diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js
index 67d93ab..e0a6aa0 100644
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -12,14 +12,24 @@ const registerSchema = z.object({
   displayName: z.string().min(2).max(120)
 });
 
+const loginSchema = z.object({
+  email: z.string().email(),
+  password: z.string().min(1)
+});
+
 router.post('/register', async (req, res) => {
-  const parsed = registerSchema.safeParse(req.body);
-  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
-
-  const { email, password, displayName } = parsed.data;
-  const passwordHash = await bcrypt.hash(password, 12);
-
   try {
+    const parsed = registerSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return res.status(400).json({ 
+        error: 'Validation failed',
+        details: parsed.error.flatten() 
+      });
+    }
+
+    const { email, password, displayName } = parsed.data;
+    const passwordHash = await bcrypt.hash(password, 12);
+
     const [result] = await pool.query(
       'INSERT INTO users (email, password_hash, display_name) VALUES (?, ?, ?)',
       [email, passwordHash, displayName]
@@ -28,26 +38,43 @@ router.post('/register', async (req, res) => {
     const token = jwt.sign({ userId: result.insertId, email }, process.env.JWT_SECRET, { expiresIn: '7d' });
     return res.status(201).json({ token });
   } catch (err) {
-    if (err.code === 'ER_DUP_ENTRY') return res.status(409).json({ error: 'Email already exists' });
+    console.error('Registration error:', err);
+    if (err.code === 'ER_DUP_ENTRY') {
+      return res.status(409).json({ error: 'Email already exists' });
+    }
     return res.status(500).json({ error: 'Registration failed' });
   }
 });
 
 router.post('/login', async (req, res) => {
-  const parsed = z.object({ email: z.string().email(), password: z.string().min(1) }).safeParse(req.body);
-  if (!parsed.success) return res.status(400).json({ error: parsed.error.flatten() });
+  try {
+    const parsed = loginSchema.safeParse(req.body);
+    if (!parsed.success) {
+      return res.status(400).json({ 
+        error: 'Validation failed',
+        details: parsed.error.flatten() 
+      });
+    }
 
-  const { email, password } = parsed.data;
-  const [rows] = await pool.query('SELECT id, email, password_hash FROM users WHERE email = ? LIMIT 1', [email]);
-  const user = rows[0];
+    const { email, password } = parsed.data;
+    const [rows] = await pool.query('SELECT id, email, password_hash FROM users WHERE email = ? LIMIT 1', [email]);
+    const user = rows[0];
 
-  if (!user) return res.status(401).json({ error: 'Invalid credentials' });
+    if (!user) {
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
 
-  const ok = await bcrypt.compare(password, user.password_hash);
-  if (!ok) return res.status(401).json({ error: 'Invalid credentials' });
+    const ok = await bcrypt.compare(password, user.password_hash);
+    if (!ok) {
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
 
-  const token = jwt.sign({ userId: user.id, email: user.email }, process.env.JWT_SECRET, { expiresIn: '7d' });
-  return res.json({ token });
+    const token = jwt.sign({ userId: user.id, email: user.email }, process.env.JWT_SECRET, { expiresIn: '7d' });
+    return res.json({ token });
+  } catch (err) {
+    console.error('Login error:', err);
+    return res.status(500).json({ error: 'Login failed' });
+  }
 });
 
-export default router;
+export default router;
\ No newline at end of file