diff --git a/server/admin/index.js b/server/admin/index.js
new file mode 100644
index 0000000..15d20a7
--- /dev/null
+++ b/server/admin/index.js
@@ -0,0 +1,21 @@
+const express = require('express');
+const router = express.Router();
+
+//middleware
+const tokenAuth = require('../utilities/token-auth');
+
+router.use(tokenAuth);
+router.use((req, res, next) => {
+	//check the user's admin status
+	if (!req.user.mod) {
+		return res.status(401).send('Mods only');
+	}
+
+	next();
+});
+
+//basic route management
+router.get('/reports', require('./reports'));
+router.delete('/reports', require('./reports-delete'));
+
+module.exports = router;
\ No newline at end of file
diff --git a/server/admin/reports-delete.js b/server/admin/reports-delete.js
new file mode 100644
index 0000000..4a29ea1
--- /dev/null
+++ b/server/admin/reports-delete.js
@@ -0,0 +1,15 @@
+const { chatlog, reports } = require('../database/models');
+
+//admin/reports
+const route = async (req, res) => {
+	const reps = await reports.destroy({
+		where: {
+			chatlogId: req.body.chatlogId
+		}
+	});
+
+	//respond
+	res.status(200).end();
+};
+
+module.exports = route;
\ No newline at end of file
diff --git a/server/admin/reports.js b/server/admin/reports.js
new file mode 100644
index 0000000..7370f2d
--- /dev/null
+++ b/server/admin/reports.js
@@ -0,0 +1,31 @@
+const { chatlog, reports } = require('../database/models');
+
+//admin/reports
+const route = async (req, res) => {
+	const reps = await reports.findAll({
+		include: [{
+			model: chatlog,
+			required: true
+		}],
+		order: ['chatlogId']
+	});
+
+	//collate
+	const response = [];
+	for(let i = 0; i < reps.length; i++) {
+		//new chatlog
+		if (response.length == 0 || response[response.length - 1].chatlogId != reps[i].chatlogId) {
+			response.push(reps[i]);
+			response[response.length - 1].reporter = [response[response.length - 1].reporter]; //reporters in an array
+			continue;
+		}
+
+		//multiple people reported this, add to the existing array
+		response[response.length - 1].reporter.push(reps[i].reporter);
+	}
+
+	//respond
+	res.status(200).json(response);
+};
+
+module.exports = route;
\ No newline at end of file
diff --git a/server/database/models/reports.js b/server/database/models/reports.js
index 0e59414..d4239b6 100644
--- a/server/database/models/reports.js
+++ b/server/database/models/reports.js
@@ -19,5 +19,6 @@ const reports = sequelize.define('reports', {
 });
 
 chatlog.hasMany(reports, { foreignKey: 'chatlogId', foreignKeyConstraint: true });
+reports.belongsTo(chatlog, { foreignKey: 'chatlogId' });
 
 module.exports = reports;
\ No newline at end of file
diff --git a/server/server.js b/server/server.js
index f9c826b..6d5f840 100644
--- a/server/server.js
+++ b/server/server.js
@@ -20,6 +20,9 @@ app.use(cors());
 //database connection
 const database = require('./database');
 
+//admin stuff
+app.use('/admin', require('./admin'));
+
 //access the chat
 require('./chat')(io.of('/chat'));
 
diff --git a/server/utilities/token-auth.js b/server/utilities/token-auth.js
new file mode 100644
index 0000000..40f0a34
--- /dev/null
+++ b/server/utilities/token-auth.js
@@ -0,0 +1,21 @@
+const jwt = require('jsonwebtoken');
+
+//middleware to authenticate the JWT token
+module.exports = (req, res, next) => {
+	const authHeader = req.headers['authorization'];
+	const token = authHeader?.split (' ')[1]; //'Bearer token'
+
+	if (!token) {
+		return res.status(401).send('No token found');
+	}
+
+	return jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
+		if (err) {
+			return res.status(403).send(err);
+		}
+
+		req.user = user;
+
+		return next();
+	});
+};
\ No newline at end of file