diff --git a/package.json b/package.json
index f96a72df07..e656b2a2b2 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,8 @@
     "bower": "~1.2.4",
     "nib": "~1.0.1",
     "jade": "~0.35.0",
-    "passport": "~0.1.17"
+    "passport": "~0.1.17",
+    "validator": "~1.5.1"
   },
   "private": true,
   "subdomain": "habitrpg",
diff --git a/src/controllers/auth.js b/src/controllers/auth.js
index 166923e44f..4db27d919d 100644
--- a/src/controllers/auth.js
+++ b/src/controllers/auth.js
@@ -1,5 +1,9 @@
-var passport = require('passport');
 var _ = require('lodash');
+var validator = require('validator');
+var check = validator.check;
+var sanitize = validator.sanitize;
+var passport = require('passport');
+var helpers = require('habitrpg-shared/script/helpers');
 var async = require('async');
 var derbyAuthUtil = require('derby-auth/utils');
 var User = require('../models/user').model;
diff --git a/src/controllers/user.js b/src/controllers/user.js
index d2657c98b1..0905ecb97f 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -9,7 +9,7 @@ var async = require('async');
 var algos = require('habitrpg-shared/script/algos');
 var helpers = require('habitrpg-shared/script/helpers');
 var items = require('habitrpg-shared/script/items');
-var validator = require('derby-auth/node_modules/validator');
+var validator = require('validator');
 var check = validator.check;
 var sanitize = validator.sanitize;
 var User = require('./../models/user').model;
diff --git a/src/routes/api.js b/src/routes/api.js
index 5e874cb11a..0d036c4803 100644
--- a/src/routes/api.js
+++ b/src/routes/api.js
@@ -23,13 +23,6 @@ router.get('/status', function(req, res) {
   });
 });
 
-/* auth.auth*/
-auth.setupPassport(router); //FIXME make this consistent with the others
-router.post('/register', auth.registerUser);
-router.post('/user/auth/local', auth.loginLocal);
-router.post('/user/auth/facebook', auth.loginFacebook);
-
-
 /* Scoring*/
 router.post('/user/task/:id/:direction', auth.auth, cron, user.scoreTask);
 router.post('/user/tasks/:id/:direction', auth.auth, cron, user.scoreTask);
diff --git a/src/routes/auth.js b/src/routes/auth.js
index 5bfc534d17..c3068e078f 100644
--- a/src/routes/auth.js
+++ b/src/routes/auth.js
@@ -4,8 +4,8 @@ var router = new express.Router();
 
 /* auth.auth*/
 auth.setupPassport(router); //FIXME make this consistent with the others
-router.post('/register', auth.registerUser);
-router.post('/user/auth/local', auth.loginLocal);
-//router.post('/user/auth/facebook', auth.loginFacebook);
+router.post('/api/v1/register', auth.registerUser);
+router.post('/api/v1/user/auth/local', auth.loginLocal);
+router.post('/api/v1/user/auth/facebook', auth.loginFacebook);
 
 module.exports = router;
\ No newline at end of file