diff --git a/src/main/java/com/pt/controller/UserController.java b/src/main/java/com/pt/controller/UserController.java
index 4ced292..ea4dcab 100644
--- a/src/main/java/com/pt/controller/UserController.java
+++ b/src/main/java/com/pt/controller/UserController.java
@@ -1,11 +1,16 @@
 package com.pt.controller;
 
+import com.pt.constant.Constants;
 import com.pt.entity.User;
+import com.pt.utils.JWTUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import com.pt.service.UserService;
 
+import java.util.HashMap;
+import java.util.Map;
+
 @RestController
 @RequestMapping("/api/user")
 @CrossOrigin(origins = "*")
@@ -30,24 +35,38 @@
             newUser.setPassword(password);
             newUser.setEmail(email);
             userService.save(newUser);
-            return ResponseEntity.ok("User registered successfully");
+
+            Map<String, Object> ans = new HashMap<>();
+            ans.put("result", "User registered successfully");
+
+            return ResponseEntity.ok().body(ans);
         }
     }
 
     @PostMapping("/login")
     public ResponseEntity<?> loginUser(@RequestParam("username") String username,
                                        @RequestParam("password") String password) {
+
         User user = userService.findByUsernameAndPassword(username, password);
+        Map<String, Object> ans = new HashMap<>();
         if (user != null) {
-            return ResponseEntity.ok("Login successful");
+            ans.put("result", "Login successful");
+            ans.put("token", JWTUtils.generateToken(username, Constants.UserRole.USER, Constants.DEFAULT_EXPIRE_TIME));
+            return ResponseEntity.ok().body(ans);
         } else {
-            return ResponseEntity.badRequest().body("Invalid username or password");
+            ans.put("result", "Invalid username or password");
+            return ResponseEntity.badRequest().body(ans);
         }
     }
 
     @PostMapping("/update/username")
-    public ResponseEntity<?> updateUsername(@RequestParam("username") String oldUsername,
+    public ResponseEntity<?> updateUsername(@RequestHeader("token") String token,
+                                            @RequestParam("username") String oldUsername,
                                             @RequestParam("newUsername") String newUsername) {
+        if(!JWTUtils.checkToken(token, oldUsername, Constants.UserRole.USER)) {
+            return ResponseEntity.badRequest().body("Invalid token");
+        }
+
         User user = userService.findByUsername(oldUsername);
         if (user != null) {
             user.setUsername(newUsername);
@@ -59,8 +78,13 @@
     }
 
     @PostMapping("/update/password")
-    public ResponseEntity<?> updatePassword(@RequestParam("username") String username,
+    public ResponseEntity<?> updatePassword(@RequestHeader("token") String token,
+                                            @RequestParam("username") String username,
                                             @RequestParam("newPassword") String newPassword) {
+        if(!JWTUtils.checkToken(token, username, Constants.UserRole.USER)) {
+            return ResponseEntity.badRequest().body("Invalid token");
+        }
+
         User user = userService.findByUsername(username);
         if (user != null) {
             user.setPassword(newPassword);
@@ -72,8 +96,13 @@
     }
 
     @PostMapping("/update/email")
-    public ResponseEntity<?> updateEmail(@RequestParam("username") String username,
+    public ResponseEntity<?> updateEmail(@RequestHeader("token") String token,
+                                         @RequestParam("username") String username,
                                          @RequestParam("newEmail") String newEmail) {
+        if(!JWTUtils.checkToken(token, username, Constants.UserRole.USER)) {
+            return ResponseEntity.badRequest().body("Invalid token");
+        }
+
         User user = userService.findByUsername(username);
         if (user != null) {
             user.setEmail(newEmail);