diff --git a/luna/app.py b/luna/app.py
index f5bf32db1bde5f099090204e62f348e99b368b00..46585183e452589b78c436426d3960d3f02774f6 100644
--- a/luna/app.py
+++ b/luna/app.py
@@ -17,13 +17,13 @@ __version__ = '0.4.0'
 
 
 class Luna(Flask, AppMixin):
-    default_config = config
     app_service = None
     clients = {}
 
     def bootstrap(self):
-        self.app_service = AppService(app_name=self.config['NAME'],
-                                      endpoint=self.config['JUMPSERVER_ENDPOINT'])
+        self.app_service = AppService(
+            app_name=self.config['NAME'],
+            endpoint=self.config['JUMPSERVER_ENDPOINT'])
         self.app_auth()
         while True:
             if self.check_auth():
@@ -32,10 +32,8 @@ class Luna(Flask, AppMixin):
             else:
                 logging.warn('App auth failed, Access key error or need admin active it')
             time.sleep(5)
-        self.heatbeat()
 
     def run(self, host=None, port=None, debug=None, **options):
-        # self.bootstrap()
         print(time.ctime())
         print('Luna version %s, more see https://www.jumpserver.org' % __version__)
         print('Starting ssh server at %(host)s:%(port)s' % {'host': self.config['BIND_HOST'],
@@ -52,5 +50,6 @@ class Luna(Flask, AppMixin):
 
 async_mode = 'threading'
 app = Luna(__name__, template_folder='dist')
+app.config.update(**config)
 socket_io = socketio.Server(logger=True, async_mode=async_mode)
 app.wsgi_app = socketio.Middleware(socket_io, app.wsgi_app)
diff --git a/luna/authentication.py b/luna/authentication.py
index ea745dcd77a61e2121ec56371321bb90993adb11..b2e90731482636ae9dd718cc2c669c339885e5b5 100644
--- a/luna/authentication.py
+++ b/luna/authentication.py
@@ -2,42 +2,39 @@
 # ~*~ coding: utf-8 ~*~
 # 
 
-from flask import g, request
-from flask_httpauth import HTTPBasicAuth, HTTPTokenAuth, MultiAuth
+from flask import g, request, redirect
+from functools import wraps, partial
 
+from jms import UserService
 from . import app
 
 
-token_auth = HTTPTokenAuth()
-basic_auth = HTTPBasicAuth()
-auth = MultiAuth(token_auth, basic_auth)
+def is_authenticate():
+    pass
 
 
-@basic_auth.verify_password
-def verify_password(username, password):
-    return True
-    user = app.user_service.login(username=username, password=password, remote_addr=request.remote_addr)
-    if not user:
-        g.current_user = None
-        return False
-    else:
-        g.current_user = user
-        return True
+def login_required(login_url=None):
+    if login_url is None:
+        endpoint = app.config['JUMPSERVER_ENDPOINT']
+        login_url = endpoint.rstrip('/') + '/users/login?next=' + request.url
+        return partial(login_required, login_url=login_url)
+
+    def decorate(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            session_id = request.cookies.get('sessionid', '')
+            csrf_token = request.cookies.get('csrf_token', '')
+            if '' in [session_id, csrf_token]:
+                return redirect(login_url)
+
+            g.user_service = UserService.auth_from_session(session_id, csrf_token)
+            if g.user_service.is_authenticate():
+                return func(*args, **kwargs)
+            else:
+                return redirect(login_url)
+        return wrapper
+    return decorate
 
 
-@token_auth.verify_token
-def verify_token(token):
-    return True
-    if getattr(g, 'token') and g.token == token:
-        return True
-    else:
-        return False
 
 
-#@app.before_request
-#@auth.login_required
-#def before_request():
-#    print('Request start')
-#    if g.current_user is None:
-#        print('User is None')
-#        return unauthorized('Invalid credentials')
diff --git a/luna/conf.py b/luna/conf.py
index be23b2454714e3a6f385108530a026b34235cf2b..c782c75bd2be7ca0721f9ffb2fdb18da21abd820 100644
--- a/luna/conf.py
+++ b/luna/conf.py
@@ -4,11 +4,18 @@
 #
 
 import os
+import sys
 from six import string_types
 from werkzeug.utils import import_string
 
 # from . import PROJECT_DIR
 PROJECT_DIR = os.path.dirname(os.path.dirname(__file__))
+sys.path.append(PROJECT_DIR)
+
+try:
+    import config as custom_config
+except ImportError:
+    custom_config = object()
 
 
 class ConfigAttribute(object):
@@ -93,7 +100,7 @@ class Config(dict):
 
 
 config = Config()
-config.from_object(os.environ.get('LUNA_CONFIG_MODULE', object()))
+config.from_object(custom_config)
 
 
 
diff --git a/luna/models.py b/luna/models.py
new file mode 100644
index 0000000000000000000000000000000000000000..fad88e5fbd67152a5b8f9f91f290558498f08294
--- /dev/null
+++ b/luna/models.py
@@ -0,0 +1,12 @@
+# ~*~ coding: utf-8 ~*~
+
+
+class User(object):
+    def __init__(self, profile):
+        for k, v in profile:
+            setattr(self, k, v)
+        self.sessionid = None
+        self.username = profile.get('username', 'Unknown')
+        self.name = profile.get('name', 'Unknown')
+
+
diff --git a/luna/views/views.py b/luna/views/views.py
index b403e5bcd821d62c22cafc1f17c2cf22bec431ff..389d3212ebf2d4e8785e89497111fcd2131d0293 100644
--- a/luna/views/views.py
+++ b/luna/views/views.py
@@ -2,6 +2,7 @@
 
 
 from .. import app
+from ..authentication import login_required
 from flask import render_template, send_from_directory
 
 
@@ -9,6 +10,7 @@ __all__ = ['index', 'luna', 'send_dist']
 
 
 @app.route('/')
+@login_required
 def index():
     return render_template('index.html')
 
diff --git a/run_server.py b/run_server.py
index 9616e967f3bf58f60ca3d7d7ca0c7f169fc805cc..e521333e2532cb526a056a5413b2843cdc974e1e 100644
--- a/run_server.py
+++ b/run_server.py
@@ -1,11 +1,8 @@
 #!/usr/bin/env python
 # ~*~ coding: utf-8 ~*~
 
-import os
-
 from luna import app
 
-os.environ.setdefault('LUNA_CONFIG_MODULE', 'luna.config')
 
 host = app.config['BIND_HOST']
 port = app.config['LISTEN_PORT']