diff --git a/docker-compose.yml b/docker-compose.yml
index 12cefa8..fb53d01 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,19 +2,19 @@ services:
   cb-db:
     container_name: cb-db
     image: postgres:15.4-alpine
-    restart: always
+    restart: unless-stopped
     environment:
       POSTGRES_PASSWORD: password
     volumes:
       - ./prisma/db:/var/lib/postgresql/data
     ports:
-      - 5432:5432
+      - 6432:5432
   cb-app:
     container_name: cb-app
     build:
       context: .
       dockerfile: app.dockerfile
-    restart: always
+    restart: unless-stopped
     depends_on:
       - cb-db
     ports:
diff --git a/src/lib/dtos/user.ts b/src/lib/dtos/user.ts
new file mode 100644
index 0000000..d4c4572
--- /dev/null
+++ b/src/lib/dtos/user.ts
@@ -0,0 +1,13 @@
+export type aboutInfo = {
+	bio: string;
+	tagline: string;
+};
+
+export type User = {
+	id: string;
+	name: string;
+	lastOnline: string;
+	profilePicture?: string;
+	aboutInfo?: aboutInfo;
+	gameIds?: number[];
+};
diff --git a/src/routes/(auth)/login/+page.svelte b/src/routes/(auth)/login/+page.svelte
index dca7f3f..4d264c6 100644
--- a/src/routes/(auth)/login/+page.svelte
+++ b/src/routes/(auth)/login/+page.svelte
@@ -3,41 +3,18 @@
 	import { guildedMediaLink } from '$lib/utils/guilded-media';
 	import { Avatar } from '@skeletonlabs/skeleton';
 	import { onMount } from 'svelte';
+	import type { User } from '$lib/dtos/user';
 
 	let userSearch = '';
 
-	type aboutInfo = {
-		bio: string;
-		tagline: string;
-	};
-
-	type User = {
-		id: string;
-		name: string;
-		lastOnline: string;
-		profilePicture?: string;
-		aboutInfo?: aboutInfo;
-		gameIds?: number[];
-	};
-
 	let users: User[] = [];
 
 	const typingDelay = 750;
 	var typingTimer: NodeJS.Timeout;
 
 	const searchForUsername = async () => {
-		fetch(
-			`https://www.guilded.gg/api/search?query=${userSearch}&entityType=user&maxResultsPerType=20`,
-			{ method: 'GET' }
-		).then(async (res) => {
-			const data = await res.json();
-			users = data.results.users;
-			users = users.map((user: User) => {
-				return {
-					...user,
-					profilePicture: guildedMediaLink(user.profilePicture ?? '/poop.png')
-				};
-			});
+		fetch(`/api/v2/search?query=${userSearch}`, { method: 'GET' }).then(async (res) => {
+			users = await res.json();
 			if (userSearch == '') {
 				users = [];
 			}
diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte
index 8dcf949..539adc5 100644
--- a/src/routes/+layout.svelte
+++ b/src/routes/+layout.svelte
@@ -38,9 +38,9 @@
 	import { guildedMediaLink } from '$lib/utils/guilded-media';
 	storePopup.set({ computePosition, autoUpdate, flip, shift, offset, arrow });
 	initializeStores();
-	const drawerStore = getDrawerStore();
-	const setTheme: SubmitFunction = ({ data }) => {
-		const theme = data.get('theme')?.toString();
+	getDrawerStore();
+	const setTheme: SubmitFunction = ({ formData }) => {
+		const theme = formData.get('theme')?.toString();
 		if (theme) {
 			document.body.setAttribute('data-theme', theme);
 			$storeTheme = theme;
diff --git a/src/routes/+page.server.ts b/src/routes/+page.server.ts
index 0a11a2f..cd2aa65 100644
--- a/src/routes/+page.server.ts
+++ b/src/routes/+page.server.ts
@@ -6,7 +6,17 @@ export const actions: Actions = {
 		const formData = await request.formData();
 		const theme = formData.get('theme')?.toString() ?? 'skeleton';
 		// Sets the selected theme to the cookie
-		cookies.set('theme', theme, { path: '/' });
+		cookies.set('theme', theme, {
+			path: '/',
+			httpOnly: true,
+			// only requests from same site can send cookies
+			// https://developer.mozilla.org/en-US/docs/Glossary/CSRF
+			sameSite: 'lax',
+			// only sent over HTTPS in production
+			secure: process.env.NODE_ENV === 'production',
+			// set cookie to expire after a month
+			maxAge: 60 * 60 * 24 * 30
+		});
 		return { theme };
 	}
 };
diff --git a/src/routes/api/v2/search/+server.ts b/src/routes/api/v2/search/+server.ts
new file mode 100644
index 0000000..790fa5e
--- /dev/null
+++ b/src/routes/api/v2/search/+server.ts
@@ -0,0 +1,23 @@
+import type { User } from '$lib/dtos/user';
+import { guildedMediaLink } from '$lib/utils/guilded-media';
+import { error, json } from '@sveltejs/kit';
+
+export const GET = async ({ url }) => {
+	const userSearch = url.searchParams.get('query');
+	console.log(userSearch);
+	let users: User[] = [];
+	const data = await (
+		await fetch(
+			`https://www.guilded.gg/api/search?query=${userSearch}&entityType=user&maxResultsPerType=20`,
+			{ method: 'GET' }
+		)
+	).json();
+	users = data.results.users;
+	users = users.map((user: User) => {
+		return {
+			...user,
+			profilePicture: guildedMediaLink(user.profilePicture ?? '/poop.png')
+		};
+	});
+	return json(users);
+};