diff --git a/index.js b/index.js
index b12896a..fe3cbf0 100644
--- a/index.js
+++ b/index.js
@@ -28,18 +28,18 @@ app.get('/', (req, res) => {
   // dbManager.test();
 })
 
-app.get('/camillelv', (req, res) => {
+app.get('/camillelv', checkToken, (req, res) => {
   res.sendFile(__dirname + '/pages/admin.html');
   // dbManager.test();
 })
 
-app.get('/admin', (req, res) => {
+app.get('/admin', checkToken, (req, res) => {
   res.sendFile(__dirname + '/pages/admin.html');
 })
 
-app.get('/overlay/:token/:id', (req, res) => {
-  console.log('token:', req.params.token);
-  if (!req.params.token || !req.params.id) {
+app.get('/overlay/camillelv/:id', checkToken, (req, res) => {
+  //console.log('token:', req.params.token);
+  if (!req.params.id) {
     return res.status(400).send({ message: "token or id missing" });
   }
 
@@ -51,12 +51,20 @@ app.get('/overlay/:token/:id', (req, res) => {
   });
 })
 
-app.use(express.static('./overlays'));
+app.use('/assets', express.static('./overlays/assets'));
+
+function checkToken(req, res, next) {
+  if (req.query.secret == process.env.APP_SECRET_TOKEN) {
+    return next();
+  }
+  res.status(401);
+  res.send({ message: 'Invalid request!'});
+}
+
 
 var admin = io.of('/admin'),
     client = io.of('');
 
-
 admin.on('connection', function (socket) {
   socket.on('message', function(m) {
     console.log(m);
diff --git a/pages/admin.html b/pages/admin.html
index 3834a4f..b917efa 100644
--- a/pages/admin.html
+++ b/pages/admin.html
@@ -49,13 +49,13 @@ <h1 class="title is-4">Activités</h1>
         <div class="column is-three-quarters">
           <div class="container" v-if="widgetsData[0]">
             <h1 class="title is-4">Serge</h1>
-            <a target="_blank" href="/overlay/camillelv/serge-bar">
+            <a target="_blank" :href="`/overlay/camillelv/serge-bar?secret=${secret}`">
               <span class="icon has-text-info">
                 <i class="fas fa-link"></i>
               </span>
               Overlay Barre de progression</a>
             <br>
-            <a target="_blank" href="/overlay/camillelv/serge-alert">
+            <a target="_blank" :href="`/overlay/camillelv/serge-alert?secret=${secret}`">
               <span class="icon has-text-info">
                 <i class="fas fa-link"></i>
               </span>
@@ -96,13 +96,13 @@ <h1 class="title is-4">Serge</h1>
 
           <div class="container" v-if="widgetsData[1]">
             <h1 class="title is-4">Machine à {{widgetsData[1].name}}</h1>
-            <a target="_blank" href="/overlay/camillelv/dossier-bar">
+            <a target="_blank" :href="`/overlay/camillelv/dossier-bar?secret=${secret}`">
               <span class="icon has-text-info">
                 <i class="fas fa-link"></i>
               </span>
               Overlay Barre de progression</a>
             <br>
-            <a target="_blank" href="/overlay/camillelv/dossier-alert">
+            <a target="_blank" :href="`/overlay/camillelv/dossier-alert?secret=${secret}`">
               <span class="icon has-text-info">
                 <i class="fas fa-link"></i>
               </span>
@@ -113,7 +113,7 @@ <h1 class="title is-4">Machine à {{widgetsData[1].name}}</h1>
             <br>
             <br>
             <button class="button is-warning" type="button" @click="resetDossierCounter(1)">Réinitialiser progression</button>
-            <button class="button is-warning" type="button" @click="resetDossierRevealed(1)">Réinitialiser toutes les images révélé</button>
+            <button class="button is-warning" type="button" @click="resetDossierRevealed(1)">Réinitialiser toutes les images révélés</button>
             <br>
             <br>
             <form v-on:submit.prevent="updateWidget(1)">
@@ -200,6 +200,7 @@ <h1 class="title is-4">Machine à {{widgetsData[1].name}}</h1>
   var app = new Vue({
     el: '#app',
     data: {
+      secret: null,
       message: 'Hello Vue!',
       widgetsData: [],
       myWidget: null,
@@ -246,7 +247,9 @@ <h1 class="title is-4">Machine à {{widgetsData[1].name}}</h1>
 
     },
     mounted () {
-
+      const urlParams = new URLSearchParams(window.location.search);
+      const myParam = urlParams.get('secret');
+      this.secret = myParam || null;
     },
 
     methods: {
diff --git a/pages/index.html b/pages/index.html
index c7ab33e..b63e68c 100644
--- a/pages/index.html
+++ b/pages/index.html
@@ -7,7 +7,7 @@
 </head>
 <body>
   <div id="app">
-    {{ message }}
+    ♾️
   </div>
 </body>
 
@@ -38,4 +38,10 @@
   })
 </script>
 
+<style lang="scss" scoped>
+  body {
+    font-family: sans-serif;
+  }
+</style>
+
 </html>
\ No newline at end of file