diff --git a/config.js b/config.js
index 87240a0..624a9a3 100644
--- a/config.js
+++ b/config.js
@@ -9,6 +9,7 @@ module.exports = {
     server: {
         port: 3001
     },
+    passwords: ['fartsex'],
     url: 'http://localhost:3001',
     storagePath: '/tmp/yes',
     fileTypes: fileTypes,
diff --git a/index.js b/index.js
index 96f19da..9f8648b 100644
--- a/index.js
+++ b/index.js
@@ -10,6 +10,8 @@ const app = express();
 
 app.use(fileUpload());
 app.set('view engine', 'ejs')
+app.use(express.urlencoded({ extended: false }));
+app.use(express.json());
 
 app.get('/', (req, res) => {
     res.render('upload');
@@ -72,6 +74,12 @@ app.get('/file/:filename', (req, res) => {
 });
 
 app.post('/api/upload', (req, res) => {
+    const password = req.body.password;
+
+    if (config.passwords.indexOf(password) === -1) {
+        return res.status(401).send('Incorrect password.');
+    }
+
     if (!req.files || Object.keys(req.files).length === 0) {
         return res.status(400).send('No files were uploaded.');
     }
@@ -80,7 +88,7 @@ app.post('/api/upload', (req, res) => {
 
     file.mv(`${config.storagePath}/${file.name}`, function(err) {
         if (err) return res.status(500).send(err);
-        res.send('File uploaded!');
+        res.render('uploaded', { file: { name: file.name } });
     });
 });
 
diff --git a/package-lock.json b/package-lock.json
index 96f5388..8bfc41b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -126,6 +126,15 @@
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
       "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
     },
+    "cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "requires": {
+        "object-assign": "^4",
+        "vary": "^1"
+      }
+    },
     "debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -354,6 +363,11 @@
       "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz",
       "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
     },
+    "object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
+    },
     "on-finished": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
diff --git a/package.json b/package.json
index fd00f51..ec8dbf1 100644
--- a/package.json
+++ b/package.json
@@ -14,6 +14,7 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
+    "cors": "^2.8.5",
     "ejs": "^3.1.5",
     "express": "^4.17.1",
     "express-fileupload": "^1.2.0",
diff --git a/views/upload.ejs b/views/upload.ejs
index 7d9958a..96091e1 100644
--- a/views/upload.ejs
+++ b/views/upload.ejs
@@ -6,8 +6,11 @@
     <title>Upload</title>
 </head>
 <body>
+    <h1>this is the upload page</h1>
+    <p>i think</p>
     <form action='/api/upload' method="POST" enctype="multipart/form-data">
-        <input type="file" name="file"/>
+        Password: <input type="password" name="password"> </br>
+        <input type="file" name="file"/> </br>
         <input type='submit' value='Upload!'/>
     </form>
 </body>
diff --git a/views/uploaded.ejs b/views/uploaded.ejs
new file mode 100644
index 0000000..5397249
--- /dev/null
+++ b/views/uploaded.ejs
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Uploaded</title>
+</head>
+<body>
+    <h1>the file was uploaded</h1>
+    <p>i think</p>
+    <br>
+    <a href="/file/<%= file.name %>">Go to file</a>
+</body>
+</html>
\ No newline at end of file