diff --git a/docker/api-base/Dockerfile b/docker/api-base/Dockerfile
index 7e4437a..f9396e8 100644
--- a/docker/api-base/Dockerfile
+++ b/docker/api-base/Dockerfile
@@ -21,4 +21,6 @@ COPY		--from=builder /app/package.json /app/package.json
 ENV			NODE_ENV=production
 EXPOSE		3000
 
+RUN			mkdir /db
+
 CMD			[ "node", "/app/src/start.js" ]
diff --git a/src/api/auth/default.js b/src/api/auth/default.js
index f7dbb20..4588edd 100644
--- a/src/api/auth/default.js
+++ b/src/api/auth/default.js
@@ -3,8 +3,18 @@ import fastifyCookie from '@fastify/cookie';
 import Database from 'better-sqlite3';
 import bcrypt from 'bcrypt';
 
-const database = new Database(":memory:");
+const RESERVED_USERNAMES = ['admin'];
+var env = process.env.NODE_ENV || 'development';
+
 const saltRounds = 10;
+let database;
+
+if (env === 'development') {
+	database = new Database(":memory:", { verbose: console.log });
+} else {
+	var dbPath = process.env.DB_PATH || '/db/db.sqlite'
+	database = new Database(dbPath);
+}
 
 /**
  *	@description	Can be used to prepare the database
@@ -47,7 +57,7 @@ function isValidString(value) {
  */
 export default async function(fastify, options) {
 	fastify.register(fastifyJWT, {
-		secret: '123456789101112131415161718192021',
+		secret: process.env.JWT_SECRET || '123456789101112131415161718192021',
 		cookie: {
 			cookieName: 'token',
 		},
@@ -57,7 +67,18 @@ export default async function(fastify, options) {
 	});
 	fastify.register(fastifyCookie);
 
-	fastify.post('/login', async (request, reply) => {
+	fastify.post('/login', {
+		schema: {
+			body: {
+				type: 'object',
+				required: ['user', 'password'],
+				properties: {
+					user: { type: 'string', minLength: 1 },
+					password: { type: 'string', minLength: 8 }
+				}
+			}
+		}
+	}, async (request, reply) => {
 		try {
 			/** @type {{ user: string, password: string }} */
 			const { user, password } = request.body;
@@ -85,7 +106,7 @@ export default async function(fastify, options) {
 				.setCookie('token', token, {
 					httpOnly: true,
 					path: '/',
-					secure: false,
+					secure: env !== 'development',
 					sameSite: 'lax',
 				})
 				.code(200)
@@ -96,12 +117,27 @@ export default async function(fastify, options) {
 		}
 	});
 
-	fastify.post('/register', async (request, reply) => {
+	fastify.post('/register', {
+		schema: {
+			body: {
+				type: 'object',
+				required: ['user', 'password'],
+				properties: {
+					user: { type: 'string', minLength: 1 },
+					password: { type: 'string', minLength: 8 }
+				}
+			}
+		}
+	}, async (request, reply) => {
 		try {
 			/** @type {{ user: string, password: string }} */
 			const { user, password } = request.body;
+			
+			if (RESERVED_USERNAMES.includes(user)) {
+				return reply.code(400).send({ error: 'Reserved username' });
+			}
 
-			if (!isValidString(user) || !isValidString(password) || user === 'admin') {
+			if (!isValidString(user) || !isValidString(password)) {
 				return reply.code(400).send({ error: 'Invalid username or password' });
 			} else if (checkUser(user) === true) {
 				return reply.code(400).send({ error: "User already exist" });
@@ -119,4 +155,14 @@ export default async function(fastify, options) {
 			return reply.code(500).send({ error: "Internal server error" });
 		}
 	});
+
+	fastify.get('/me', async (request, reply) => {
+		try {
+			const token = request.cookies.token;
+			const decoded = await fastify.jwt.verify(token);
+			return { user: decoded.user };
+		} catch {
+			return reply.code(401).send({ error: 'Unauthorized' });
+		}
+	});
 }
diff --git a/src/api/user/default.js b/src/api/user/default.js
index 990da7e..476d31c 100644
--- a/src/api/user/default.js
+++ b/src/api/user/default.js
@@ -2,7 +2,16 @@ import fastifyJWT from '@fastify/jwt';
 import fastifyCookie from '@fastify/cookie';
 import Database from 'better-sqlite3';
 
-const database = new Database(":memory:");
+var env = process.env.NODE_ENV || 'development';
+
+let database;
+
+if (env === 'development') {
+	database = new Database(":memory:", { verbose: console.log });
+} else {
+	var dbPath = process.env.DB_PATH || '/db/db.sqlite'
+	database = new Database(dbPath);
+}
 
 function prepareDB() {
 	database.exec(`
@@ -49,7 +58,7 @@ const deleteFriends = database.prepare('DELETE FROM friends WHERE username = ?;'
 export default async function(fastify, options) {
 
 	fastify.register(fastifyJWT, {
-		secret: '123456789101112131415161718192021',
+		secret: process.env.JWT_SECRET || '123456789101112131415161718192021',
 		cookie: {
 			cookieName: 'token',
 		},