diff --git a/.env b/.env
index 880bad3..4c24d8d 100644
--- a/.env
+++ b/.env
@@ -1,3 +1,4 @@
 
 PORT=2000
 JWT_SECRET=askfeed1234
+
diff --git a/app.js b/app.js
index 4c6575b..c74d533 100644
--- a/app.js
+++ b/app.js
@@ -1,16 +1,22 @@
 const express = require("express");
-
 const mongoose = require("mongoose");
 const cors = require("cors");
 const bcryptjs = require("bcryptjs");
-const app = express();
 require("dotenv").config();
 require("./db/connectionDB");
+
+require('./models/User')
+require('./models/Survey')
+
 const authRoutes = require("./routes/auth");
+const surveyRoutes = require("./routes/survey");
+
+const app = express();
+
 app.use(express.urlencoded({ extended: true }));
 app.use(express.json());
 app.use(cors());
-
+app.use("/survey", surveyRoutes);
 app.use("/api", authRoutes);
 
 app.listen(process.env.PORT || 2000, () => {
diff --git a/controllers/auth.js b/controllers/auth.js
index 89122e0..a5b7317 100644
--- a/controllers/auth.js
+++ b/controllers/auth.js
@@ -2,7 +2,6 @@ const { User } = require("../models/user");
 const nodemailer = require("nodemailer");
 const bcryptjs = require("bcryptjs");
 const jwt = require("jsonwebtoken");
-JWT_SECRET = "askfeed1234";
 
 const transporter = nodemailer.createTransport({
   service: "gmail",
@@ -17,7 +16,7 @@ const signup = async (req, res) => {
   const userexist = await User.findOne({ email });
   if (!userexist) {
     const hashedPass = await bcryptjs.hashSync(password, 10);
-    const token = jwt.sign({ username, email }, JWT_SECRET, {
+    const token = jwt.sign({ username, email }, process.env.JWT_SECRET, {
       expiresIn: "30m",
     });
     const newUser = {
@@ -35,7 +34,7 @@ const signup = async (req, res) => {
         to: email,
         subject: "Account activation link",
         html: `<h2>PLease click on given link to activate your account</h2>
-              <p>http://localhost:2000/api/activate/?token=${token}</p>
+              <p>http://localhost:2000/api/activate/${token}</p>
        `,
       };
       try {
@@ -53,8 +52,8 @@ const signup = async (req, res) => {
 
 const verifyAccount = async (req, res) => {
   try {
-    const token = req.query.token;
-    const decodedUser = jwt.verify(token, JWT_SECRET);
+    const token = req.params.token;
+    const decodedUser = jwt.verify(token, process.env.JWT_SECRET);
 
     const user = await User.findOne({ email: decodedUser.email, token: token });
     if (user) {
@@ -81,7 +80,7 @@ const resetlink = async (req, res) => {
   const user = await User.findOne({ email });
   // console.log("user", user, email);
   if (user) {
-    const token = jwt.sign({ email }, JWT_SECRET, {
+    const token = jwt.sign({ email }, process.env.JWT_SECRET, {
       expiresIn: "30m",
     });
 
@@ -112,52 +111,41 @@ const resetlink = async (req, res) => {
   }
 };
 
-
-const changepassword = async(req,res) =>{
-  const { password}=req.body;
+const changepassword = async (req, res) => {
+  const { password } = req.body;
   const token = req.query.token;
-  const decodedtoken = jwt.verify(token,JWT_SECRET)
+  const decodedtoken = jwt.verify(token, process.env.JWT_SECRET);
   const hashedPass = await bcryptjs.hashSync(password, 10);
-  const user= await User.findOneAndUpdate({email:decodedtoken.email, resetToken:token },
-    {$set:
-      {
-        password: hashedPass,
-        resetToken:null
-      }
-    }
-    )
-    if(user)
+  const user = await User.findOneAndUpdate(
+    { email: decodedtoken.email, resetToken: token },
     {
-      res.send("Password updated successfully!")
-    }
-    else
-    {
-      res.send("Unable to reset password!")
+      $set: {
+        password: hashedPass,
+        resetToken: null,
+      },
     }
+  );
+  if (user) {
+    res.send("Password updated successfully!");
+  } else {
+    res.send("Unable to reset password!");
   }
-const login=async(req,res)=>{
-  const {email,password}=req.body
-  const user=await User.findOne({email})
-  const {_id}=user
-  if(user)
- 
-  {
-    console.log("user",user)
-    const matchpassword=  await bcryptjs.compare(password,user.password)
-              if(matchpassword && user.isVarified)
-              {
-                const token=jwt.sign({email ,_id},JWT_SECRET)
-              res.send({token})
-
-              }
-              else
-              {
-              res.send("Login unsuccessful!")
-              }
-            }
-    else
-    {
-       res.send("Incorrect Email or password!")
+};
+const login = async (req, res) => {
+  const { email, password } = req.body;
+  const user = await User.findOne({ email });
+  const { _id } = user;
+  if (user) {
+    console.log("user", user);
+    const matchpassword = await bcryptjs.compare(password, user.password);
+    if (matchpassword && user.isVarified) {
+      const token = jwt.sign({ email, _id }, process.env.JWT_SECRET);
+      res.send({ token });
+    } else {
+      res.send("Login unsuccessful!");
     }
-}
-module.exports = { signup, verifyAccount, resetlink ,changepassword,login};
+  } else {
+    res.send("Incorrect Email or password!");
+  }
+};
+module.exports = { signup, verifyAccount, resetlink, changepassword, login };
diff --git a/controllers/survey.js b/controllers/survey.js
new file mode 100644
index 0000000..9693089
--- /dev/null
+++ b/controllers/survey.js
@@ -0,0 +1,8 @@
+const mongoose = require("mongoose");
+const { Survey } = require("../models/survey");
+
+const createSurvey = async (req, res) => {
+  const survey = await Survey.create(req.body);
+  res.send(survey);
+};
+module.exports = { createSurvey };
diff --git a/db/connectionDB.js b/db/connectionDB.js
index e5a64e2..c52293b 100644
--- a/db/connectionDB.js
+++ b/db/connectionDB.js
@@ -1,8 +1,12 @@
 const mongoose = require("mongoose");
 
-mongoose.connect("mongodb+srv://santan:*Saheb13*@cluster0.cnnl3.mongodb.net/myFirstDatabase?retryWrites=true&w=majority", {
-  useNewUrlParser: true,
-  useUnifiedTopology: true,
-
-}) .then(() => console.log("DB connected established"))
-   .catch(err => console.log("DB Connection error: " , err));
\ No newline at end of file
+mongoose
+  .connect(
+    "mongodb+srv://santan:*Saheb13*@cluster0.cnnl3.mongodb.net/myFirstDatabase?retryWrites=true&w=majority",
+    {
+      useNewUrlParser: true,
+      useUnifiedTopology: true,
+    }
+  )
+  .then(() => console.log("DB connected established"))
+  .catch((err) => console.log("DB Connection error: ", err));
diff --git a/middlewares/requireCredits.js b/middlewares/requireCredits.js
new file mode 100644
index 0000000..2093acf
--- /dev/null
+++ b/middlewares/requireCredits.js
@@ -0,0 +1,6 @@
+module.exports = (req, res, next) => {
+  if (!req.user.credits <1) {
+    return res.status(403).send({ error: " You do Not have enough Credits!" });
+  }
+  next();
+};
diff --git a/middlewares/requireLogin.js b/middlewares/requireLogin.js
new file mode 100644
index 0000000..09fa251
--- /dev/null
+++ b/middlewares/requireLogin.js
@@ -0,0 +1,8 @@
+module.exports = (req, res, next) => {
+    if (!req.user) {
+      return res.status(401).send({ error: 'You must log in!' });
+    }
+  
+    next();
+  };
+  
\ No newline at end of file
diff --git a/models/recipient.js b/models/recipient.js
new file mode 100644
index 0000000..992a4b4
--- /dev/null
+++ b/models/recipient.js
@@ -0,0 +1,9 @@
+const mongoose = require('mongoose');
+const { Schema } = mongoose;
+
+const recipientSchema = new Schema({
+  email: String,
+  responded: { type: Boolean, default: false }
+});
+
+module.exports = recipientSchema;
diff --git a/models/survey.js b/models/survey.js
index 1b56b7f..9df0dbf 100644
--- a/models/survey.js
+++ b/models/survey.js
@@ -1,26 +1,35 @@
-
-const mongoose=require('mongoose')
-
-const surveySchema=mongoose.Schema({
-   title:{
-       type:String
-   },
-   type:{
-       type:String
-   },
-   
-   questionsSet:[
-    {
-        ques:{
-            type: String
-        },
-        ans:{
-            type: [Boolean]
-        }
-    }
-]
-
-})
-//created the survey api now 
-const Survey = mongoose.model("Survey",surveySchema)
-module.exports={Survey}
+const mongoose = require("mongoose");
+const recipientSchema= require('./recipient')
+const surveySchema = mongoose.Schema({
+  title: {
+    type: String,
+  },
+  category: {
+    type: String,
+  },
+  body: {
+    type: String,
+  },
+  subject: {
+    type: String,
+  },
+  recipients:[
+        recipientSchema
+    ],
+  yes: {
+    type: Number,
+    default: 0,
+  },
+  No: {
+    type: Number,
+    default: 0,
+  },
+  _user:{
+    type:mongoose.Schema.Types.ObjectId,
+    ref:'User'
+  },
+   dateSent: Date,
+   lastResponded: Date
+});
+const Survey = mongoose.models.Survey||mongoose.model("Survey", surveySchema);
+module.exports = { Survey };
diff --git a/models/user.js b/models/user.js
index 1d0abbb..04f831e 100644
--- a/models/user.js
+++ b/models/user.js
@@ -1,38 +1,32 @@
 const mongoose = require("mongoose");
-// const crypto = require ('crypto')
-
-
 const userSchema = mongoose.Schema({
-
   username: {
     type: String,
-    required:true,
-    max:64,
+    required: true,
   },
   password: {
     type: String,
-    required:true,
+    required: true,
   },
   email: {
     type: String,
-    unique:true,
+    unique: true,
     lowercase: true,
   },
   phoneNo: {
     type: Number,
   },
-  isVarified:{
+  isVarified: {
     type: Boolean,
-    default:false
+    default: false,
   },
-  token:{
-    type: String
+  token: {
+    type: String,
+  },
+  resetToken: {
+    type: String,
+    default: null,
   },
-  resetToken:{
-    type: String , 
-    default:null
-  }
-
 });
-const User = mongoose.model("User", userSchema);
+const User = mongoose.models.User || mongoose.model("User", userSchema);
 module.exports = { User };
diff --git a/routes/auth.js b/routes/auth.js
index 54ba942..d1c6751 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -1,11 +1,18 @@
-const express =require("express")
+const express = require("express");
 const router = express.Router();
 
-const {signup, verifyAccount,resetlink,changepassword,login} = require("../controllers/auth")
+const {
+  signup,
+  verifyAccount,
+  resetlink,
+  changepassword,
+  login,
+} = require("../controllers/auth");
 
-router.post('/signup', signup)
-router.post('/activate', verifyAccount)
-router.post('/resetlink', resetlink)
-router.post('/changepassword',changepassword)
-router.post('/login',login)
-module.exports = router;
\ No newline at end of file
+router.post("/signup", signup);
+router.post("/activate", verifyAccount);
+router.post("/resetlink", resetlink);
+router.post("/changepassword", changepassword);
+router.post("/login", login);
+
+module.exports = router;
diff --git a/routes/survey.js b/routes/survey.js
new file mode 100644
index 0000000..890e51e
--- /dev/null
+++ b/routes/survey.js
@@ -0,0 +1,26 @@
+const express = require("express");
+const mongoose = require("mongoose");
+const requireLogin = require("../middlewares/requireLogin");
+const requireCredits = require("../middlewares/requireCredits");
+const {Survey} = require('../models/survey')
+// const { createSurvey } = require("../controllers/survey");
+// const router = express.Router();
+// router.post("/createsurvey", createSurvey);
+//first need to cheak user is actually logged in
+
+module.exports = (app)  => {
+  app.post("api/surveys", requireLogin, requireCredits, (req, res) => {
+    const { title, category, body, recipients } = req.body;
+    const survey = new Survey({
+      title,
+      category,
+      subject,
+      body,
+      recipients: recipients.split(',').map(email => ({ email: email.trim() })),
+      _user: req.user.id,
+      dateSent: Date.now()
+    });
+    survey.save()
+  });
+};
+// module.exports = router;