diff --git a/config.json b/config.json
new file mode 100644
index 0000000..52e08ef
--- /dev/null
+++ b/config.json
@@ -0,0 +1 @@
+{"developerMode":false}
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index 29b30e0..1c802fb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,6 +9,7 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
+        "cors": "^2.8.5",
         "express": "^4.21.1",
         "mysql2": "^3.11.4",
         "node-os-utils": "^1.3.7"
@@ -130,6 +131,19 @@
       "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==",
       "license": "MIT"
     },
+    "node_modules/cors": {
+      "version": "2.8.5",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz",
+      "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==",
+      "license": "MIT",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
     "node_modules/debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -614,6 +628,15 @@
       "integrity": "sha512-fvnX9tZbR7WfCG5BAy3yO/nCLyjVWD6MghEq0z5FDfN+ZXpLWNITBdbifxQkQ25ebr16G0N7eRWJisOcMEHG3Q==",
       "license": "MIT"
     },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/object-inspect": {
       "version": "1.13.2",
       "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
diff --git a/package.json b/package.json
index f3311a5..6b7d13e 100644
--- a/package.json
+++ b/package.json
@@ -10,6 +10,7 @@
   "license": "ISC",
   "description": "",
   "dependencies": {
+    "cors": "^2.8.5",
     "express": "^4.21.1",
     "mysql2": "^3.11.4",
     "node-os-utils": "^1.3.7"
diff --git a/server.js b/server.js
index 6a37b2b..350d2a9 100644
--- a/server.js
+++ b/server.js
@@ -2,6 +2,7 @@ const express = require('express');
 const cors = require('cors');
 const app = express();
 const os = require('os');
+const fs = require('fs');
 
 app.use(cors());
 app.use(express.json())
@@ -66,7 +67,7 @@ app.get('/system-stats', (req, res) => {
 app.use('/login', (req, res) => {
     const username = req.body.username;
     const password = req.body.password;
-    console.log(req.body.password);
+    console.log(req.body.username, req.body.password);
     
     const query = 'SELECT * FROM users WHERE username = ?';
     db.query(query, [username], (err, results) => {
@@ -111,6 +112,67 @@ app.use('/check-perms', (req, res) => {
     });
 });
 
+app.use('/config', (req, res) => {
+    const result = req.headers['x-username'];
+
+    console.log(req.headers['x-username']);
+    if (!result) {
+        return res.status(400).json({ error: "x-username header is required" });
+    }
+    const pre_username = JSON.parse(result);
+    const username = pre_username.token;
+    // Check if user exists and has permissions
+    console.log(username);
+    const query = 'SELECT perms FROM users WHERE username = ?';
+    db.query(query, [username], (err, results) => {
+        if (err) {
+            console.error('Database error:', err);
+            return res.status(500).json({ error: "Internal server error" });
+        }
+
+        if (results.length === 0) {
+            return res.status(401).json({ error: "Unauthorized" });
+        }
+
+        const perms = results[0].perms;
+        if (perms !== 'admin') {
+            return res.status(403).json({ error: "Insufficient permissions" });
+        }
+
+        // Handle config updates
+        if (req.method === 'POST') {
+            try {
+                const newConfig = req.body;
+                console.log(newConfig);
+                fs.writeFileSync('config.json', JSON.stringify(newConfig));
+                res.json({ message: "Config updated successfully" });
+            } catch (error) {
+                console.error('Error writing config:', error);
+                res.status(500).json({ error: "Failed to update config" });
+            }
+        }
+        
+        // Handle config reads
+        else if (req.method === 'GET') {
+            try {
+                const configData = fs.readFileSync('config.json', 'utf8');
+                if (!configData) {
+                    return res.status(500).json({ error: "Config file is empty" });
+                }
+                const config = JSON.parse(configData);
+                res.json(config);
+            } catch (error) {
+                console.error('Error reading config:', error);
+                res.status(500).json({ error: "Failed to read config" });
+            }
+        }
+        
+        else {
+            res.status(405).json({ error: "Method not allowed" });
+        }
+    });
+});
+