diff --git a/.github/workflows/Release.yml b/.github/workflows/Release.yml
index 6baa00c..1be784f 100644
--- a/.github/workflows/Release.yml
+++ b/.github/workflows/Release.yml
@@ -163,6 +163,10 @@ jobs:
         target:
           - arch: "aarch64_generic"
             sdk: "https://downloads.openwrt.org/releases/22.03.2/targets/rockchip/armv8/openwrt-sdk-22.03.2-rockchip-armv8_gcc-11.2.0_musl.Linux-x86_64.tar.xz"
+          - arch: "aarch64_cortex-a53"
+            sdk: "https://downloads.openwrt.org/releases/22.03.2/targets/bcm27xx/bcm2710/openwrt-sdk-22.03.2-bcm27xx-bcm2710_gcc-11.2.0_musl.Linux-x86_64.tar.xz"
+          - arch: "aarch64_cortex-a72"
+            sdk: "https://downloads.openwrt.org/releases/22.03.2/targets/bcm27xx/bcm2711/openwrt-sdk-22.03.2-bcm27xx-bcm2711_gcc-11.2.0_musl.Linux-x86_64.tar.xz"
           - arch: "x86_64"
             sdk: "https://downloads.openwrt.org/releases/18.06.9/targets/x86/64/openwrt-sdk-18.06.9-x86-64_gcc-7.3.0_musl.Linux-x86_64.tar.xz"
     steps:
diff --git a/.github/workflows/Update.yml b/.github/workflows/Update.yml
index ed5e748..5c720d8 100644
--- a/.github/workflows/Update.yml
+++ b/.github/workflows/Update.yml
@@ -19,7 +19,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.TOKEN }}
       run: |
         dir=$(pwd)
-        bash +x $dir/unpack.sh
+        bash +x $dir/unpack.sh x86_64
         current_version=$(git describe --tags --abbrev=0 | sed 's/^v//')
         new_version=$(cat bin/version)
         export new_version
diff --git a/Cargo.lock b/Cargo.lock
index 2127ca9..f1342e3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -616,6 +616,15 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "keccak"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f6d5ed8676d904364de097082f4e7d240b571b67989ced0240f08b7f966f940"
+dependencies = [
+ "cpufeatures",
+]
+
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -1039,6 +1048,16 @@ dependencies = [
  "digest",
 ]
 
+[[package]]
+name = "sha3"
+version = "0.10.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
+dependencies = [
+ "digest",
+ "keccak",
+]
+
 [[package]]
 name = "signal-hook"
 version = "0.3.15"
@@ -1581,6 +1600,7 @@ dependencies = [
  "rand",
  "rouille",
  "rust-embed",
+ "sha3",
  "signal-hook",
  "ureq",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index cc88551..0d7e597 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,21 +19,26 @@ rust-embed = "6.6.0"
 libc = "0.2.140"
 rand = "0.8.5"
 ureq = "2.6.2"
+sha3 = "0.10.8"
 indicatif = "0.17.3"
 rouille= "3.6.2"
 signal-hook = "0.3.15"
 clap = { version = "4.2.5", features = ["derive"] }
 
 [features]
-default = ["launch", "systemd"]
-embed = ["launch", "systemd"]
+default = ["launch", "systemd", "auth"]
+embed = ["launch", "systemd", "auth"]
 launch = []
 systemd = []
+auth = []
 
 [[bin]]
 name = "xunlei"
 path = "src/main.rs"
 
+[profile.dev]
+opt-level = 'z'
+
 [profile.release]
 lto = true
 opt-level = 'z'
diff --git a/src/launch.rs b/src/launch.rs
index 1f56e21..0a8bfad 100644
--- a/src/launch.rs
+++ b/src/launch.rs
@@ -1,9 +1,15 @@
+use rouille::router;
+use rouille::Request;
+use rouille::Response;
+use std::collections::HashMap;
+use std::io;
+use std::sync::Mutex;
+
 use anyhow::Context;
 use signal_hook::iterator::Signals;
 
 use crate::{standard, Config, Running};
 use std::{
-    collections::HashMap,
     io::Read,
     ops::Not,
     os::unix::prelude::PermissionsExt,
@@ -11,7 +17,21 @@ use std::{
     process::Stdio,
 };
 
+const HTML_LOGIN: &str = include_str!("../static/login.html");
+const JS_SHA3: &str = include_str!("../static/sha3.min.js");
+
+// hasher auth message
+fn hasher_auth_message(s: &str) -> String {
+    use sha3::{Digest, Sha3_512};
+    let mut hasher = Sha3_512::new();
+    hasher.update(s);
+    format!("{:x}", hasher.finalize())
+}
+
+#[derive(Clone)]
 pub struct XunleiLauncher {
+    auth_user: Option<String>,
+    auth_password: Option<String>,
     host: std::net::IpAddr,
     port: u16,
     download_path: PathBuf,
@@ -20,7 +40,18 @@ pub struct XunleiLauncher {
 
 impl From<Config> for XunleiLauncher {
     fn from(config: Config) -> Self {
+        let auth_user = match config.auth_user {
+            Some(auth_user) => Some(hasher_auth_message(&auth_user.as_str())),
+            None => None,
+        };
+
+        let auth_password = match config.auth_password {
+            Some(auth_password) => Some(hasher_auth_message(&auth_password.as_str())),
+            None => None,
+        };
         Self {
+            auth_user,
+            auth_password,
             host: config.host,
             port: config.port,
             download_path: config.download_path,
@@ -55,117 +86,6 @@ impl XunleiLauncher {
         Ok(child_process)
     }
 
-    fn run_ui(host: String, port: u16, envs: HashMap<String, String>) {
-        log::info!("[XunleiLauncher] Start Xunlei Engine UI");
-        rouille::start_server(format!("{}:{}", host, port), move |request| {
-            rouille::router!(request,
-                (GET) ["/webman/login.cgi"] => {
-                    rouille::Response::json(&String::from(r#"{"SynoToken", ""}"#))
-                    .with_additional_header("Content-Type", "application/json; charset=utf-8")
-                    .with_status_code(200)
-                 },
-                (GET) ["/"] => {
-                    rouille::Response::redirect_307(standard::SYNOPKG_WEB_UI_HOME)
-                },
-                (GET) ["/webman/"] => {
-                    rouille::Response::redirect_307(standard::SYNOPKG_WEB_UI_HOME)
-                },
-                (GET) ["/webman/3rdparty/pan-xunlei-com"] => {
-                    rouille::Response::redirect_307(standard::SYNOPKG_WEB_UI_HOME)
-                 },
-                _ => {
-                    let mut cmd = std::process::Command::new(standard::SYNOPKG_CLI_WEB);
-                    cmd.current_dir(standard::SYNOPKG_PKGDEST);
-                    cmd.envs(&envs)
-                    .env("SERVER_SOFTWARE", "rust")
-                    .env("SERVER_PROTOCOL", "HTTP/1.1")
-                    .env("HTTP_HOST", &request.remote_addr().to_string())
-                    .env("GATEWAY_INTERFACE", "CGI/1.1")
-                    .env("REQUEST_METHOD", request.method())
-                    .env("QUERY_STRING", request.raw_query_string())
-                    .env("REQUEST_URI", request.raw_url())
-                    .env("PATH_INFO", &request.url())
-                    .env("SCRIPT_NAME", ".")
-                    .env("SCRIPT_FILENAME", &request.url())
-                    .env("SERVER_PORT", port.to_string())
-                    .env("REMOTE_ADDR", request.remote_addr().to_string())
-                    .env("SERVER_NAME", request.remote_addr().to_string())
-                    .stdout(Stdio::piped())
-                    .stderr(Stdio::inherit())
-                    .stdin(Stdio::piped());
-
-                    for ele in request.headers() {
-                        let k = ele.0.to_uppercase();
-                        let v = ele.1;
-                        if k == "PROXY" {
-                            continue
-                        }
-                        if v.is_empty().not() {
-                            cmd.env(format!("HTTP_{}", k), v);
-                        }
-                    }
-
-                    if request.header("Content-Type").unwrap_or_default().is_empty().not() {
-                        cmd.env(
-                            "CONTENT_TYPE",
-                            request.header("Content-Type").unwrap(),
-                        );
-                    }
-
-                    if request.header("content-type").unwrap_or_default().is_empty().not() {
-                        cmd.env(
-                            "CONTENT_TYPE",
-                            request.header("content-type").unwrap(),
-                        );
-                    }
-
-                    if request.header("Content-Length").unwrap_or_default().is_empty().not() {
-                        cmd.env(
-                            "CONTENT_LENGTH",
-                            request.header("Content-Length").unwrap(),
-                        );
-                    }
-
-                    let mut child = cmd.spawn().unwrap();
-
-                    if let Some(mut body) = request.data() {
-                        std::io::copy(&mut body, child.stdin.as_mut().unwrap()).unwrap();
-                    }
-
-                    {
-                        let mut stdout = std::io::BufReader::new(child.stdout.unwrap());
-
-                        let mut headers = Vec::new();
-                        let mut status_code = 200;
-                        for header in std::io::BufRead::lines(stdout.by_ref()) {
-                            let header = header.unwrap();
-                            if header.is_empty() {
-                                break;
-                            }
-
-                            let (header, val) = header.split_once(':').unwrap();
-                            let val = &val[1..];
-
-                            if header == "Status" {
-                                status_code = val[0..3]
-                                    .parse()
-                                    .expect("Status returned by CGI program is invalid");
-                            } else {
-                                headers.push((header.to_owned().into(), val.to_owned().into()));
-                            }
-                        }
-                        rouille::Response {
-                            status_code,
-                            headers,
-                            data: rouille::ResponseBody::from_reader(stdout),
-                            upgrade: None,
-                        }
-                    }
-                }
-            )
-        });
-    }
-
     fn envs(&self) -> anyhow::Result<HashMap<String, String>> {
         let mut envs = HashMap::new();
         envs.insert(
@@ -238,7 +158,7 @@ impl XunleiLauncher {
 }
 
 impl Running for XunleiLauncher {
-    fn launch(&self) -> anyhow::Result<()> {
+    fn run(self) -> anyhow::Result<()> {
         use std::thread::{Builder, JoinHandle};
 
         let mut signals = Signals::new([
@@ -247,8 +167,8 @@ impl Running for XunleiLauncher {
             signal_hook::consts::SIGTERM,
         ])?;
 
-        let ui_envs = self.envs()?;
-        let backend_envs = ui_envs.clone();
+        let envs = self.envs()?;
+        let backend_envs = envs.clone();
         let backend_thread: JoinHandle<_> = Builder::new()
             .name("backend".to_string())
             .spawn(move || {
@@ -271,11 +191,16 @@ impl Running for XunleiLauncher {
             })
             .expect("[XunleiLauncher] Failed to start backend thread");
 
-        let host = self.host.to_string();
-        let port = self.port;
+        let args = (self.clone(), envs);
         // run webui service
         std::thread::spawn(move || {
-            XunleiLauncher::run_ui(host, port, ui_envs);
+            // XunleiLauncher::run_ui(host, port, ui_envs);
+            match XunleiPanelServer::from(args).run() {
+                Ok(_) => {}
+                Err(e) => {
+                    log::error!("[XunleiWebUIServer] error: {}", e)
+                }
+            }
         });
 
         backend_thread
@@ -286,3 +211,238 @@ impl Running for XunleiLauncher {
         Ok(())
     }
 }
+
+// This struct contains the data that we store on the server about each client.
+#[derive(Debug, Clone)]
+struct Session;
+
+#[macro_export]
+macro_rules! try_or_400 {
+    ($result:expr) => {
+        match $result {
+            Ok(r) => r,
+            Err(err) => {
+                let json = rouille::try_or_400::ErrJson::from_err(&err);
+                return Ok(rouille::Response::json(&json).with_status_code(400));
+            }
+        }
+    };
+}
+
+struct XunleiPanelServer {
+    auth_user: Option<String>,
+    auth_password: Option<String>,
+    host: std::net::IpAddr,
+    port: u16,
+    envs: HashMap<String, String>,
+}
+
+impl XunleiPanelServer {
+    fn authentication(&self, auth_user: String, auth_password: String) -> bool {
+        let raw_auth_user = self.auth_user.clone().unwrap_or_default();
+        let raw_auth_password = self.auth_password.clone().unwrap_or_default();
+        auth_user.eq(&raw_auth_user) && auth_password.eq(&raw_auth_password)
+    }
+
+    #[allow(unreachable_code)]
+    fn handle_route(
+        &self,
+        request: &Request,
+        session_data: &mut Option<Session>,
+    ) -> anyhow::Result<Response> {
+        if self.auth_user.is_none() || self.auth_password.is_none() {
+            *session_data = Some(Session {});
+        }
+
+        rouille::router!(request,
+            (POST) (/login) => {
+                let data = try_or_400!(rouille::post_input!(request, {
+                    auth_user: String,
+                    auth_password: String,
+                }));
+                if self.authentication(data.auth_user, data.auth_password) {
+                    *session_data = Some(Session{});
+                    return Ok(Response::redirect_303("/"));
+                } else {
+                    return Ok(Response::html("Wrong login/password"));
+                }
+            },
+            _ => ()
+        );
+
+        if let Some(_session_data) = session_data.as_ref() {
+            // Logged in.
+            self.handle_route_logged_in(request)
+        } else {
+            // Not logged in.
+            router!(request,
+                (GET) ["/login"] => {
+                    Ok(Response::html(HTML_LOGIN))
+                },
+                (GET) ["/js/sha3.min.js"] => {
+                    Ok(Response::html(JS_SHA3))
+                },
+                _ => {
+                    Ok(Response::redirect_303("/login"))
+                }
+            )
+        }
+    }
+
+    // This function handles the routes that are accessible only if the user is logged in.
+    fn handle_route_logged_in(&self, request: &Request) -> anyhow::Result<Response> {
+        rouille::router!(request,
+            (GET) ["/webman/login.cgi"] => {
+                Ok(rouille::Response::json(&String::from(r#"{"SynoToken", ""}"#)).with_additional_header("Content-Type","application/json; charset=utf-8").with_status_code(200))
+             },
+            (GET) ["/"] => {
+                Ok(rouille::Response::redirect_307(standard::SYNOPKG_WEB_UI_HOME))
+            },
+            (GET) ["/webman/"] => {
+                Ok(rouille::Response::redirect_307(standard::SYNOPKG_WEB_UI_HOME))
+            },
+            (GET) ["/webman/3rdparty/pan-xunlei-com"] => {
+                Ok(rouille::Response::redirect_307(standard::SYNOPKG_WEB_UI_HOME))
+             },
+            _ => {
+                let mut cmd = std::process::Command::new(standard::SYNOPKG_CLI_WEB);
+                cmd.current_dir(standard::SYNOPKG_PKGDEST);
+                cmd.envs(&self.envs)
+                .env("SERVER_SOFTWARE", "rust")
+                .env("SERVER_PROTOCOL", "HTTP/1.1")
+                .env("HTTP_HOST", &request.remote_addr().to_string())
+                .env("GATEWAY_INTERFACE", "CGI/1.1")
+                .env("REQUEST_METHOD", request.method())
+                .env("QUERY_STRING", request.raw_query_string())
+                .env("REQUEST_URI", request.raw_url())
+                .env("PATH_INFO", &request.url())
+                .env("SCRIPT_NAME", ".")
+                .env("SCRIPT_FILENAME", &request.url())
+                .env("SERVER_PORT", self.port.to_string())
+                .env("REMOTE_ADDR", request.remote_addr().to_string())
+                .env("SERVER_NAME", request.remote_addr().to_string())
+                .stdout(Stdio::piped())
+                .stderr(Stdio::inherit())
+                .stdin(Stdio::piped());
+
+                for ele in request.headers() {
+                    let k = ele.0.to_uppercase();
+                    let v = ele.1;
+                    if k == "PROXY" {
+                        continue
+                    }
+                    if v.is_empty().not() {
+                        cmd.env(format!("HTTP_{}", k), v);
+                    }
+                }
+
+                if request.header("Content-Type").unwrap_or_default().is_empty().not() {
+                    cmd.env(
+                        "CONTENT_TYPE",
+                        request.header("Content-Type").unwrap(),
+                    );
+                }
+
+                if request.header("content-type").unwrap_or_default().is_empty().not() {
+                    cmd.env(
+                        "CONTENT_TYPE",
+                        request.header("content-type").unwrap(),
+                    );
+                }
+
+                if request.header("Content-Length").unwrap_or_default().is_empty().not() {
+                    cmd.env(
+                        "CONTENT_LENGTH",
+                        request.header("Content-Length").unwrap(),
+                    );
+                }
+
+                let mut child = cmd.spawn().unwrap();
+
+                if let Some(mut body) = request.data() {
+                    std::io::copy(&mut body, child.stdin.as_mut().unwrap()).unwrap();
+                }
+
+                {
+                    let mut stdout = std::io::BufReader::new(child.stdout.unwrap());
+
+                    let mut headers = Vec::new();
+                    let mut status_code = 200;
+                    for header in std::io::BufRead::lines(stdout.by_ref()) {
+                        let header = header.unwrap();
+                        if header.is_empty() {
+                            break;
+                        }
+
+                        let (header, val) = header.split_once(':').unwrap();
+                        let val = &val[1..];
+
+                        if header == "Status" {
+                            status_code = val[0..3]
+                                .parse()
+                                .expect("Status returned by CGI program is invalid");
+                        } else {
+                            headers.push((header.to_owned().into(), val.to_owned().into()));
+                        }
+                    }
+                    Ok(rouille::Response{status_code,headers,data:rouille::ResponseBody::from_reader(stdout),upgrade:None,})
+                }
+            }
+        )
+    }
+}
+
+impl Running for XunleiPanelServer {
+    fn run(self) -> anyhow::Result<()> {
+        let sessions_storage: Mutex<HashMap<String, Session>> = Mutex::new(HashMap::new());
+        let listen = format!("{}:{}", self.host.to_string(), self.port);
+        log::info!(
+            "[XunleiLauncher] Start Xunlei Pannel UI, listening on {}",
+            listen
+        );
+        rouille::start_server(listen, move |request| {
+            rouille::log(&request, io::stdout(), || {
+                rouille::session::session(request, "XUNLEI_SID", 3600, |session| {
+                    let mut session_data = if session.client_has_sid() {
+                        if let Some(data) = sessions_storage.lock().unwrap().get(session.id()) {
+                            Some(data.clone())
+                        } else {
+                            None
+                        }
+                    } else {
+                        None
+                    };
+
+                    let response = self.handle_route(&request, &mut session_data);
+
+                    if let Some(d) = session_data {
+                        sessions_storage
+                            .lock()
+                            .unwrap()
+                            .insert(session.id().to_owned(), d);
+                    } else if session.client_has_sid() {
+                        sessions_storage.lock().unwrap().remove(session.id());
+                    }
+
+                    match response {
+                        Ok(res) => res,
+                        Err(e) => Response::text(format!("An error occurred {}", e)),
+                    }
+                })
+            })
+        });
+    }
+}
+
+impl From<(XunleiLauncher, HashMap<String, String>)> for XunleiPanelServer {
+    fn from(value: (XunleiLauncher, HashMap<String, String>)) -> Self {
+        let launch = value.0;
+        Self {
+            auth_user: launch.auth_user.clone(),
+            auth_password: launch.auth_password.clone(),
+            host: launch.host.clone(),
+            port: launch.port.clone(),
+            envs: value.1,
+        }
+    }
+}
diff --git a/src/libc_asset.rs b/src/libc_asset.rs
index 3efd748..848b66e 100644
--- a/src/libc_asset.rs
+++ b/src/libc_asset.rs
@@ -27,9 +27,9 @@ pub(crate) fn ld_env(envs: &mut std::collections::HashMap<String, String>) -> an
         .map(|v| v.into_owned())
         .collect::<Vec<String>>()
     {
-        let file = Asset::get(&filename).context("Failed to get bin asset")?;
         let target_file = libc_path.join(filename);
         if !target_file.exists() {
+            let file = Asset::get(&filename).context("Failed to get bin asset")?;
             standard::write_file(&target_file, file.data, 0o755)?;
         }
     }
diff --git a/src/main.rs b/src/main.rs
index a7badef..4edf83c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -14,11 +14,12 @@ use std::io::Write;
 use std::path::PathBuf;
 
 pub trait Running {
-    fn launch(&self) -> anyhow::Result<()>;
+    fn run(self) -> anyhow::Result<()>;
 }
 
 #[derive(Parser)]
 #[clap(author, version, about, arg_required_else_help = true)]
+#[command(args_conflicts_with_subcommands = true)]
 struct Opt {
     /// Enable debug
     #[clap(short, long, global = true)]
@@ -43,6 +44,12 @@ pub enum Commands {
 
 #[derive(Args)]
 pub struct Config {
+    /// Xunlei authentication username
+    #[arg(short = 'U', long)]
+    auth_user: Option<String>,
+    /// Xunlei authentication password
+    #[arg(short = 'W', long)]
+    auth_password: Option<String>,
     /// Xunlei Listen host
     #[clap(short, long, default_value = "0.0.0.0", value_parser = parser_host)]
     host: std::net::IpAddr,
@@ -63,15 +70,15 @@ fn main() -> anyhow::Result<()> {
     match opt.commands {
         #[cfg(feature = "systemd")]
         Commands::Install(config) => {
-            systemd::XunleiInstall::from(config).launch()?;
+            systemd::XunleiInstall::from(config).run()?;
         }
         #[cfg(feature = "systemd")]
         Commands::Uninstall => {
-            systemd::XunleiUninstall {}.launch()?;
+            systemd::XunleiUninstall {}.run()?;
         }
         #[cfg(feature = "launch")]
         Commands::Launch(config) => {
-            launch::XunleiLauncher::from(config).launch()?;
+            launch::XunleiLauncher::from(config).run()?;
         }
     }
     Ok(())
@@ -99,7 +106,7 @@ fn init_log(debug: bool) {
 const PORT_RANGE: std::ops::RangeInclusive<usize> = 1024..=65535;
 
 // port range parser
-pub(crate) fn parser_port_in_range(s: &str) -> anyhow::Result<u16> {
+fn parser_port_in_range(s: &str) -> anyhow::Result<u16> {
     let port: usize = s
         .parse()
         .map_err(|_| anyhow::anyhow!(format!("`{}` isn't a port number", s)))?;
@@ -114,7 +121,7 @@ pub(crate) fn parser_port_in_range(s: &str) -> anyhow::Result<u16> {
 }
 
 // address parser
-pub(crate) fn parser_host(s: &str) -> anyhow::Result<std::net::IpAddr> {
+fn parser_host(s: &str) -> anyhow::Result<std::net::IpAddr> {
     let addr = s
         .parse::<std::net::IpAddr>()
         .map_err(|_| anyhow::anyhow!(format!("`{}` isn't a ip address", s)))?;
diff --git a/src/systemd.rs b/src/systemd.rs
index fbd5a48..880370d 100644
--- a/src/systemd.rs
+++ b/src/systemd.rs
@@ -17,6 +17,8 @@ use crate::Running;
 
 pub struct XunleiInstall {
     description: &'static str,
+    auth_user: Option<String>,
+    auth_password: Option<String>,
     host: std::net::IpAddr,
     port: u16,
     download_path: PathBuf,
@@ -37,6 +39,8 @@ impl From<Config> for XunleiInstall {
             config_path: config.config_path,
             uid,
             gid,
+            auth_user: config.auth_user,
+            auth_password: config.auth_password,
         }
     }
 }
@@ -196,6 +200,16 @@ impl XunleiInstall {
         if Systemd::support().not() {
             return Ok(());
         }
+
+        let auth = match self.auth_user.is_some() && self.auth_password.is_some() {
+            true => format!(
+                "-U {} -W {}",
+                self.auth_user.clone().unwrap_or_default(),
+                self.auth_password.clone().unwrap_or_default()
+            ),
+            false => "".to_string(),
+        };
+
         let systemctl_unit = format!(
             r#"[Unit]
                 Description={}
@@ -204,7 +218,7 @@ impl XunleiInstall {
                 
                 [Service]
                 Type=simple
-                ExecStart={} launch -h {} -p {} -d {} -c {}
+                ExecStart={} launch -h {} -p {} -d {} -c {} {}
                 LimitNOFILE=1024
                 LimitNPROC=512
                 User={}
@@ -217,6 +231,7 @@ impl XunleiInstall {
             self.port,
             self.download_path.display(),
             self.config_path.display(),
+            auth,
             self.uid
         );
 
@@ -234,7 +249,7 @@ impl XunleiInstall {
 }
 
 impl Running for XunleiInstall {
-    fn launch(&self) -> anyhow::Result<()> {
+    fn run(self) -> anyhow::Result<()> {
         self.config()?;
         self.systemd(self.install()?)
     }
@@ -262,7 +277,7 @@ impl XunleiUninstall {
 }
 
 impl Running for XunleiUninstall {
-    fn launch(&self) -> anyhow::Result<()> {
+    fn run(self) -> anyhow::Result<()> {
         if Systemd::support() {
             Systemd::systemctl(["disable", standard::APP_NAME])?;
             Systemd::systemctl(["stop", standard::APP_NAME])?;
diff --git a/static/login.html b/static/login.html
new file mode 100644
index 0000000..d970e53
--- /dev/null
+++ b/static/login.html
@@ -0,0 +1,109 @@
+<html>
+
+<head>
+    <script src="/js/sha3.min.js"
+        integrity="sha512-PmGDkK2UHGzTUfkFGcJ8YSrD/swUXekcca+1wWlrwALIZho9JX+3ddaaI9wmmf8PmgDIpMtx6TU8YBJAZS0mPQ=="
+        crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+</head>
+<title>Login</title>
+<style>
+    body {
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        height: 100vh;
+        margin: 0;
+        background-color: #f4f7f9;
+    }
+
+    .login {
+        background-color: #ffffff;
+        width: 400px;
+        box-shadow: 0 0 10px 0 rgba(0, 0, 0, 0.1);
+        padding: 30px;
+        text-align: center;
+    }
+
+    input[type="text"],
+    input[type="password"] {
+        border: none;
+        background-color: #f7f7f7;
+        padding: 12px 20px;
+        margin: 8px 0;
+        width: 100%;
+        box-sizing: border-box;
+        font-size: 16px;
+        border-radius: 4px;
+        box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1);
+    }
+
+    input[type="submit"] {
+        background-color: #3385ff;
+        border: none;
+        color: #ffffff;
+        text-transform: uppercase;
+        padding: 15px 20px;
+        margin-top: 16px;
+        border-radius: 4px;
+        font-size: 16px;
+        cursor: pointer;
+        box-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);
+    }
+
+    input[type="submit"]:hover {
+        background-color: #3385cc;
+    }
+
+    h2 {
+        margin-top: 0;
+        font-weight: normal;
+        font-size: 28px;
+    }
+</style>
+</head>
+
+<body>
+    <div class="login">
+        <h2>Xunlei Login</h2>
+        <form id="form" action="/login" method="POST">
+            <input type="text" id="auth_user" name="auth_user" placeholder="Enter your username">
+            <br>
+            <input type="password" id="auth_password" name="auth_password" placeholder="Enter your password">
+            <br>
+            <input type="submit" value="Login">
+        </form>
+    </div>
+</body>
+<script type="text/javascript">
+    const formElement = document.getElementById('form');
+
+    formElement.addEventListener('submit', (event) => {
+        event.preventDefault();
+
+        const formData = new FormData(formElement);
+        const modifiedData = modifyFormData(formData);
+
+        for (let [name, value] of modifiedData.entries()) {
+            formElement.elements[name].value = value;
+        }
+
+        formElement.submit();
+    });
+
+    function modifyFormData(formData) {
+        const modifiedData = new FormData();
+
+        const username = formData.get('auth_user');
+        const password = formData.get('auth_password');
+
+        const modifiedUsernameValue = sha3_512(username);
+        const modifiedPasswordValue = sha3_512(password);
+
+        modifiedData.append('auth_user', modifiedUsernameValue);
+        modifiedData.append('auth_password', modifiedPasswordValue);
+
+        return modifiedData;
+    }
+</script>
+
+</html>
\ No newline at end of file
diff --git a/static/sha3.min.js b/static/sha3.min.js
new file mode 100644
index 0000000..965b779
--- /dev/null
+++ b/static/sha3.min.js
@@ -0,0 +1,9 @@
+/**
+ * [js-sha3]{@link https://github.com/emn178/js-sha3}
+ *
+ * @version 0.8.0
+ * @author Chen, Yi-Cyuan [emn178@gmail.com]
+ * @copyright Chen, Yi-Cyuan 2015-2018
+ * @license MIT
+ */
+!function(){"use strict";function t(t,e,r){this.blocks=[],this.s=[],this.padding=e,this.outputBits=r,this.reset=!0,this.finalized=!1,this.block=0,this.start=0,this.blockCount=1600-(t<<1)>>5,this.byteCount=this.blockCount<<2,this.outputBlocks=r>>5,this.extraBytes=(31&r)>>3;for(var n=0;n<50;++n)this.s[n]=0}function e(e,r,n){t.call(this,e,r,n)}var r="input is invalid type",n="object"==typeof window,i=n?window:{};i.JS_SHA3_NO_WINDOW&&(n=!1);var o=!n&&"object"==typeof self;!i.JS_SHA3_NO_NODE_JS&&"object"==typeof process&&process.versions&&process.versions.node?i=global:o&&(i=self);var a=!i.JS_SHA3_NO_COMMON_JS&&"object"==typeof module&&module.exports,s="function"==typeof define&&define.amd,u=!i.JS_SHA3_NO_ARRAY_BUFFER&&"undefined"!=typeof ArrayBuffer,f="0123456789abcdef".split(""),c=[4,1024,262144,67108864],h=[0,8,16,24],p=[1,0,32898,0,32906,2147483648,2147516416,2147483648,32907,0,2147483649,0,2147516545,2147483648,32777,2147483648,138,0,136,0,2147516425,0,2147483658,0,2147516555,0,139,2147483648,32905,2147483648,32771,2147483648,32770,2147483648,128,2147483648,32778,0,2147483658,2147483648,2147516545,2147483648,32896,2147483648,2147483649,0,2147516424,2147483648],d=[224,256,384,512],l=[128,256],y=["hex","buffer","arrayBuffer","array","digest"],b={128:168,256:136};!i.JS_SHA3_NO_NODE_JS&&Array.isArray||(Array.isArray=function(t){return"[object Array]"===Object.prototype.toString.call(t)}),!u||!i.JS_SHA3_NO_ARRAY_BUFFER_IS_VIEW&&ArrayBuffer.isView||(ArrayBuffer.isView=function(t){return"object"==typeof t&&t.buffer&&t.buffer.constructor===ArrayBuffer});for(var A=function(e,r,n){return function(i){return new t(e,r,e).update(i)[n]()}},w=function(e,r,n){return function(i,o){return new t(e,r,o).update(i)[n]()}},v=function(t,e,r){return function(e,n,i,o){return S["cshake"+t].update(e,n,i,o)[r]()}},B=function(t,e,r){return function(e,n,i,o){return S["kmac"+t].update(e,n,i,o)[r]()}},g=function(t,e,r,n){for(var i=0;i<y.length;++i){var o=y[i];t[o]=e(r,n,o)}return t},_=function(e,r){var n=A(e,r,"hex");return n.create=function(){return new t(e,r,e)},n.update=function(t){return n.create().update(t)},g(n,A,e,r)},k=[{name:"keccak",padding:[1,256,65536,16777216],bits:d,createMethod:_},{name:"sha3",padding:[6,1536,393216,100663296],bits:d,createMethod:_},{name:"shake",padding:[31,7936,2031616,520093696],bits:l,createMethod:function(e,r){var n=w(e,r,"hex");return n.create=function(n){return new t(e,r,n)},n.update=function(t,e){return n.create(e).update(t)},g(n,w,e,r)}},{name:"cshake",padding:c,bits:l,createMethod:function(e,r){var n=b[e],i=v(e,0,"hex");return i.create=function(i,o,a){return o||a?new t(e,r,i).bytepad([o,a],n):S["shake"+e].create(i)},i.update=function(t,e,r,n){return i.create(e,r,n).update(t)},g(i,v,e,r)}},{name:"kmac",padding:c,bits:l,createMethod:function(t,r){var n=b[t],i=B(t,0,"hex");return i.create=function(i,o,a){return new e(t,r,o).bytepad(["KMAC",a],n).bytepad([i],n)},i.update=function(t,e,r,n){return i.create(t,r,n).update(e)},g(i,B,t,r)}}],S={},C=[],x=0;x<k.length;++x)for(var m=k[x],E=m.bits,O=0;O<E.length;++O){var z=m.name+"_"+E[O];if(C.push(z),S[z]=m.createMethod(E[O],m.padding),"sha3"!==m.name){var N=m.name+E[O];C.push(N),S[N]=S[z]}}t.prototype.update=function(t){if(this.finalized)throw new Error("finalize already called");var e,n=typeof t;if("string"!==n){if("object"!==n)throw new Error(r);if(null===t)throw new Error(r);if(u&&t.constructor===ArrayBuffer)t=new Uint8Array(t);else if(!(Array.isArray(t)||u&&ArrayBuffer.isView(t)))throw new Error(r);e=!0}for(var i,o,a=this.blocks,s=this.byteCount,f=t.length,c=this.blockCount,p=0,d=this.s;p<f;){if(this.reset)for(this.reset=!1,a[0]=this.block,i=1;i<c+1;++i)a[i]=0;if(e)for(i=this.start;p<f&&i<s;++p)a[i>>2]|=t[p]<<h[3&i++];else for(i=this.start;p<f&&i<s;++p)(o=t.charCodeAt(p))<128?a[i>>2]|=o<<h[3&i++]:o<2048?(a[i>>2]|=(192|o>>6)<<h[3&i++],a[i>>2]|=(128|63&o)<<h[3&i++]):o<55296||o>=57344?(a[i>>2]|=(224|o>>12)<<h[3&i++],a[i>>2]|=(128|o>>6&63)<<h[3&i++],a[i>>2]|=(128|63&o)<<h[3&i++]):(o=65536+((1023&o)<<10|1023&t.charCodeAt(++p)),a[i>>2]|=(240|o>>18)<<h[3&i++],a[i>>2]|=(128|o>>12&63)<<h[3&i++],a[i>>2]|=(128|o>>6&63)<<h[3&i++],a[i>>2]|=(128|63&o)<<h[3&i++]);if(this.lastByteIndex=i,i>=s){for(this.start=i-s,this.block=a[c],i=0;i<c;++i)d[i]^=a[i];j(d),this.reset=!0}else this.start=i}return this},t.prototype.encode=function(t,e){var r=255&t,n=1,i=[r];for(r=255&(t>>=8);r>0;)i.unshift(r),r=255&(t>>=8),++n;return e?i.push(n):i.unshift(n),this.update(i),i.length},t.prototype.encodeString=function(t){var e,n=typeof t;if("string"!==n){if("object"!==n)throw new Error(r);if(null===t)throw new Error(r);if(u&&t.constructor===ArrayBuffer)t=new Uint8Array(t);else if(!(Array.isArray(t)||u&&ArrayBuffer.isView(t)))throw new Error(r);e=!0}var i=0,o=t.length;if(e)i=o;else for(var a=0;a<t.length;++a){var s=t.charCodeAt(a);s<128?i+=1:s<2048?i+=2:s<55296||s>=57344?i+=3:(s=65536+((1023&s)<<10|1023&t.charCodeAt(++a)),i+=4)}return i+=this.encode(8*i),this.update(t),i},t.prototype.bytepad=function(t,e){for(var r=this.encode(e),n=0;n<t.length;++n)r+=this.encodeString(t[n]);var i=e-r%e,o=[];return o.length=i,this.update(o),this},t.prototype.finalize=function(){if(!this.finalized){this.finalized=!0;var t=this.blocks,e=this.lastByteIndex,r=this.blockCount,n=this.s;if(t[e>>2]|=this.padding[3&e],this.lastByteIndex===this.byteCount)for(t[0]=t[r],e=1;e<r+1;++e)t[e]=0;for(t[r-1]|=2147483648,e=0;e<r;++e)n[e]^=t[e];j(n)}},t.prototype.toString=t.prototype.hex=function(){this.finalize();for(var t,e=this.blockCount,r=this.s,n=this.outputBlocks,i=this.extraBytes,o=0,a=0,s="";a<n;){for(o=0;o<e&&a<n;++o,++a)t=r[o],s+=f[t>>4&15]+f[15&t]+f[t>>12&15]+f[t>>8&15]+f[t>>20&15]+f[t>>16&15]+f[t>>28&15]+f[t>>24&15];a%e==0&&(j(r),o=0)}return i&&(t=r[o],s+=f[t>>4&15]+f[15&t],i>1&&(s+=f[t>>12&15]+f[t>>8&15]),i>2&&(s+=f[t>>20&15]+f[t>>16&15])),s},t.prototype.arrayBuffer=function(){this.finalize();var t,e=this.blockCount,r=this.s,n=this.outputBlocks,i=this.extraBytes,o=0,a=0,s=this.outputBits>>3;t=i?new ArrayBuffer(n+1<<2):new ArrayBuffer(s);for(var u=new Uint32Array(t);a<n;){for(o=0;o<e&&a<n;++o,++a)u[a]=r[o];a%e==0&&j(r)}return i&&(u[o]=r[o],t=t.slice(0,s)),t},t.prototype.buffer=t.prototype.arrayBuffer,t.prototype.digest=t.prototype.array=function(){this.finalize();for(var t,e,r=this.blockCount,n=this.s,i=this.outputBlocks,o=this.extraBytes,a=0,s=0,u=[];s<i;){for(a=0;a<r&&s<i;++a,++s)t=s<<2,e=n[a],u[t]=255&e,u[t+1]=e>>8&255,u[t+2]=e>>16&255,u[t+3]=e>>24&255;s%r==0&&j(n)}return o&&(t=s<<2,e=n[a],u[t]=255&e,o>1&&(u[t+1]=e>>8&255),o>2&&(u[t+2]=e>>16&255)),u},(e.prototype=new t).finalize=function(){return this.encode(this.outputBits,!0),t.prototype.finalize.call(this)};var j=function(t){var e,r,n,i,o,a,s,u,f,c,h,d,l,y,b,A,w,v,B,g,_,k,S,C,x,m,E,O,z,N,j,J,M,H,I,R,U,V,F,D,W,Y,K,q,G,L,P,Q,T,X,Z,$,tt,et,rt,nt,it,ot,at,st,ut,ft,ct;for(n=0;n<48;n+=2)i=t[0]^t[10]^t[20]^t[30]^t[40],o=t[1]^t[11]^t[21]^t[31]^t[41],a=t[2]^t[12]^t[22]^t[32]^t[42],s=t[3]^t[13]^t[23]^t[33]^t[43],u=t[4]^t[14]^t[24]^t[34]^t[44],f=t[5]^t[15]^t[25]^t[35]^t[45],c=t[6]^t[16]^t[26]^t[36]^t[46],h=t[7]^t[17]^t[27]^t[37]^t[47],e=(d=t[8]^t[18]^t[28]^t[38]^t[48])^(a<<1|s>>>31),r=(l=t[9]^t[19]^t[29]^t[39]^t[49])^(s<<1|a>>>31),t[0]^=e,t[1]^=r,t[10]^=e,t[11]^=r,t[20]^=e,t[21]^=r,t[30]^=e,t[31]^=r,t[40]^=e,t[41]^=r,e=i^(u<<1|f>>>31),r=o^(f<<1|u>>>31),t[2]^=e,t[3]^=r,t[12]^=e,t[13]^=r,t[22]^=e,t[23]^=r,t[32]^=e,t[33]^=r,t[42]^=e,t[43]^=r,e=a^(c<<1|h>>>31),r=s^(h<<1|c>>>31),t[4]^=e,t[5]^=r,t[14]^=e,t[15]^=r,t[24]^=e,t[25]^=r,t[34]^=e,t[35]^=r,t[44]^=e,t[45]^=r,e=u^(d<<1|l>>>31),r=f^(l<<1|d>>>31),t[6]^=e,t[7]^=r,t[16]^=e,t[17]^=r,t[26]^=e,t[27]^=r,t[36]^=e,t[37]^=r,t[46]^=e,t[47]^=r,e=c^(i<<1|o>>>31),r=h^(o<<1|i>>>31),t[8]^=e,t[9]^=r,t[18]^=e,t[19]^=r,t[28]^=e,t[29]^=r,t[38]^=e,t[39]^=r,t[48]^=e,t[49]^=r,y=t[0],b=t[1],L=t[11]<<4|t[10]>>>28,P=t[10]<<4|t[11]>>>28,O=t[20]<<3|t[21]>>>29,z=t[21]<<3|t[20]>>>29,st=t[31]<<9|t[30]>>>23,ut=t[30]<<9|t[31]>>>23,Y=t[40]<<18|t[41]>>>14,K=t[41]<<18|t[40]>>>14,H=t[2]<<1|t[3]>>>31,I=t[3]<<1|t[2]>>>31,A=t[13]<<12|t[12]>>>20,w=t[12]<<12|t[13]>>>20,Q=t[22]<<10|t[23]>>>22,T=t[23]<<10|t[22]>>>22,N=t[33]<<13|t[32]>>>19,j=t[32]<<13|t[33]>>>19,ft=t[42]<<2|t[43]>>>30,ct=t[43]<<2|t[42]>>>30,et=t[5]<<30|t[4]>>>2,rt=t[4]<<30|t[5]>>>2,R=t[14]<<6|t[15]>>>26,U=t[15]<<6|t[14]>>>26,v=t[25]<<11|t[24]>>>21,B=t[24]<<11|t[25]>>>21,X=t[34]<<15|t[35]>>>17,Z=t[35]<<15|t[34]>>>17,J=t[45]<<29|t[44]>>>3,M=t[44]<<29|t[45]>>>3,C=t[6]<<28|t[7]>>>4,x=t[7]<<28|t[6]>>>4,nt=t[17]<<23|t[16]>>>9,it=t[16]<<23|t[17]>>>9,V=t[26]<<25|t[27]>>>7,F=t[27]<<25|t[26]>>>7,g=t[36]<<21|t[37]>>>11,_=t[37]<<21|t[36]>>>11,$=t[47]<<24|t[46]>>>8,tt=t[46]<<24|t[47]>>>8,q=t[8]<<27|t[9]>>>5,G=t[9]<<27|t[8]>>>5,m=t[18]<<20|t[19]>>>12,E=t[19]<<20|t[18]>>>12,ot=t[29]<<7|t[28]>>>25,at=t[28]<<7|t[29]>>>25,D=t[38]<<8|t[39]>>>24,W=t[39]<<8|t[38]>>>24,k=t[48]<<14|t[49]>>>18,S=t[49]<<14|t[48]>>>18,t[0]=y^~A&v,t[1]=b^~w&B,t[10]=C^~m&O,t[11]=x^~E&z,t[20]=H^~R&V,t[21]=I^~U&F,t[30]=q^~L&Q,t[31]=G^~P&T,t[40]=et^~nt&ot,t[41]=rt^~it&at,t[2]=A^~v&g,t[3]=w^~B&_,t[12]=m^~O&N,t[13]=E^~z&j,t[22]=R^~V&D,t[23]=U^~F&W,t[32]=L^~Q&X,t[33]=P^~T&Z,t[42]=nt^~ot&st,t[43]=it^~at&ut,t[4]=v^~g&k,t[5]=B^~_&S,t[14]=O^~N&J,t[15]=z^~j&M,t[24]=V^~D&Y,t[25]=F^~W&K,t[34]=Q^~X&$,t[35]=T^~Z&tt,t[44]=ot^~st&ft,t[45]=at^~ut&ct,t[6]=g^~k&y,t[7]=_^~S&b,t[16]=N^~J&C,t[17]=j^~M&x,t[26]=D^~Y&H,t[27]=W^~K&I,t[36]=X^~$&q,t[37]=Z^~tt&G,t[46]=st^~ft&et,t[47]=ut^~ct&rt,t[8]=k^~y&A,t[9]=S^~b&w,t[18]=J^~C&m,t[19]=M^~x&E,t[28]=Y^~H&R,t[29]=K^~I&U,t[38]=$^~q&L,t[39]=tt^~G&P,t[48]=ft^~et&nt,t[49]=ct^~rt&it,t[0]^=p[n],t[1]^=p[n+1]};if(a)module.exports=S;else{for(x=0;x<C.length;++x)i[C[x]]=S[C[x]];s&&define(function(){return S})}}();
\ No newline at end of file