diff --git a/backend/routes/admin.js b/backend/routes/admin.js
index a550e82..f38e3ef 100644
--- a/backend/routes/admin.js
+++ b/backend/routes/admin.js
@@ -20,6 +20,18 @@ router.all("*", auth, async (req, res, next) => {
   }
 })
 
+router.all("*", auth, async (req, res, next) => {
+  try {
+    if (!req.user.emailVerified && process.env.EMAIL_VERIFICATION === "true") {
+      throw Errors.emailVerificationRequired
+    } else {
+      next()
+    }
+  } catch (e) {
+    next(e)
+  }
+})
+
 router.get("/", auth, async (req, res, next) => {
   try {
     res.json({
diff --git a/backend/routes/associations.js b/backend/routes/associations.js
index 06bafb4..c6710a3 100644
--- a/backend/routes/associations.js
+++ b/backend/routes/associations.js
@@ -11,6 +11,18 @@ const {
   Friend
 } = require("../models")
 
+router.all("*", auth, async (req, res, next) => {
+  try {
+    if (!req.user.emailVerified && process.env.EMAIL_VERIFICATION === "true") {
+      throw Errors.emailVerificationRequired
+    } else {
+      next()
+    }
+  } catch (e) {
+    next(e)
+  }
+})
+
 router.delete("/:id/:associationId", auth, async (req, res, next) => {
   try {
     const io = req.app.get("io")
diff --git a/backend/routes/friends.js b/backend/routes/friends.js
index cd6f172..787cac9 100644
--- a/backend/routes/friends.js
+++ b/backend/routes/friends.js
@@ -4,9 +4,21 @@ const Errors = require("../lib/errors")
 const express = require("express")
 const router = express.Router()
 
+router.all("*", auth, async (req, res, next) => {
+  try {
+    if (!req.user.emailVerified && process.env.EMAIL_VERIFICATION === "true") {
+      throw Errors.emailVerificationRequired
+    } else {
+      next()
+    }
+  } catch (e) {
+    next(e)
+  }
+})
+
 router.get("/", auth, async (req, res, next) => {
   try {
-    let friends = await Friend.findAll({
+    const friends = await Friend.findAll({
       where: {
         userId: req.user.id
       },
diff --git a/backend/routes/user.js b/backend/routes/user.js
index 4192a67..fb2ff5d 100644
--- a/backend/routes/user.js
+++ b/backend/routes/user.js
@@ -75,6 +75,9 @@ router.post("/verify/resend", auth, mailLimiter, async (req, res, next) => {
     if (process.env.EMAIL_VERIFICATION !== "true") {
       throw Errors.invalidParameter("Email verification is disabled")
     }
+    if (req.user.emailVerified) {
+      throw Errors.invalidParameter("Email is already verified")
+    }
     const token = "COLUBRINA-VERIFY-" + cryptoRandomString({ length: 64 })
     await req.user.update({
       emailToken: token