diff --git a/oa/libs/auth/access.go b/oa/libs/auth/access.go
index 9841428..362a6e0 100644
--- a/oa/libs/auth/access.go
+++ b/oa/libs/auth/access.go
@@ -28,6 +28,9 @@ type Access []struct {
 }
 
 func (a *Access) Check(target string, tid string, l AuthLevel) bool {
+	if l == DoNone {
+		return true
+	}
 	for _, line := range *a {
 		if target == line.Name && l >= line.Level {
 			if line.TID == "" || line.TID == tid {
diff --git a/oa/libs/auth/jwt.go b/oa/libs/auth/jwt.go
index 1a5bd2a..73630bb 100644
--- a/oa/libs/auth/jwt.go
+++ b/oa/libs/auth/jwt.go
@@ -13,11 +13,24 @@ import (
 	"oa/cfg"
 	"oa/errs"
 	"strings"
+	"time"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/veypi/OneBD/rest"
 )
 
+func GenJwt(claim *Claims) (string, error) {
+	if claim.ExpiresAt == nil {
+		claim.ExpiresAt = jwt.NewNumericDate(time.Now().Add(5 * time.Minute))
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
+	tokenString, err := token.SignedString(cfg.Config.JWT)
+	if err != nil {
+		return "", err
+	}
+	return tokenString, nil
+}
+
 func CheckJWT(x *rest.X) (*Claims, error) {
 	authHeader := x.Request.Header.Get("Authorization")
 	if authHeader == "" {