diff --git a/src/api/models.rs b/src/api/models.rs
index 598f33b3..51133052 100644
--- a/src/api/models.rs
+++ b/src/api/models.rs
@@ -21,9 +21,16 @@ pub struct User {
     pub token: Option<String>,
 }
 
-#[derive(Debug, Deserialize, Serialize)]
+#[derive(Debug, Deserialize, Serialize, Clone)]
 pub struct LoginUser {
     pub id: i64,
+    pub username: String,
+}
+
+impl LoginUser {
+    pub fn new(id: i64, username: String) -> Self {
+        Self { id, username }
+    }
 }
 
 #[derive(Debug, Deserialize, Serialize, sqlx::FromRow)]
diff --git a/src/api/routes.rs b/src/api/routes.rs
index 2c1c7296..1ce99fca 100644
--- a/src/api/routes.rs
+++ b/src/api/routes.rs
@@ -1,12 +1,4 @@
-use std::sync::Mutex;
-
-use actix_web::{
-    get,
-    http::StatusCode,
-    post, put,
-    web::{self, Data},
-    Responder,
-};
+use actix_web::{get, http::StatusCode, post, put, web, Responder};
 use actix_web_grants::proc_macro::has_permissions;
 use argon2::{password_hash::PasswordHash, Argon2, PasswordVerifier};
 use serde::Serialize;
@@ -27,15 +19,15 @@ struct ResponseObj<T> {
 
 #[get("/settings")]
 #[has_permissions("admin")]
-async fn settings(data: Data<Mutex<LoginUser>>) -> impl Responder {
-    println!("{:?}", data.lock());
+async fn settings(user: web::ReqData<LoginUser>) -> impl Responder {
+    println!("{:?}", user);
     "Hello from settings!"
 }
 
 #[put("/user/{user_id}")]
 #[has_permissions("admin")]
-async fn update_user(user_id: web::Path<i64>, data: Data<Mutex<LoginUser>>) -> impl Responder {
-    if user_id.into_inner() == data.lock().unwrap().id {
+async fn update_user(user_id: web::Path<i64>, user: web::ReqData<LoginUser>) -> impl Responder {
+    if user_id.into_inner() == user.id {
         return "Update allow!";
     }
 
@@ -45,7 +37,7 @@ async fn update_user(user_id: web::Path<i64>, data: Data<Mutex<LoginUser>>) -> i
 /// curl -X POST -H "Content-Type: application/json" -d '{"username": "USER", "password": "abc123" }' \
 /// http://127.0.0.1:8080/auth/login/
 #[post("/auth/login/")]
-pub async fn login(credentials: web::Json<User>, data: Data<Mutex<LoginUser>>) -> impl Responder {
+pub async fn login(credentials: web::Json<User>) -> impl Responder {
     match get_login(&credentials.username).await {
         Ok(mut user) => {
             let pass = user.password.clone();
@@ -66,9 +58,6 @@ pub async fn login(credentials: web::Json<User>, data: Data<Mutex<LoginUser>>) -
                     user.token = Some(token);
                 };
 
-                let mut my_data = data.lock().unwrap();
-                my_data.id = user.id;
-
                 info!("user {} login, with role: {role}", credentials.username);
 
                 web::Json(ResponseObj {
diff --git a/src/bin/ffpapi.rs b/src/bin/ffpapi.rs
index 2c7cd77a..cd289775 100644
--- a/src/bin/ffpapi.rs
+++ b/src/bin/ffpapi.rs
@@ -1,11 +1,6 @@
-use std::{process::exit, sync::Mutex};
+use std::process::exit;
 
-use actix_web::{
-    dev::ServiceRequest,
-    middleware,
-    web::{self, Data},
-    App, Error, HttpServer,
-};
+use actix_web::{dev::ServiceRequest, middleware, web, App, Error, HttpMessage, HttpServer};
 use actix_web_grants::permissions::AttachPermissions;
 use actix_web_httpauth::extractors::bearer::BearerAuth;
 use actix_web_httpauth::middleware::HttpAuthentication;
@@ -28,6 +23,9 @@ async fn validator(req: ServiceRequest, credentials: BearerAuth) -> Result<Servi
     // We just get permissions from JWT
     let claims = auth::decode_jwt(credentials.token()).await?;
     req.attach(claims.permissions);
+
+    req.extensions_mut()
+        .insert(LoginUser::new(claims.id, claims.username));
     Ok(req)
 }
 
@@ -52,7 +50,6 @@ async fn main() -> std::io::Result<()> {
         let ip_port = conn.split(':').collect::<Vec<&str>>();
         let addr = ip_port[0];
         let port = ip_port[1].parse::<u16>().unwrap();
-        let data = Data::new(Mutex::new(LoginUser { id: 0 }));
 
         info!("running ffplayout API, listen on {conn}");
 
@@ -61,7 +58,6 @@ async fn main() -> std::io::Result<()> {
             let auth = HttpAuthentication::bearer(validator);
             App::new()
                 .wrap(middleware::Logger::default())
-                .app_data(Data::clone(&data))
                 .service(login)
                 .service(
                     web::scope("/api")