diff --git a/internal/middleware/header.go b/internal/middleware/header.go
new file mode 100644
index 0000000..187cdf6
--- /dev/null
+++ b/internal/middleware/header.go
@@ -0,0 +1,8 @@
+package middleware
+
+import "github.com/gin-gonic/gin"
+
+func Header(ctx *gin.Context) {
+	ctx.Header("X-Powered-By", "Golang")
+	ctx.Next()
+}
diff --git a/internal/routes/mod.go b/internal/routes/mod.go
index 65a09bf..2a69bee 100644
--- a/internal/routes/mod.go
+++ b/internal/routes/mod.go
@@ -9,14 +9,13 @@ import (
 
 func New(app *gin.Engine, version *service.Version, apiOnly bool) {
 	app.Use(middleware.CORS)
+	app.Use(middleware.Header)
 	app.Use(middleware.BasicAuth)
 
 	api := app.Group("/api")
 	api.GET("/path/*path", readPath)
 	api.GET("/download/*path", downloadPath)
 
-	api.POST("/private")
-
 	authentication(api.Group("/auth"))
 
 	api.GET("/version", func(ctx *gin.Context) {
diff --git a/internal/routes/worker.go b/internal/routes/worker.go
index 98a762f..be5322f 100644
--- a/internal/routes/worker.go
+++ b/internal/routes/worker.go
@@ -6,9 +6,71 @@ import (
 	"github.com/gin-gonic/gin"
 	"os"
 	"path/filepath"
+	"strings"
 )
 
+func checkAuth(ctx *gin.Context) (bool, error) {
+	privdir := service.NewPrivDirService(nil)
+	dirs, err := privdir.Query()
+	if err != nil {
+		return true, nil
+	}
+
+	for _, dir := range dirs {
+		if !strings.HasPrefix(ctx.Request.URL.Path, dir.DirName) {
+			continue
+		}
+
+		auth := service.NewAuthService()
+		username, password, ok := ctx.Request.BasicAuth()
+		if !ok {
+			return false, nil
+		}
+
+		ok, err = auth.VerifyToken(username, password)
+		if err != nil {
+			return false, err
+		}
+
+		if !ok {
+			return false, nil
+		}
+
+		var acc *service.Account
+		acc, err = auth.Read(username)
+		if err != nil {
+			return false, err
+		}
+
+		var path *service.PrivDir
+		privdir = service.NewPrivDirService(acc)
+		path, err = privdir.Read(dir.DirName)
+		if err != nil {
+			return false, err
+		}
+
+		if path == dir {
+			return true, nil
+		}
+
+		return false, nil
+	}
+
+	return true, nil
+}
+
 func readPath(ctx *gin.Context) {
+	ok, err := checkAuth(ctx)
+	if err != nil {
+		ctx.Status(401)
+		return
+	}
+
+	if !ok {
+		ctx.Status(401)
+		return
+	}
+
 	worker := service.NewWorkerService()
 	path := ctx.Param("path")
 
@@ -42,7 +104,7 @@ func readPath(ctx *gin.Context) {
 		var finfo os.FileInfo
 		finfo, err = entry.Info()
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "%v\n", err)
+			_, _ = fmt.Fprintf(os.Stderr, "%v\n", err)
 			continue
 		}
 
@@ -65,6 +127,17 @@ func readPath(ctx *gin.Context) {
 }
 
 func downloadPath(ctx *gin.Context) {
+	ok, err := checkAuth(ctx)
+	if err != nil {
+		ctx.Status(401)
+		return
+	}
+
+	if !ok {
+		ctx.Status(401)
+		return
+	}
+
 	worker := service.NewWorkerService()
 	path := ctx.Param("path")
 	data, err := worker.Read(path)
diff --git a/internal/service/privdir.go b/internal/service/privdir.go
index a32f9ad..7a02824 100644
--- a/internal/service/privdir.go
+++ b/internal/service/privdir.go
@@ -32,10 +32,11 @@ func init() {
 			owner varchar(25),
 			constraint PK_PrivDir_ID primary key(id),
 			constraint FK_Owner_ID foreign key(owner)
-			references(Account.username) on update cascade on delete cascade
+			    references Account(username) on update cascade on delete cascade
 		);
 	`))
 	if err != nil {
+		_, _ = fmt.Fprintf(os.Stderr, "%v\n", err)
 		return
 	}
 	defer stmt.Close()
@@ -52,7 +53,7 @@ func NewPrivDirService(acc *Account) *PrivDirService {
 	}
 }
 
-func (sv *PrivDirService) CreatePriv(dirname string) error {
+func (sv *PrivDirService) Create(dirname string) error {
 	db, err := Open()
 	if err != nil {
 		return err
@@ -70,7 +71,7 @@ func (sv *PrivDirService) CreatePriv(dirname string) error {
 	return nil
 }
 
-func (sv *PrivDirService) ReadPriv(name string) (*PrivDir, error) {
+func (sv *PrivDirService) Read(dirname string) (*PrivDir, error) {
 	db, err := Open()
 	if err != nil {
 		return nil, err
@@ -83,7 +84,7 @@ func (sv *PrivDirService) ReadPriv(name string) (*PrivDir, error) {
 	}
 	defer stmt.Close()
 
-	row := stmt.QueryRow(name, sv.acc.Username)
+	row := stmt.QueryRow(dirname, sv.acc.Username)
 	var data PrivDir
 
 	if err = row.Scan(&data.Id, &data.DirName, &data.Owner); err != nil {
@@ -93,7 +94,7 @@ func (sv *PrivDirService) ReadPriv(name string) (*PrivDir, error) {
 	return &data, nil
 }
 
-func (sv *PrivDirService) DeletePriv(name string) error {
+func (sv *PrivDirService) Delete(dirname string) error {
 	db, err := Open()
 	if err != nil {
 		return err
@@ -106,7 +107,7 @@ func (sv *PrivDirService) DeletePriv(name string) error {
 	}
 	defer stmt.Close()
 
-	_, err = stmt.Exec(name, sv.acc.Username)
+	_, err = stmt.Exec(dirname, sv.acc.Username)
 	if err != nil {
 		return err
 	}
@@ -114,7 +115,7 @@ func (sv *PrivDirService) DeletePriv(name string) error {
 	return nil
 }
 
-func (sv *PrivDirService) QueryPriv() ([]*PrivDir, error) {
+func (sv *PrivDirService) Query() ([]*PrivDir, error) {
 	db, err := Open()
 	if err != nil {
 		return nil, err