diff --git a/.gitignore b/.gitignore
index 7d0fc73..68d053f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -141,4 +141,5 @@ cython_debug/
 static/
 media/
 
-.idea/
\ No newline at end of file
+.idea/
+env1/
\ No newline at end of file
diff --git a/account/account.http b/account/account.http
index 6a94851..e3becf2 100644
--- a/account/account.http
+++ b/account/account.http
@@ -46,4 +46,5 @@ Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwayI6ImY0MzkyMDQ1L
   "old_password": "string!!",
   "new_password1": "!!123123!!",
   "new_password2": "!!123123!!"
-}
\ No newline at end of file
+}
+
diff --git a/account/authorization.py b/account/authorization.py
index 661ada1..c7f119c 100644
--- a/account/authorization.py
+++ b/account/authorization.py
@@ -24,4 +24,3 @@ def get_tokens_for_user(user):
     return {
         'access': str(token),
     }
-
diff --git a/account/controllers.py b/account/controllers.py
index b32b209..6b08037 100644
--- a/account/controllers.py
+++ b/account/controllers.py
@@ -64,7 +64,6 @@ def me(request):
 
 @account_controller.put('', auth=GlobalAuth(), response={
     200: AccountOut,
-
 })
 def update_account(request, update_in: AccountUpdate):
     User.objects.filter(id=request.auth['pk']).update(**update_in.dict())
@@ -87,4 +86,4 @@ def change_password(request, password_update_in: ChangePasswordSchema):
 
     user.set_password(password_update_in.new_password1)
     user.save()
-    return {'detail': 'password updated successfully'}
+    return {'detail': 'password updated successfully'}
\ No newline at end of file
diff --git a/account/migrations/0002_alter_user_options.py b/account/migrations/0002_alter_user_options.py
new file mode 100644
index 0000000..78f09ec
--- /dev/null
+++ b/account/migrations/0002_alter_user_options.py
@@ -0,0 +1,17 @@
+# Generated by Django 3.2.9 on 2021-11-05 13:23
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='user',
+            options={'verbose_name': 'user', 'verbose_name_plural': 'users'},
+        ),
+    ]
diff --git a/commerce/controllers.py b/commerce/controllers.py
index a8a551a..3ad55dc 100644
--- a/commerce/controllers.py
+++ b/commerce/controllers.py
@@ -9,8 +9,8 @@
 from pydantic import UUID4
 
 from account.authorization import GlobalAuth
-from commerce.models import Product, Category, City, Vendor, Item, Order, OrderStatus
-from commerce.schemas import ProductOut, CitiesOut, CitySchema, VendorOut, ItemOut, ItemSchema, ItemCreate
+from commerce.models import *
+from commerce.schemas import *
 from config.utils.schemas import MessageOut
 
 products_controller = Router(tags=['products'])
@@ -178,9 +178,9 @@ def delete_city(request, id: UUID4):
 @order_controller.get('cart', response={
     200: List[ItemOut],
     404: MessageOut
-})
+},auth=GlobalAuth())
 def view_cart(request):
-    cart_items = Item.objects.filter(user=User.objects.first(), ordered=False)
+    cart_items = Item.objects.filter(user=User.objects.get(id=request.auth['pk']), ordered=False)
 
     if cart_items:
         return cart_items
@@ -191,23 +191,23 @@ def view_cart(request):
 @order_controller.post('add-to-cart', response={
     200: MessageOut,
     # 400: MessageOut
-})
+},auth=GlobalAuth())
 def add_update_cart(request, item_in: ItemCreate):
     try:
-        item = Item.objects.get(product_id=item_in.product_id, user=User.objects.first())
+        item = Item.objects.get(product_id=item_in.product_id, user=User.objects.get(id=request.auth['pk']))
         item.item_qty += 1
         item.save()
     except Item.DoesNotExist:
-        Item.objects.create(**item_in.dict(), user=User.objects.first())
+        Item.objects.create(**item_in.dict(), user=User.objects.get(id=request.auth['pk']))
 
     return 200, {'detail': 'Added to cart successfully'}
 
 
 @order_controller.post('item/{id}/reduce-quantity', response={
     200: MessageOut,
-})
+},auth=GlobalAuth())
 def reduce_item_quantity(request, id: UUID4):
-    item = get_object_or_404(Item, id=id, user=User.objects.first())
+    item = get_object_or_404(Item, id=id, user=User.objects.get(id=request.auth['pk']))
     if item.item_qty <= 1:
         item.delete()
         return 200, {'detail': 'Item deleted!'}
@@ -219,27 +219,85 @@ def reduce_item_quantity(request, id: UUID4):
 
 @order_controller.delete('item/{id}', response={
     204: MessageOut
-})
+},auth=GlobalAuth())
 def delete_item(request, id: UUID4):
-    item = get_object_or_404(Item, id=id, user=User.objects.first())
+    item = get_object_or_404(Item, id=id, user=User.objects.get(id=request.auth['pk']))
     item.delete()
 
     return 204, {'detail': 'Item deleted!'}
 
 
+#-----------address----------------
+
+@order_controller.get('address', response={
+    200: List[AddressOut],
+    404: MessageOut
+})
+def list_address(request):
+    address_qs =Address.objects.all()
+
+    if address_qs:
+        return address_qs
+
+    return 404, {'detail': 'No address found'}
+
+
+@address_controller.get('order_address/{id}', response={
+    200: AddressOut,
+    404: MessageOut
+})
+def retrieve_address(request, id: UUID4):
+    return get_object_or_404(Address, id=id)
+
+
+@order_controller.post('order_address', response={
+    201: AddressOut,
+    400: MessageOut
+},auth=GlobalAuth())
+def create_address(request, address_in:AddressSchema):
+    city = City(**address_in.city.dict())
+    city.save()
+    address=Address.objects.create(address1=address_in.address1,address2=address_in.address2,
+    phone=address_in.phone,
+    work_address=address_in.work_address,
+    city=city,user=User.objects.get(id=request.auth['pk']))
+    address.save()
+    return 201, address
+
+
+@order_controller.put('order_address/{id}', response={
+    200: AddressOut,
+    400: MessageOut
+})
+def update_address(request, id: UUID4, address_in:AddressSchema):
+    city = City(**address_in.city.dict())
+    city.save()
+    address = get_object_or_404(Address, id=id)
+    address.address1 = address_in.address1
+    address.address2 = address_in.address2
+    address.phone = address_in.phone
+    address.work_address=address_in.work_address 
+    address.city=city
+    address.save()
+    return 200, address
+
+
+@order_controller.delete('order_address/{id}', response={
+    204: MessageOut
+})
+def delete_city(request, id: UUID4):
+    address = get_object_or_404(Address, id=id)
+    address.delete()
+    return 204, {'detail': ''}
+
+
+#-----------create-order----------------
 def generate_ref_code():
     return ''.join(random.sample(string.ascii_letters + string.digits, 6))
 
 
-@order_controller.post('create-order', auth=GlobalAuth(), response=MessageOut)
+@order_controller.post('create-order', response=MessageOut,auth=GlobalAuth())
 def create_order(request):
-    '''
-    * add items and mark (ordered) field as True
-    * add ref_number
-    * add NEW status
-    * calculate the total
-    '''
-
     order_qs = Order.objects.create(
         user=User.objects.first(),
         status=OrderStatus.objects.get(is_default=True),
@@ -247,7 +305,7 @@ def create_order(request):
         ordered=False,
     )
 
-    user_items = Item.objects.filter(user=User.objects.first()).filter(ordered=False)
+    user_items = Item.objects.filter(user=User.objects.get(id=request.auth['pk'])).filter(ordered=False)
 
     order_qs.items.add(*user_items)
     order_qs.total = order_qs.order_total
@@ -255,3 +313,25 @@ def create_order(request):
     order_qs.save()
 
     return {'detail': 'order created successfully'}
+       
+
+#----------------checkout-----------
+
+@order_controller.post('checkout', response=MessageOut,auth=GlobalAuth())
+def checkout(request ,order_address:CheckOut):
+    order_item = Order.objects.filter(user=User.objects.get(id=request.auth['pk'])).filter(ordered=False)
+    print(order_item)
+    city = City(**order_address.address.city.dict())
+    city.save()
+
+    if order_item:
+        order_item.note=order_address.note
+        order_item.address=Address.objects.create(address1=order_address.address.address1,address2=order_address.address.address2,
+        phone=order_address.address.phone,
+        work_address=order_address.address.work_address,
+        city=city,user=User.objects.get(id=request.auth['pk']))
+        order_item.update(ordered=True)
+        order_item.status=OrderStatus.objects.get(is_default=True)
+        return {'detail':'done checkout'}
+    
+    return{'detail': 'nothing'}
diff --git a/commerce/schemas.py b/commerce/schemas.py
index 5d68396..9615294 100644
--- a/commerce/schemas.py
+++ b/commerce/schemas.py
@@ -1,13 +1,14 @@
-from typing import List
+from typing import List, Optional
 
 from ninja import ModelSchema, Schema
 from ninja.orm import create_schema
 from pydantic import UUID4
 
-from commerce.models import Product, Merchant
-
+from commerce.models import Address, City, Product, Merchant
 
 
+class MessageOut(Schema):
+    detail: str
 
 
 class UUIDSchema(Schema):
@@ -90,4 +91,22 @@ class ItemCreate(Schema):
 class ItemOut(UUIDSchema, ItemSchema):
     pass
 
+class StatusOrder(Schema):
+    is_default:bool
+    title:str
+
+
+class AddressSchema(Schema):
+    work_address:bool
+    address1:str
+    address2:str
+    phone:int
+    city:CitySchema
+class AddressOut(AddressSchema,UUIDSchema):
+   pass
+
+    
 
+class CheckOut(Schema):
+    note:str
+    address:AddressSchema