diff --git a/service/src/sys_account.rs b/service/src/sys_account.rs
index 16b6936..a4a4f99 100644
--- a/service/src/sys_account.rs
+++ b/service/src/sys_account.rs
@@ -1,6 +1,8 @@
 use chrono::Utc;
-use domain::{dto::account::AuthenticateWithPassword, entities::account::Account};
-use library::{db, resp::response::{ResErr, ResOK, ResResult}};
+use domain::{dto::account::AuthenticateWithPassword, entities::account::{Account, Role}};
+use library::{db, resp::response::{ResErr, ResOK, ResResult}, token::{generate_refresh_token, generate_token}};
+
+use crate::utils::login_cache::{LoginAccount, LOGIN_CACHE};
 
 
 pub async fn authticate_with_password(req: AuthenticateWithPassword) -> ResResult<ResOK<(String, String)>> {
@@ -14,6 +16,18 @@ pub async fn authticate_with_password(req: AuthenticateWithPassword) -> ResResul
         tracing::error!("账户已禁用");
         return Err(ResErr::auth("账户已禁用"));
     }
+    if account.role != Role::Admin {
+        tracing::error!("账户不是管理员，无权限");
+        return Err(ResErr::perm("账户无权限"));
+    }
 
-    Ok(ResOK(Some(("".to_string(), "".to_string()))))
+    let token = generate_token(&account.id);
+    let refresh_token = generate_refresh_token(&account.id);
+
+    LOGIN_CACHE.insert(account.id.to_owned(), LoginAccount{
+        account,
+        token: token.to_owned(),
+    }).await;
+
+    Ok(ResOK(Some((token, refresh_token))))
 }
\ No newline at end of file
diff --git a/service/src/utils/login_cache.rs b/service/src/utils/login_cache.rs
index 06e1564..f6d515c 100644
--- a/service/src/utils/login_cache.rs
+++ b/service/src/utils/login_cache.rs
@@ -1,5 +1,6 @@
 use std::time::Duration;
 
+use domain::entities::account::Account;
 use lazy_static::lazy_static;
 use library::config;
 use moka::{
@@ -8,7 +9,10 @@ use moka::{
 };
 
 #[derive(Debug, Clone)]
-pub struct LoginAccount {}
+pub struct LoginAccount {
+    pub account: Account,
+    pub token: String,
+}
 
 lazy_static! {
     pub static ref LOGIN_CACHE: Cache<String, LoginAccount> = {