diff --git a/controllers/api/index.js b/controllers/api/index.js
index e69de29..ffc2e4d 100644
--- a/controllers/api/index.js
+++ b/controllers/api/index.js
@@ -0,0 +1,9 @@
+const router = require("express").Router();
+
+const userRoutes = require("./user-routes");
+const itemRoutes = require("./item-routes");
+
+router.use('/users', userRoutes);
+router.use('/items', itemRoutes);
+
+module.exports = router;
\ No newline at end of file
diff --git a/controllers/api/item-routes.js b/controllers/api/item-routes.js
new file mode 100644
index 0000000..e69de29
diff --git a/controllers/api/user-routes.js b/controllers/api/user-routes.js
index e69de29..b17c6c2 100644
--- a/controllers/api/user-routes.js
+++ b/controllers/api/user-routes.js
@@ -0,0 +1,92 @@
+const router = require("express").Router();
+const { User } = require("../../models");
+const withAuth = require("../../utils/auth");
+
+// GET all User
+router.get("/", (req, res) => {
+    User.findAll({
+        attributes: { exclude: ['password'] }
+    })
+        .then(dbUserData => res.json(dbUserData))
+        .catch(err => {
+            console.log(err);
+            res.status(500).json(err);
+        });
+});
+
+// GET a single User by id
+router.get("/:id", (req, res) => {
+    User.findOne({
+        attributes: { exclude: ['password'] },
+        where: {
+            user_id: req.params.id
+        }
+    })
+        .then(dbUserData => {
+            if (!dbUserData) {
+                res.status(404).json({ message: "No user found with this id."});
+                return;
+            }
+            res.json(dbUserData);
+        })
+        .catch(err => {
+            console.log(err);
+            res.status(500).json(err);
+        });
+});
+
+// Create a User
+router.post("/", (req, res) => {
+    User.create({
+        first_name: req.body.first_name,
+        last_name: req.body.last_name,
+        email: req.body.email,
+        password: req.body.password
+    })
+        .then(dbUserData => {
+            req.session.save(() => {
+                req.session.user_id = dbUserData.user_id;
+                req.session.email = dbUserData.email;
+                req.session.loggedIn = true;
+
+                res.json(dbUserData);
+            });
+        })
+        .catch(err => {
+            console.log(err);
+            res.status(500).json(err);
+        });
+});
+
+// Login
+router.post("/login", (req, res) => {
+    User.findOne({
+        where: {
+            email: req.body.email,
+        },
+    })
+        .then((dbUserData) => {
+            if (!dbUserData) {
+                res.status(400).json({ message: "Incorrect email or password." });
+                console.log("Incorrect email or password.");
+                return;
+            }
+
+            const validPassword = dbUserData.checkPassword(req.body.password);
+            console.log(dbUserData)
+
+            if (!validPassword) {
+                res.status(400).json({ message: "Incorrect email or password." });
+                console.log("Incorrect email or password.");
+                return;
+            }
+            req.session.save(() => {
+                req.session.user_id = dbUserData.user_id;
+                req.session.email = dbUserData.email;
+                req.session.loggedIn = true;
+
+                res.json({ ok: true, user: dbUserData, message: "You're logged in! Start doing things. Now." });
+                console.log("You're logged in! Start doing things. Now.");
+            });
+        });
+});
\ No newline at end of file
diff --git a/controllers/index.js b/controllers/index.js
index e69de29..e19975f 100644
--- a/controllers/index.js
+++ b/controllers/index.js
@@ -0,0 +1,15 @@
+const router = require("express").Router();
+
+const apiRoutes = require("./api");
+const homeRoutes = require("./home-routes");
+const editRoutes = require("./edit-routes"); // Is this one necessary? Unsure.
+
+router.use("/api", apiRoutes);
+router.use("/", homeRoutes);
+router.use("/edit", editRoutes); // Might not need this either.
+
+router.use((req, res) => {
+    res.status(404).end();
+});
+
+module.exports = router;
\ No newline at end of file
diff --git a/models/index.js b/models/index.js
index 0634562..4eed98b 100644
--- a/models/index.js
+++ b/models/index.js
@@ -3,7 +3,11 @@ const User = require("./User");
 const Item = require("./Item");
 
 // Create associations
-
-
+User.hasMany(Item, {
+    foreignKey: 'user_id'
+});
+Item.belongsTo(User, {
+    foreignKey: 'id' // "id" might be wrong? It might need to be "user_id", but that doesn't make sense to me, AND IT NEVER HAS.
+});
 
 module.exports = { User, Item };
\ No newline at end of file
diff --git a/utils/auth.js b/utils/auth.js
new file mode 100644
index 0000000..2d04182
--- /dev/null
+++ b/utils/auth.js
@@ -0,0 +1,9 @@
+const withAuth = (req, res, next) => {
+    if (!req.session.user_id) { // NOTE: Make sure that .user_id is the correct variable name.
+        res.redirect("/login");
+    } else {
+        next();
+    }
+};
+
+module.exports = withAuth;
\ No newline at end of file