diff --git a/backend/src/middleware/auth.js b/backend/src/middleware/auth.js
new file mode 100644
index 0000000..06c1833
--- /dev/null
+++ b/backend/src/middleware/auth.js
@@ -0,0 +1,14 @@
+const jwt = require('jsonwebtoken');
+
+const JWT_SECRET = process.env.JWT_SECRET || 'clouddisk-secret-key';
+const JWT_EXPIRES_IN = '7d';
+
+const generateToken = (payload) => {
+  return jwt.sign(payload, JWT_SECRET, { expiresIn: JWT_EXPIRES_IN });
+};
+
+const verifyToken = (token) => {
+  return jwt.verify(token, JWT_SECRET);
+};
+
+module.exports = { generateToken, verifyToken, JWT_SECRET };