diff --git a/backend/karaoqueue-backend/src/controllers/auth.controller.ts b/backend/karaoqueue-backend/src/controllers/auth.controller.ts
index b8e4c0b..64b987d 100644
--- a/backend/karaoqueue-backend/src/controllers/auth.controller.ts
+++ b/backend/karaoqueue-backend/src/controllers/auth.controller.ts
@@ -17,15 +17,16 @@ export class AuthenticationController {
                 res.send("Welcome.")
                 return res;
             } else {
-                // TODO wrong password.
-                return "Wrong password."
+                res.status(401).send("Wrong user or password.");
+                return res;
             }
         } else {
-            // TODO wrong user.
-            return "Wrong user."
+            res.status(401).send("Wrong user or password.");
+            return res;
         }
     }
 
+    /* TODO Logout with JWT? */
     @Get("/logout")
     doLogout() {
         return "//TODO logout";
diff --git a/backend/karaoqueue-backend/src/controllers/songs.controller.ts b/backend/karaoqueue-backend/src/controllers/songs.controller.ts
index 470d92d..5b852eb 100644
--- a/backend/karaoqueue-backend/src/controllers/songs.controller.ts
+++ b/backend/karaoqueue-backend/src/controllers/songs.controller.ts
@@ -1,4 +1,5 @@
-import { Get, QueryParam, JsonController, Put } from "routing-controllers";
+import { Get, QueryParam, JsonController, Put, Authorized } from "routing-controllers";
+
 
 @JsonController("/songs")
 export class SongController {
@@ -8,6 +9,7 @@ export class SongController {
     }
 
     @Put()
+    @Authorized()
     updateSongs() {
         return "//TODO update"
     }
diff --git a/backend/karaoqueue-backend/src/index.ts b/backend/karaoqueue-backend/src/index.ts
index d668196..a290cf0 100644
--- a/backend/karaoqueue-backend/src/index.ts
+++ b/backend/karaoqueue-backend/src/index.ts
@@ -1,5 +1,5 @@
 import "reflect-metadata";
-import { Request, Response } from "express";
+import { Request, Response, Application } from "express";
 import { Action, createExpressServer } from "routing-controllers";
 import { QueueController } from "./controllers/queue.controller";
 import { SongController } from "./controllers/songs.controller";
@@ -7,18 +7,22 @@ import { StatisticsController } from "./controllers/statistics.controller";
 import { AuthenticationController } from "./controllers/auth.controller";
 import { RpcController } from "./controllers/rpc.controller";
 import jwt from "jsonwebtoken";
+import appState from "./containers/appState.container";
 
 
 import * as dotenv from "dotenv";
+import DataStoredInToken from "./interfaces/dataStoredInToken.interface";
 dotenv.config();
 
-const app = createExpressServer({
+const app: Application = createExpressServer({
     routePrefix: "/api",
     cors: true,
+    /* HACK. This definitely needs to be cleaned up... */
     authorizationChecker: async (action: Action) => {
         const req: Request = action.request;
         const secret = process.env.KQUEUE_JWTSECRET;
-        const token = parseCookies(req.headers.cookie)["jwt"];
+        // tslint:disable-next-line: no-string-literal
+        const token = parseCookies(req.headers.cookie)['jwt'];
         if (token) {
             try {
                 const verificationResponse = jwt.verify(token, secret);
@@ -33,15 +37,37 @@ const app = createExpressServer({
         } else {
             return false;
         }
-        
+    },
+    /* HACK. This definitely needs to be cleaned up... */
+    currentUserChecker: async (action: Action) => {
+        const req: Request = action.request;
+        const secret = process.env.KQUEUE_JWTSECRET;
+        // tslint:disable-next-line: no-string-literal
+        const token = parseCookies(req.headers.cookie)['jwt'];
+        if (token) {
+            try {
+                const verificationResponse = jwt.verify(token, secret);
+                if (verificationResponse) {
+                    return verificationResponse as DataStoredInToken;
+                } else {
+                    return false;
+                }
+            } catch (error) {
+                return false;
+            }
+        } else {
+            return false;
+        }
     },
     controllers: [QueueController, SongController, StatisticsController, AuthenticationController, RpcController]
 });
 app.listen(process.env.KQUEUE_PORT);
 
+/* HACK. This definitely needs to be cleaned up... */
 function parseCookies(str) {
-    let rx = /([^;=\s]*)=([^;]*)/g;
-    let obj = {};
+    const rx = /([^;=\s]*)=([^;]*)/g;
+    const obj = {};
+    // tslint:disable-next-line: no-conditional-assignment
     for (let m; m = rx.exec(str);)
         obj[m[1]] = decodeURIComponent(m[2]);
     return obj;
diff --git a/backend/karaoqueue-backend/src/middleware/jwt.middleware.ts b/backend/karaoqueue-backend/src/middleware/jwt.middleware.ts
index bd67a91..ee7aed6 100644
--- a/backend/karaoqueue-backend/src/middleware/jwt.middleware.ts
+++ b/backend/karaoqueue-backend/src/middleware/jwt.middleware.ts
@@ -4,7 +4,8 @@ import * as jwt from 'jsonwebtoken';
 
 export class JwtMiddleware {
     public createToken(user: User): string {
-        const expiresIn = 60 * 60; // an hour
+        /* expiresIn is in seconds. We take the env value which is in minutes and multiply it by 60.*/
+        const expiresIn = parseInt(process.env.KQUEUE_JWTEXPIRY,10) * 60;
         const secret = process.env.KQUEUE_JWTSECRET;
         const dataStoredInToken: DataStoredInToken = {
             _id: user.username,