diff --git a/controllers/postController.go b/controllers/postController.go
index e2ffb75..fd904cc 100644
--- a/controllers/postController.go
+++ b/controllers/postController.go
@@ -1,27 +1,33 @@
 package controllers
 
 import (
+	"net/http"
+	"os"
+	"time"
 	"tugas1/initializers"
 	"tugas1/models"
 
 	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v4"
+	"golang.org/x/crypto/bcrypt"
 )
 
 func PostsCreate(c *gin.Context) {
 	// Get dataoff req body
 	var body struct {
-		Name    string
-		Email   string
-		Gender  string
-		Address string
-		Tempat  string
-		TLahir  string
+		Name     string
+		Email    string
+		Password string
+		Gender   string
+		Address  string
+		Tempat   string
+		TLahir   string
 	}
 
 	c.Bind((&body))
 
 	// Create a post
-	post := models.Post{Name: body.Name, Email: body.Email, Gender: body.Gender,
+	post := models.Post{Name: body.Name, Email: body.Email, Password: body.Password, Gender: body.Gender,
 		Address: body.Address, Tempat: body.Tempat, TLahir: body.TLahir}
 
 	result := initializers.DB.Create(&post)
@@ -68,12 +74,13 @@ func PostsUpdate(c *gin.Context) {
 
 	// Get the data off req body
 	var body struct {
-		Name    string
-		Email   string
-		Gender  string
-		Address string
-		Tempat  string
-		TLahir  string
+		Name     string
+		Email    string
+		Password string
+		Gender   string
+		Address  string
+		Tempat   string
+		TLahir   string
 	}
 
 	c.Bind(&body)
@@ -84,12 +91,13 @@ func PostsUpdate(c *gin.Context) {
 
 	// Updated it
 	initializers.DB.Model(&post).Updates(models.Post{
-		Name:    body.Name,
-		Email:   body.Email,
-		Gender:  body.Gender,
-		Address: body.Address,
-		Tempat:  body.Tempat,
-		TLahir:  body.TLahir,
+		Name:     body.Name,
+		Email:    body.Email,
+		Password: body.Password,
+		Gender:   body.Gender,
+		Address:  body.Address,
+		Tempat:   body.Tempat,
+		TLahir:   body.TLahir,
 	})
 
 	// Respond with it
@@ -108,3 +116,124 @@ func PostsDelete(c *gin.Context) {
 	// Respond
 	c.Status(200)
 }
+
+func SignUp(c *gin.Context) {
+	// Get the email/pass of req body
+	var body struct {
+		Name     string
+		Email    string
+		Password string
+		Gender   string
+		Address  string
+		Tempat   string
+		TLahir   string
+	}
+
+	if c.Bind(&body) != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to read body",
+		})
+
+		return
+	}
+
+	// Hash the password
+	hash, err := bcrypt.GenerateFromPassword([]byte(body.Password), 10)
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to hash password",
+		})
+
+		return
+	}
+
+	// Create the user
+	user := models.Post{Name: body.Name, Email: body.Email, Password: string(hash), Gender: body.Gender,
+		Address: body.Address, Tempat: body.Tempat, TLahir: body.TLahir}
+	result := initializers.DB.Create(&user)
+
+	if result.Error != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to create user",
+		})
+
+		return
+	}
+
+	// Respond
+	c.JSON(http.StatusOK, gin.H{})
+}
+
+func Login(c *gin.Context) {
+	// Get the email and password for req body
+	var body struct {
+		Name     string
+		Email    string
+		Password string
+		Gender   string
+		Address  string
+		Tempat   string
+		TLahir   string
+	}
+
+	if c.Bind(&body) != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to read body",
+		})
+
+		return
+	}
+	// Look up requested user
+	var user models.Post
+	initializers.DB.First(&user, "email = ?", body.Email)
+
+	if user.ID == 0 {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Invalid email",
+		})
+
+		return
+	}
+	// Compare sent in password with saved user password hash
+	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(body.Password))
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Invalid password",
+		})
+
+		return
+	}
+
+	// Generate a jwt token
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"sub": user.ID,
+		"exp": time.Now().Add(time.Hour * 24 * 30).Unix(),
+	})
+
+	// Sign and get the complete encoded token as a string using the secret
+	tokenString, err := token.SignedString([]byte(os.Getenv("SECRET")))
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{
+			"error": "Failed to create token",
+		})
+
+		return
+	}
+
+	// Send it back
+	c.SetSameSite(http.SameSiteLaxMode)
+	c.SetCookie("Authorization", tokenString, 3600*24*30, "", "", false, true)
+
+	c.JSON(http.StatusOK, gin.H{})
+}
+
+func Validate(c *gin.Context) {
+	user, _ := c.Get("user")
+
+	c.JSON(http.StatusOK, gin.H{
+		"message": user,
+	})
+}