diff --git a/src/main/java/com/pt/constant/Constants.java b/src/main/java/com/pt/constant/Constants.java
new file mode 100644
index 0000000..5cf22a0
--- /dev/null
+++ b/src/main/java/com/pt/constant/Constants.java
@@ -0,0 +1,20 @@
+package com.pt.constant;
+
+public class Constants {
+
+    public static final int DEFAULT_EXPIRE_TIME = 600000;
+
+    public static enum UserRole {
+        ADMIN(0),
+        USER(1);
+
+        private final int value;
+        private UserRole(int value) {
+            this.value = value;
+        }
+
+        public int getValue() {
+            return value;
+        }
+    }
+}
diff --git a/src/main/java/com/pt/controller/UserController.java b/src/main/java/com/pt/controller/UserController.java
index 4ced292..ea4dcab 100644
--- a/src/main/java/com/pt/controller/UserController.java
+++ b/src/main/java/com/pt/controller/UserController.java
@@ -1,11 +1,16 @@
 package com.pt.controller;
 
+import com.pt.constant.Constants;
 import com.pt.entity.User;
+import com.pt.utils.JWTUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 import com.pt.service.UserService;
 
+import java.util.HashMap;
+import java.util.Map;
+
 @RestController
 @RequestMapping("/api/user")
 @CrossOrigin(origins = "*")
@@ -30,24 +35,38 @@
             newUser.setPassword(password);
             newUser.setEmail(email);
             userService.save(newUser);
-            return ResponseEntity.ok("User registered successfully");
+
+            Map<String, Object> ans = new HashMap<>();
+            ans.put("result", "User registered successfully");
+
+            return ResponseEntity.ok().body(ans);
         }
     }
 
     @PostMapping("/login")
     public ResponseEntity<?> loginUser(@RequestParam("username") String username,
                                        @RequestParam("password") String password) {
+
         User user = userService.findByUsernameAndPassword(username, password);
+        Map<String, Object> ans = new HashMap<>();
         if (user != null) {
-            return ResponseEntity.ok("Login successful");
+            ans.put("result", "Login successful");
+            ans.put("token", JWTUtils.generateToken(username, Constants.UserRole.USER, Constants.DEFAULT_EXPIRE_TIME));
+            return ResponseEntity.ok().body(ans);
         } else {
-            return ResponseEntity.badRequest().body("Invalid username or password");
+            ans.put("result", "Invalid username or password");
+            return ResponseEntity.badRequest().body(ans);
         }
     }
 
     @PostMapping("/update/username")
-    public ResponseEntity<?> updateUsername(@RequestParam("username") String oldUsername,
+    public ResponseEntity<?> updateUsername(@RequestHeader("token") String token,
+                                            @RequestParam("username") String oldUsername,
                                             @RequestParam("newUsername") String newUsername) {
+        if(!JWTUtils.checkToken(token, oldUsername, Constants.UserRole.USER)) {
+            return ResponseEntity.badRequest().body("Invalid token");
+        }
+
         User user = userService.findByUsername(oldUsername);
         if (user != null) {
             user.setUsername(newUsername);
@@ -59,8 +78,13 @@
     }
 
     @PostMapping("/update/password")
-    public ResponseEntity<?> updatePassword(@RequestParam("username") String username,
+    public ResponseEntity<?> updatePassword(@RequestHeader("token") String token,
+                                            @RequestParam("username") String username,
                                             @RequestParam("newPassword") String newPassword) {
+        if(!JWTUtils.checkToken(token, username, Constants.UserRole.USER)) {
+            return ResponseEntity.badRequest().body("Invalid token");
+        }
+
         User user = userService.findByUsername(username);
         if (user != null) {
             user.setPassword(newPassword);
@@ -72,8 +96,13 @@
     }
 
     @PostMapping("/update/email")
-    public ResponseEntity<?> updateEmail(@RequestParam("username") String username,
+    public ResponseEntity<?> updateEmail(@RequestHeader("token") String token,
+                                         @RequestParam("username") String username,
                                          @RequestParam("newEmail") String newEmail) {
+        if(!JWTUtils.checkToken(token, username, Constants.UserRole.USER)) {
+            return ResponseEntity.badRequest().body("Invalid token");
+        }
+
         User user = userService.findByUsername(username);
         if (user != null) {
             user.setEmail(newEmail);
diff --git a/src/main/java/com/pt/utils/JWTUtils.java b/src/main/java/com/pt/utils/JWTUtils.java
new file mode 100644
index 0000000..c47bc5f
--- /dev/null
+++ b/src/main/java/com/pt/utils/JWTUtils.java
@@ -0,0 +1,65 @@
+package com.pt.utils;
+
+import com.pt.constant.Constants;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+
+public class JWTUtils {
+
+    private final static String SECRET_KEY = "U2VjcmV0S2V5Rm9ySldUVXNlT25seUluU2VjdXJlRW52aXJvbm1lbnQ=";
+
+
+    public static String createToken(Map<String, Object> params, long ttlMills){
+
+        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
+        long expMillis = System.currentTimeMillis() + ttlMills;
+        Date exp = new Date(expMillis);
+        return Jwts.builder()
+                .setClaims(params)
+                .signWith(signatureAlgorithm, SECRET_KEY.getBytes(StandardCharsets.UTF_8))
+                .setExpiration(exp)
+                .compact();
+
+    }
+
+    public static Map<String, Object> parseToken(String token){
+        try{
+            return Jwts.parser()
+                    .setSigningKey(SECRET_KEY.getBytes(StandardCharsets.UTF_8))
+                    .parseClaimsJws(token).getBody();
+        }catch (Exception e){
+            return null;
+        }
+
+    }
+
+    public static boolean checkToken(String token, String username, Constants.UserRole userType) {
+        Map<String, Object> claims = parseToken(token);
+        if(claims == null) {
+            System.out.println("Token is invalid or expired");
+            return false;
+        }
+        String tokenUsername = (String) claims.get("username");
+        int tokenUserType = (int) claims.get("userType");
+
+        System.out.printf("Token username: %s, Token userType: %d, Provided username: %s, Provided userType: %d%n",
+                tokenUsername, tokenUserType, username, userType.getValue());
+
+        return tokenUsername.equals(username) && tokenUserType == userType.getValue();
+    }
+
+    public static String generateToken(String username,
+                                 Constants.UserRole userType,
+                                 int expireTime) {
+        Map<String, Object> claims = new HashMap<>();
+        claims.put("username", username);
+        claims.put("userType", userType.getValue());
+        return createToken(claims, expireTime);
+    }
+}