diff --git a/server/src/auth/login.rs b/server/src/auth/login.rs
index 77dab39..6e0e2c6 100644
--- a/server/src/auth/login.rs
+++ b/server/src/auth/login.rs
@@ -18,8 +18,8 @@ pub async fn handle(
     let user = User::new(&request.username, &request.password);
 
     let response = match db.find_user(&user.username, &user.password).await {
-        Ok(res) => {
-            let token = create_token(res, config.jwt.secret.as_bytes(), config.jwt.expires)?;
+        Ok(user) => {
+            let token = create_token(&user, config.jwt.secret.as_bytes(), config.jwt.expires)?;
 
             Response::LoggedIn {
                 access_token: token,
diff --git a/server/src/auth/register.rs b/server/src/auth/register.rs
index 7ba456a..1aa3bab 100644
--- a/server/src/auth/register.rs
+++ b/server/src/auth/register.rs
@@ -1,3 +1,5 @@
+use std::fs;
+
 use axum::{extract::rejection::JsonRejection, Extension, Json};
 use homedisk_database::{Database, User};
 use homedisk_types::{
@@ -34,7 +36,7 @@ pub async fn handle(
 
     let response = match db.create_user(&user).await {
         Ok(_) => {
-            let token = create_token(user, config.jwt.secret.as_bytes(), config.jwt.expires)?;
+            let token = create_token(&user, config.jwt.secret.as_bytes(), config.jwt.expires)?;
 
             Response::LoggedIn {
                 access_token: token,
@@ -52,5 +54,13 @@ pub async fn handle(
         }
     };
 
+    // create directory for user files
+    let user_dir = format!(
+        "{storage}/{username}",
+        storage = config.storage.path,
+        username = user.username,
+    );
+    fs::create_dir_all(&user_dir).unwrap();
+
     Ok(Json(response))
 }
diff --git a/server/src/fs/upload.rs b/server/src/fs/upload.rs
index b5f2add..d0ae139 100644
--- a/server/src/fs/upload.rs
+++ b/server/src/fs/upload.rs
@@ -48,7 +48,7 @@ pub async fn handle(
             }
 
             // write file
-            fs::write(&path, content)
+            fs::write(&path, &content)
                 .map_err(|err| ServerError::FsError(FsError::WriteFile(err.to_string())))?;
 
             Response { uploaded: true }
diff --git a/server/src/middleware/jwt.rs b/server/src/middleware/jwt.rs
index 4711cda..16ebe2c 100644
--- a/server/src/middleware/jwt.rs
+++ b/server/src/middleware/jwt.rs
@@ -2,8 +2,8 @@ use homedisk_database::User;
 use homedisk_types::errors::{AuthError, ServerError};
 use rust_utilities::crypto::jsonwebtoken::{Claims, Token};
 
-pub fn create_token(user: User, secret: &[u8], expires: i64) -> Result<String, ServerError> {
-    let token = Token::new(secret, Claims::new(user.id, expires));
+pub fn create_token(user: &User, secret: &[u8], expires: i64) -> Result<String, ServerError> {
+    let token = Token::new(secret, Claims::new(user.id.clone(), expires));
 
     match token {
         Ok(token) => Ok(token.encoded),