diff --git a/.gitignore b/.gitignore
index b0f50ee..7d965ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 .pydevproject
 poetry.lock
 .env
+media/*
\ No newline at end of file
diff --git a/api/settings.py b/api/settings.py
index 6dbf441..3f424da 100644
--- a/api/settings.py
+++ b/api/settings.py
@@ -27,11 +27,15 @@ SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
+MEDIA_URL = '/media/'
+MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
+
 ALLOWED_HOSTS = [
     'localhost',
     '127.0.0.1'
 ]
 
+
 CORS_ALLOWED_ORIGINS = [
     "http://localhost:5173",
     'http://127.0.0.1:5173'
@@ -57,6 +61,7 @@ AUTH_USER_MODEL = 'books.CustomUser'
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
diff --git a/api/urls.py b/api/urls.py
index 6ba79eb..ff2dd21 100644
--- a/api/urls.py
+++ b/api/urls.py
@@ -18,8 +18,10 @@ from django.contrib import admin
 from django.urls import path
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 
+from api import settings
 from books import views
 from books.views import UserProfileView, BookListCreateView
+from django.conf.urls.static import static
 
 urlpatterns = [
     path('admin/', admin.site.urls),
@@ -27,5 +29,8 @@ urlpatterns = [
     path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('api/profile', UserProfileView.as_view(), name='user_profile'),
     path('api/books', BookListCreateView.as_view(), name='book_list_create'),
-    path('api/users/<int:user_id>', views.find_user_by_id, name='user-detail')
-]
\ No newline at end of file
+    path('api/users/<int:user_id>', views.find_user_by_id, name='user-detail'),
+]
+
+urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+
diff --git a/books/models.py b/books/models.py
index f68d19c..a90c377 100644
--- a/books/models.py
+++ b/books/models.py
@@ -1,9 +1,22 @@
+import os
+from uuid import uuid4
+
 from django.contrib.auth.models import AbstractUser
 from django.db import models
 from django.conf import settings
 from django.utils.translation import gettext_lazy as _
 from django.core.validators import MaxValueValidator
 
+def upload_avatar(instance, filename):
+    ext = filename.split('.')[-1]
+    filename = '{}.{}'.format(uuid4().hex, ext)
+    return os.path.join('avatars/', filename)
+
+def upload_illustration(instance, filename):
+    ext = filename.split('.')[-1]
+    filename = '{}.{}'.format(uuid4().hex, ext)
+    return os.path.join('illustrations/', filename)
+
 class Book(models.Model):
     PLAN_TO_READ = 'PLAN'
     READING = 'READING'
@@ -32,6 +45,7 @@ class Book(models.Model):
     )
     title = models.CharField(max_length=255)
     author = models.CharField(max_length=255)
+    illustration = models.ImageField(upload_to=upload_illustration)
     state = models.CharField(
         _('state'),
         max_length=10,
@@ -47,5 +61,7 @@ class Book(models.Model):
 
 
 class CustomUser(AbstractUser):
+    avatar = models.ImageField(upload_to=upload_avatar)
+
     def __str__(self):
         return self.username
\ No newline at end of file
diff --git a/books/views.py b/books/views.py
index eb53357..eb4dc49 100644
--- a/books/views.py
+++ b/books/views.py
@@ -23,7 +23,6 @@ class BookListCreateView(APIView):
         
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
-
 @api_view(['GET'])
 def find_user_by_id(request, user_id):
     try:
@@ -32,7 +31,10 @@ def find_user_by_id(request, user_id):
         books_serializer = BookSerializer(books_queryset, many=True)
         return Response({
             'username': user.username,
+            'firstName': user.first_name,
+            'lastName': user.last_name,
             'email': user.email,
+            'profilePicture': user.avatar.url if user.avatar else '',
             'books': books_serializer.data,
         })
 
@@ -48,6 +50,9 @@ class UserProfileView(APIView):
         books_serializer = BookSerializer(books_queryset, many=True)
         return Response({
             'username': user.username,
+            'firstName': user.first_name,
+            'lastName': user.last_name,
             'email': user.email,
+            'profilePicture': user.avatar.url if user.avatar else '',
             'books': books_serializer.data,
         })
\ No newline at end of file
diff --git a/pyproject.toml b/pyproject.toml
index 4f68894..fe94060 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -15,3 +15,4 @@ django-cors-headers = "^4.9.0"
 psycopg = "^3.1"
 gunicorn = "^22.0"
 dotenv = "^0.9.9"
+pillow = "^12.0.0"