diff --git a/src/controller/assets.controller.ts b/src/controller/assets.controller.ts
index 7a01a16..6a27c52 100644
--- a/src/controller/assets.controller.ts
+++ b/src/controller/assets.controller.ts
@@ -184,7 +184,7 @@ class AssetsController {
 
   private static multerLimits = {
     fileSize: 10 * 1024 * 1024, // 10MB
-    files: 5,
+    files: 1,
     parts: 10,
   };
 
diff --git a/src/module/authentication.ts b/src/module/authentication.ts
index 0d26e8f..18f009f 100644
--- a/src/module/authentication.ts
+++ b/src/module/authentication.ts
@@ -95,24 +95,30 @@ export class Authentication {
 
     // If the header exists check the JWT token.
     const validToken: JwtToken = await Authentication.verifyJwtToken(jwtToken);
+    if (validToken === null) {
+      new APIResponse(res, 401, {}, [
+        {
+          userMessage: 'Permission not granted.',
+          internalMessage: 'Token not valid.',
+        },
+      ]).send();
+      return;
+    }
 
     try {
       const userRepository = getRepository(User);
-      const user = await userRepository.findOneOrFail({
-        where: [{ login_name: validToken.username }],
-      });
-
-      if (validToken === null || !user.is_dev) {
+      const user = await userRepository.findOneOrFail({ where: [{ login_name: validToken.username }] });
+      if (!user.is_dev) {
         new APIResponse(res, 401, {}, [
           {
             userMessage: 'Permission not granted.',
-            internalMessage: 'Wrong JWT token was provided or user was not a development account.',
+            internalMessage: 'Wrong JWT token, user was not a development account.',
           },
         ]).send();
         return;
       }
     } catch (error) {
-      console.log('There is no user with username ' + validToken.username);
+      console.log('There is no user with username ' + validToken?.username);
       new APIResponse(res, 404, {}, ['There is no user with given username.']).send();
       return;
     }
diff --git a/src/router/assets.router.ts b/src/router/assets.router.ts
index 1785c0c..fb9dc75 100644
--- a/src/router/assets.router.ts
+++ b/src/router/assets.router.ts
@@ -9,9 +9,9 @@ assetsRouter.get('/texture', AssetsController.getTextures);
 assetsRouter.put('/texture', Authentication.grantDevAccess, AssetsController.multipartData.single('asset'), AssetsController.uploadTexture);
 
 assetsRouter.get('/gltf', AssetsController.getGltf);
-assetsRouter.put('/gltf', AssetsController.multipartGltfData.single('asset'), AssetsController.uploadGltf);
+assetsRouter.put('/gltf', Authentication.grantDevAccess, AssetsController.multipartGltfData.single('asset'), AssetsController.uploadGltf);
 
-assetsRouter.post('/cubemap', AssetsController.defineCubeMap);
+assetsRouter.post('/cubemap', Authentication.grantDevAccess, AssetsController.defineCubeMap);
 assetsRouter.get('/cubemap', AssetsController.getCubeMaps);
 
 assetsRouter.use('/static', express.static(path.join(__dirname, '../../storage/dynamicAssets')));