diff --git a/server/src/controllers/authController.js b/server/src/controllers/authController.js
index d355037..58cd5e3 100644
--- a/server/src/controllers/authController.js
+++ b/server/src/controllers/authController.js
@@ -6,7 +6,7 @@ import { User } from '../models/User.js';
 const registerSchema = Joi.object({
   name: Joi.string().min(2).max(60).required(),
   email: Joi.string().email().required(),
-  password: Joi.string().min(6).required()
+  password: Joi.string().min(6).required(),
 });
 
 export async function register(req, res, next) {
@@ -18,32 +18,67 @@ export async function register(req, res, next) {
     if (existing) return res.status(409).json({ message: 'Email already used' });
 
     const passwordHash = await bcrypt.hash(value.password, 10);
-    const user = await User.create({ name: value.name, email: value.email, passwordHash });
+    const user = await User.create({
+      name: value.name,
+      email: value.email,
+      passwordHash,
+    });
+
     const token = signToken(user);
-    res.status(201).json({ token, user: publicUser(user) });
-  } catch (err) { next(err); }
+    return res.status(201).json({ token, user: publicUser(user) });
+  } catch (err) {
+    return next(err);
+  }
 }
 
 const loginSchema = Joi.object({
   email: Joi.string().email().required(),
-  password: Joi.string().required()
+  password: Joi.string().required(),
 });
 
-// TODO: implement login function
 export async function login(req, res, next) {
- 
+  try {
+    const { value, error } = loginSchema.validate(req.body);
+    if (error) return res.status(400).json({ message: error.message });
+
+    const user = await User.findOne({ email: value.email });
+    if (!user) return res.status(401).json({ message: 'Invalid email or password' });
+
+    const ok = await bcrypt.compare(value.password, user.passwordHash || '');
+    if (!ok) return res.status(401).json({ message: 'Invalid email or password' });
+
+    const token = signToken(user);
+    return res.status(200).json({ token, user: publicUser(user) });
+  } catch (err) {
+    return next(err);
+  }
 }
 
-export async function me(req, res) {
-  const user = await User.findById(req.user.id).lean();
-  res.json({ user: user && publicUser(user) });
+export async function me(req, res, next) {
+  try {
+    const user = await User.findById(req.user.id).lean();
+    return res.json({ user: user && publicUser(user) });
+  } catch (err) {
+    return next(err);
+  }
 }
 
 function signToken(user) {
-  const payload = { id: user._id.toString(), name: user.name, role: user.role };
-  return jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: process.env.JWT_EXPIRES_IN || '7d' });
+  const payload = {
+    id: user._id.toString(),
+    name: user.name,
+    role: user.role,
+  };
+  return jwt.sign(payload, process.env.JWT_SECRET, {
+    expiresIn: process.env.JWT_EXPIRES_IN || '7d',
+  });
 }
 
 function publicUser(u) {
-  return { id: u._id?.toString() || u.id, name: u.name, email: u.email, role: u.role };
+  return {
+    id: u._id?.toString() || u.id,
+    name: u.name,
+    email: u.email,
+    role: u.role,
+  };
 }