diff --git a/src/main.rs b/src/main.rs
index 2c337da..a9b11f9 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -147,10 +147,45 @@ async fn auth_user(State(db_pool): State<PgPool>, headers: HeaderMap) -> (Status
     )
 }
 
-async fn update_progress(headers: HeaderMap, Json(payload): Json<UpdateProgress>) -> StatusCode {
+async fn update_progress(
+    State(db_pool): State<PgPool>,
+    headers: HeaderMap,
+    Json(payload): Json<UpdateProgress>,
+) -> StatusCode {
     let username = headers["x-auth-user"].to_str().unwrap_or("");
     let password = headers["x-auth-key"].to_str().unwrap_or("");
 
+    let mut tx = db_pool.begin().await.unwrap();
+
+    if authorize(&mut *tx, username, password).await == false {
+        return StatusCode::UNAUTHORIZED;
+    }
+
+    tx.commit().await.unwrap();
+
+    let timestamp = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap()
+        .as_secs();
+
+    let document = payload.document.clone();
+
+    println!("{document}");
+
+    // TODO: Get user_id
+
+    sqlx::query("INSERT INTO progresses (user_id, document, progress, percentage, device, device_id, timestamp) SELECT id, $1, $2, $3, $4, $5, $6 FROM users WHERE username = $7 ON CONFLICT (document) DO UPDATE SET ")
+            .bind(&payload.document)
+            .bind(&payload.progress)
+            .bind(&payload.percentage)
+            .bind(&payload.device)
+            .bind(&payload.device_id)
+            .bind(timestamp as i64)
+            .bind(&username)
+            .execute(&db_pool)
+            .await
+            .unwrap();
+
     /*if authorize(username, password) == false {
         return StatusCode::UNAUTHORIZED;
     }
@@ -188,6 +223,8 @@ async fn get_progress(
     let username = headers["x-auth-user"].to_str().unwrap_or("");
     let password = headers["x-auth-key"].to_str().unwrap_or("");
 
+    println!("Häh!");
+
     /* if authorize(username, password) == false {
         return (StatusCode::UNAUTHORIZED, Json(json!("")));
     }