diff --git a/middleware/unKnownEndpoint.js b/middleware/unKnownEndpoint.js
new file mode 100644
index 0000000..c0ce595
--- /dev/null
+++ b/middleware/unKnownEndpoint.js
@@ -0,0 +1,8 @@
+const { ErrorHandler } = require("../helpers/error");
+
+// eslint-disable-next-line no-unused-vars
+const unknownEndpoint = (request, response) => {
+  throw new ErrorHandler(401, "unknown endpoint");
+};
+
+module.exports = unknownEndpoint;
diff --git a/middleware/verifyAdmin.js b/middleware/verifyAdmin.js
new file mode 100644
index 0000000..4a04109
--- /dev/null
+++ b/middleware/verifyAdmin.js
@@ -0,0 +1,14 @@
+const { ErrorHandler } = require("../helpers/error");
+
+module.exports = (req, res, next) => {
+  const { roles } = req.user;
+  if (roles && roles.includes("admin")) {
+    req.user = {
+      ...req.user,
+      roles,
+    };
+    return next();
+  } else {
+    throw new ErrorHandler(401, "require admin role");
+  }
+};
diff --git a/middleware/verifyToken.js b/middleware/verifyToken.js
new file mode 100644
index 0000000..58d4352
--- /dev/null
+++ b/middleware/verifyToken.js
@@ -0,0 +1,47 @@
+const jwt = require("jsonwebtoken");
+const { ErrorHandler } = require("../helpers/error");
+
+const verifyToken = (req, res, next) => {
+  const authHeader = req.header("Authorization");
+  // console.log("authHeader", authHeader)
+
+  // Pastikan header Authorization ada dan berisi token
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    throw new ErrorHandler(401, "Token missing or invalid");
+  }
+
+  // Ambil token dari header Authorization
+  const token = authHeader.split(" ")[1];
+
+  try {
+    // const decoded = jwt.decode(token, { complete: true });
+    // console.log("decoded", decoded)
+    // console.log("==============================")
+    // console.log("token", token)
+    // console.log("process.env.SECRET", process.env.SECRET)
+    // // console.log("==============================> ", jwt.verify(token, process.env.SECRET))
+    // jwt.verify(token, process.env.SECRET, (err, decoded) => {
+    //   if (err) {
+    //       console.error('Error verifying token: ==============================>', err.message);
+    //   } else {
+    //       console.log('Decoded payload: ==============================>', decoded);
+    //   }
+    // });
+
+    const verified = jwt.verify(token, process.env.SECRET);
+    req.tokenExtract = verified;
+    // console.log(req.tokenExtract);
+    
+    req.userID = req.tokenExtract.user_id
+    req.tenantID = req.tokenExtract.tenant_id
+    req.roleID = req.tokenExtract.role_id
+    req.body.userID = req.tokenExtract.user_id
+    req.body.tenantID = req.tokenExtract.tenant_id
+    req.query.tenantID = req.tokenExtract.tenant_id
+    next();
+  } catch (error) {
+    throw new ErrorHandler(401, error.message || "Invalid Token");
+  }
+};
+
+module.exports = verifyToken;