diff --git a/conf/var.go b/conf/var.go
index e46b7b96..127b4212 100644
--- a/conf/var.go
+++ b/conf/var.go
@@ -41,8 +41,9 @@ var (
 	RawIndexHtml string
 	IndexHtml    string
 	CheckParent  bool
-	CheckDown bool
+	CheckDown    bool
 
+	Token       string
 	DavUsername string
 	DavPassword string
 )
diff --git a/drivers/alidrive/driver.go b/drivers/alidrive/driver.go
index b7bd2f1f..5fadd453 100644
--- a/drivers/alidrive/driver.go
+++ b/drivers/alidrive/driver.go
@@ -431,7 +431,7 @@ func (driver AliDrive) Upload(file *model.FileStream, account *model.Account) er
 		if err != nil {
 			return err
 		}
-		res, err := base.BaseHttpClient.Do(req)
+		res, err := base.HttpClient.Do(req)
 		if err != nil {
 			return err
 		}
diff --git a/drivers/all.go b/drivers/all.go
index 328d0ecf..42697b43 100644
--- a/drivers/all.go
+++ b/drivers/all.go
@@ -4,6 +4,7 @@ import (
 	_ "github.com/Xhofe/alist/drivers/123"
 	_ "github.com/Xhofe/alist/drivers/189"
 	_ "github.com/Xhofe/alist/drivers/alidrive"
+	_ "github.com/Xhofe/alist/drivers/alist"
 	_ "github.com/Xhofe/alist/drivers/google"
 	_ "github.com/Xhofe/alist/drivers/lanzou"
 	_ "github.com/Xhofe/alist/drivers/native"
diff --git a/drivers/base/driver.go b/drivers/base/driver.go
index bf35c3da..d0098890 100644
--- a/drivers/base/driver.go
+++ b/drivers/base/driver.go
@@ -81,8 +81,8 @@ func GetDrivers() map[string][]Item {
 }
 
 var NoRedirectClient *resty.Client
-//var BaseClient = resty.New()
-var BaseHttpClient = &http.Client{}
+var RestyClient = resty.New()
+var HttpClient = &http.Client{}
 
 func init() {
 	NoRedirectClient = resty.New().SetRedirectPolicy(
diff --git a/model/setting.go b/model/setting.go
index ebe1bf2d..31b6c011 100644
--- a/model/setting.go
+++ b/model/setting.go
@@ -1,7 +1,9 @@
 package model
 
 import (
+	"fmt"
 	"github.com/Xhofe/alist/conf"
+	"github.com/Xhofe/alist/utils"
 	"strings"
 )
 
@@ -83,6 +85,11 @@ func LoadSettings() {
 		conf.IndexHtml = strings.Replace(conf.IndexHtml, "<!-- customize body -->", customizeBody.Value, 1)
 	}
 
+	adminPassword, err := GetSettingByKey("password")
+	if err == nil {
+		conf.Token = utils.GetMD5Encode(fmt.Sprintf("https://github.com/Xhofe/alist-%s",adminPassword.Value))
+	}
+
 	davUsername, err := GetSettingByKey("WebDAV username")
 	if err == nil {
 		conf.DavUsername = davUsername.Value
diff --git a/server/middlewares/auth.go b/server/middlewares/auth.go
index 1eec9764..cd6f2975 100644
--- a/server/middlewares/auth.go
+++ b/server/middlewares/auth.go
@@ -2,25 +2,24 @@ package middlewares
 
 import (
 	"fmt"
-	"github.com/Xhofe/alist/model"
+	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/server/common"
-	"github.com/Xhofe/alist/utils"
 	"github.com/gin-gonic/gin"
-	"gorm.io/gorm"
 )
 
 func Auth(c *gin.Context) {
 	token := c.GetHeader("Authorization")
-	password, err := model.GetSettingByKey("password")
-	if err != nil {
-		if err == gorm.ErrRecordNotFound {
-			common.ErrorResp(c, fmt.Errorf("password not set"), 400)
-			return
-		}
-		common.ErrorResp(c, err, 500)
-		return
-	}
-	if token != utils.GetMD5Encode(password.Value) {
+	//password, err := model.GetSettingByKey("password")
+	//if err != nil {
+	//	if err == gorm.ErrRecordNotFound {
+	//		common.ErrorResp(c, fmt.Errorf("password not set"), 400)
+	//		return
+	//	}
+	//	common.ErrorResp(c, err, 500)
+	//	return
+	//}
+	//if token != utils.GetMD5Encode(password.Value) {
+	if token != conf.Token {
 		common.ErrorResp(c, fmt.Errorf("wrong password"), 401)
 		return
 	}
diff --git a/server/middlewares/down.go b/server/middlewares/down.go
index 2176017b..5f61d78d 100644
--- a/server/middlewares/down.go
+++ b/server/middlewares/down.go
@@ -2,14 +2,21 @@ package middlewares
 
 import (
 	"fmt"
+	"github.com/Xhofe/alist/conf"
 	"github.com/Xhofe/alist/server/common"
 	"github.com/Xhofe/alist/utils"
 	"github.com/gin-gonic/gin"
 )
 
 func DownCheck(c *gin.Context) {
+	sign := c.Query("sign")
 	rawPath := c.Param("path")
 	rawPath = utils.ParsePath(rawPath)
+	name := utils.Base(rawPath)
+	if sign == utils.Get16MD5Encode(fmt.Sprintf("%s-%s", conf.Token, name)) {
+		c.Next()
+		return
+	}
 	pw := c.Query("pw")
 	if !common.CheckDownLink(utils.Dir(rawPath), pw, utils.Base(rawPath)) {
 		common.ErrorResp(c, fmt.Errorf("wrong password"), 401)
diff --git a/server/middlewares/path.go b/server/middlewares/path.go
index f6d24b72..d7be49d3 100644
--- a/server/middlewares/path.go
+++ b/server/middlewares/path.go
@@ -17,6 +17,11 @@ func PathCheck(c *gin.Context) {
 	}
 	req.Path = utils.ParsePath(req.Path)
 	c.Set("req",req)
+	token := c.GetHeader("Authorization")
+	if token == conf.Token {
+		c.Next()
+		return
+	}
 	meta, err := model.GetMetaByPath(req.Path)
 	if err == nil {
 		if meta.Password != "" && meta.Password != req.Password {