diff --git a/api/audit.js b/api/audit.js
index 760d91b..2cc71f0 100644
--- a/api/audit.js
+++ b/api/audit.js
@@ -44,7 +44,7 @@ router.get("/", async function(req, res) {
 
 router.post("/", async function(req, res) {
     try {
-        if (req.body.assistant_s_num.length >= 9) {
+        if (!util.is_assistant(req.cookies.token)) {
             return res.json({suc : false, msg : "invalid credentials"})
         }
         let conn;
@@ -64,7 +64,6 @@ router.post("/", async function(req, res) {
             res.json({suc : true});
 	    }
 	    catch(e) {
-            console.error(e);
             await conn.rollback();
             res.json({suc : false});
 	    }
@@ -77,4 +76,43 @@ router.post("/", async function(req, res) {
     }
 })
 
-module.exports = router;
\ No newline at end of file
+router.get("/log", async function (req, res) {
+    try {
+        let conn;
+	    try {
+	    	conn = await util.getDBConnection(); // get connection from db
+	    	const query = 
+            `
+            SELECT item_form.application_id, item_form.item_info_id, item_info.item_content,
+                item_form.application_unit, 
+                item_form.subsidy,
+                scholarship_application.application_date,
+                scholarship_application.student_id, 
+                student.student_name    
+            FROM 
+                item_form
+            RIGHT JOIN 
+                scholarship_application ON item_form.application_id = scholarship_application.application_id
+            LEFT JOIN 
+                student ON scholarship_application.student_id = student.student_id
+            LEFT JOIN
+                item_info ON item_form.item_info_id = item_info.item_info_id
+            ;
+            `;
+            const result = await conn.query(query);
+            res.json({ success: true, data: result });
+	    }
+	    catch(e) {
+            console.error(e);
+            res.json({suc : false});
+	    }
+	    finally {
+		    util.closeDBConnection(conn); // close db connection
+	    }
+    }
+    catch(e) {
+        console.log(e);
+    }
+})
+
+module.exports = router;
diff --git a/api/login.js b/api/login.js
index a8bbfd1..aa2f7b1 100644
--- a/api/login.js
+++ b/api/login.js
@@ -15,7 +15,7 @@ router.post("/", async function(req, res) {
             if (result.length == 1) {
                 // valid user, create a token
                 let is_assistant = result[0]['is_assistant'] == 1
-                const data = {uid : account, is_assistent: is_assistant};
+                const data = {uid : account, is_assistant: is_assistant};
                 const token = util.signJwtToken(data);
                 if (!is_assistant){
                     var result = await conn.query("SELECT student_name FROM student WHERE student_id = ? ;", [account]);
diff --git a/utilities/utilities_main.js b/utilities/utilities_main.js
index ca42042..b4a04af 100644
--- a/utilities/utilities_main.js
+++ b/utilities/utilities_main.js
@@ -34,6 +34,24 @@ module.exports = {
             }
         });
     },
+    is_assistant: function(token) {
+        try {
+            const result = jwt.verify(token, jwt_key).data;
+            console.log(result);
+
+            if (result.is_assistant == true) {
+                console.log("return true");
+                return true;
+            } else {
+                console.log("return false");
+                return false;
+            }
+        } catch (error) {
+            console.log(error);
+            return false;
+        }
+    },
+
 
     loginAuthentication: function(account, password) {
         return new Promise((resolve, reject) => { // 包裝成 Promise