diff --git a/src/controllers/adminController.ts b/src/controllers/adminController.ts
new file mode 100644
index 0000000..b169f9e
--- /dev/null
+++ b/src/controllers/adminController.ts
@@ -0,0 +1,37 @@
+import { Request, Response } from "express";
+import { User } from "../models/user";
+import { ADMIN_MAX_USERS_PER_PAGE } from "../utils/utils";
+
+export async function GetAllUsers(req: Request, res: Response) {
+  try {
+    const pageSize = ADMIN_MAX_USERS_PER_PAGE;
+
+    // Get the current page number (default: 1)
+    const page = parseInt(req.query.page as string, pageSize) || 1;
+
+    // Calculate the skipping (skip) based on the current page
+    const skip = (page - 1) * pageSize;
+
+    // Get the total number of users
+    const totalUsers = await User.countDocuments({}).lean();
+
+    // Calculate the total number of pages
+    const totalPages = Math.ceil(totalUsers / pageSize);
+
+    // Query for the current page with limit and skip
+    const users = await User.find({})
+      .lean()
+      .select("-password -_id -__v") // Exclude password and other fields
+      .skip(skip)
+      .limit(pageSize);
+
+    // Respond with users and page information
+    res.json({
+      users,
+      totalPages,
+    });
+  } catch (error) {
+    console.error("Error fetching users:", error);
+    res.status(500).json({ error: "Internal Server Error" });
+  }
+}
diff --git a/src/controllers/userController.ts b/src/controllers/userController.ts
index 181c88d..ac3c117 100644
--- a/src/controllers/userController.ts
+++ b/src/controllers/userController.ts
@@ -1,8 +1,7 @@
 import { Request, Response } from "express";
 import bcrypt from "bcrypt";
 import { User } from "../models/user";
-import crypto from "crypto";
-import { Session } from "../models/session";
+import { saveSession } from "../utils/utils";
 
 export async function SignUp(req: Request, res: Response) {
   if (!req.body.accountName || !req.body.username || !req.body.password) {
@@ -11,7 +10,7 @@ export async function SignUp(req: Request, res: Response) {
 
   const { accountName, username, password } = req.body;
 
-  const existingUser = await User.findOne({ accountName });
+  const existingUser = await User.findOne({ accountName }).lean();
 
   if (existingUser) {
     return res.status(400).json({ status: "err" });
@@ -38,7 +37,7 @@ export async function SignUp(req: Request, res: Response) {
 
   user
     .save()
-    .then(() => res.status(200).json({ status: "ok" }))
+    .then(() => saveSession(res, accountName))
     .catch((err) => {
       console.log(err);
       res.status(500).json({ status: "err" });
@@ -53,13 +52,18 @@ export async function Login(req: Request, res: Response) {
 
     const { accountName, password } = req.body;
 
-    const user = await User.findOne({ accountName });
+    const user = await User.findOne({ accountName }).lean();
 
     if (!user) {
       return res.status(401).json({ status: "err" });
     }
 
-    if (user.password === undefined || user.password === null) {
+    if (
+      user.accountName === null ||
+      user.accountName === undefined ||
+      user.password === undefined ||
+      user.password === null
+    ) {
       return res.status(401).json({ status: "err" });
     }
 
@@ -74,19 +78,31 @@ export async function Login(req: Request, res: Response) {
       return res.status(401).json({ status: "err" });
     }
 
-    const sessionId = crypto.randomBytes(32).toString("hex");
-
-    const session = new Session({
-      sessionId: sessionId,
-      accountName: user.accountName,
-    });
-
-    session
-      .save()
-      .then(() => res.status(200).json({ sessionId }))
-      .catch(() => res.status(500).json({ status: "err" }));
+    saveSession(res, user.accountName);
   } catch (error) {
     console.error("error on login:", error);
     res.status(500).json({ status: "err" });
   }
 }
+
+export async function GetUserProfile(req: Request, res: Response) {
+  try {
+    const user = await User.findOne({
+      accountName: req.params.accountName,
+    }).lean();
+
+    if (!user) {
+      return res.status(404).json({ status: "err" });
+    }
+
+    console.log("user:", user);
+
+    res.json({
+      accountName: user.accountName,
+      username: user.username,
+    });
+  } catch (error) {
+    console.error("error on get user profile:", error);
+    res.status(500).json({ status: "err" });
+  }
+}
diff --git a/src/models/session.ts b/src/models/session.ts
index 72ec7cc..0801cd0 100644
--- a/src/models/session.ts
+++ b/src/models/session.ts
@@ -1,8 +1,13 @@
 import mongoose, { InferSchemaType, Schema } from "mongoose";
+import { ADMIN_MAX_USERS_PER_PAGE } from "../utils/utils";
 
 export const sessionSchema = new Schema({
   sessionId: String,
   accountName: String,
+  expiresAt: {
+    type: Date,
+    default: new Date(Date.now() + ADMIN_MAX_USERS_PER_PAGE),
+  },
 });
 
 export type Session = InferSchemaType<typeof sessionSchema>;
diff --git a/src/models/user.ts b/src/models/user.ts
index e82bafe..4b66c0b 100644
--- a/src/models/user.ts
+++ b/src/models/user.ts
@@ -4,6 +4,18 @@ export const userSchema = new Schema({
   accountName: String,
   username: String,
   password: String,
+  followers: {
+    type: Number,
+    default: 0,
+  },
+  following: {
+    type: Number,
+    default: 0,
+  },
+  visited: {
+    type: Number,
+    default: 0,
+  },
 });
 
 export type User = InferSchemaType<typeof userSchema>;
diff --git a/src/mongodb/mongodb.ts b/src/mongodb/mongodb.ts
index b3f244e..116c5b4 100644
--- a/src/mongodb/mongodb.ts
+++ b/src/mongodb/mongodb.ts
@@ -2,8 +2,8 @@ import mongoose from "mongoose";
 
 export function initDatabase() {
   mongoose.connect("mongodb://localhost:27017/partyapp", {
-    user: "partyapp",
-    pass: "5ycwujPeNw9NoW9rXTEdwzVHqzb9XM57",
+    user: process.env.MONGODB_USERNAME,
+    pass: process.env.MONGODB_PASSWORD,
   });
 
   mongoose.connection.on("connected", () => {
diff --git a/src/routes/routes.ts b/src/routes/routes.ts
index a6fe10d..3ac7aa3 100644
--- a/src/routes/routes.ts
+++ b/src/routes/routes.ts
@@ -1,6 +1,7 @@
 import express from "express";
 const router = express.Router();
 import * as userController from "../controllers/userController";
+import * as adminController from "../controllers/adminController";
 
 /**
  * @swagger
@@ -126,4 +127,8 @@ router.post("/user/signup", userController.SignUp);
  */
 router.post("/user/login", userController.Login);
 
+router.get("/user/profile/:accountName", userController.GetUserProfile);
+
+router.get("/admin/users", adminController.GetAllUsers);
+
 export default router;
diff --git a/src/utils/utils.ts b/src/utils/utils.ts
new file mode 100644
index 0000000..665ea44
--- /dev/null
+++ b/src/utils/utils.ts
@@ -0,0 +1,28 @@
+import crypto from "crypto";
+import { Session } from "../models/session";
+import { Response } from "express";
+
+export const DEFAULT_SESSION_EXPIRATION = 7 * 24 * 60 * 60 * 1000; // 7 days
+export const ADMIN_MAX_USERS_PER_PAGE = 10;
+
+export async function saveSession(res: Response, accountName: string) {
+  try {
+    // Generate a random session ID
+    const sessionId = crypto.randomBytes(32).toString("hex");
+
+    // Create a new session document
+    const session = new Session({
+      sessionId: sessionId,
+      accountName: accountName, // Assuming you have the user information in req.user
+    });
+
+    // Save the session to MongoDB
+    await session.save();
+
+    // Respond with the session ID
+    res.status(200).json({ sessionId });
+  } catch (error) {
+    console.error("Error saving session:", error);
+    res.status(500).json({ status: "err" });
+  }
+}