diff --git a/internal/ctxkeys/ctx.go b/internal/ctxkeys/ctx.go
new file mode 100644
index 0000000..2b0c759
--- /dev/null
+++ b/internal/ctxkeys/ctx.go
@@ -0,0 +1,16 @@
+package ctxkeys
+
+import (
+	"context"
+
+	"git.juancwu.dev/juancwu/budgething/internal/model"
+)
+
+const (
+	UserKey string = "user"
+)
+
+func User(ctx context.Context) *model.User {
+	user, _ := ctx.Value(UserKey).(*model.User)
+	return user
+}
diff --git a/internal/handler/auth.go b/internal/handler/auth.go
new file mode 100644
index 0000000..ae95fd5
--- /dev/null
+++ b/internal/handler/auth.go
@@ -0,0 +1,15 @@
+package handler
+
+import "net/http"
+
+type authHandler struct {
+}
+
+func NewAuthHandler() *authHandler {
+	return &authHandler{}
+}
+
+func (h *authHandler) AuthPage(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte("200 OK"))
+}
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
new file mode 100644
index 0000000..28f3a35
--- /dev/null
+++ b/internal/middleware/auth.go
@@ -0,0 +1,24 @@
+package middleware
+
+import (
+	"net/http"
+
+	"git.juancwu.dev/juancwu/budgething/internal/ctxkeys"
+)
+
+// RequireGuest ensures request is not authenticated
+func RequireGuest(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		user := ctxkeys.User(r.Context())
+		if user != nil {
+			if r.Header.Get("HX-Request") == "true" {
+				w.Header().Set("HX-Redirect", "/app/dashboard")
+				w.WriteHeader(http.StatusSeeOther)
+				return
+			}
+			http.Redirect(w, r, "/app/dashboard", http.StatusSeeOther)
+			return
+		}
+		next.ServeHTTP(w, r)
+	}
+}
diff --git a/internal/routes/routes.go b/internal/routes/routes.go
index 035df7e..1f07eb2 100644
--- a/internal/routes/routes.go
+++ b/internal/routes/routes.go
@@ -6,14 +6,21 @@ import (
 
 	"git.juancwu.dev/juancwu/budgething/assets"
 	"git.juancwu.dev/juancwu/budgething/internal/app"
+	"git.juancwu.dev/juancwu/budgething/internal/handler"
+	"git.juancwu.dev/juancwu/budgething/internal/middleware"
 )
 
 func SetupRoutes(a *app.App) http.Handler {
+	auth := handler.NewAuthHandler()
+
 	mux := http.NewServeMux()
 
 	// Static
 	sub, _ := fs.Sub(assets.AssetsFS, ".")
 	mux.Handle("GET /assets/", http.StripPrefix("/assets/", http.FileServer(http.FS(sub))))
 
+	// Auth pages
+	mux.HandleFunc("GET /auth", middleware.RequireGuest(auth.AuthPage))
+
 	return mux
 }