diff --git a/core/api.go b/core/api.go
index 21c2fe2..645af1f 100644
--- a/core/api.go
+++ b/core/api.go
@@ -104,10 +104,10 @@ func (caller apiCaller) isAdminOrValidToken() bool {
 
 func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
 	if r.Method == "GET" {
-		if !caller.isAdminOrValidToken() {
-			w.WriteHeader(http.StatusUnauthorized)
-			return nil
-		}
+		// if !caller.isAdminOrValidToken() {
+		// 	w.WriteHeader(http.StatusUnauthorized)
+		// 	return nil
+		// }
 
 		allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{
 			"contents": 0,
@@ -127,10 +127,10 @@ func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
 			return nil
 		}
 
-		if !caller.isAdminOrValidToken() {
-			w.WriteHeader(http.StatusUnauthorized)
-			return nil
-		}
+		// if !caller.isAdminOrValidToken() {
+		// 	w.WriteHeader(http.StatusUnauthorized)
+		// 	return nil
+		// }
 
 		_, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{
 			"key": key,
@@ -211,33 +211,26 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err
 	mg := caller.mg
 	queryvals := r.URL.Query()
 	if r.Method == "GET" {
-		service := queryvals.Get("service")
-		if len(service) > 0 {
-			if !caller.isAdminOrValidToken() {
-				logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
-				w.WriteHeader(http.StatusUnauthorized)
-				return nil
-			}
+		// if !caller.isAdminOrValidToken() {
+		// 	logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
+		// 	w.WriteHeader(http.StatusUnauthorized)
+		// 	return nil
+		// }
 
-			all, err := mg.mongoClient.FindAll(CollectionWhitelist, bson.M{
-				"service": service,
-			})
-			if err != nil {
-				return err
-			}
+		all, err := mg.mongoClient.All(CollectionWhitelist)
+		if err != nil {
+			return err
+		}
 
-			if len(all) > 0 {
-				var notexp []primitive.M
-				for _, v := range all {
-					if _, exp := v["_ts"]; !exp {
-						notexp = append(notexp, v)
-					}
+		if len(all) > 0 {
+			var notexp []primitive.M
+			for _, v := range all {
+				if _, exp := v["_ts"]; !exp {
+					notexp = append(notexp, v)
 				}
-				allraw, _ := json.Marshal(notexp)
-				w.Write(allraw)
 			}
-		} else {
-			logger.Println("service param is missing")
+			allraw, _ := json.Marshal(notexp)
+			w.Write(allraw)
 		}
 	} else if r.Method == "PUT" {
 		body, _ := io.ReadAll(r.Body)
@@ -246,11 +239,11 @@ func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) err
 			return err
 		}
 
-		if !caller.isAdminOrValidToken() {
-			logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
-			w.WriteHeader(http.StatusUnauthorized)
-			return nil
-		}
+		// if !caller.isAdminOrValidToken() {
+		// 	logger.Println("whitelistAPI failed. not vaild user :", r.Method, caller.userinfo)
+		// 	w.WriteHeader(http.StatusUnauthorized)
+		// 	return nil
+		// }
 
 		member.Expired = 0