diff --git a/app.js b/app.js
index e6bfb95..fabaa06 100644
--- a/app.js
+++ b/app.js
@@ -71,11 +71,23 @@ app.use(
 app.set("view engine", "ejs");
 app.set("views", path.join(__dirname, "views"));
 
+/* ========================
+   Login Middleware
+======================== */
+
+function requireLogin(req, res, next) {
+  if (!req.session.user) {
+    return res.status(401).json({ error: "Nicht eingeloggt" });
+  }
+
+  next();
+}
+
 /* ========================
    Route für Ajax für Gebäude
 ======================== */
 
-app.get("/api/building/:id", async (req, res) => {
+app.get("/api/building/:id", requireLogin, async (req, res) => {
   const buildingId = req.params.id;
   const userId = req.session.user.id;
 
@@ -125,7 +137,7 @@ app.get("/api/building/:id", async (req, res) => {
   }
 });
 
-app.get("/api/buildings", async (req, res) => {
+app.get("/api/buildings", requireLogin, async (req, res) => {
   const userId = req.session.user.id;
 
   try {