diff --git a/.gitignore b/.gitignore
index 423bff6..8258b68 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,7 @@ yarn-error.log*
 *.cache
 .firebase/**
 firebase.json
+credentials.json
 firebase-debug.log
 
 .env*
\ No newline at end of file
diff --git a/firestore.rules b/firestore.rules
index ce0514b..6703089 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -50,5 +50,11 @@ service cloud.firestore {
     	allow write: if isSignedIn() && isStaff();
     }
 
+    // anyone can read users database to validate accounts
+    // TODO: make this private
+    match /users/{document=**} {
+      allow read: if isSignedIn()
+    }
+
   }
 }
\ No newline at end of file
diff --git a/src/router.ts b/src/router.ts
index 97524fe..8e6b246 100644
--- a/src/router.ts
+++ b/src/router.ts
@@ -17,7 +17,23 @@ const router = new Router({
       beforeEnter(to, from, next): void {
         firebase.auth().onAuthStateChanged((user) => {
           if (user) {
-            next("/home");
+            firebase
+              .firestore()
+              .collection("users")
+              .doc(user?.uid)
+              .get()
+              .then((doc) => {
+                if (doc.exists) {
+                  next("/home");
+                } else {
+                  console.warn("Invalid permissions");
+                  firebase.auth().signOut();
+                  next();
+                }
+              })
+              .catch((err) => {
+                console.error(`Something went wrong: ${err}`);
+              });
           } else {
             next();
           }