diff --git a/backend/app/http/auth.go b/backend/app/http/auth.go
index b7bd4fc..c645b81 100644
--- a/backend/app/http/auth.go
+++ b/backend/app/http/auth.go
@@ -1,7 +1,6 @@
 package http
 
 import (
-	"fmt"
 	"net/url"
 	"time"
 
@@ -13,7 +12,6 @@ import (
 	"quyun/providers/wechat"
 
 	"github.com/gofiber/fiber/v3"
-	gonanoid "github.com/matoous/go-nanoid/v2"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 )
@@ -43,6 +41,12 @@ func (ctl *auth) Login(ctx fiber.Ctx, code, state, redirect string) error {
 	}
 	log.Debugf("tokenInfo %+v", token)
 
+	stableToken, err := ctl.wechat.GetStableAccessToken()
+	if err != nil {
+		return errors.Wrap(err, "failed to get stable access token")
+	}
+	log.Infof("stableToken %+v", stableToken)
+
 	authUserInfo, err := ctl.wechat.AuthorizeUserInfo(token.AccessToken, token.Openid)
 	if err != nil {
 		return errors.Wrap(err, "failed to get user info")
@@ -51,10 +55,11 @@ func (ctl *auth) Login(ctx fiber.Ctx, code, state, redirect string) error {
 	log.Debugf("Auth User Info: %+v", authUserInfo)
 
 	userModel := &model.Users{
-		Status:   fields.UserStatusOk,
-		OpenID:   token.GetOpenID(),
-		Username: fmt.Sprintf("u_%s", gonanoid.MustGenerate(salt, 8)),
-		Avatar:   nil,
+		Status: fields.UserStatusOk,
+		OpenID: token.GetOpenID(),
+		// Username: fmt.Sprintf("u_%s", gonanoid.MustGenerate(salt, 8)),
+		Username: authUserInfo.Nickname,
+		Avatar:   &authUserInfo.Headimgurl,
 		Metas: fields.ToJson(fields.UserMetas{
 			City:         authUserInfo.City,
 			Country:      authUserInfo.Country,
@@ -65,11 +70,13 @@ func (ctl *auth) Login(ctx fiber.Ctx, code, state, redirect string) error {
 			Sex:          authUserInfo.Sex,
 		}),
 		AuthToken: fields.ToJson(fields.UserAuthToken{
-			AccessToken:    token.AccessToken,
-			ExpiresAt:      time.Now().Add(time.Second * time.Duration(token.ExpiresIn)),
-			IsSnapshotuser: token.IsSnapshotuser,
-			RefreshToken:   token.RefreshToken,
-			Scope:          token.Scope,
+			StableAccessToken: stableToken.AccessToken,
+			StableExpiresAt:   time.Now().Add(time.Second * time.Duration(stableToken.ExpiresIn)),
+			AccessToken:       token.AccessToken,
+			ExpiresAt:         time.Now().Add(time.Second * time.Duration(token.ExpiresIn)),
+			IsSnapshotuser:    token.IsSnapshotuser,
+			RefreshToken:      token.RefreshToken,
+			Scope:             token.Scope,
 		}),
 	}
 	user, err := models.Users.GetUserByOpenIDOrCreate(ctx.Context(), token.GetOpenID(), userModel)
diff --git a/backend/app/middlewares/mid_auth.go b/backend/app/middlewares/mid_auth.go
index c47bb89..b157f07 100644
--- a/backend/app/middlewares/mid_auth.go
+++ b/backend/app/middlewares/mid_auth.go
@@ -20,7 +20,7 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 		return ctx.Next()
 	}
 
-	if f.app.IsDevMode() {
+	if f.app.IsDevMode() && false {
 		user, err := models.Users.GetByID(ctx.Context(), 1)
 		if err != nil {
 			return ctx.Send([]byte("User not found"))
diff --git a/backend/config.toml b/backend/config.toml
index 1a78244..d4db25a 100644
--- a/backend/config.toml
+++ b/backend/config.toml
@@ -1,5 +1,6 @@
 [App]
 Mode = "development"
+# Mode = "prod"
 BaseURI = "baseURI"
 StoragePath = "/Users/rogee/Projects/self/quyun/fixtures"
 DistAdmin = "frontend/wechat/admin"
@@ -9,8 +10,8 @@ DistWeChat = "frontend/wechat/dist"
 Port = 8088
 
 [Database]
-Host = "localhost"
-Database = "postgres"
+Host = "10.1.1.2"
+Database = "quyun"
 Password = "xixi0202"
 
 [JWT]
@@ -34,11 +35,11 @@ Host ="https://assets.jdwan.com"
 Region ="cn-beijing"
 
 [WeChat]
+DevMode = true
 AppID = "wx47649361b6eba174"
 AppSecret = "e9cdf19b006cd294a9dae7ad8ae08b72"
 Token = "W8Xhw5TivYBgY"
 EncodingAesKey = "OlgPgMvsl92zy5oErtEzRcziRT2txoN3jgEHV6RQZMY"
-DevMode = false
 
 [WeChat.Pay]
 NotifyURL="https://www.baidu.com/go.php"
diff --git a/backend/database/fields/users.go b/backend/database/fields/users.go
index 1c3bf2f..c76bf28 100644
--- a/backend/database/fields/users.go
+++ b/backend/database/fields/users.go
@@ -17,9 +17,11 @@ type UserMetas struct {
 }
 
 type UserAuthToken struct {
-	AccessToken    string    `json:"access_token,omitempty"`
-	ExpiresAt      time.Time `json:"expires_at,omitempty"`
-	IsSnapshotuser int64     `json:"is_snapshotuser,omitempty"`
-	RefreshToken   string    `json:"refresh_token,omitempty"`
-	Scope          string    `json:"scope,omitempty"`
+	StableAccessToken string    `json:"stable_access_token,omitempty"`
+	StableExpiresAt   time.Time `json:"stable_expires_at,omitempty"`
+	AccessToken       string    `json:"access_token,omitempty"`
+	ExpiresAt         time.Time `json:"expires_at,omitempty"`
+	IsSnapshotuser    int64     `json:"is_snapshotuser,omitempty"`
+	RefreshToken      string    `json:"refresh_token,omitempty"`
+	Scope             string    `json:"scope,omitempty"`
 }
diff --git a/backend/providers/wechat/wechat.go b/backend/providers/wechat/wechat.go
index 69eceb2..3cd8165 100644
--- a/backend/providers/wechat/wechat.go
+++ b/backend/providers/wechat/wechat.go
@@ -174,6 +174,25 @@ func (a *AuthorizeAccessToken) GetUnionID() string {
 	return a.Unionid
 }
 
+type StableAccessToken struct {
+	AccessToken string `json:"access_token,omitempty"`
+	ExpiresIn   int64  `json:"expires_in,omitempty"`
+}
+
+func (we *Client) GetStableAccessToken() (*StableAccessToken, error) {
+	params := we.wrapParams(map[string]string{
+		"grant_type": "client_credential",
+	})
+
+	var data StableAccessToken
+	_, err := we.client.R().SetSuccessResult(&data).SetBodyJsonMarshal(params).Post("/cgi-bin/stable_token")
+	if err != nil {
+		return nil, errors.Wrap(err, "call /cgi-bin/stable_token failed")
+	}
+
+	return &data, nil
+}
+
 func (we *Client) AuthorizeCode2Token(code string) (*AuthorizeAccessToken, error) {
 	params := we.wrapParams(map[string]string{
 		"code":       code,
diff --git a/backend/providers/wechat/wechat_test.go b/backend/providers/wechat/wechat_test.go
index a24bb9c..c7f4f49 100644
--- a/backend/providers/wechat/wechat_test.go
+++ b/backend/providers/wechat/wechat_test.go
@@ -87,7 +87,7 @@ func TestClient_AuthorizeUserInfo(t *testing.T) {
 
 func Test_GetJsTicket(t *testing.T) {
 	Convey("Test GetJsTicket", t, func() {
-		token := ""
+		token := "91_0pKuAiBFquPdLakDyhYqOyNJkGLr7-Egx-IF4bRzw-2Lpm7wxgz6zVBNJ36FvMXmiu8bz9BTtspVICf1zDZ3XWuVLwTq6T3a6WG1k6NHv6E0PadT-G5x2Y85-xUECBcADATRQ"
 		ticket, err := getClient().GetJSTicket(token)
 		So(err, ShouldBeNil)
 		So(ticket, ShouldNotBeEmpty)
@@ -95,3 +95,13 @@ func Test_GetJsTicket(t *testing.T) {
 		t.Log("Js Ticket:", ticket)
 	})
 }
+
+func Test_GetStableToken(t *testing.T) {
+	Convey("Test_GetStableToken GetJsTicket", t, func() {
+		token, err := getClient().GetStableAccessToken()
+		So(err, ShouldBeNil)
+		So(token, ShouldNotBeNil)
+
+		t.Logf("Stable Token: %+v", token)
+	})
+}
diff --git a/backend/quyun b/backend/quyun
index 431474a..b3c29da 100755
Binary files a/backend/quyun and b/backend/quyun differ
diff --git a/frontend/wechat/bun.lockb b/frontend/wechat/bun.lockb
new file mode 100755
index 0000000..9fad4b6
Binary files /dev/null and b/frontend/wechat/bun.lockb differ