diff --git a/.env b/.env.sample
similarity index 100%
rename from .env
rename to .env.sample
diff --git a/.gitignore b/.gitignore
index d3ff5fc..1f945f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,4 +22,5 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 
-package-lock.json
\ No newline at end of file
+server/.env
+.env
\ No newline at end of file
diff --git a/server/.env b/server/.env
deleted file mode 100644
index f54e45c..0000000
--- a/server/.env
+++ /dev/null
@@ -1,4 +0,0 @@
-RAZORPAY_KEY_ID=rzp_test_PNolgaEI9aZ95P
-RAZORPAY_SECRET=89Roy7jyi4mI5Sv0NVOT2iKt
-
-CURRENCY=INR
\ No newline at end of file
diff --git a/server/.env.sample b/server/.env.sample
new file mode 100644
index 0000000..23c0c46
--- /dev/null
+++ b/server/.env.sample
@@ -0,0 +1,4 @@
+RAZORPAY_KEY_ID=rzp_XXXXXXXXXXXXXXXXXXXX
+RAZORPAY_SECRET=XXXXXXXXXXXXXXXX
+
+CURRENCY=XXX
\ No newline at end of file
diff --git a/server/constants/app-constants.js b/server/constants/app-constants.js
new file mode 100644
index 0000000..4f83ef0
--- /dev/null
+++ b/server/constants/app-constants.js
@@ -0,0 +1,9 @@
+module.exports = {
+  /* Add all your guest route here... */  
+  guestUrls: [
+    '/api/user/signup',
+    '/api/user/login',
+    '/api/fetch_products',
+    '/api/get_product',
+  ],
+};
diff --git a/server/middlewares/checkToken.js b/server/middlewares/checkToken.js
index 6225bb3..6e1d6d1 100644
--- a/server/middlewares/checkToken.js
+++ b/server/middlewares/checkToken.js
@@ -1,21 +1,33 @@
-const jwt = require('jsonwebtoken');
-const HttpResponse = require('../models/http-response');
+const jwt = require("jsonwebtoken");
+const HttpResponse = require("../models/http-response");
+const APP_CONSTANTS = require("../constants/app-constants");
 
 module.exports = (req, res, next) => {
-    if (req.method === 'OPTIONS') {
-        return next();
-    }
-    try {
-        const token = req.headers.authorization.split(' ')[1]; // Authorization: 'Bearer TOKEN'
-        if (!token) {
-            throw new Error('Authentication failed!');
-        }
-        const decodedToken = jwt.verify(token, 'this is www.datacode.in private key');
-        console.log("SDF", decodedToken)
-        req.userData = { _id: decodedToken._id, email: decodedToken.email, userType: decodedToken.userType };
-        next();
-    } catch (err) {
-        const error = new HttpResponse('Authentication failed!', 403);
-        return res.json({ response: error });
+  if (
+    req.method === "OPTIONS" ||
+    APP_CONSTANTS.guestUrls.some((url) => req.url.includes(url))
+  ) {
+    return next();
+  }
+
+  try {
+    const token = req.headers.authorization.split(" ")[1]; // Authorization: 'Bearer TOKEN'
+    if (!token) {
+      throw new Error("Authentication failed!");
     }
-};
\ No newline at end of file
+    const decodedToken = jwt.verify(
+      token,
+      "this is www.datacode.in private key"
+    );
+    console.log("SDF", decodedToken);
+    req.userData = {
+      _id: decodedToken._id,
+      email: decodedToken.email,
+      userType: decodedToken.userType,
+    };
+    next();
+  } catch (err) {
+    const error = new HttpResponse("Authentication failed!", 403);
+    return res.json({ response: error });
+  }
+};
diff --git a/server/routes/paymentRoutes.js b/server/routes/paymentRoutes.js
index c159c1a..f1d93ae 100644
--- a/server/routes/paymentRoutes.js
+++ b/server/routes/paymentRoutes.js
@@ -1,10 +1,8 @@
 const express = require("express");
-const checkToken = require("../middlewares/checkToken");
 const paymentControllers = require("../controllers/paymentControllers");
 
 const router = express.Router();
 
-router.use(checkToken);
 router.post("/cart_order", paymentControllers.createPayments);
 // router.get("/cart_order", paymentControllers.fetchPayments);
 
diff --git a/server/routes/shopRoutes.js b/server/routes/shopRoutes.js
index cb2c499..33954b0 100644
--- a/server/routes/shopRoutes.js
+++ b/server/routes/shopRoutes.js
@@ -1,13 +1,10 @@
 const express = require("express");
 const shopController = require("../controllers/shopControllers");
-const checkToken = require("../middlewares/checkToken");
 const router = express.Router();
 
 router.get("/fetch_products", shopController.getProducts);
 router.get("/get_product/:id", shopController.getProduct);
-router.use(checkToken);
 router.post("/add_product", shopController.addProduct);
-
 router.post("/add_order", shopController.addOrder);
 router.get("/get_orders", shopController.getOrders);
 
diff --git a/server/server.js b/server/server.js
index 0c9b3c8..cc80a78 100644
--- a/server/server.js
+++ b/server/server.js
@@ -9,6 +9,7 @@ const shopRoutes = require("./routes/shopRoutes");
 const userRoutes = require("./routes/userRoutes");
 const paymentRoutes = require("./routes/paymentRoutes");
 const mongo = require("./configs/dbConfig");
+const checkToken = require("./middlewares/checkToken");
 const app = express();
 
 const port = 5000;
@@ -18,8 +19,6 @@ app.use(bodyParser.json({ limit: '50mb' }));
 app.use(bodyParser.urlencoded({ limit: '50mb', extended: true }));
 app.use(express.json());
 
-app.use("/api/user", userRoutes)
-
 // TOKEN AUTHENTICATION- ALL THE ROUTES WRITTEN BELOW THIS WILL NEED TOKEN TO BE SENT in request headers
 app.use((req, res, next) => {
   res.setHeader('Access-Control-Allow-Origin', '*');
@@ -31,6 +30,10 @@ app.use((req, res, next) => {
   next();
 });
 
+/* Check for authentication on protected resources */
+app.use(checkToken)
+
+app.use("/api/user", userRoutes)
 app.use("/api/payment", paymentRoutes)
 app.use("/api", shopRoutes);