diff --git a/internal/routes/mod.go b/internal/routes/mod.go
index 26d9db5..011aa97 100644
--- a/internal/routes/mod.go
+++ b/internal/routes/mod.go
@@ -31,6 +31,11 @@ func New(app *gin.Engine, version *service.Version, apiOnly bool) {
 		auth.DELETE("/delete", deleteAcc)
 	}
 
+	privdir := api.Group("/privdir")
+	{
+		privdir.POST("/create", createDir)
+	}
+
 	api.GET("/version", func(ctx *gin.Context) {
 		ctx.String(200, "%s", version.String())
 	})
diff --git a/internal/routes/privdir.go b/internal/routes/privdir.go
new file mode 100644
index 0000000..ba00af3
--- /dev/null
+++ b/internal/routes/privdir.go
@@ -0,0 +1,60 @@
+package routes
+
+import (
+	"fmt"
+	"git.wh64.net/devproje/kuma-archive/internal/service"
+	"github.com/gin-gonic/gin"
+	"os"
+)
+
+func createDir(ctx *gin.Context) {
+	var err error
+	auth := service.NewAuthService()
+	username, password, ok := ctx.Request.BasicAuth()
+	if !ok {
+		ctx.JSON(401, gin.H{
+			"ok":    0,
+			"errno": "Unauthorized",
+		})
+		return
+	}
+
+	if ok, err = auth.VerifyToken(username, password); !ok {
+		if err != nil {
+			_, _ = fmt.Fprintln(os.Stderr, err)
+		}
+
+		ctx.JSON(401, gin.H{
+			"ok":    0,
+			"errno": "Unauthorized",
+		})
+		return
+	}
+
+	var acc *service.Account
+	acc, err = auth.Read(username)
+	if err != nil {
+		ctx.JSON(500, gin.H{
+			"ok":    0,
+			"errno": "Interval Server Error",
+		})
+		return
+	}
+
+	path := ctx.PostForm("path")
+	privdir := service.NewPrivDirService(acc)
+
+	var id string
+	if id, err = privdir.Create(path); err != nil {
+		ctx.JSON(500, gin.H{
+			"ok":    0,
+			"errno": fmt.Sprintf("'%s' directory is already registered", path),
+		})
+		return
+	}
+
+	ctx.JSON(200, gin.H{
+		"ok":     1,
+		"dir_id": id,
+	})
+}
diff --git a/internal/service/privdir.go b/internal/service/privdir.go
index c7e0c39..b2b2a3f 100644
--- a/internal/service/privdir.go
+++ b/internal/service/privdir.go
@@ -60,22 +60,22 @@ func NewPrivDirService(acc *Account) *PrivDirService {
 	}
 }
 
-func (sv *PrivDirService) Create(dirname string) error {
+func (sv *PrivDirService) Create(dirname string) (string, error) {
 	db, err := Open()
 	if err != nil {
-		return err
+		return "", err
 	}
 	defer db.Close()
 
 	id := uuid.NewString()
 	stmt, err := db.Prepare("insert into PrivDir(id, dirname, owner) values (?, ?, ?);")
 	if err != nil {
-		return err
+		return "", err
 	}
 	defer stmt.Close()
 
 	_, err = stmt.Exec(id, dirname, sv.acc.Username)
-	return nil
+	return id, nil
 }
 
 func (sv *PrivDirService) Read(dirname string) (*PrivDir, error) {
diff --git a/src/App.tsx b/src/App.tsx
index bc1d228..cf3af20 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -1,6 +1,6 @@
 import Login from "./components/login";
 import Logout from "./components/logout";
-import { useEffect, useState } from "react";
+import React, { useEffect, useState } from "react";
 import Settings from "./components/settings";
 import { useVersion } from "./store/version";
 import NotFound from "./components/notfound";
@@ -39,18 +39,20 @@ function Dashboard({ children }: { children: React.ReactNode }) {
 
 function View() {
 	const path = usePath();
+	const auth = useAuthStore();
 	const location = useLocation();
 	const [load, setLoad] = useState(false);
 
 	useEffect(() => {
 		if (!load) {
-			path.update(location.pathname.substring(1, location.pathname.length)).then(() => {
-				setLoad(true);
-			});
+			path.update(location.pathname.substring(1, location.pathname.length), auth.token)
+				.then(() => {
+					setLoad(true);
+				});
 
 			return;
 		}
-	}, [load, path, location]);
+	}, [auth, load, path, location]);
 
 	if (!load) {
 		return <></>;
diff --git a/src/components/file-view/index.tsx b/src/components/file-view/index.tsx
index 1d8d5c4..6ce4abe 100644
--- a/src/components/file-view/index.tsx
+++ b/src/components/file-view/index.tsx
@@ -6,88 +6,91 @@ import { DynamicIcon, IconName } from "lucide-react/dynamic";
 
 import "./fview.scss";
 import { FileNavigator } from "../navigation";
+import {useAuthStore} from "../../store/auth.ts";
 
 function FileView() {
 	const path = usePath();
+	const auth = useAuthStore();
 	const location = useLocation();
 	const [load, setLoad] = useState(false);
 	const [type, setType] = useState<IconName>("file");
 
 	useEffect(() => {
 		if (!load) {
-			path.update(location.pathname.substring(1, location.pathname.length)).then(() => {
-				setLoad(true);
+			path.update(location.pathname.substring(1, location.pathname.length), auth.token)
+				.then(() => {
+					setLoad(true);
 
-				switch (true) {
-				case path.data?.path.endsWith(".zip"):
-				case path.data?.path.endsWith(".tar"):
-				case path.data?.path.endsWith(".tar.gz"):
-				case path.data?.path.endsWith(".tar.xz"):
-				case path.data?.path.endsWith(".7z"):
-				case path.data?.path.endsWith(".rar"):
-					setType("file-archive");
-					break;
-				case path.data?.path.endsWith(".pdf"):
-					setType("file-pen-line");
-					break;
-				case path.data?.path.endsWith(".doc"):
-				case path.data?.path.endsWith(".docx"):
-					setType("file-chart-pie");
-					break;
-				case path.data?.path.endsWith(".xls"):
-				case path.data?.path.endsWith(".xlsx"):
-					setType("file-spreadsheet");
-					break;
-				case path.data?.path.endsWith(".ppt"):
-				case path.data?.path.endsWith(".pptx"):
-					setType("file-sliders");
-					break;
-				case path.data?.path.endsWith(".jpg"):
-				case path.data?.path.endsWith(".jpeg"):
-				case path.data?.path.endsWith(".png"):
-				case path.data?.path.endsWith(".gif"):
-					setType("file-image");
-					break;
-				case path.data?.path.endsWith(".mp3"):
-				case path.data?.path.endsWith(".wav"):
-					setType("file-audio");
-					break;
-				case path.data?.path.endsWith(".mp4"):
-				case path.data?.path.endsWith(".mkv"):
-					setType("file-video");
-					break;
-				case path.data?.path.endsWith(".c"):
-				case path.data?.path.endsWith(".cpp"):
-				case path.data?.path.endsWith(".js"):
-				case path.data?.path.endsWith(".ts"):
-				case path.data?.path.endsWith(".jsx"):
-				case path.data?.path.endsWith(".tsx"):
-				case path.data?.path.endsWith(".py"):
-				case path.data?.path.endsWith(".java"):
-				case path.data?.path.endsWith(".rb"):
-				case path.data?.path.endsWith(".go"):
-				case path.data?.path.endsWith(".rs"):
-				case path.data?.path.endsWith(".php"):
-				case path.data?.path.endsWith(".html"):
-				case path.data?.path.endsWith(".css"):
-				case path.data?.path.endsWith(".scss"):
-					setType("file-code");
-					break;
-				case path.data?.path.endsWith(".sh"):
-				case path.data?.path.endsWith(".bat"):
-					setType("file-terminal");
-					break;
-				case path.data?.path.endsWith(".json"):
-					setType("file-json");
-					break;
-				default:
-					setType("file");
-					break;
-				}
-			});
+					switch (true) {
+					case path.data?.path.endsWith(".zip"):
+					case path.data?.path.endsWith(".tar"):
+					case path.data?.path.endsWith(".tar.gz"):
+					case path.data?.path.endsWith(".tar.xz"):
+					case path.data?.path.endsWith(".7z"):
+					case path.data?.path.endsWith(".rar"):
+						setType("file-archive");
+						break;
+					case path.data?.path.endsWith(".pdf"):
+						setType("file-pen-line");
+						break;
+					case path.data?.path.endsWith(".doc"):
+					case path.data?.path.endsWith(".docx"):
+						setType("file-chart-pie");
+						break;
+					case path.data?.path.endsWith(".xls"):
+					case path.data?.path.endsWith(".xlsx"):
+						setType("file-spreadsheet");
+						break;
+					case path.data?.path.endsWith(".ppt"):
+					case path.data?.path.endsWith(".pptx"):
+						setType("file-sliders");
+						break;
+					case path.data?.path.endsWith(".jpg"):
+					case path.data?.path.endsWith(".jpeg"):
+					case path.data?.path.endsWith(".png"):
+					case path.data?.path.endsWith(".gif"):
+						setType("file-image");
+						break;
+					case path.data?.path.endsWith(".mp3"):
+					case path.data?.path.endsWith(".wav"):
+						setType("file-audio");
+						break;
+					case path.data?.path.endsWith(".mp4"):
+					case path.data?.path.endsWith(".mkv"):
+						setType("file-video");
+						break;
+					case path.data?.path.endsWith(".c"):
+					case path.data?.path.endsWith(".cpp"):
+					case path.data?.path.endsWith(".js"):
+					case path.data?.path.endsWith(".ts"):
+					case path.data?.path.endsWith(".jsx"):
+					case path.data?.path.endsWith(".tsx"):
+					case path.data?.path.endsWith(".py"):
+					case path.data?.path.endsWith(".java"):
+					case path.data?.path.endsWith(".rb"):
+					case path.data?.path.endsWith(".go"):
+					case path.data?.path.endsWith(".rs"):
+					case path.data?.path.endsWith(".php"):
+					case path.data?.path.endsWith(".html"):
+					case path.data?.path.endsWith(".css"):
+					case path.data?.path.endsWith(".scss"):
+						setType("file-code");
+						break;
+					case path.data?.path.endsWith(".sh"):
+					case path.data?.path.endsWith(".bat"):
+						setType("file-terminal");
+						break;
+					case path.data?.path.endsWith(".json"):
+						setType("file-json");
+						break;
+					default:
+						setType("file");
+						break;
+					}
+				});
 			return;
 		}
-	}, [path, location, load]);
+	}, [auth, path, location, load]);
 
 	if (typeof path.data === "undefined")
 		return <></>;
diff --git a/src/components/settings/index.tsx b/src/components/settings/index.tsx
index 5a5bdd5..d650706 100644
--- a/src/components/settings/index.tsx
+++ b/src/components/settings/index.tsx
@@ -10,13 +10,13 @@ function Settings() {
 
 	useEffect(() => {
 		if (auth.token === null) {
-			// document.location.href = "/";
+			document.location.href = "/login";
 			return;
 		}
 
 		auth.checkToken(auth.token).then((ok) => {
 			if (!ok) {
-				// document.location.href = "/";
+				document.location.href = "/login";
 				return;
 			}
 
@@ -69,7 +69,7 @@ function AccountSetting({ auth }: { auth: AuthState }) {
 					<span>If you change your password, you will need to log in again.</span>
 				</div>
 
-				<form className="box-col" id="pw-change">
+				<form className="box-col form" id="pw-change">
 					<PasswordInput placeholder="Password" ref={orRef} />
 					<PasswordInput placeholder="New Password" ref={pwRef} />
 					<PasswordInput placeholder="Check Password" ref={ckRef} />
@@ -122,7 +122,7 @@ function AccountSetting({ auth }: { auth: AuthState }) {
 					<span>You can delete account. This action is irreversible. Please proceed with caution.</span>
 				</div>
 
-				<form className="box-col">
+				<form className="box-col form">
 					<label className="checkbox">
 						<input type="checkbox" onChange={ev => {
 							setRemove(ev.target.checked);
diff --git a/src/components/settings/settings.scss b/src/components/settings/settings.scss
index 7872ac1..a91f808 100644
--- a/src/components/settings/settings.scss
+++ b/src/components/settings/settings.scss
@@ -50,6 +50,11 @@
 			}
 		}
 
+		.form {
+			display: flex;
+			min-width: 380px;
+		}
+
 		.line {
 			margin-bottom: 15px;
 		}
diff --git a/src/index.scss b/src/index.scss
index 1efe3fe..7a117f9 100644
--- a/src/index.scss
+++ b/src/index.scss
@@ -32,12 +32,13 @@
 	--btn-success-focus: #1d7c33;
 	--btn-danger-focus: #a72532;
 
-	--font-family: "Pretendard Variable", Pretendard, -apple-system, BlinkMacSystemFont, system-ui, Roboto, "Helvetica Neue", "Segoe UI", "Apple SD Gothic Neo", "Noto Sans KR", "Malgun Gothic", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", sans-serif;
+	--font-family: "Pretendard Variable", Pretendard, -apple-system, BlinkMacSystemFont, system-ui, Roboto, "Helvetica Neue", "Segoe UI", "Apple SD Gothic Neo", "Noto Sans KR", "Malgun Gothic", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
 	--font-mono: "JetBrains Mono", monospace;
 }
 
 html, body {
 	margin: 0;
+	padding: 0;
 	width: 100vw;
 	height: 100vh;
 
@@ -60,7 +61,8 @@ html, body {
 	padding: 0;
 	box-sizing: border-box;
 
-	font-family: var(--font-family);
+	font-family: var(--font-family), sans-serif;
+	overflow-x: hidden;
 }
 
 h1 {
diff --git a/src/store/path.ts b/src/store/path.ts
index efca096..bd584ad 100644
--- a/src/store/path.ts
+++ b/src/store/path.ts
@@ -2,7 +2,7 @@ import { create } from "zustand";
 
 interface PathState {
 	data: PathResponse | undefined;
-	update(path: string): Promise<void>;
+	update(path: string, token: string | null): Promise<void>;
 }
 
 interface PathResponse {
@@ -23,8 +23,16 @@ export interface DirEntry {
 
 export const usePath = create<PathState>((set) => ({
 	data: undefined,
-	update: async (path: string) => {
-		const res = await fetch(`/api/worker/discover/${path}`);
+	update: async (path: string, token: string | null) => {
+		const res = await fetch(`/api/worker/discover/${path}`, {
+			headers: {
+				"Authorization": token === null ? "" : `Basic ${token}`
+			}
+		});
+		if (res.status === 401) {
+			document.location.href = "/login";
+		}
+
 		if (res.status !== 200 && res.status !== 304) {
 			set({ data: undefined });
 			return;