diff --git a/src/server/routes/fileApiRoutes.ts b/src/server/routes/fileApiRoutes.ts
index be461c9..8953a84 100644
--- a/src/server/routes/fileApiRoutes.ts
+++ b/src/server/routes/fileApiRoutes.ts
@@ -7,6 +7,7 @@ import {writeFile} from "fs";
 
 import ServeError from "../lib/errors";
 import Files from "../lib/files";
+import { getAccount, requiresAccount } from "../lib/middleware";
 
 let parser = bodyParser.json({
     type: ["text/plain","application/json"]
@@ -21,14 +22,11 @@ export function setFilesObj(newFiles:Files) {
 
 let config = require(`${process.cwd()}/config.json`)
 
-fileApiRoutes.get("/list", (req,res) => {
+fileApiRoutes.use(getAccount);
 
-    if (!auth.validate(req.cookies.auth)) {
-        ServeError(res, 401, "not logged in")
-        return
-    }
+fileApiRoutes.get("/list", requiresAccount, (req,res) => {
 
-    let acc = Accounts.getFromToken(req.cookies.auth)
+    let acc = res.locals.acc as Accounts.Account
     
     if (!acc) return
     let accId = acc.id
@@ -48,12 +46,7 @@ fileApiRoutes.get("/list", (req,res) => {
 
 fileApiRoutes.post("/manage", parser, (req,res) => {
 
-    if (!auth.validate(req.cookies.auth)) {
-        ServeError(res, 401, "not logged in")
-        return
-    }
-
-    let acc = Accounts.getFromToken(req.cookies.auth) as Accounts.Account
+    let acc = res.locals.acc as Accounts.Account
     
     if (!acc) return
     if (!req.body.target || !(typeof req.body.target == "object") || req.body.target.length < 1) return