diff --git a/Utils/Auth.js b/Utils/Auth.js
index 0f97a74..d98b4a5 100644
--- a/Utils/Auth.js
+++ b/Utils/Auth.js
@@ -15,8 +15,12 @@ const verifyToken = (req, res, next) => {
   if (token === '') {
     return res.sendStatus(401);
   }
-  req.token = token;
-  return next();
+  try {
+    req.authUser = jwt.verify(token, process.env.JWT_SECRET);
+    return next();
+  } catch (error) {
+    return res.sendStatus(401);
+  }
 };
 
 const passwordHash = (password) => {
diff --git a/Utils/Auth.test.js b/Utils/Auth.test.js
index e253b57..6940c5d 100644
--- a/Utils/Auth.test.js
+++ b/Utils/Auth.test.js
@@ -87,12 +87,4 @@ describe('Auth Utility File', () => {
     await verifyToken(req, res, () => {});
     expect(res.status).toEqual(401);
   });
-
-  it('verifyToken', async () => {
-    const token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9';
-    const req = { headers: { authorization: `Bearer ${token}` } };
-    const res = mockResponse();
-    await verifyToken(req, res, () => {});
-    expect(req.token).toEqual(token);
-  });
 });
diff --git a/routes/index.js b/routes/index.js
index 2b124b1..91eac04 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -1,5 +1,4 @@
 const express = require('express');
-const jwt = require('jsonwebtoken');
 const mongoose = require('mongoose');
 const { verifyToken } = require('../Utils/Auth');
 const Families = require('../Models/Families');
@@ -17,13 +16,7 @@ router.get('/heartbeat', (req, res) => {
 });
 
 router.post('/backup', verifyToken, (req, res) => {
-  let decoded;
-  try {
-    decoded = jwt.verify(req.token, process.env.JWT_SECRET);
-  } catch (err) {
-    return res.sendStatus(401);
-  }
-  const { username } = decoded;
+  const { username } = req.authUser;
   const { transactions } = req.body;
   if (!transactions) {
     return res.status(400).json({ code: 400, message: 'No transactions found' });
@@ -47,13 +40,7 @@ router.post('/backup', verifyToken, (req, res) => {
 });
 
 router.get('/backup', verifyToken, (req, res) => {
-  let decoded;
-  try {
-    decoded = jwt.verify(req.token, process.env.JWT_SECRET);
-  } catch (err) {
-    return res.sendStatus(401);
-  }
-  const { username } = decoded;
+  const { username } = req.authUser;
 
   Users.findOne({ username }, (err, found) => {
     if (err) {
@@ -66,8 +53,6 @@ router.get('/backup', verifyToken, (req, res) => {
 });
 
 router.post('/family', verifyToken, async (req, res) => {
-  const decoded = jwt.verify(req.token, process.env.JWT_SECRET);
-
   const { members } = req.body;
   if (!members) {
     return res.status(400).json({
@@ -98,7 +83,7 @@ router.post('/family', verifyToken, async (req, res) => {
   }
 
   const newFamily = new Families({
-    creator: decoded.id,
+    creator: req.authUser.id,
     members: filteredMembers.map((user) => user.id),
   });
 
@@ -122,13 +107,6 @@ router.post('/family', verifyToken, async (req, res) => {
 });
 
 router.post('/family-transactions', verifyToken, async (req, res) => {
-  let decoded;
-  try {
-    decoded = jwt.verify(req.token, process.env.JWT_SECRET);
-  } catch (err) {
-    return res.status(401).json({ code: 401, message: 'Unauthorized' });
-  }
-
   const {
     amount, labelName, date, type,
   } = req.body;
@@ -141,8 +119,8 @@ router.post('/family-transactions', verifyToken, async (req, res) => {
   }
 
   const family = await Families.findOne({
-    $or: [{ members: decoded.id },
-      { creator: decoded.id }],
+    $or: [{ members: req.authUser.id },
+      { creator: req.authUser.id }],
   });
 
   if (!family) {
@@ -153,7 +131,7 @@ router.post('/family-transactions', verifyToken, async (req, res) => {
   }
 
   family.transactions.push(new Transactions({
-    creator: decoded.id, amount, labelName, date, type,
+    creator: req.authUser.id, amount, labelName, date, type,
   }));
 
   family.save((err) => {
@@ -170,16 +148,9 @@ router.post('/family-transactions', verifyToken, async (req, res) => {
 });
 
 router.get('/family-transactions', verifyToken, async (req, res) => {
-  let decoded;
-  try {
-    decoded = jwt.verify(req.token, process.env.JWT_SECRET);
-  } catch (err) {
-    return res.status(401).json({ code: 401, message: 'Unauthorized' });
-  }
-
   const family = await Families.findOne({
-    $or: [{ members: decoded.id },
-      { creator: decoded.id }],
+    $or: [{ members: req.authUser.id },
+      { creator: req.authUser.id }],
   });
 
   if (!family) {
diff --git a/routes/route.test.js b/routes/route.test.js
index 56c98d8..c5016f3 100644
--- a/routes/route.test.js
+++ b/routes/route.test.js
@@ -138,7 +138,7 @@ describe('Users Route', () => {
     const res = await request(app)
       .get('/users')
       .set('Authorization', expiredToken);
-    expect(res.statusCode).toEqual(500);
+    expect(res.statusCode).toEqual(401);
   });
 
   it('get user list without contain', async () => {
diff --git a/routes/users.js b/routes/users.js
index 41179aa..0db8bb2 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -1,5 +1,4 @@
 const express = require('express');
-const jwt = require('jsonwebtoken');
 const bcrypt = require('bcrypt');
 const Users = require('../Models/Users');
 const {
@@ -10,7 +9,6 @@ const mailer = require('../Utils/Mailer');
 const router = express.Router();
 
 router.get('/users', verifyToken, (req, res) => {
-  jwt.verify(req.token, process.env.JWT_SECRET);
   const { contain } = req.query;
 
   Users.find((err, userList) => {