diff --git a/back/api/auth.ts b/back/api/auth.ts
index 7bcd3a6e..329d4340 100644
--- a/back/api/auth.ts
+++ b/back/api/auth.ts
@@ -4,7 +4,7 @@ import { Logger } from 'winston';
 import * as fs from 'fs';
 import config from '../config';
 import jwt from 'jsonwebtoken';
-import { createPassword } from '../config/util';
+import { createRandomString } from '../config/util';
 import crypto from 'crypto';
 const route = Router();
 
@@ -25,7 +25,7 @@ export default (app: Router) => {
               authInfo.username === 'admin' &&
               authInfo.password === 'adminadmin'
             ) {
-              const newPassword = createPassword(16, 22);
+              const newPassword = createRandomString(16, 22);
               fs.writeFileSync(
                 config.authConfigFile,
                 JSON.stringify({
@@ -42,7 +42,7 @@ export default (app: Router) => {
               username == authInfo.username &&
               password == authInfo.password
             ) {
-              const data = createPassword(50, 100);
+              const data = createRandomString(50, 100);
               let token = jwt.sign({ data }, config.secret as any, {
                 expiresIn: 60 * 60 * 24 * 3,
                 algorithm: 'HS384',
diff --git a/back/config/index.ts b/back/config/index.ts
index af297c63..44053157 100644
--- a/back/config/index.ts
+++ b/back/config/index.ts
@@ -1,5 +1,6 @@
 import dotenv from 'dotenv';
 import path from 'path';
+import { createRandomString } from './util';
 
 process.env.NODE_ENV = process.env.NODE_ENV || 'development';
 
@@ -34,7 +35,7 @@ if (configFound.error) {
 export default {
   port: parseInt(process.env.PORT as string, 10),
   cronPort: parseInt(process.env.CRON_PORT as string, 10),
-  secret: process.env.SECRET,
+  secret: process.env.SECRET || createRandomString(16, 32),
   logs: {
     level: process.env.LOG_LEVEL || 'silly',
   },
diff --git a/back/config/util.ts b/back/config/util.ts
index bc87ee91..e8cc5b46 100644
--- a/back/config/util.ts
+++ b/back/config/util.ts
@@ -27,7 +27,7 @@ export function getLastModifyFilePath(dir: string) {
   return filePath;
 }
 
-export function createPassword(min: number, max: number): string {
+export function createRandomString(min: number, max: number): string {
   const num = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
   const english = [
     'a',
diff --git a/back/loaders/express.ts b/back/loaders/express.ts
index 35b16192..d5cd316a 100644
--- a/back/loaders/express.ts
+++ b/back/loaders/express.ts
@@ -18,7 +18,7 @@ export default ({ app }: { app: Application }) => {
     }),
   );
   app.use((req, res, next) => {
-    if (req.url && req.url.includes('/api/login')) {
+    if (req.url && req.path.includes('/api/login')) {
       return next();
     }
     const data = fs.readFileSync(config.authConfigFile, 'utf8');