diff --git a/db.js b/db.js
index 4edee35..9f45992 100644
--- a/db.js
+++ b/db.js
@@ -24,5 +24,10 @@ export function getResourceConfig() {
 }
 
 export function getUserConfig(username) {
-	return db.users[username];
+	if (db.users[username]) {
+		return db.users[username];
+	}
+	else {
+		return null;
+	}
 }
\ No newline at end of file
diff --git a/main.js b/main.js
index 421660d..787ab97 100644
--- a/main.js
+++ b/main.js
@@ -6,8 +6,8 @@ import morgan from "morgan";
 import api from "./package.json" assert {type: "json"};
 
 import { pveAPIToken, listenPort, hostname, domain } from "./vars.js";
-import { checkAuth, requestPVE, handleResponse, getDiskInfo } from "./pve.js";
-import { getAllocatedResources, approveResources } from "./utils.js";
+import { requestPVE, handleResponse, getDiskInfo } from "./pve.js";
+import { checkAuth, getAllocatedResources, approveResources } from "./utils.js";
 import { getUserConfig } from "./db.js";
 
 const app = express();
diff --git a/pve.js b/pve.js
index 8146a5e..d0e9aaa 100644
--- a/pve.js
+++ b/pve.js
@@ -1,23 +1,6 @@
 import axios from 'axios';
 import { pveAPI, pveAPIToken } from "./vars.js";
 
-export async function checkAuth(cookies, res, vmpath = null) {
-	let auth = false;
-	if (vmpath) {
-		let result = await requestPVE(`/${vmpath}/config`, "GET", cookies);
-		auth = result.status === 200;
-	}
-	else { // if no path is specified, then do a simple authentication
-		let result = await requestPVE("/version", "GET", cookies);
-		auth = result.status === 200;
-	}
-	if (!auth) {
-		res.status(401).send({ auth: auth, path: vmpath ? `${vmpath}/config` : "/version" });
-		res.end();
-	}
-	return auth;
-}
-
 export async function requestPVE(path, method, cookies, body = null, token = null) {
 	let url = `${pveAPI}${path}`;
 	let content = {
diff --git a/utils.js b/utils.js
index 700fdbe..7898fd3 100644
--- a/utils.js
+++ b/utils.js
@@ -1,6 +1,32 @@
-import { getUsedResources } from "./pve.js";
+import { getUsedResources, requestPVE } from "./pve.js";
 import { getUserConfig, getResourceConfig } from "./db.js";
 
+export async function checkAuth(cookies, res, vmpath = null) {
+	let auth = false;
+
+	if (getUserConfig(cookies.username) === null) {
+		auth = false;
+		res.status(401).send({ auth: auth, path: vmpath ? `${vmpath}/config` : "/version", error: `user ${cookies.username} not found in localdb` });
+		res.end();
+		return false;
+	}
+
+	if (vmpath) {
+		let result = await requestPVE(`/${vmpath}/config`, "GET", cookies);
+		auth = result.status === 200;
+	}
+	else { // if no path is specified, then do a simple authentication
+		let result = await requestPVE("/version", "GET", cookies);
+		auth = result.status === 200;
+	}
+
+	if (!auth) {
+		res.status(401).send({ auth: auth, path: vmpath ? `${vmpath}/config` : "/version", error: `user token did not pass authentication check` });
+		res.end();
+	}
+	return auth;
+}
+
 export async function getAllocatedResources(req, username) {
 	let dbResources = getResourceConfig();
 	let used = await getUsedResources(req, dbResources);