diff --git a/server/boot/story.js b/server/boot/story.js
index 7b3c058ea1..02b92e93b3 100755
--- a/server/boot/story.js
+++ b/server/boot/story.js
@@ -18,6 +18,7 @@ var time48Hours = 172800000;
 var unDasherize = utils.unDasherize;
 var dasherize = utils.dasherize;
 var getURLTitle = utils.getURLTitle;
+var ifNoUser401 = require('../utils/middleware').ifNoUser401;
 
 function hotRank(timeValue, rank) {
   /*
@@ -63,12 +64,12 @@ module.exports = function(app) {
   router.get('/stories/hotStories', hotJSON);
   router.get('/stories/submit', submitNew);
   router.get('/stories/submit/new-story', preSubmit);
-  router.post('/stories/preliminary', newStory);
-  router.post('/stories/', storySubmission);
+  router.post('/stories/preliminary', ifNoUser401, newStory);
+  router.post('/stories/', ifNoUser401, storySubmission);
   router.get('/news/', hot);
   router.post('/stories/search', getStories);
   router.get('/news/:storyName', returnIndividualStory);
-  router.post('/stories/upvote/', upvote);
+  router.post('/stories/upvote/', ifNoUser401, upvote);
   router.get('/stories/:storyName', redirectToNews);
 
   app.use(router);
diff --git a/server/utils/middleware.js b/server/utils/middleware.js
index dc0219f0a4..1edec7a59b 100644
--- a/server/utils/middleware.js
+++ b/server/utils/middleware.js
@@ -12,12 +12,12 @@ exports.userMigration = function userMigration(req, res, next) {
   if (!req.user || req.user.completedChallenges.length !== 0) {
     return next();
   }
-  req.user.completedChallenges = R.filter(function (elem) {
+  req.user.completedChallenges = R.filter(function(elem) {
     // getting rid of undefined
     return elem;
   }, R.concat(
       req.user.completedCoursewares,
-      req.user.completedBonfires.map(function (bonfire) {
+      req.user.completedBonfires.map(function(bonfire) {
         return ({
           completedDate: bonfire.completedDate,
           id: bonfire.id,
@@ -51,3 +51,10 @@ exports.ifNoUserSend = function ifNoUserSend(sendThis) {
     return res.status(200).send(sendThis);
   };
 };
+
+exports.ifNoUser401 = function ifNoUser401(req, res, next) {
+  if (req.user) {
+    return next();
+  }
+  return res.status(401).end();
+};