diff --git a/auth/.DS_Store b/auth/.DS_Store
new file mode 100644
index 0000000..a292f56
Binary files /dev/null and b/auth/.DS_Store differ
diff --git a/auth/MyRateThrottle.py b/auth/MyRateThrottle.py
new file mode 100644
index 0000000..114ade5
--- /dev/null
+++ b/auth/MyRateThrottle.py
@@ -0,0 +1,5 @@
+from rest_framework.throttling import AnonRateThrottle
+
+
+class MyRateThrottle(AnonRateThrottle):
+    THROTTLE_RATES = {"anon": "5/min"}
diff --git a/auth/__init__.py b/auth/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/auth/__pycache__/MyRateThrottle.cpython-312.pyc b/auth/__pycache__/MyRateThrottle.cpython-312.pyc
new file mode 100644
index 0000000..2409c78
Binary files /dev/null and b/auth/__pycache__/MyRateThrottle.cpython-312.pyc differ
diff --git a/auth/__pycache__/MyRateThrottle.cpython-38.pyc b/auth/__pycache__/MyRateThrottle.cpython-38.pyc
new file mode 100644
index 0000000..0ae2d6b
Binary files /dev/null and b/auth/__pycache__/MyRateThrottle.cpython-38.pyc differ
diff --git a/auth/__pycache__/__init__.cpython-312.pyc b/auth/__pycache__/__init__.cpython-312.pyc
new file mode 100644
index 0000000..9de525d
Binary files /dev/null and b/auth/__pycache__/__init__.cpython-312.pyc differ
diff --git a/auth/__pycache__/__init__.cpython-38.pyc b/auth/__pycache__/__init__.cpython-38.pyc
new file mode 100644
index 0000000..41311d2
Binary files /dev/null and b/auth/__pycache__/__init__.cpython-38.pyc differ
diff --git a/auth/__pycache__/authentication.cpython-312.pyc b/auth/__pycache__/authentication.cpython-312.pyc
new file mode 100644
index 0000000..7fcd63d
Binary files /dev/null and b/auth/__pycache__/authentication.cpython-312.pyc differ
diff --git a/auth/__pycache__/authentication.cpython-38.pyc b/auth/__pycache__/authentication.cpython-38.pyc
new file mode 100644
index 0000000..935b18d
Binary files /dev/null and b/auth/__pycache__/authentication.cpython-38.pyc differ
diff --git a/auth/authentication.py b/auth/authentication.py
new file mode 100644
index 0000000..38f7c91
--- /dev/null
+++ b/auth/authentication.py
@@ -0,0 +1,45 @@
+from rest_framework import exceptions
+from rest_framework.authentication import BaseAuthentication
+
+from myapp.models import User
+
+
+# 后台接口认证
+class AdminTokenAuthtication(BaseAuthentication):
+    def authenticate(self, request):
+        adminToken = request.META.get("HTTP_ADMINTOKEN")
+        print("检查adminToken==>" + adminToken)
+        users = User.objects.filter(admin_token=adminToken)
+        """
+        判定条件：
+            1. 传了adminToken 
+            2. 查到了该帐号 
+            3. 该帐号是管理员或演示帐号
+        """
+        if not adminToken or len(users) == 0 or users[0].role == '2':
+            raise exceptions.AuthenticationFailed("AUTH_FAIL_END")
+        else:
+            print('adminToken验证通过')
+
+
+# 前台接口认证
+class TokenAuthtication(BaseAuthentication):
+    def authenticate(self, request):
+        token = request.META.get("HTTP_TOKEN", "")
+        if token is not None:
+            print("检查token==>" + token)
+            users = User.objects.filter(token=token)
+            # print(users)
+            """
+            判定条件：
+                1. 传了token 
+                2. 查到了该帐号 
+                3. 该帐号是普通用户
+            """
+            if not token or len(users) == 0 or (users[0].role in ['1', '3']):
+                raise exceptions.AuthenticationFailed("AUTH_FAIL_FRONT")
+            else:
+                print('token验证通过')
+        else:
+            print("检查token==>token 为空")
+            raise exceptions.AuthenticationFailed("AUTH_FAIL_FRONT")
diff --git a/dms b/dms
deleted file mode 160000
index 7d3f991..0000000
--- a/dms
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 7d3f991a052db79492ad91f51cb582665e2e42d2
diff --git a/permission/.DS_Store b/permission/.DS_Store
new file mode 100644
index 0000000..5008ddf
Binary files /dev/null and b/permission/.DS_Store differ
diff --git a/permission/__init__.py b/permission/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/permission/__pycache__/__init__.cpython-312.pyc b/permission/__pycache__/__init__.cpython-312.pyc
new file mode 100644
index 0000000..9dd905b
Binary files /dev/null and b/permission/__pycache__/__init__.cpython-312.pyc differ
diff --git a/permission/__pycache__/__init__.cpython-38.pyc b/permission/__pycache__/__init__.cpython-38.pyc
new file mode 100644
index 0000000..2e837b9
Binary files /dev/null and b/permission/__pycache__/__init__.cpython-38.pyc differ
diff --git a/permission/__pycache__/permission.cpython-312.pyc b/permission/__pycache__/permission.cpython-312.pyc
new file mode 100644
index 0000000..bec244e
Binary files /dev/null and b/permission/__pycache__/permission.cpython-312.pyc differ
diff --git a/permission/__pycache__/permission.cpython-38.pyc b/permission/__pycache__/permission.cpython-38.pyc
new file mode 100644
index 0000000..4813d16
Binary files /dev/null and b/permission/__pycache__/permission.cpython-38.pyc differ
diff --git a/permission/permission.py b/permission/permission.py
new file mode 100644
index 0000000..e25a1e8
--- /dev/null
+++ b/permission/permission.py
@@ -0,0 +1,12 @@
+from myapp.models import User
+
+
+def isDemoAdminUser(request):
+    adminToken = request.META.get("HTTP_ADMINTOKEN")
+    users = User.objects.filter(admin_token=adminToken)
+    if len(users) > 0:
+        user = users[0]
+        if user.role == '3':  # （角色3）表示演示帐号
+            print('演示帐号===>')
+            return True
+    return False