diff --git a/middlewares/authMiddleware.js b/middlewares/authMiddleware.js
new file mode 100644
index 0000000000000000000000000000000000000000..8744a4acc44112ca449a05250988be2fd8ec565a
--- /dev/null
+++ b/middlewares/authMiddleware.js
@@ -0,0 +1,26 @@
+const userModel = require('../models/user.model');
+
+const errorAuth = {error : "Not connected"}
+
+module.exports.checkAuthMiddleware = function(req,res,next){
+    let token = ""
+    if(req.query.token){
+        token = req.query.token;
+    }else if (req.body.token) {
+        token = req.body.token;
+    }
+    userModel.getUserByToken(token).then(users => {
+        if(users){
+            req.session.user = users[0];
+            next();
+        }else{
+            res.status(200).send(errorAuth);
+            return 1;
+        }
+    })
+
+}
+
+module.exports.checkAuth = function(){
+    return exports.checkAuthMiddleware
+}
diff --git a/models/item.model.js b/models/item.model.js
index daabee826485bd7ac6a9772d34e43f99a5f67492..309125b50cc101ed5e907836d39878c00daaa2c5 100644
--- a/models/item.model.js
+++ b/models/item.model.js
@@ -25,14 +25,14 @@ sequelize.sync({force:true}).then(() => {
     price: 4,
     userId: 1,
     typeItem: 2
-  }).then(out => console.log(out.dataValues));
+  })
 
   Items.create({
     description: 'Bon shit sa mère',
     price: 10,
     userId: 2,
     typeItem: 1
-  }).then(out => console.log(out.dataValues));
+  })
 })
 
 function getItem(id) {
diff --git a/models/sequelize.js b/models/sequelize.js
index 07d6be8e74f9229f77ad6a8632df29f06e27c73a..6beb44fff47e490f6601f2100303a2ff9a4912fd 100644
--- a/models/sequelize.js
+++ b/models/sequelize.js
@@ -4,6 +4,7 @@ var sequelize = new Sequelize('csb', 'csb', 'csbcmqLBC!', {
   host: 'nicolasfley.fr',
   port: 3306,
   dialect: 'mysql',
+  //logging: false, // to stop verbose
 
   pool: {
     max: 5,
diff --git a/models/user.model.js b/models/user.model.js
index b9d41b7b999d8e63bb1af105f7be8aac0631e2b7..1b65b7ddaa29808a2b5f24ff3777eb0210b2681f 100644
--- a/models/user.model.js
+++ b/models/user.model.js
@@ -65,7 +65,7 @@ function authUser(userInfos) {
 	})
 }
 
-function isAuthed(token){
+function getUserByToken(token){
 	return Users.findOne({where : {token : token}});
 }
 
@@ -84,4 +84,4 @@ function deleteUser(id) {
 	})
 }
 
-module.exports = {getUser, addUser, deleteUser, authUser, refreshUser,getUserUName}
\ No newline at end of file
+module.exports = {getUser, addUser, deleteUser, authUser, refreshUser,getUserUName,getUserByToken}
diff --git a/routes/item.route.js b/routes/item.route.js
index e386804e3261c47f45637792bcfac745f2d2b296..9f6d09ed847bd863e016e23605b21fed85724c08 100644
--- a/routes/item.route.js
+++ b/routes/item.route.js
@@ -1,10 +1,13 @@
 const express = require('express');
 const itemModel = require('../models/item.model');
+const authMiddleware = require('../middlewares/authMiddleware');
 const router = express.Router();
 
 const DEFAULT_PAGE = 0;
 const DEFAULT_STEP = 10;
 
+router.use(authMiddleware.checkAuth());
+
 router.get('/byId/:id', function(req, res) {
 	let id = parseInt(req.params.id);
 	itemModel.getItem(id).then(out => res.json(out));