diff --git a/db/auth.go b/db/auth.go
index d99a2b0..5fac8a9 100644
--- a/db/auth.go
+++ b/db/auth.go
@@ -13,8 +13,9 @@ import (
 )
 
 var (
-	ErrUserNotFound = errors.New("User not found")
-	ErrUserExists   = errors.New("User already exists")
+	ErrUserNotFound    = errors.New("User not found")
+	ErrUserExists      = errors.New("User already exists")
+	ErrSessionNotFound = errors.New("Session not found")
 )
 
 type User struct {
@@ -41,12 +42,34 @@ func NewUser(id uuid.UUID, email string, emailVerified bool, emailVerifiedAt *ti
 	}
 }
 
-type DbAuth interface {
-	GetUser(email string) (*User, error)
-	InsertUser(user *User) error
+type Session struct {
+	Id        string
+	UserId    uuid.UUID
+	CreatedAt time.Time
+}
+
+func NewSession(id string, userId uuid.UUID, createdAt time.Time) *Session {
+	return &Session{
+		Id:        id,
+		UserId:    userId,
+		CreatedAt: createdAt,
+	}
+}
+
+type DbAuth interface {
+	InsertUser(user *User) error
+	GetUser(email string) (*User, error)
+	GetUserById(userId uuid.UUID) (*User, error)
+	DeleteUser(userId uuid.UUID) error
+	UpdateUserPassword(userId uuid.UUID, newHash []byte) error
 
-	GetEmailVerificationToken(userId uuid.UUID) (string, error)
 	InsertEmailVerificationToken(userId uuid.UUID, token string) error
+	GetEmailVerificationToken(userId uuid.UUID) (string, error)
+
+	InsertSession(session *Session) error
+	GetSession(sessionId string) (*Session, error)
+	DeleteOldSessions(userId uuid.UUID) error
+	DeleteSession(sessionId string) error
 }
 
 type DbAuthSqlite struct {
@@ -57,6 +80,24 @@ func NewDbAuthSqlite(db *sql.DB) *DbAuthSqlite {
 	return &DbAuthSqlite{db: db}
 }
 
+func (db DbAuthSqlite) InsertUser(user *User) error {
+	_, err := db.db.Exec(`
+		INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at) 
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+		user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt)
+
+	if err != nil {
+		if strings.Contains(err.Error(), "email") {
+			return ErrUserExists
+		}
+
+		utils.LogError("SQL error InsertUser", err)
+		return types.ErrInternal
+	}
+
+	return nil
+}
+
 func (db DbAuthSqlite) GetUser(email string) (*User, error) {
 	var (
 		userId          uuid.UUID
@@ -83,18 +124,95 @@ func (db DbAuthSqlite) GetUser(email string) (*User, error) {
 
 	return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
 }
-func (db DbAuthSqlite) InsertUser(user *User) error {
+
+func (db DbAuthSqlite) GetUserById(userId uuid.UUID) (*User, error) {
+	var (
+		email           string
+		emailVerified   bool
+		emailVerifiedAt *time.Time
+		isAdmin         bool
+		password        []byte
+		salt            []byte
+		createdAt       time.Time
+	)
+
+	err := db.db.QueryRow(`
+		SELECT email, email_verified, email_verified_at, password, salt, created_at
+		FROM user 
+		WHERE user_uuid = ?`, userId).Scan(&email, &emailVerified, &emailVerifiedAt, &password, &salt, &createdAt)
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, ErrUserNotFound
+		} else {
+			utils.LogError("SQL error GetUser", err)
+			return nil, types.ErrInternal
+		}
+	}
+
+	return NewUser(userId, email, emailVerified, emailVerifiedAt, isAdmin, password, salt, createdAt), nil
+}
+
+func (db DbAuthSqlite) DeleteUser(userId uuid.UUID) error {
+
+	tx, err := db.db.Begin()
+	if err != nil {
+		utils.LogError("Could not start transaction", err)
+		return types.ErrInternal
+	}
+
+	_, err = tx.Exec("DELETE FROM workout WHERE user_id = ?", userId)
+	if err != nil {
+		tx.Rollback()
+		utils.LogError("Could not delete workouts", err)
+		return types.ErrInternal
+	}
+
+	_, err = tx.Exec("DELETE FROM user_token WHERE user_uuid = ?", userId)
+	if err != nil {
+		tx.Rollback()
+		utils.LogError("Could not delete user tokens", err)
+		return types.ErrInternal
+	}
+
+	_, err = tx.Exec("DELETE FROM session WHERE user_uuid = ?", userId)
+	if err != nil {
+		tx.Rollback()
+		utils.LogError("Could not delete sessions", err)
+		return types.ErrInternal
+	}
+
+	_, err = tx.Exec("DELETE FROM user WHERE user_uuid = ?", userId)
+	if err != nil {
+		tx.Rollback()
+		utils.LogError("Could not delete user", err)
+		return types.ErrInternal
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		utils.LogError("Could not commit transaction", err)
+		return types.ErrInternal
+	}
+
+	return nil
+}
+
+func (db DbAuthSqlite) UpdateUserPassword(userId uuid.UUID, newHash []byte) error {
+	_, err := db.db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, userId)
+	if err != nil {
+		utils.LogError("Could not update password", err)
+		return types.ErrInternal
+	}
+	return nil
+}
+
+func (db DbAuthSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
 	_, err := db.db.Exec(`
-		INSERT INTO user (user_uuid, email, email_verified, email_verified_at, is_admin, password, salt, created_at) 
-		VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
-		user.Id, user.Email, user.EmailVerified, user.EmailVerifiedAt, user.IsAdmin, user.Password, user.Salt, user.CreateAt)
+		INSERT INTO user_token (user_uuid, type, token, created_at) 
+		VALUES (?, 'email_verify', ?, datetime())`, userId, token)
 
 	if err != nil {
-		if strings.Contains(err.Error(), "email") {
-			return ErrUserExists
-		}
-
-		utils.LogError("SQL error InsertUser", err)
+		utils.LogError("Could not insert token", err)
 		return types.ErrInternal
 	}
 
@@ -117,15 +235,60 @@ func (db DbAuthSqlite) GetEmailVerificationToken(userId uuid.UUID) (string, erro
 
 	return token, nil
 }
-func (db DbAuthSqlite) InsertEmailVerificationToken(userId uuid.UUID, token string) error {
+
+func (db DbAuthSqlite) InsertSession(session *Session) error {
+
 	_, err := db.db.Exec(`
-		INSERT INTO user_token (user_uuid, type, token, created_at) 
-		VALUES (?, 'email_verify', ?, datetime())`, userId, token)
+		INSERT INTO session (session_id, user_uuid, created_at) 
+		VALUES (?, ?, ?)`, session.Id, session.UserId, session.CreatedAt)
 
 	if err != nil {
-		utils.LogError("Could not insert token", err)
+		utils.LogError("Could not insert new session", err)
 		return types.ErrInternal
 	}
 
 	return nil
 }
+
+func (db DbAuthSqlite) GetSession(sessionId string) (*Session, error) {
+
+	var (
+		userId           uuid.UUID
+		sessionCreatedAt time.Time
+	)
+
+	err := db.db.QueryRow(`
+			SELECT u.user_uuid, s.created_at
+			FROM session s
+			INNER JOIN user u ON s.user_uuid = u.user_uuid
+			WHERE session_id = ?`, sessionId).Scan(&userId, &sessionCreatedAt)
+
+	if err != nil {
+		return nil, ErrSessionNotFound
+	}
+
+	return NewSession(sessionId, userId, sessionCreatedAt), nil
+}
+
+func (db DbAuthSqlite) DeleteOldSessions(userId uuid.UUID) error {
+	// Delete old inactive sessions
+	_, err := db.db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", userId)
+	if err != nil {
+		utils.LogError("Could not delete old sessions", err)
+		return types.ErrInternal
+	}
+	return nil
+}
+
+func (db DbAuthSqlite) DeleteSession(sessionId string) error {
+	if sessionId != "" {
+
+		_, err := db.db.Exec("DELETE FROM session WHERE session_id = ?", sessionId)
+		if err != nil {
+			utils.LogError("Could not delete session", err)
+			return types.ErrInternal
+		}
+	}
+
+	return nil
+}
diff --git a/db/workout.go b/db/workout.go
new file mode 100644
index 0000000..54c48ba
--- /dev/null
+++ b/db/workout.go
@@ -0,0 +1,60 @@
+package db
+
+import (
+	"me-fit/types"
+	"me-fit/utils"
+
+	"database/sql"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type DbWorkout interface {
+	InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error)
+}
+
+type DbWorkoutSqlite struct {
+	db *sql.DB
+}
+
+func NewDbWorkoutSqlite(db *sql.DB) *DbWorkoutSqlite {
+	return &DbWorkoutSqlite{db: db}
+}
+
+type WorkoutInsert struct {
+	Date time.Time
+	Type string
+	Sets int
+	Reps int
+}
+
+type Workout struct {
+	RowId int
+	Date  time.Time
+	Type  string
+	Sets  int
+	Reps  int
+}
+
+func NewWorkoutInsert(date time.Time, workoutType string, sets int, reps int) *WorkoutInsert {
+	return &WorkoutInsert{Date: date, Type: workoutType, Sets: sets, Reps: reps}
+}
+
+func NewWorkoutFromInsert(rowId int, workoutInsert *WorkoutInsert) *Workout {
+	return &Workout{RowId: rowId, Date: workoutInsert.Date, Type: workoutInsert.Type, Sets: workoutInsert.Sets, Reps: workoutInsert.Reps}
+}
+
+func (db DbWorkoutSqlite) InsertWorkout(userId uuid.UUID, workout *WorkoutInsert) (*Workout, error) {
+	var rowId int
+	err := db.db.QueryRow(`
+		INSERT INTO workout (user_id, date, type, sets, reps) 
+		VALUES (?, ?, ?, ?, ?) 
+		RETURNING rowid`, userId, workout.Date, workout.Type, workout.Sets, workout.Reps).Scan(&rowId)
+	if err != nil {
+		utils.LogError("Error inserting workout", err)
+		return nil, types.ErrInternal
+	}
+
+	return NewWorkoutFromInsert(rowId, workout), nil
+}
diff --git a/handler/auth.go b/handler/auth.go
index ea155fb..f1890d9 100644
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -35,14 +35,14 @@ func (handler HandlerAuthImpl) handle(router *http.ServeMux) {
 	// Don't use auth middleware for these routes, as it makes redirecting very difficult, if the mail is not yet verified
 	router.Handle("/auth/signin", handler.handleSignInPage())
 	router.Handle("/auth/signup", handler.handleSignUpPage())
-	router.Handle("/auth/verify", service.HandleSignUpVerifyPage(handler.db, handler.serverSettings)) // Hint for the user to verify their email
-	router.Handle("/auth/delete-account", service.HandleDeleteAccountPage(handler.db, handler.serverSettings))
+	router.Handle("/auth/verify", handler.handleSignUpVerifyPage()) // Hint for the user to verify their email
+	router.Handle("/auth/delete-account", handler.handleDeleteAccountPage())
 	router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(handler.db)) // The link contained in the email
-	router.Handle("/auth/change-password", service.HandleChangePasswordPage(handler.db, handler.serverSettings))
-	router.Handle("/auth/reset-password", service.HandleResetPasswordPage(handler.db, handler.serverSettings))
+	router.Handle("/auth/change-password", handler.handleChangePasswordPage())
+	router.Handle("/auth/reset-password", handler.handleResetPasswordPage())
 	router.Handle("/api/auth/signup", handler.handleSignUp())
 	router.Handle("/api/auth/signin", handler.handleSignIn())
-	router.Handle("/api/auth/signout", service.HandleSignOutComp(handler.db))
+	router.Handle("/api/auth/signout", handler.handleSignOut())
 	router.Handle("/api/auth/delete-account", service.HandleDeleteAccountComp(handler.db, handler.serverSettings))
 	router.Handle("/api/auth/verify-resend", service.HandleVerifyResendComp(handler.db, handler.serverSettings))
 	router.Handle("/api/auth/change-password", service.HandleChangePasswordComp(handler.db))
@@ -56,9 +56,8 @@ var (
 
 func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(handler.db, r)
-
-		if user == nil {
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
 			userComp := service.UserInfoComp(nil)
 			signIn := auth.SignInOrUpComp(true)
 			err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
@@ -67,31 +66,40 @@ func (handler HandlerAuthImpl) handleSignInPage() http.HandlerFunc {
 				utils.LogError("Failed to render sign in page", err)
 				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 			}
+		}
 
-		} else if !user.EmailVerified {
+		if !user.EmailVerified {
 			utils.DoRedirect(w, r, "/auth/verify")
 		} else {
 			utils.DoRedirect(w, r, "/")
 		}
 	}
 }
+
 func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		user, err := utils.WaitMinimumTime(securityWaitDuration, func() (*service.User, error) {
 			var email = r.FormValue("email")
 			var password = r.FormValue("password")
 
-			user, err := handler.service.SignIn(email, password)
+			session, err := handler.service.SignIn(email, password)
 			if err != nil {
 				return nil, err
 			}
 
-			err = service.TryCreateSessionAndSetCookie(r, w, handler.db, user.Id)
-			if err != nil {
-				return nil, err
+			cookie := http.Cookie{
+				Name:     "id",
+				Value:    session.Id,
+				MaxAge:   60 * 60 * 8, // 8 hours
+				Secure:   true,
+				HttpOnly: true,
+				SameSite: http.SameSiteStrictMode,
+				Path:     "/",
 			}
 
-			return user, nil
+			http.SetCookie(w, &cookie)
+
+			return session.User, nil
 		})
 
 		if err != nil {
@@ -115,9 +123,8 @@ func (handler HandlerAuthImpl) handleSignIn() http.HandlerFunc {
 
 func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(handler.db, r)
-
-		if user == nil {
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
 			userComp := service.UserInfoComp(nil)
 			signUpComp := auth.SignInOrUpComp(false)
 			err := template.Layout(signUpComp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
@@ -126,14 +133,16 @@ func (handler HandlerAuthImpl) handleSignUpPage() http.HandlerFunc {
 				utils.LogError("Failed to render sign up page", err)
 				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
 			}
+		}
 
-		} else if !user.EmailVerified {
+		if !user.EmailVerified {
 			utils.DoRedirect(w, r, "/auth/verify")
 		} else {
 			utils.DoRedirect(w, r, "/")
 		}
 	}
 }
+
 func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var email = r.FormValue("email")
@@ -163,3 +172,186 @@ func (handler HandlerAuthImpl) handleSignUp() http.HandlerFunc {
 		utils.TriggerToast(w, r, "success", "A link to activate your account has been emailed to the address provided.")
 	}
 }
+
+func (handler HandlerAuthImpl) handleSignOut() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		err := handler.service.SignOut(utils.GetSessionID(r))
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Internal Server Error")
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		c := http.Cookie{
+			Name:     "id",
+			Value:    "",
+			MaxAge:   -1,
+			Secure:   true,
+			HttpOnly: true,
+			SameSite: http.SameSiteStrictMode,
+			Path:     "/",
+		}
+
+		http.SetCookie(w, &c)
+		utils.DoRedirect(w, r, "/")
+	}
+}
+
+func (handler HandlerAuthImpl) handleSignUpVerifyPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		}
+
+		if user.EmailVerified {
+			utils.DoRedirect(w, r, "/")
+		} else {
+			userComp := service.UserInfoComp(user)
+			signIn := auth.VerifyComp()
+			err := template.Layout(signIn, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
+			if err != nil {
+				utils.LogError("Failed to render verify page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) handleDeleteAccountPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		// An unverified email should be able to delete their account
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		}
+
+		userComp := service.UserInfoComp(user)
+		comp := auth.DeleteAccountComp()
+		err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Failed to render delete account page", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) handleChangePasswordPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		isPasswordReset := r.URL.Query().Has("token")
+
+		user, _ := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+
+		if user == nil && !isPasswordReset {
+			utils.DoRedirect(w, r, "/auth/signin")
+		} else {
+			userComp := service.UserInfoComp(user)
+			comp := auth.ChangePasswordComp(isPasswordReset)
+			err := template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
+			if err != nil {
+				utils.LogError("Failed to render change password page", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			}
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) handleResetPasswordPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+		}
+
+		userComp := service.UserInfoComp(user)
+		comp := auth.ResetPasswordComp()
+		err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Failed to render change password page", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) HandleResetPasswordPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		userComp := service.UserInfoComp(user)
+		comp := auth.ResetPasswordComp()
+		err = template.Layout(comp, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Failed to render change password page", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		}
+	}
+}
+
+func (handler HandlerAuthImpl) HandleDeleteAccountComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		password := r.FormValue("password")
+
+		_, err = handler.service.SignIn(user.Email, password)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Password not correct")
+			return
+		}
+
+		err = handler.service.DeleteAccount(user)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Internal Server Error")
+			return
+		}
+
+		utils.DoRedirect(w, r, "/")
+	}
+}
+
+func (handler HandlerAuthImpl) HandleVerifyResendComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		go handler.service.SendVerificationMail(user.Id, user.Email)
+
+		w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
+	}
+}
+
+func (handler HandlerAuthImpl) HandleChangePasswordComp() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		currPass := r.FormValue("current-password")
+		newPass := r.FormValue("new-password")
+
+		err = handler.service.ChangePassword(user, currPass, newPass)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Password not correct")
+			return
+		}
+
+		utils.TriggerToast(w, r, "success", "Password changed")
+	}
+}
diff --git a/handler/default.go b/handler/default.go
index ea0cf5a..7242301 100644
--- a/handler/default.go
+++ b/handler/default.go
@@ -13,15 +13,17 @@ import (
 func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
 	var router = http.NewServeMux()
 
-	router.HandleFunc("/", service.HandleIndexAnd404(d, serverSettings))
-
 	randomGenerator := service.NewRandomGeneratorImpl()
 	clock := service.NewClockImpl()
 	dbAuth := db.NewDbAuthSqlite(d)
 	mailService := service.NewMailServiceImpl(serverSettings)
 	serviceAuth := service.NewServiceAuthImpl(dbAuth, randomGenerator, clock, mailService, serverSettings)
+
+	handlerIndex := NewHandlerIndex(d, serviceAuth, serverSettings)
 	handlerAuth := NewHandlerAuth(d, serviceAuth, serverSettings)
 
+	handlerIndex.handle(router)
+
 	// Serve static files (CSS, JS and images)
 	router.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("./static/"))))
 
@@ -31,7 +33,3 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
 
 	return middleware.Logging(middleware.EnableCors(serverSettings, router))
 }
-
-func authMiddleware(db *sql.DB, h http.Handler) http.Handler {
-	return middleware.EnsureValidSession(db, h)
-}
diff --git a/handler/index_and_404.go b/handler/index_and_404.go
new file mode 100644
index 0000000..d5172d6
--- /dev/null
+++ b/handler/index_and_404.go
@@ -0,0 +1,58 @@
+package handler
+
+import (
+	"me-fit/service"
+	"me-fit/template"
+	"me-fit/template/auth"
+	"me-fit/types"
+	"me-fit/utils"
+
+	"database/sql"
+	"net/http"
+
+	"github.com/a-h/templ"
+)
+
+type HandlerIndex interface {
+	handle(router *http.ServeMux)
+}
+
+type HandlerIndexImpl struct {
+	db             *sql.DB
+	service        service.ServiceAuth
+	serverSettings *types.ServerSettings
+}
+
+func NewHandlerIndex(db *sql.DB, service service.ServiceAuth, serverSettings *types.ServerSettings) HandlerAuth {
+	return HandlerAuthImpl{
+		db:             db,
+		service:        service,
+		serverSettings: serverSettings,
+	}
+}
+
+func (handler HandlerIndexImpl) handle(router *http.ServeMux) {
+	router.Handle("/", handler handleIndexAnd404())
+}
+
+func (handler HanHandlerIndexImpl) handleIndexAnd404() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := handler.service.GetUserFromSessionId(utils.GetSessionID(r))
+
+		var comp templ.Component = nil
+		userComp := service.UserInfoComp(user)
+
+		if r.URL.Path != "/" {
+			comp = template.Layout(template.NotFound(), userComp, handler.serverSettings.Environment)
+			w.WriteHeader(http.StatusNotFound)
+		} else {
+			comp = template.Layout(template.Index(), userComp, handler.serverSettings.Environment)
+		}
+
+		err = comp.Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Failed to render index", err)
+			http.Error(w, "Failed to render index", http.StatusInternalServerError)
+		}
+	}
+}
diff --git a/handler/workout.go b/handler/workout.go
index 7252b2d..69ec2cb 100644
--- a/handler/workout.go
+++ b/handler/workout.go
@@ -2,15 +2,89 @@ package handler
 
 import (
 	"me-fit/service"
+	"me-fit/template"
+	"me-fit/template/workout"
 	"me-fit/types"
+	"me-fit/utils"
+	"time"
 
 	"database/sql"
 	"net/http"
 )
 
-func handleWorkout(db *sql.DB, router *http.ServeMux, serverSettings *types.ServerSettings) {
-	router.Handle("/workout", authMiddleware(db, service.HandleWorkoutPage(db, serverSettings)))
-	router.Handle("POST /api/workout", authMiddleware(db, service.HandleWorkoutNewComp(db)))
-	router.Handle("GET /api/workout", authMiddleware(db, service.HandleWorkoutGetComp(db)))
-	router.Handle("DELETE /api/workout/{id}", authMiddleware(db, service.HandleWorkoutDeleteComp(db)))
+type HandlerWorkout interface {
+	handle(router *http.ServeMux)
+}
+
+type HandlerWorkoutImpl struct {
+	db             *sql.DB
+	service        service.ServiceWorkout
+	auth           service.ServiceAuth
+	serverSettings *types.ServerSettings
+}
+
+func NewHandlerWorkout(db *sql.DB, service service.ServiceWorkout, auth service.ServiceAuth, serverSettings *types.ServerSettings) HandlerAuth {
+	return HandlerWorkoutImpl{
+		db:             db,
+		service:        service,
+		auth:           auth,
+		serverSettings: serverSettings,
+	}
+}
+
+func (handler HandlerWorkoutImpl) handle(router *http.ServeMux) {
+	router.Handle("/workout", handler.handleWorkoutPage())
+	router.Handle("POST /api/workout", handler.handleAddWorkout())
+	router.Handle("GET /api/workout", service.HandleWorkoutGetComp(handler.db))
+	router.Handle("DELETE /api/workout/{id}", service.HandleWorkoutDeleteComp(handler.db))
+}
+
+func (handler HandlerWorkoutImpl) handleWorkoutPage() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		currentDate := time.Now().Format("2006-01-02")
+		inner := workout.WorkoutComp(currentDate)
+		userComp := service.UserInfoComp(user)
+		err = template.Layout(inner, userComp, handler.serverSettings.Environment).Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Failed to render workout page", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		}
+	}
+}
+
+func (handler HandlerWorkoutImpl) handleAddWorkout() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user, err := handler.auth.GetUserFromSessionId(utils.GetSessionID(r))
+		if err != nil {
+			utils.DoRedirect(w, r, "/auth/signin")
+			return
+		}
+
+		var dateStr = r.FormValue("date")
+		var typeStr = r.FormValue("type")
+		var setsStr = r.FormValue("sets")
+		var repsStr = r.FormValue("reps")
+
+		wo := service.NewWorkoutDto("", dateStr, typeStr, setsStr, repsStr)
+		wo, err = handler.service.AddWorkout(user, wo)
+		if err != nil {
+			utils.TriggerToast(w, r, "error", "Invalid input values")
+			http.Error(w, "Invalid input values", http.StatusBadRequest)
+			return
+		}
+		wor := workout.Workout{Id: wo.RowId, Date: wo.Date, Type: wo.Type, Sets: wo.Sets, Reps: wo.Reps}
+
+		err = workout.WorkoutItemComp(wor, true).Render(r.Context(), w)
+		if err != nil {
+			utils.LogError("Could not render workoutitem", err)
+			utils.TriggerToast(w, r, "error", "Internal Server Error")
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+	}
 }
diff --git a/middleware/auth.go b/middleware/auth.go
deleted file mode 100644
index e48c010..0000000
--- a/middleware/auth.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package middleware
-
-import (
-	"me-fit/utils"
-
-	"context"
-	"database/sql"
-	"net/http"
-)
-
-func EnsureValidSession(db *sql.DB, next http.Handler) http.Handler {
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
-		user := utils.GetUserFromSession(db, r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
-
-		if !user.EmailVerified && r.URL.Path != "/auth/verify" {
-			utils.DoRedirect(w, r, "/auth/verify")
-			return
-		}
-
-		ctx := context.WithValue(r.Context(), utils.ContextKeyUser, user)
-
-		next.ServeHTTP(w, r.WithContext(ctx))
-	})
-}
diff --git a/service/auth.go b/service/auth.go
index c1f3663..fe16a47 100644
--- a/service/auth.go
+++ b/service/auth.go
@@ -10,9 +10,9 @@ import (
 	"net/mail"
 	"net/url"
 	"strings"
+	"time"
 
 	"me-fit/db"
-	"me-fit/template"
 	"me-fit/template/auth"
 	tempMail "me-fit/template/mail"
 	"me-fit/types"
@@ -28,6 +28,7 @@ var (
 	ErrInvalidPassword   = errors.New("Password needs to be 8 characters long, contain at least one number, one special, one uppercase and one lowercase character")
 	ErrInvalidEmail      = errors.New("Invalid email")
 	ErrAccountExists     = errors.New("Account already exists")
+	ErrSessionIdInvalid  = errors.New("Session ID is invalid")
 )
 
 type User struct {
@@ -44,10 +45,29 @@ func NewUser(user *db.User) *User {
 	}
 }
 
+type Session struct {
+	Id        string
+	CreatedAt time.Time
+	User      *User
+}
+
+func NewSession(session *db.Session, user *User) *Session {
+	return &Session{
+		Id:        session.Id,
+		CreatedAt: session.CreatedAt,
+		User:      user,
+	}
+}
+
 type ServiceAuth interface {
-	SignIn(email string, password string) (*User, error)
+	SignIn(email string, password string) (*Session, error)
 	SignUp(email string, password string) (*User, error)
 	SendVerificationMail(userId uuid.UUID, email string)
+	SignOut(sessionId string) error
+	DeleteAccount(user *User) error
+	ChangePassword(user *User, currPass, newPass string) error
+
+	GetUserFromSessionId(sessionId string) (*User, error)
 }
 
 type ServiceAuthImpl struct {
@@ -68,7 +88,7 @@ func NewServiceAuthImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock
 	}
 }
 
-func (service ServiceAuthImpl) SignIn(email string, password string) (*User, error) {
+func (service ServiceAuthImpl) SignIn(email string, password string) (*Session, error) {
 	user, err := service.dbAuth.GetUser(email)
 	if err != nil {
 		if errors.Is(err, db.ErrUserNotFound) {
@@ -84,7 +104,33 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err
 		return nil, ErrInvaidCredentials
 	}
 
-	return NewUser(user), nil
+	session, err := service.createSession(user.Id)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	return NewSession(session, NewUser(user)), nil
+}
+
+func (service ServiceAuthImpl) createSession(userId uuid.UUID) (*db.Session, error) {
+	sessionId, err := service.randomGenerator.String(32)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	err = service.dbAuth.DeleteOldSessions(userId)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	session := db.NewSession(sessionId, userId, service.clock.Now())
+
+	err = service.dbAuth.InsertSession(session)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	return nil, nil
 }
 
 func (service ServiceAuthImpl) SignUp(email string, password string) (*User, error) {
@@ -153,45 +199,35 @@ func (service ServiceAuthImpl) SendVerificationMail(userId uuid.UUID, email stri
 	service.mailService.SendMail(email, "Welcome to ME-FIT", w.String())
 }
 
+func (service ServiceAuthImpl) SignOut(sessionId string) error {
+
+	return service.dbAuth.DeleteSession(sessionId)
+}
+
+func (service ServiceAuthImpl) GetUserFromSessionId(sessionId string) (*User, error) {
+	if sessionId == "" {
+		return nil, ErrSessionIdInvalid
+	}
+
+	session, err := service.dbAuth.GetSession(sessionId)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	user, err := service.dbAuth.GetUserById(session.UserId)
+	if err != nil {
+		return nil, types.ErrInternal
+	}
+
+	if session.CreatedAt.Add(time.Duration(8 * time.Hour)).Before(service.clock.Now()) {
+		return nil, nil
+	} else {
+		return NewUser(user), nil
+	}
+}
+
 // TODO
 
-func HandleSignUpVerifyPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(db, r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-		} else if user.EmailVerified {
-			utils.DoRedirect(w, r, "/")
-		} else {
-			userComp := UserInfoComp(user)
-			signIn := auth.VerifyComp()
-			err := template.Layout(signIn, userComp, serverSettings.Environment).Render(r.Context(), w)
-			if err != nil {
-				utils.LogError("Failed to render verify page", err)
-				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			}
-		}
-	}
-}
-
-func HandleDeleteAccountPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		// An unverified email should be able to delete their account
-		user := utils.GetUserFromSession(db, r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-		} else {
-			userComp := UserInfoComp(user)
-			comp := auth.DeleteAccountComp()
-			err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
-			if err != nil {
-				utils.LogError("Failed to render delete account page", err)
-				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			}
-		}
-	}
-}
-
 func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
@@ -234,45 +270,7 @@ func HandleSignUpVerifyResponsePage(db *sql.DB) http.HandlerFunc {
 	}
 }
 
-func HandleChangePasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-
-		isPasswordReset := r.URL.Query().Has("token")
-
-		user := utils.GetUserFromSession(db, r)
-		if user == nil && !isPasswordReset {
-			utils.DoRedirect(w, r, "/auth/signin")
-		} else {
-			userComp := UserInfoComp(user)
-			comp := auth.ChangePasswordComp(isPasswordReset)
-			err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
-			if err != nil {
-				utils.LogError("Failed to render change password page", err)
-				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			}
-		}
-	}
-}
-
-func HandleResetPasswordPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-
-		user := utils.GetUserFromSession(db, r)
-		if user != nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-		} else {
-			userComp := UserInfoComp(nil)
-			comp := auth.ResetPasswordComp()
-			err := template.Layout(comp, userComp, serverSettings.Environment).Render(r.Context(), w)
-			if err != nil {
-				utils.LogError("Failed to render change password page", err)
-				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-			}
-		}
-	}
-}
-
-func UserInfoComp(user *types.User) templ.Component {
+func UserInfoComp(user *User) templ.Component {
 
 	if user != nil {
 		return auth.UserComp(user.Email)
@@ -281,168 +279,46 @@ func UserInfoComp(user *types.User) templ.Component {
 	}
 }
 
-func HandleSignOutComp(db *sql.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(db, r)
+func (service ServiceAuthImpl) DeleteAccount(user *User) error {
 
-		if user != nil {
-			_, err := db.Exec("DELETE FROM session WHERE session_id = ?", user.SessionId)
-			if err != nil {
-				utils.LogError("Could not delete session", err)
-				utils.TriggerToast(w, r, "error", "Internal Server Error")
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-		}
-
-		c := http.Cookie{
-			Name:     "id",
-			Value:    "",
-			MaxAge:   -1,
-			Secure:   true,
-			HttpOnly: true,
-			SameSite: http.SameSiteStrictMode,
-			Path:     "/",
-		}
-
-		http.SetCookie(w, &c)
-		utils.DoRedirect(w, r, "/")
+	err := service.dbAuth.DeleteUser(user.Id)
+	if err != nil {
+		return err
 	}
+
+	go service.mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
+
+	return nil
 }
 
-func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	mailService := NewMailServiceImpl(serverSettings)
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(db, r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
+func (service ServiceAuthImpl) ChangePassword(user *User, currPass, newPass string) error {
 
-		password := r.FormValue("password")
-		if password == "" {
-			utils.TriggerToast(w, r, "error", "Password is required")
-			return
-		}
-
-		var (
-			storedHash []byte
-			salt       []byte
-		)
-
-		err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
-		if err != nil {
-			utils.LogError("Could not get password", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		currHash := GetHashPassword(password, salt)
-		if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
-			utils.TriggerToast(w, r, "error", "Password is not correct")
-			return
-		}
-
-		_, err = db.Exec("DELETE FROM workout WHERE user_id = ?", user.Id)
-		if err != nil {
-			utils.LogError("Could not delete workouts", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		_, err = db.Exec("DELETE FROM user_token WHERE user_uuid = ?", user.Id)
-		if err != nil {
-			utils.LogError("Could not delete user tokens", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		_, err = db.Exec("DELETE FROM session WHERE user_uuid = ?", user.Id)
-		if err != nil {
-			utils.LogError("Could not delete sessions", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		_, err = db.Exec("DELETE FROM user WHERE user_uuid = ?", user.Id)
-		if err != nil {
-			utils.LogError("Could not delete user", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		go mailService.SendMail(user.Email, "Account deleted", "Your account has been deleted")
-
-		utils.DoRedirect(w, r, "/")
+	if !isPasswordValid(newPass) {
+		return ErrInvalidPassword
 	}
-}
 
-func HandleVerifyResendComp(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(db, r)
-		if user == nil || user.EmailVerified {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
-
-		// TODO
-		// go sendVerificationEmail(db, user.Id.String(), user.Email, serverSettings)
-
-		w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
+	if currPass == newPass {
+		return ErrInvalidPassword
 	}
-}
 
-func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-
-		user := utils.GetUserFromSession(db, r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
-
-		currPass := r.FormValue("current-password")
-		newPass := r.FormValue("new-password")
-
-		if !isPasswordValid(newPass) {
-			utils.TriggerToast(w, r, "error", ErrInvalidPassword.Error())
-			return
-		}
-
-		if currPass == newPass {
-			utils.TriggerToast(w, r, "error", "Please use a new password")
-			return
-		}
-
-		var (
-			storedHash []byte
-			salt       []byte
-		)
-
-		err := db.QueryRow("SELECT password, salt FROM user WHERE user_uuid = ?", user.Id).Scan(&storedHash, &salt)
-		if err != nil {
-			utils.LogError("Could not get password", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		currHash := GetHashPassword(currPass, salt)
-		if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
-			utils.TriggerToast(w, r, "error", "Current Password is not correct")
-			return
-		}
-
-		newHash := GetHashPassword(newPass, salt)
-
-		_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id)
-		if err != nil {
-			utils.LogError("Could not update password", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			return
-		}
-
-		utils.TriggerToast(w, r, "success", "Password changed")
+	_, err := service.SignIn(user.Email, currPass)
+	if err != nil {
+		return err
 	}
+
+	userDb, err := service.dbAuth.GetUserById(user.Id)
+	if err != nil {
+		return err
+	}
+
+	newHash := GetHashPassword(newPass, userDb.Salt)
+
+	err = service.dbAuth.UpdateUserPassword(user.Id, newHash)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
@@ -556,39 +432,6 @@ func HandleResetPasswordComp(db *sql.DB, serverSettings *types.ServerSettings) h
 	}
 }
 
-func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sql.DB, user_uuid uuid.UUID) error {
-	sessionId, err := NewRandomGeneratorImpl().String(32)
-	if err != nil {
-		return types.ErrInternal
-	}
-
-	// Delete old inactive sessions
-	_, err = db.Exec("DELETE FROM session WHERE created_at < datetime('now','-8 hours') AND user_uuid = ?", user_uuid)
-	if err != nil {
-		utils.LogError("Could not delete old sessions", err)
-		return types.ErrInternal
-	}
-
-	_, err = db.Exec("INSERT INTO session (session_id, user_uuid, created_at) VALUES (?, ?, datetime())", sessionId, user_uuid)
-	if err != nil {
-		utils.LogError("Could not insert session", err)
-		return types.ErrInternal
-	}
-
-	cookie := http.Cookie{
-		Name:     "id",
-		Value:    sessionId,
-		MaxAge:   60 * 60 * 8, // 8 hours
-		Secure:   true,
-		HttpOnly: true,
-		SameSite: http.SameSiteStrictMode,
-		Path:     "/",
-	}
-	http.SetCookie(w, &cookie)
-
-	return nil
-}
-
 func GetHashPassword(password string, salt []byte) []byte {
 	return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
 }
diff --git a/service/index_and_404.go b/service/index_and_404.go
deleted file mode 100644
index 085f032..0000000
--- a/service/index_and_404.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package service
-
-import (
-	"database/sql"
-	"me-fit/template"
-	"me-fit/types"
-	"me-fit/utils"
-	"net/http"
-
-	"github.com/a-h/templ"
-)
-
-func HandleIndexAnd404(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUserFromSession(db, r)
-
-		var comp templ.Component = nil
-		userComp := UserInfoComp(user)
-
-		if r.URL.Path != "/" {
-			comp = template.Layout(template.NotFound(), userComp, serverSettings.Environment)
-			w.WriteHeader(http.StatusNotFound)
-		} else {
-			comp = template.Layout(template.Index(), userComp, serverSettings.Environment)
-		}
-
-		err := comp.Render(r.Context(), w)
-		if err != nil {
-			utils.LogError("Failed to render index", err)
-			http.Error(w, "Failed to render index", http.StatusInternalServerError)
-		}
-	}
-}
diff --git a/service/workout.go b/service/workout.go
index 8ea45de..97f1c0f 100644
--- a/service/workout.go
+++ b/service/workout.go
@@ -1,142 +1,100 @@
 package service
 
 import (
-	"log/slog"
-	"me-fit/template"
-	"me-fit/template/workout"
+	"me-fit/db"
 	"me-fit/types"
 	"me-fit/utils"
 
 	"database/sql"
+	"errors"
+	"log/slog"
 	"net/http"
 	"strconv"
 	"time"
 )
 
-func HandleWorkoutPage(db *sql.DB, serverSettings *types.ServerSettings) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUser(r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
+type ServiceWorkout interface {
+	AddWorkout(user *User, workoutDto *WorkoutDto) (*WorkoutDto, error)
+}
 
-		currentDate := time.Now().Format("2006-01-02")
-		inner := workout.WorkoutComp(currentDate)
-		userComp := UserInfoComp(user)
-		err := template.Layout(inner, userComp, serverSettings.Environment).Render(r.Context(), w)
-		if err != nil {
-			utils.LogError("Failed to render workout page", err)
-			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-		}
+type ServiceWorkoutImpl struct {
+	dbWorkout       db.DbWorkout
+	randomGenerator RandomGenerator
+	clock           Clock
+	mailService     MailService
+	serverSettings  *types.ServerSettings
+}
+
+func NewServiceWorkoutImpl(dbAuth db.DbAuth, randomGenerator RandomGenerator, clock Clock, mailService MailService, serverSettings *types.ServerSettings) *ServiceAuthImpl {
+	return &ServiceAuthImpl{
+		dbAuth:          dbAuth,
+		randomGenerator: randomGenerator,
+		clock:           clock,
+		mailService:     mailService,
+		serverSettings:  serverSettings,
 	}
 }
 
-func HandleWorkoutNewComp(db *sql.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUser(r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
+type WorkoutDto struct {
+	RowId string
+	Date  string
+	Type  string
+	Sets  string
+	Reps  string
+}
 
-		var dateStr = r.FormValue("date")
-		var typeStr = r.FormValue("type")
-		var setsStr = r.FormValue("sets")
-		var repsStr = r.FormValue("reps")
-
-		if dateStr == "" || typeStr == "" || setsStr == "" || repsStr == "" {
-			utils.TriggerToast(w, r, "error", "Missing required fields")
-			http.Error(w, "Missing required fields", http.StatusBadRequest)
-			return
-		}
-
-		date, err := time.Parse("2006-01-02", dateStr)
-		if err != nil {
-			utils.TriggerToast(w, r, "error", "Invalid date")
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-		sets, err := strconv.Atoi(setsStr)
-		if err != nil {
-			utils.TriggerToast(w, r, "error", "Invalid number")
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-		reps, err := strconv.Atoi(repsStr)
-		if err != nil {
-			utils.TriggerToast(w, r, "error", "Invalid number")
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		var rowId int
-		err = db.QueryRow("INSERT INTO workout (user_id, date, type, sets, reps) VALUES (?, ?, ?, ?, ?) RETURNING rowid", user.Id, date, typeStr, sets, reps).Scan(&rowId)
-		if err != nil {
-			utils.LogError("Could not insert workout", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-
-		wo := workout.Workout{
-			Id:   strconv.Itoa(rowId),
-			Date: renderDate(date),
-			Type: r.FormValue("type"),
-			Sets: r.FormValue("sets"),
-			Reps: r.FormValue("reps"),
-		}
-
-		err = workout.WorkoutItemComp(wo, true).Render(r.Context(), w)
-		if err != nil {
-			utils.LogError("Could not render workoutitem", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-		}
+func NewWorkoutDtoFromDb(workout *db.Workout) *WorkoutDto {
+	return &WorkoutDto{
+		RowId: strconv.Itoa(workout.RowId),
+		Date:  renderDate(workout.Date),
+		Type:  workout.Type,
+		Sets:  strconv.Itoa(workout.Sets),
+		Reps:  strconv.Itoa(workout.Reps),
+	}
+}
+func NewWorkoutDto(rowId string, date string, workoutType string, sets string, reps string) *WorkoutDto {
+	return &WorkoutDto{
+		RowId: rowId,
+		Date:  date,
+		Type:  workoutType,
+		Sets:  sets,
+		Reps:  reps,
 	}
 }
 
-func HandleWorkoutGetComp(db *sql.DB) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		user := utils.GetUser(r)
-		if user == nil {
-			utils.DoRedirect(w, r, "/auth/signin")
-			return
-		}
+var (
+	ErrInputValues = errors.New("Invalid input values")
+)
 
-		rows, err := db.Query("SELECT rowid, date, type, sets, reps FROM workout WHERE user_id = ? ORDER BY date desc", user.Id)
-		if err != nil {
-			utils.LogError("Could not get workouts", err)
-			utils.TriggerToast(w, r, "error", "Internal Server Error")
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
+func (service ServiceWorkoutImpl) AddWorkout(user *User, workoutDto WorkoutDto) (*WorkoutDto, error) {
 
-		var workouts = make([]workout.Workout, 0)
-		for rows.Next() {
-			var workout workout.Workout
-
-			err = rows.Scan(&workout.Id, &workout.Date, &workout.Type, &workout.Sets, &workout.Reps)
-			if err != nil {
-				utils.LogError("Could not scan workout", err)
-				utils.TriggerToast(w, r, "error", "Internal Server Error")
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			workout.Date, err = renderDateStr(workout.Date)
-			if err != nil {
-				utils.LogError("Could not render date", err)
-				utils.TriggerToast(w, r, "error", "Internal Server Error")
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-
-			workouts = append(workouts, workout)
-		}
-
-		workout.WorkoutListComp(workouts).Render(r.Context(), w)
+	if workoutDto.Date == "" || workoutDto.Type == "" || workoutDto.Sets == "" || workoutDto.Reps == "" {
+		return nil, ErrInputValues
 	}
+
+	date, err := time.Parse("2006-01-02", workoutDto.Date)
+	if err != nil {
+		return nil, ErrInputValues
+	}
+
+	sets, err := strconv.Atoi(workoutDto.Sets)
+	if err != nil {
+		return nil, ErrInputValues
+	}
+
+	reps, err := strconv.Atoi(workoutDto.Reps)
+	if err != nil {
+		return nil, ErrInputValues
+	}
+
+	workoutInsert := db.NewWorkoutInsert(date, workoutDto.Type, sets, reps)
+
+	workout, err := service.dbWorkout.InsertWorkout(user.Id, workoutInsert)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewWorkoutDtoFromDb(workout), nil
 }
 
 func HandleWorkoutDeleteComp(db *sql.DB) http.HandlerFunc {
diff --git a/template/workout/workout.templ b/template/workout/workout.templ
index 5f4ca57..c605663 100644
--- a/template/workout/workout.templ
+++ b/template/workout/workout.templ
@@ -9,29 +9,13 @@ templ WorkoutComp(currentDate string) {
 			hx-swap="outerHTML"
 		>
 			<h2 class="text-4xl mb-8">Track your workout</h2>
-			<input
-				id="date"
-				type="date"
-				class="input input-bordered"
-				value={ currentDate }
-				name="date"
-			/>
+			<input id="date" type="date" class="input input-bordered" value={ currentDate } name="date"/>
 			<select class="select select-bordered w-full" name="type">
 				<option>Push Ups</option>
 				<option>Pull Ups</option>
 			</select>
-			<input
-				type="number"
-				class="input input-bordered"
-				placeholder="Sets"
-				name="sets"
-			/>
-			<input
-				type="number"
-				class="input input-bordered"
-				placeholder="Reps"
-				name="reps"
-			/>
+			<input type="number" class="input input-bordered" placeholder="Sets" name="sets"/>
+			<input type="number" class="input input-bordered" placeholder="Reps" name="reps"/>
 			<button class="btn btn-primary self-end">Save</button>
 		</form>
 		<div hx-get="/api/workout" hx-trigger="load"></div>
diff --git a/types/types.go b/types/types.go
index d40f2dd..7c1b413 100644
--- a/types/types.go
+++ b/types/types.go
@@ -2,17 +2,8 @@ package types
 
 import (
 	"errors"
-
-	"github.com/google/uuid"
 )
 
 var (
 	ErrInternal = errors.New("Internal server error")
 )
-
-type User struct {
-	Id            uuid.UUID
-	Email         string
-	SessionId     string
-	EmailVerified bool
-}
diff --git a/utils/http.go b/utils/http.go
index b6e29a4..64ff202 100644
--- a/utils/http.go
+++ b/utils/http.go
@@ -1,10 +1,8 @@
 package utils
 
 import (
-	"database/sql"
 	"fmt"
 	"log/slog"
-	"me-fit/types"
 	"net/http"
 	"time"
 
@@ -52,44 +50,6 @@ func DoRedirect(w http.ResponseWriter, r *http.Request, url string) {
 	}
 }
 
-func GetUser(r *http.Request) *types.User {
-	user := r.Context().Value(ContextKeyUser)
-	if user != nil {
-		return user.(*types.User)
-	} else {
-		return nil
-	}
-}
-
-func GetUserFromSession(db *sql.DB, r *http.Request) *types.User {
-	sessionId := getSessionID(r)
-	if sessionId == "" {
-		return nil
-	}
-
-	var user types.User
-	var createdAt time.Time
-
-	user.SessionId = sessionId
-
-	err := db.QueryRow(`
-			SELECT u.user_uuid, u.email, u.email_verified, s.created_at
-			FROM session s
-			INNER JOIN user u ON s.user_uuid = u.user_uuid
-			WHERE session_id = ?`, sessionId).Scan(&user.Id, &user.Email, &user.EmailVerified, &createdAt)
-	if err != nil {
-		slog.Warn("Could not verify session: " + err.Error())
-		return nil
-	}
-
-	if createdAt.Add(time.Duration(8 * time.Hour)).Before(time.Now()) {
-		return nil
-	} else {
-		return &user
-	}
-
-}
-
 func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T, error)) (T, error) {
 	start := time.Now()
 	result, err := function()
@@ -97,7 +57,7 @@ func WaitMinimumTime[T interface{}](waitTime time.Duration, function func() (T,
 	return result, err
 }
 
-func getSessionID(r *http.Request) string {
+func GetSessionID(r *http.Request) string {
 	for _, c := range r.Cookies() {
 		if c.Name == "id" {
 			return c.Value