diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
new file mode 100644
index 0000000..e9fcbbd
--- /dev/null
+++ b/internal/middleware/auth.go
@@ -0,0 +1,49 @@
+package middleware
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"git.wh64.net/devproje/kuma-archive/internal/service"
+	"github.com/gin-gonic/gin"
+)
+
+func BasicAuth(ctx *gin.Context) {
+	var matches = false
+	var list = []string{"/settings"}
+
+	for _, i := range list {
+		if !strings.Contains(ctx.Request.URL.Path, i) {
+			continue
+		}
+
+		matches = true
+	}
+
+	if !matches {
+		ctx.Next()
+		return
+	}
+
+	auth := service.NewAuthService()
+	username, password, ok := ctx.Request.BasicAuth()
+	if !ok {
+		ctx.Status(403)
+		return
+	}
+
+	ok, err := auth.VerifyToken(username, password)
+	if err != nil {
+		ctx.Status(500)
+		_, _ = fmt.Fprintln(os.Stderr, err)
+		return
+	}
+
+	if !ok {
+		ctx.Status(403)
+		return
+	}
+
+	ctx.Next()
+}
diff --git a/internal/routes/auth.go b/internal/routes/auth.go
index 7f68ef0..a0fe692 100644
--- a/internal/routes/auth.go
+++ b/internal/routes/auth.go
@@ -63,24 +63,30 @@ func authentication(group *gin.RouterGroup) {
 		ctx.Status(200)
 	})
 
-	// TODO: change to middleware soon
-	group.GET("/check", func(ctx *gin.Context) {
+	group.DELETE("/delete", func(ctx *gin.Context) {
 		auth := service.NewAuthService()
-		username, password, ok := ctx.Request.BasicAuth()
+		pass := ctx.PostForm("password")
+		username, _, ok := ctx.Request.BasicAuth()
 		if !ok {
-			ctx.Status(401)
+			ctx.Status(403)
 			return
 		}
 
-		validate, err := auth.VerifyToken(username, password)
+		ok, err := auth.Verify(username, pass)
 		if err != nil {
 			ctx.Status(500)
-			fmt.Fprintln(os.Stderr, err)
+			_, _ = fmt.Fprintln(os.Stderr, err)
 			return
 		}
 
-		if !validate {
-			ctx.Status(401)
+		if !ok {
+			ctx.Status(403)
+			return
+		}
+
+		if err = auth.Delete(username); err != nil {
+			ctx.Status(500)
+			_, _ = fmt.Fprintln(os.Stderr, err)
 			return
 		}
 
diff --git a/internal/routes/mod.go b/internal/routes/mod.go
index 8faee9f..37cf8b4 100644
--- a/internal/routes/mod.go
+++ b/internal/routes/mod.go
@@ -13,6 +13,7 @@ import (
 
 func New(app *gin.Engine, version *service.Version, apiOnly bool) {
 	app.Use(middleware.CORS)
+	app.Use(middleware.BasicAuth)
 
 	api := app.Group("/api")
 	{