diff --git a/src/authd.cr b/src/authd.cr
index fa094be..272c6a3 100644
--- a/src/authd.cr
+++ b/src/authd.cr
@@ -96,17 +96,13 @@ class AuthD::Response
 		]
 	{% end %}
 
-	def self.from_ipc(message : IPC::Message)
+	def self.from_ipc(message : IPC::Message) : Response?
 		payload = String.new message.payload
 		type = Type.new message.type.to_i
 
-		begin
-			request = requests.find(&.type.==(type)).try &.from_json(payload)
-		rescue e : JSON::ParseException
-			raise Exception.new "malformed request"
-		end
-
-		request
+		requests.find(&.type.==(type)).try &.from_json(payload)
+	rescue e : JSON::ParseException
+		raise Exception.new "malformed request"
 	end
 end
 
@@ -218,17 +214,13 @@ class AuthD::Request
 		]
 	{% end %}
 
-	def self.from_ipc(message : IPC::Message)
+	def self.from_ipc(message : IPC::Message) : Request?
 		payload = String.new message.payload
 		type = Type.new message.type.to_i
 
-		begin
-			request = requests.find(&.type.==(type)).try &.from_json(payload)
-		rescue e : JSON::ParseException
-			raise Exception.new "misformed request"
-		end
-
-		request
+		requests.find(&.type.==(type)).try &.from_json(payload)
+	rescue e : JSON::ParseException
+		raise Exception.new "malformed request"
 	end
 end
 
diff --git a/src/main.cr b/src/main.cr
index 431b4c0..231c7ab 100644
--- a/src/main.cr
+++ b/src/main.cr
@@ -10,9 +10,86 @@ require "./authd.cr"
 
 extend AuthD
 
-class IPC::Connection
-	def send(type : AuthD::Response::Type, payload : String)
-		send type.to_u8, payload
+class AuthD::Service
+	def initialize(@passwd : Passwd, @jwt_key : String)
+	end
+
+	def handle_request(request : AuthD::Request?, connection : IPC::Connection)
+		case request
+		when Request::GetToken
+			user = @passwd.get_user request.login, request.password
+
+			if user.nil?
+				return Response::Error.new "invalid credentials"
+			end
+
+			token = JWT.encode user.to_h, @jwt_key, JWT::Algorithm::HS256
+
+			Response::Token.new token
+		when Request::AddUser
+			if request.shared_key != @jwt_key
+				return Response::Error.new "invalid authentication key"
+			end
+
+			if @passwd.user_exists? request.login
+				return Response::Error.new "login already used"
+			end
+
+			user = @passwd.add_user request.login, request.password
+
+			Response::UserAdded.new user
+		when Request::GetUserByCredentials
+			user = @passwd.get_user request.login, request.password
+
+			if user
+				Response::User.new user
+			else
+				Response::Error.new "user not found"
+			end
+		when Request::GetUser
+			user = @passwd.get_user request.uid
+
+			if user
+				Response::User.new user
+			else
+				Response::Error.new "user not found"
+			end
+		when Request::ModUser
+			if request.shared_key != @jwt_key
+				return Response::Error.new "invalid authentication key"
+			end
+
+			password_hash = request.password.try do |s|
+				Passwd.hash_password s
+			end
+
+			@passwd.mod_user request.uid, password_hash: password_hash
+
+			Response::UserEdited.new request.uid
+		else
+			Response::Error.new "unhandled request type"
+		end
+	end
+
+	def run
+		##
+		# Provides a JWT-based authentication scheme for service-specific users.
+		IPC::Service.new "auth" do |event|
+			if event.is_a? IPC::Exception
+				puts "oh no"
+				pp! event
+				next
+			end
+
+			case event
+			when IPC::Event::Message
+				request = Request.from_ipc event.message
+
+				response = handle_request request, event.connection
+
+				event.connection.send response
+			end
+		end
 	end
 end
 
@@ -42,75 +119,5 @@ end
 
 passwd = Passwd.new authd_passwd_file, authd_group_file
 
-##
-# Provides a JWT-based authentication scheme for service-specific users.
-IPC::Service.new "auth" do |event|
-	if event.is_a? IPC::Exception
-		puts "oh no"
-		pp! event
-		next
-	end
-
-	case event
-	when IPC::Event::Message
-		request = Request.from_ipc event.message
-
-		response = case request
-		when Request::GetToken
-			user = passwd.get_user request.login, request.password
-
-			if user.nil?
-				next Response::Error.new "invalid credentials"
-			end
-
-			token = JWT.encode user.to_h, authd_jwt_key, JWT::Algorithm::HS256
-
-			Response::Token.new token
-		when Request::AddUser
-			if request.shared_key != authd_jwt_key
-				next Response::Error.new "invalid authentication key"
-			end
-
-			if passwd.user_exists? request.login
-				next Response::Error.new "login already used"
-			end
-
-			user = passwd.add_user request.login, request.password
-
-			Response::UserAdded.new user
-		when Request::GetUserByCredentials
-			user = passwd.get_user request.login, request.password
-
-			if user
-				Response::User.new user
-			else
-				Response::Error.new "user not found"
-			end
-		when Request::GetUser
-			user = passwd.get_user request.uid
-
-			if user
-				Response::User.new user
-			else
-				Response::Error.new "user not found"
-			end
-		when Request::ModUser
-			if request.shared_key != authd_jwt_key
-				next Response::Error.new "invalid authentication key"
-			end
-
-			password_hash = request.password.try do |s|
-				Passwd.hash_password s
-			end
-
-			passwd.mod_user request.uid, password_hash: password_hash
-
-			Response::UserEdited.new request.uid
-		else
-			Response::Error.new "unhandled request type"
-		end
-
-		event.connection.send response
-	end
-end
+AuthD::Service.new(passwd, authd_jwt_key).run