diff --git a/clase-7/.gitignore b/clase-7/.gitignore
new file mode 100644
index 0000000..2226022
--- /dev/null
+++ b/clase-7/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+db
\ No newline at end of file
diff --git a/clase-7/config.js b/clase-7/config.js
new file mode 100644
index 0000000..e7eabf0
--- /dev/null
+++ b/clase-7/config.js
@@ -0,0 +1,5 @@
+export const {
+  PORT = 3000,
+  SALT_ROUND = 10,
+  SECRET_JWT_KEY = 'this-is-an-awesome-secret-key-mucho-mas-largo-y-muy-seguro'
+} = process.env
diff --git a/clase-7/index.js b/clase-7/index.js
new file mode 100644
index 0000000..711476f
--- /dev/null
+++ b/clase-7/index.js
@@ -0,0 +1,81 @@
+import express from 'express'
+import { PORT, SECRET_JWT_KEY } from './config.js'
+import cookieParser from 'cookie-parser'
+import jwt from 'jsonwebtoken'
+import { UserRepository } from './user-repository.js'
+
+const app = express()
+
+app.set('view engine', 'ejs')
+
+app.use(express.json())
+app.use(cookieParser())
+
+app.use((req, res, next) => {
+  const token = req.cookies.access_token
+  req.session = { user: null }
+
+  try {
+    const data = jwt.verify(token, SECRET_JWT_KEY)
+    req.session.user = data
+  } catch (error) {
+    req.session.user = null
+  }
+
+  next()
+})
+
+app.get('/', (req, res) => {
+  const { user } = req.session
+  res.render('index', user)
+})
+
+app.post('/login', async (req, res) => {
+  const { username, password } = req.body
+  try {
+    const user = await UserRepository.login({ username, password })
+    const token = jwt.sign(
+      { id: user._id, username: user.username },
+      SECRET_JWT_KEY,
+      {
+        expiresIn: '1h'
+      }
+    )
+    res
+      .cookie('access_token', token, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+        maxAge: 1000 * 60 * 60
+      })
+      .status(200).send({ user, token })
+  } catch (error) {
+    res.status(401).send({ error: error.message })
+  }
+})
+
+app.post('/register', async (req, res) => {
+  const { username, password } = req.body
+  try {
+    const id = await UserRepository.create({
+      username,
+      password
+    })
+    res.send({ id })
+  } catch (error) {
+    res.status(400).send({ error: error.message })
+  }
+})
+
+app.post('/logout', (req, res) => {
+  res
+    .clearCookie('access_token')
+    .json({ message: 'Logout successful' })
+})
+
+app.get('/protected', (req, res) => {
+  const { user } = req.session
+  if (!user) return res.status(403).send('Access not authorized')
+  res.render('protected', user)
+})
+app.listen(PORT, () => { console.log(`Server is listen on port ${PORT}`) })
diff --git a/clase-7/package.json b/clase-7/package.json
new file mode 100644
index 0000000..c01a7ab
--- /dev/null
+++ b/clase-7/package.json
@@ -0,0 +1,28 @@
+{
+  "name": "6.-user-aouth-midu",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "type": "module",
+  "scripts": {
+    "dev": "node --watch index.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "bcrypt": "^5.1.1",
+    "cookie-parser": "^1.4.7",
+    "db-local": "^3.1.0",
+    "ejs": "^3.1.10",
+    "express": "^4.21.2",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "standard": "^17.1.2"
+  },
+  "eslintConfig": {
+    "extends": "standard"
+  }
+}
diff --git a/clase-7/readme.md b/clase-7/readme.md
new file mode 100644
index 0000000..c3bdd96
--- /dev/null
+++ b/clase-7/readme.md
@@ -0,0 +1,9 @@
+## To run this app download it and run the command npm i to install all denpendencies (Is required have node on you computer).
+
+```bash
+npm i
+```
+## screenshots:
+![Image](https://github.com/user-attachments/assets/f91a1f7a-ba1c-418f-ade7-7b91264c5b67)
+![Image](https://github.com/user-attachments/assets/0a65335a-33bb-41d6-8db6-25af541d8f04)
+![Image](https://github.com/user-attachments/assets/eb071544-6c44-4e68-b6d4-7f1606278d8c)
\ No newline at end of file
diff --git a/clase-7/user-repository.js b/clase-7/user-repository.js
new file mode 100644
index 0000000..dc57c79
--- /dev/null
+++ b/clase-7/user-repository.js
@@ -0,0 +1,54 @@
+import DBLocal from 'db-local'
+import crypto from 'crypto'
+import bcrypt from 'bcrypt'
+import { SALT_ROUND } from './config.js'
+const { Schema } = new DBLocal({ path: './db' })
+
+const User = Schema('User', {
+  _id: { type: String, required: true },
+  username: { type: String, required: true },
+  password: { type: String, required: true }
+})
+
+export class UserRepository {
+  static async create ({ username, password }) {
+    Validatiton.password(password)
+    Validatiton.username(username)
+    const user = User.findOne({ username })
+    if (user) throw new Error(`The username: ${username} is already taken`)
+    const id = crypto.randomUUID()
+    const hashedPassword = await bcrypt.hash(password, SALT_ROUND)
+    User.create({
+      id,
+      username,
+      password: hashedPassword
+    }).save()
+
+    return id
+  }
+
+  static async login ({ username, password }) {
+    Validatiton.username(username)
+    Validatiton.password(password)
+
+    const user = User.findOne({ username })
+    if (!user) throw new Error('This user does not exist in our database')
+    const isValid = await bcrypt.compare(password, user.password)
+    if (!isValid) throw new Error('Incorrect password')
+    const { password: _, ...publicUser } = user
+    console.log(publicUser)
+    return publicUser
+  }
+}
+
+class Validatiton {
+  static password (password) {
+    if (typeof password !== 'string') throw new Error('Password must be a string')
+    if (password.length < 6) throw new Error('Password at leat must have 6 characters long')
+  }
+
+  static username (username) {
+    if (typeof username !== 'string') throw new Error('Username must be a string')
+    if (username.length < 3) throw new Error('Username at least must be have 3 characters long')
+  }
+}
diff --git a/clase-7/views/index.ejs b/clase-7/views/index.ejs
new file mode 100644
index 0000000..f649bcd
--- /dev/null
+++ b/clase-7/views/index.ejs
@@ -0,0 +1,220 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login & registration Forms`</title>
+    <!-- google fonts -->
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100..900;1,100..900&display=swap" rel="stylesheet">
+    <style>
+        *,
+        *::before,
+        *::after {
+            box-sizing: border-box;
+        }
+
+        body {
+            font-family: "Roboto", sans-serif;
+            background-color: #f5f5f5;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            height: 100hv;
+            margin: 0;
+        }
+
+        .container { 
+            display: flex;
+            flex-direction: column;
+            justify-content: center;
+            height: 100vh;
+        }
+
+        .form-container {
+            background-color: #fff;
+            padding: 20px;
+            margin: 10px;
+            border-radius: 8px;
+            box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
+        }
+
+        form h2 {
+            margin-bottom: 20px;
+            font-size: 24px;
+            text-align: center;
+        }
+
+        label {
+            display: block;
+            margin-bottom: 5px;
+            font-weight: bold;
+        }
+
+        input{
+            width: 100%;
+            padding: 10px;
+            margin-bottom: 20px;
+            border: 1px solid #ccc;
+            border-radius: 4px;
+        }
+
+        button {
+            width: 100%;
+            padding: 10px;
+            background-color: #28a745;
+            color: #fff;
+            border: none;
+            border-radius: 4px;
+            cursor: pointer;
+            font-size: 16px;
+        }
+
+        button:hover{
+            background-color: #218838;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <% if (typeof username !== 'undefined') { %>
+            <div class="form-container">
+                <h2>Hola <%= username %>!</h2>
+                <p>Estas en el panel de administracion</p>
+                <button id="close-session">Cerrar sesion</button>
+            </div>
+        <% } %>
+
+            <% if (typeof username === 'undefined') { %>
+                <div class="form-container">
+                    <form id="login-form">
+                        <h2>Login</h2>
+                        <label for="login-username">Username</label>
+                        <input type="text" id="login-username" name="username" required>
+
+                        <label for="login-password">Password</label>
+                        <input type="password" id="login-password" name="password" required>
+
+                        <button type="submit">Login</button>
+                        <span>&nbsp;</span>
+                    </form>        
+                </div>
+
+                <div class="form-container">
+                    <form id="register-form">
+                        <h2>Register</h2>
+                        <label for="register-username">Username</label>
+                        <input type="text" id="register-username" name="username" required>
+
+                        <label for="register-password">Password</label>
+                        <input type="password" id="register-password" name="password" required>
+
+                        <label for="register-confirm-password">Confirm Password</label>
+                        <input type="password" id="resgister-confirm-password" name="confirm-password" required>
+                        <span>&nbsp;</span>
+                        <button type="submit">Register</button>
+                    </form>
+                </div>
+          <% } %>    
+    </div>
+    <script>
+        const $ = el => document.querySelector(el)
+
+        const loginForm = $('#login-form')
+        const loginSpan = $('#login-form span')
+
+        const registerForm = $('#register-form')
+        const registerSpan = $('#register-form span')
+
+        const logoutButton = $('#close-session')
+
+        loginForm?.addEventListener('submit', e => {
+            e.preventDefault()
+            const username = $('#login-username').value
+            const password = $('#login-password').value
+            
+            fetch('/login', {
+                method: 'POST',
+                headers:{
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify({ username, password })
+            })
+              .then(res =>{
+                if (res.ok){
+                    loginSpan.innerText = 'Sesion Iniciada... Entrando...'
+                    loginSpan.style.color = 'green'
+                    setTimeout(() => {
+                        window.location.href = '/protected'
+                    }, 1200)
+                }else{
+                    loginSpan.innerText = 'Error al iniciar sesion'
+                    loginSpan.style.color = 'red'
+                }
+              })
+            })
+        
+        registerForm?.addEventListener('submit', e => {
+            e.preventDefault()
+            const username = $('#register-username').value
+            const password = $('#register-password').value
+            const confirmPassword = $('#resgister-confirm-password').value
+            console.log(username, password, confirmPassword)
+            if ( password != confirmPassword) {
+                alert('Passwords do not match')
+                return
+            }
+
+            fetch('/register', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify({ username, password })
+            })
+              .then(res => {
+                console.log(res)
+                if(res.ok){
+                    registerSpan.innerText = 'Usuario Registrado. Entrando...'
+                    registerSpan.style.color = 'green'
+                    setTimeout(() => {
+                        fetch('/login', {
+                        method: 'POST',
+                        headers: {
+                            'Content-Type': 'application/json'
+                            },
+                body: JSON.stringify({ username, password })
+            })
+              .then(res => {
+                if(res.ok){
+                    window.location.href = '/protected'
+                }else{
+                    loginSpan.innerText = 'Error al iniciar sesion'
+                    loginSpan.style.color = 'red'
+                }
+              })
+                    }, 1200)
+                }else{
+                    registerSpan.innerText = 'Error al registrar usuario'
+                    registerSpan.style.color = 'red'
+                }
+              })
+            })
+
+            logoutButton?.addEventListener('click', e => {
+                e.preventDefault()
+                fetch('/logout', {
+                    method: 'POST',
+                    headers:{
+                        'Content-Type': 'application/json'
+                    }
+                })
+                  .then(res => {
+                    console.log(res)
+                    window.location.href = ('/')
+                })
+            })
+    </script>
+</body>
+</html>
\ No newline at end of file
diff --git a/clase-7/views/protected.ejs b/clase-7/views/protected.ejs
new file mode 100644
index 0000000..5b10123
--- /dev/null
+++ b/clase-7/views/protected.ejs
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Document</title>
+</head>
+<body>
+    <h1>Hello <%= username %></h1>
+    <h2>Este contenido esta protegido</h2>
+</body>
+</html>
\ No newline at end of file