diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -5,6 +5,10 @@
   "main": "server/index.js",
   "dependencies": {
     "axios": "^0.16.2",
+    "body-parser": "^1.18.2",
+    "dotenv": "^5.0.0",
+    "express": "^4.16.2",
+    "express-session": "^1.15.6",
     "react": "^15.6.1",
     "react-dom": "^15.6.1",
     "react-icons": "^2.2.5",

diff --git a/server/controllers/auth_controller.js b/server/controllers/auth_controller.js
@@ -0,0 +1,39 @@
+const users = require('../models/users');
+let id = 1;
+
+module.exports = {
+    login: (req, res, next) => {
+        const { session } = req;
+        const { username, password } = req.body;
+
+        const user = users.find(user => user.username === username && user.password === password);
+
+        if (user) {
+            session.user.username = user.username;
+            res.status(200).send(session.user);
+        } else {
+            res.status(500).send('Unauthorized');
+        }
+    },
+    register: (req, res, next) => {
+        const { session } = req;
+        const { username, password } = req.body;
+
+        users.push({ id, username, password });
+        id++;
+
+        session.user.username = username;
+
+        res.status(200).send(session.user);
+    },
+    signout: (req, res, next) => {
+        const { session } = req;
+
+        session.destroy();
+        res.status(200).send(req.session);
+    },
+    getUser: (req, res, next) => {
+        const { session } = req;
+        res.status(200).send(session.user)
+    }
+}
diff --git a/server/controllers/cart_controller.js b/server/controllers/cart_controller.js
@@ -0,0 +1,38 @@
+const swag = require('../models/swag');
+
+module.exports = {
+    add: (req, res, next) => {
+        const { id } = req.query;
+        const { cart } = req.session.user;
+
+        const index = cart.findIndex(swag => swag.id == id);
+
+        if (index === -1) {
+            const selectedSwag = swag.find(swag => swag.id == id);
+
+            cart.push(selectedSwag);
+            req.session.user.total += selectedSwag.price;
+        }
+        res.status(200).send(req.session.user);
+    },
+    delete: (req, res, next) => {
+        const { id } = req.query;
+        const { cart } = req.session.user;
+
+        const selectedSwag = swag.find(swag => swag.id == id);
+
+        if (selectedSwag) {
+            const i = card.findIndex(swag => swag.id == id);
+            cart.splice(i, 1);
+            req.session.user.total -= selectedSwag.price;
+        }
+        res.status(200).send(req.session.user);
+    },
+    checkout: (req, res, next) => {
+        const { user } = req.session;
+        user.cart = [];
+        user.total = 0;
+
+        res.status(200).send(req.session.user);
+    }
+}
diff --git a/server/controllers/search_controller.js b/server/controllers/search_controller.js
@@ -0,0 +1,14 @@
+const swag = require('../models/swag');
+
+module.exports = {
+    search: (req, res, next) => {
+        const { category } = req.query;
+
+        if (!category) {
+            res.status(200).send(swag)
+        } else {
+            const filteredSwag = swag.filter(swag => swag.category === category);
+            res.status(200).send(filteredSwag);
+        }
+    }
+};
diff --git a/server/controllers/swag_controller.js b/server/controllers/swag_controller.js
@@ -0,0 +1,7 @@
+const swag = require('../models/swag');
+
+module.exports = {
+    read: (req, res, next) => {
+        res.status(200).send(swag);
+    }
+};
diff --git a/server/index.js b/server/index.js
@@ -0,0 +1,46 @@
+require('dotenv').config();
+const express = require('express')
+    , bodyParser = require('body-parser')
+    , session = require('express-session')
+    , app = express();
+
+//MIDDLEWARE//
+const checkForSession = require('./middlewares/checkForSession');
+
+// CONTROLLERS //
+const swagController = require('./controllers/swag_controller')
+    , authController = require('./controllers/auth_controller')
+    , cartController = require('./controllers/cart_controller')
+    , searchController = require('./controllers/search_controller');
+
+app.use(bodyParser.json());
+app.use(session({
+    secret: process.env.SECRET,
+    resave: false,
+    saveUninitialized: true
+}));
+
+app.use(checkForSession);
+
+app.use(express.static(`${__dirname}/build`));
+
+
+//========== SWAG ENDPOINT =========//
+app.get('/api/swag', swagController.read);
+
+//========== AUTH ENDPOINTS =========//
+app.post('/api/login', authController.login);
+app.post('/api/register', authController.register);
+app.post('/api/signout', authController.signout);
+app.get('/api/user', authController.getUser);
+
+//========== CART ENDPOINTS =========//
+app.post('/api/cart', cartController.add);
+app.delete('/api/cart', cartController.delete);
+app.post('/api/checkout', cartController.checkout);
+
+//========== SEARCH ENDPOINTS =========//
+app.get('/api/search', searchController.search);
+
+const port = 3000;
+app.listen(port, () => { console.log(`I guess I'll listen on port ${port}.`); });
diff --git a/server/middlewares/checkForSession.js b/server/middlewares/checkForSession.js
@@ -0,0 +1,11 @@
+module.exports = function (req, res, next) {
+    const { session } = req;
+    if (!session.user) {
+        session.user = {
+            username: '',
+            cart: [],
+            total: 0
+        };
+    }
+    next();
+};