diff --git a/src/handler/history/history.router.ts b/src/handler/history/history.router.ts
index f0f9a04ad68007d4e41ef9045468a8d7c48d50f7..087fbfba4976d28290e72f572bbe4d0508722be2 100644
--- a/src/handler/history/history.router.ts
+++ b/src/handler/history/history.router.ts
@@ -2,11 +2,15 @@ import express from "express";
 import type { Request, Response } from "express";
 
 import * as HistoryServices from './history.service'
+import { ValidationRequest, accessValidation } from "../middleware/middleware";
 
 export const HistoryRouter = express.Router()
 
-HistoryRouter.get('/:username', async (request: Request, response: Response) => {
+HistoryRouter.get('/', accessValidation, async (request: Request, response: Response) => {
     try {
+        const validationRequest = request as ValidationRequest;
+        const { authorization } = validationRequest.headers;
+        console.log(authorization)
         const history = await HistoryServices.getHistory(request.params.username);
         return response.status(200).json(history);
     } catch (error: any) {
diff --git a/src/handler/middleware/middleware.ts b/src/handler/middleware/middleware.ts
new file mode 100644
index 0000000000000000000000000000000000000000..75a146fa8c8405a39070994da8d9173f3bb9e831
--- /dev/null
+++ b/src/handler/middleware/middleware.ts
@@ -0,0 +1,41 @@
+import {Express, NextFunction, Request, Response} from "express";
+import jwt, { JwtPayload } from 'jsonwebtoken';
+
+interface UserData {
+    id: number,
+    name: string,
+    username: string,
+}
+
+export interface ValidationRequest extends Request {
+    userData: UserData
+}
+
+export const accessValidation = (req: Request, res: Response, next: NextFunction) => {
+    const validationReq = req as ValidationRequest
+    const {authorization} = validationReq.headers;
+
+    console.log('here: ', authorization)
+
+    if(!authorization){
+        return res.status(401).json({
+            message: 'Token diperlukan'
+        })
+    }
+
+    const token = authorization.split(' ')[1];
+    const secret = process.env.JWT_SECRET!;
+
+    try {
+        const jwtDecode = jwt.verify(token, secret);
+
+        if(typeof jwtDecode !== 'string'){
+            validationReq.userData = jwtDecode as UserData
+        }
+    } catch (error) {
+        return res.status(401).json({
+            message: 'Unauthorized'
+        })
+    }
+    next()
+}
\ No newline at end of file
diff --git a/src/handler/user/user.router.ts b/src/handler/user/user.router.ts
index 6123739549b3152cb636e70dba87402fcbab47fa..cfbf8bb87afb10759efb73813589c9dc015beee2 100644
--- a/src/handler/user/user.router.ts
+++ b/src/handler/user/user.router.ts
@@ -43,7 +43,7 @@ UserRouter.post('/register', async (request: Request, response: Response) => {
 
 UserRouter.post('/login', async (request: Request, response: Response) => {
     try {
-        const responseString = await UserServices.login(request.body.username, request.body.password);
+        const responseString= await UserServices.login(request.body.username, request.body.password);
         return response.status(200).json(responseString);
     } catch (error: any) {
         return response.status(500).json(error.message);
diff --git a/src/handler/user/user.service.ts b/src/handler/user/user.service.ts
index 69317281882ed5e62117ba94ad4879a967536796..ebbf9077b94faa55e14385d87b8816e2e58a3203 100644
--- a/src/handler/user/user.service.ts
+++ b/src/handler/user/user.service.ts
@@ -2,6 +2,8 @@ import { User } from "../../interfaces/User";
 import { UserDetail } from "../../interfaces/UserDetail";
 import {db} from "../../utils/db.server"
 
+import jwt, { Secret, JwtPayload } from 'jsonwebtoken';
+
 type queryResult = User | null;
 
 export async function checkUsername(username : string) {
@@ -61,9 +63,29 @@ export async function login(username : string, password : string) {
         where: {
             username : username
         }
-    });
-    const responseString = (password === result?.password) ? "success" : "failed";
-    return responseString;
+    })
+
+    if(result === null){
+        const responseString = "username tidak ditemukan";
+        return responseString;
+    }
+    if(result.password != password){
+        const responseString = "password salah";
+        return responseString;
+    }
+
+    const payLoad = {
+        id: result.id,
+        name: result.name,
+        username: result.username,
+    }
+
+    const Secret = process.env.JWT_SECRET!;
+
+    const expiresIn = 60*60*24; 
+    const token = jwt.sign(payLoad, Secret, {expiresIn: expiresIn})
+    return token;
+    
 }
 
 export async function getBalance(username : string) {
diff --git a/src/index.ts b/src/index.ts
index a4e198daca0f07708c14fbe363f65e99a1e7f2e3..1073106301cced4aeaf8688ab4d4f6524d2173dd 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,4 +1,6 @@
-import express, {Express, Request, Response} from "express";
+import express, {Express, NextFunction, Request, Response} from "express";
+import jwt, { JwtPayload } from 'jsonwebtoken';
+
 import { HistoryRouter } from "./handler/history/history.router";
 import { OrderRouter } from "./handler/order/order.router";
 import { UserRouter } from "./handler/user/user.router";
@@ -9,9 +11,12 @@ const port = 5000;
 
 app.use(express.json());
 app.use(cors());
+
+
+
 // logger
 app.use((req, res, next) => {
-    console.log(`${req.method} ${req.url}`); 
+    
     next(); 
 });