
@@ -1,6 +1,8 @@
 # vi: ft=sh
 # shellcheck disable=SC2034
 
+JWT_SECRET=secret
+
 # Database things
 POSTGRES_USER=vex
 POSTGRES_PASSWORD=pass
diff --git a/api/Dockerfile.dev b/api/Dockerfile.dev
index f6324c7..91aaee2 100644
--- a/api/Dockerfile.dev
+++ b/api/Dockerfile.dev
@@ -3,4 +3,4 @@ RUN go install github.com/bokwoon95/wgo@latest
 WORKDIR /app
 
 EXPOSE 1597
-CMD wgo run .
+CMD wgo run ./cmd
diff --git a/api/cmd/feed.go b/api/cmd/feed.go
deleted file mode 100644
index 6e4629f..0000000
--- a/api/cmd/feed.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package main
-
-import (
-	"github.com/labstack/echo/v4"
-	"github.com/zoriya/vex"
-)
-
-func (h *Handler) AddFeed(c echo.Context) error {
-	var feed vex.Feed
-	err := c.Bind(&feed)
-	if err != nil {
-		return err
-	}
-
-	ret := make([]interface{}, 0)
-	return c.JSON(201, ret)
-}
-
-func (h *Handler) RegisterFeedsRoutes(e *echo.Echo) {
-	e.POST("/feed", h.AddFeed)
-}
diff --git a/api/cmd/feeds.go b/api/cmd/feeds.go
new file mode 100644
index 0000000..d107587
--- /dev/null
+++ b/api/cmd/feeds.go
@@ -0,0 +1,40 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/labstack/echo/v4"
+)
+
+type AddFeedDto struct {
+	Link string   `json:"link" validate:"required,url"`
+	Tags []string `json:"tags" validate:"required"`
+}
+
+func (h *Handler) AddFeed(c echo.Context) error {
+	user, err := GetCurrentUserId(c)
+	if err != nil {
+		return err
+	}
+
+	var req AddFeedDto
+	err = c.Bind(&req)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	if err = c.Validate(&req); err != nil {
+		return err
+	}
+
+	feed, err := h.feeds.AddFeed(req.Link, req.Tags, user)
+	if err != nil {
+		log.Printf("Add feed error: %v", err)
+		return echo.NewHTTPError(500, "internal server error")
+	}
+	return c.JSON(201, feed)
+}
+
+func (h *Handler) RegisterFeedsRoutes(echo *echo.Echo, r *echo.Group) {
+	r.POST("/feeds", h.AddFeed)
+}
diff --git a/api/cmd/main.go b/api/cmd/main.go
index 178c65f..9556946 100644
--- a/api/cmd/main.go
+++ b/api/cmd/main.go
@@ -1,18 +1,24 @@
 package main
 
 import (
-	"database/sql"
 	"fmt"
 	"log"
+	"net/http"
 	"os"
 
+	"github.com/go-playground/validator/v10"
+	"github.com/jmoiron/sqlx"
+	"github.com/labstack/echo-jwt/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
 	_ "github.com/lib/pq"
+	"github.com/zoriya/vex"
 )
 
 type Handler struct {
-	database *sql.DB
+	feeds     vex.FeedService
+	users     vex.UserService
+	jwtSecret []byte
 }
 
 func (h *Handler) GetEntries(c echo.Context) error {
@@ -20,6 +26,18 @@ func (h *Handler) GetEntries(c echo.Context) error {
 	return c.JSON(200, ret)
 }
 
+type Validator struct {
+	validator *validator.Validate
+}
+
+func (cv *Validator) Validate(i interface{}) error {
+	if err := cv.validator.Struct(i); err != nil {
+		// Optionally, you could return the error to give each route more control over the status code
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	return nil
+}
+
 func main() {
 	con := fmt.Sprintf(
 		"postgresql://%v:%v@%v:%v/%v?sslmode=disable",
@@ -29,18 +47,28 @@ func main() {
 		os.Getenv("POSTGRES_PORT"),
 		os.Getenv("POSTGRES_DB"),
 	)
-	db, err := sql.Open("postgres", con)
+	db, err := sqlx.Open("postgres", con)
 	if err != nil {
 		log.Fatal(err)
 	}
 	h := Handler{
-		database: db,
+		feeds:     vex.NewFeedService(db),
+		users:     vex.NewUserService(db),
+		jwtSecret: []byte(os.Getenv("JWT_SECRET")),
 	}
 
 	e := echo.New()
+	e.Validator = &Validator{validator: validator.New()}
 	e.Use(middleware.Logger())
+
+	r := e.Group("")
+	r.Use(echojwt.WithConfig(echojwt.Config{
+		SigningKey: h.jwtSecret,
+	}))
+
 	e.GET("/entries", h.GetEntries)
-	h.RegisterFeedsRoutes(e)
+	h.RegisterLoginRoutes(e, r)
+	h.RegisterFeedsRoutes(e, r)
 
 	e.Start(":1597")
 }
diff --git a/api/cmd/users.go b/api/cmd/users.go
new file mode 100644
index 0000000..e1a786a
--- /dev/null
+++ b/api/cmd/users.go
@@ -0,0 +1,116 @@
+package main
+
+import (
+	"net/http"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+	"github.com/labstack/echo/v4"
+	"github.com/zoriya/vex"
+)
+
+type LoginDto struct {
+	Email    string `json:"email" validate:"required"`
+	Password string `json:"password" validate:"required"`
+}
+
+type RegisterDto struct {
+	Name     string `json:"name" validate:"required"`
+	Email    string `json:"email" validate:"required"`
+	Password string `json:"password" validate:"required"`
+}
+
+type UserDto struct {
+	Id    uuid.UUID `json:"id"`
+	Name  string    `json:"name"`
+	Email string    `json:"email"`
+}
+
+func (h *Handler) Login(c echo.Context) error {
+	var req LoginDto
+	err := c.Bind(&req)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	if err = c.Validate(&req); err != nil {
+		return err
+	}
+
+	user := h.users.GetByEmail(req.Email)
+	if user == nil {
+		return echo.NewHTTPError(403, "Invalid email")
+	}
+	if !h.users.CheckPassword(req.Password, user.Password) {
+		return echo.NewHTTPError(403, "Invalid password")
+	}
+	return h.CreateToken(c, user)
+}
+
+func (h *Handler) CreateToken(c echo.Context, user *vex.User) error {
+	claims := &jwt.RegisteredClaims{
+		Subject: user.Id.String(),
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	t, err := token.SignedString(h.jwtSecret)
+	if err != nil {
+		return err
+	}
+	return c.JSON(http.StatusOK, echo.Map{
+		"token": t,
+	})
+}
+
+func (h *Handler) Register(c echo.Context) error {
+	var req RegisterDto
+	err := c.Bind(&req)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, err.Error())
+	}
+	if err = c.Validate(&req); err != nil {
+		return err
+	}
+
+	user, err := h.users.Create(req.Name, req.Email, req.Password)
+	if err != nil {
+		return echo.NewHTTPError(409,"Email already taken")
+	}
+	return h.CreateToken(c, &user)
+}
+
+func (h *Handler) GetMe(c echo.Context) error {
+	id, err := GetCurrentUserId(c)
+	if err != nil {
+		return err
+	}
+	user := h.users.GetById(id)
+	if user == nil {
+		return echo.NewHTTPError(500, "Internal server error")
+	}
+	return c.JSON(200, UserDto{
+		Id:    user.Id,
+		Name:  user.Name,
+		Email: user.Email,
+	})
+}
+
+func GetCurrentUserId(c echo.Context) (uuid.UUID, error) {
+	user := c.Get("user").(*jwt.Token)
+	if user == nil {
+		return uuid.UUID{}, echo.NewHTTPError(401, "Unauthorized")
+	}
+	sub, err := user.Claims.GetSubject()
+	if err != nil {
+		return uuid.UUID{}, echo.NewHTTPError(403, "Could not retrive subject")
+	}
+	ret, err := uuid.Parse(sub)
+	if err != nil {
+		return uuid.UUID{}, echo.NewHTTPError(403, "Invalid id")
+	}
+	return ret, nil
+}
+
+func (h *Handler) RegisterLoginRoutes(e *echo.Echo, r *echo.Group) {
+	e.POST("/login", h.Login)
+	e.POST("/register", h.Register)
+	r.GET("/me", h.GetMe)
+}
diff --git a/api/feed.go b/api/feed.go
deleted file mode 100644
index 7d577ca..0000000
--- a/api/feed.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package vex
-
-import "github.com/google/uuid"
-
-type Feed struct {
-	Id          uuid.UUID `json:"id"`
-	Name        string    `json:"name"`
-	Link        string    `json:"link"`
-	FaviconUrl  string    `json:"faviconUrl"`
-	Tags        []string  `json:"tags"`
-	SubmitterId uuid.UUID `json:"submitterId"`
-}
diff --git a/api/feeds.go b/api/feeds.go
new file mode 100644
index 0000000..399acfa
--- /dev/null
+++ b/api/feeds.go
@@ -0,0 +1,45 @@
+package vex
+
+import (
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+	"github.com/lib/pq"
+)
+
+type Feed struct {
+	Id          uuid.UUID
+	Name        string
+	Link        string
+	FaviconUrl  string `db:"favicon_url"`
+	Tags        pq.StringArray
+	SubmitterId uuid.UUID `db:"submitter_id"`
+}
+
+type FeedService struct {
+	database *sqlx.DB
+}
+
+func NewFeedService(db *sqlx.DB) FeedService {
+	return FeedService{database: db}
+}
+
+func (s FeedService) AddFeed(link string, tags []string, submitter uuid.UUID) (Feed, error) {
+	feed := Feed{
+		Id:          uuid.New(),
+		Name:        link,
+		Link:        link,
+		FaviconUrl:  link,
+		Tags:        tags,
+		SubmitterId: submitter,
+	}
+
+	_, err := s.database.NamedExec(
+		`insert into feeds (id, name, link, favicon_url, tags, submitter_id)
+		values (:id, :name, :link, :favicon_url, :tags, :submitter_id)`,
+		feed,
+	)
+	if err != nil {
+		return Feed{}, err
+	}
+	return feed, nil
+}
diff --git a/api/go.mod b/api/go.mod
index e30be00..b144c98 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -3,19 +3,27 @@ module github.com/zoriya/vex
 go 1.22.1
 
 require (
+	github.com/go-playground/validator/v10 v10.20.0
+	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/google/uuid v1.6.0
+	github.com/jmoiron/sqlx v1.4.0
+	github.com/labstack/echo-jwt/v4 v4.2.0
 	github.com/labstack/echo/v4 v4.12.0
 	github.com/lib/pq v1.10.9
+	golang.org/x/crypto v0.22.0
 )
 
 require (
-	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
 	github.com/labstack/gommon v0.4.2 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
-	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
diff --git a/api/go.sum b/api/go.sum
index 38a485b..27884ac 100644
--- a/api/go.sum
+++ b/api/go.sum
@@ -1,13 +1,35 @@
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
+github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
+github.com/labstack/echo-jwt/v4 v4.2.0 h1:odSISV9JgcSCuhgQSV/6Io3i7nUmfM/QkBeR5GVJj5c=
+github.com/labstack/echo-jwt/v4 v4.2.0/go.mod h1:MA2RqdXdEn4/uEglx0HcUOgQSyBaTh5JcaHIan3biwU=
 github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0=
 github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM=
 github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=
 github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
@@ -15,6 +37,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
diff --git a/api/users.go b/api/users.go
new file mode 100644
index 0000000..9092ace
--- /dev/null
+++ b/api/users.go
@@ -0,0 +1,66 @@
+package vex
+
+import (
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type User struct {
+	Id       uuid.UUID
+	Name     string
+	Email    string
+	Password []byte
+}
+
+type UserService struct {
+	database *sqlx.DB
+}
+
+func NewUserService(db *sqlx.DB) UserService {
+	return UserService{database: db}
+}
+
+func (s UserService) GetById(id uuid.UUID) *User {
+	var user User
+	err := s.database.Get(&user, "select u.* from users as u where u.id = $1", id)
+	if err != nil {
+		return nil
+	}
+	return &user
+}
+
+func (s UserService) GetByEmail(email string) *User {
+	var user User
+	err := s.database.Get(&user, "select u.* from users as u where u.email = $1", email)
+	if err != nil {
+		return nil
+	}
+	return &user
+}
+
+func (s UserService) CheckPassword(password string, reference []byte) bool {
+	return bcrypt.CompareHashAndPassword(reference, []byte(password)) == nil
+}
+
+func (s UserService) Create(name string, email string, password string) (User, error) {
+	pass, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return User{}, err
+	}
+	user := User{
+		Id:       uuid.New(),
+		Name:     name,
+		Email:    email,
+		Password: pass,
+	}
+	_, err = s.database.NamedExec(
+		`insert into users (id, name, email, password)
+		values (:id, :name, :email, :password)`,
+		user,
+	)
+	if err != nil {
+		return User{}, err
+	}
+	return user, nil
+}
diff --git a/sql/create.sql b/sql/create.sql
index 2639a83..eb16519 100644
--- a/sql/create.sql
+++ b/sql/create.sql
@@ -2,13 +2,13 @@ create table if not exists users(
 	id uuid not null primary key,
 	name text not null,
 	password varchar(100) not null,
-	email text not null
+	email text not null unique
 );
 
 create table if not exists feeds(
 	id uuid not null primary key,
 	name text not null,
-	link text not null,
+	link text not null unique,
 	favicon_url text not null,
 	tags text[] not null,
 	submitter_id uuid not null references users(id)
@@ -16,7 +16,7 @@ create table if not exists feeds(
 
 create table if not exists entries(
 	id uuid not null primary key,
-	feed_id uuid not null references feed(id),
+	feed_id uuid not null references feeds(id),
 	title text not null,
 	link text not null,
 	date timestamp with time zone not null,
@@ -31,6 +31,6 @@ create table if not exists entries_users(
 	is_bookmarked bool not null,
 	is_read_later bool not null,
 	is_ignored bool not null,
-	constraint entries_users_pk primary keys(user_id, feed_id)
+	constraint entries_users_pk primary key(user_id, feed_id)
 );