diff --git a/brainlet/api/v2/gateway/index.js b/brainlet/api/v2/gateway/index.js
index 5b30d8a..d5d7002 100644
--- a/brainlet/api/v2/gateway/index.js
+++ b/brainlet/api/v2/gateway/index.js
@@ -90,6 +90,10 @@ class GatewayHandler {
     }
 
     handleConnection(ws) {
+        if (!policies.allowGatewayConnection) {
+            return ws.close(wsCloseCodes.SERVER_DENIED_CONNECTION[0], wsCloseCodes.SERVER_DENIED_CONNECTION[1]);
+        }
+
         const session = new GatewaySession();
         session.setWebsocketClient(ws);
         session.send("HELLO", { pingInterval: clientFacingPingInterval });
@@ -146,7 +150,7 @@ class GatewayHandler {
 
     // Gateway message handlers
     async handle_YOO({ data }, session) {
-        if (session.authenticated) return {error: wsCloseCodes.PAYLOAD_ERROR};
+        if (session.authenticated || !Array.isArray(data.roles) || data.roles.length > 10 || data.roles.) return {error: wsCloseCodes.PAYLOAD_ERROR};
         try {
             if (!(await session.authenticateWithToken(data.token))) return {error: wsCloseCodes.AUTHENTICATION_ERROR};
         } catch(e) {