diff --git a/mod.ts b/mod.ts
index 2938c87..7624db5 100644
--- a/mod.ts
+++ b/mod.ts
@@ -19,7 +19,7 @@ Deno.serve({ port: config.api.port }, async (req) => {
 
   if (req.method === 'GET') {
     // handle all gets
-  } else if (req.method === 'POST' && path === '/enroll') {
+  } else if (req.method === 'POST' && (path === '/enroll' || path === '/enroll/')) {
     const body = await req.json();
 
     let readFailure = false;
@@ -49,7 +49,28 @@ Deno.serve({ port: config.api.port }, async (req) => {
       return genericResponse(STATUS_CODE.BadRequest, 'Username Taken.');
     }
   } else {
-    // handle auth then all other shiz
+    const body = await req.json();
+
+    let readFailure = false;
+    const loginMatch = await dbClient.query('SELECT id, email FROM users WHERE name = ? AND pin = ?', [body.name, body.pin]).catch(() => {
+      readFailure = true;
+    });
+    if (readFailure) return genericResponse(STATUS_CODE.InternalServerError, "Couldn't read DB.");
+    if (loginMatch.length === 0) return genericResponse(STATUS_CODE.Forbidden, 'Invalid name/PIN combination.');
+    const userId = loginMatch[0].userId;
+    const email = loginMatch[0].email;
+
+    switch (req.method) {
+      case 'POST':
+        if (path === '/auth' || path === '/auth/') {
+          return genericResponse(STATUS_CODE.OK, JSON.stringify({ userId, hasEmail: email.length > 0 }));
+        }
+        break;
+      case 'PUT':
+        break;
+      case 'DELETE':
+        break;
+    }
   }
 
   return genericResponse(STATUS_CODE.NotImplemented);