diff --git a/base/ctx/display.go b/base/ctx/display.go
index 98da8574..ce9a9eda 100644
--- a/base/ctx/display.go
+++ b/base/ctx/display.go
@@ -31,7 +31,7 @@ func DisplayTableCard(m *ice.Message, arg ...ice.Any) *ice.Message {
 	return DisplayTable(m, STYLE, "card")
 }
 func DisplayStory(m *ice.Message, file string, arg ...ice.Any) *ice.Message {
-	kit.If(file == "", func() { file = kit.Keys(kit.FileName(5), nfs.JS) })
+	kit.If(file == "", func() { file = kit.Keys(m.CommandKey(), nfs.JS) })
 	kit.If(isLocalFile(file), func() { file = path.Join(ice.PLUGIN_STORY, file) })
 	return DisplayBase(m, file, arg...)
 }
diff --git a/base/web/serve.go b/base/web/serve.go
index c9a3f11b..02fde109 100644
--- a/base/web/serve.go
+++ b/base/web/serve.go
@@ -125,6 +125,7 @@ func _serve_handle(key string, cmd *ice.Command, m *ice.Message, w http.Response
 		kit.For(r.PostForm, func(k string, v []string) { _log(FORM, k, kit.Join(v, lex.SP)).Optionv(k, v) })
 	}
 	kit.For(r.Cookies(), func(k, v string) { m.Optionv(k, v) })
+	m.Options(ice.MSG_REFERER, r.Header.Get(Referer))
 	m.Options(ice.MSG_METHOD, r.Method, ice.MSG_COUNT, "0")
 	m.Options(ice.MSG_USERWEB, _serve_domain(m), ice.MSG_USERPOD, m.Option(ice.POD))
 	m.Options(ice.MSG_USERUA, r.Header.Get(UserAgent), ice.MSG_USERIP, r.Header.Get(ice.MSG_USERIP))
diff --git a/base/web/share.go b/base/web/share.go
index f007bc0c..7ad8f7cc 100644
--- a/base/web/share.go
+++ b/base/web/share.go
@@ -112,7 +112,7 @@ func init() {
 					RenderMain(m)
 				}
 			}},
-		}, aaa.WhiteAction(), mdb.HashAction(mdb.FIELD, "time,hash,type,name,text,usernick,username,userrole", mdb.EXPIRE, mdb.DAYS)), Hand: func(m *ice.Message, arg ...string) {
+		}, aaa.WhiteAction(), StatsAction(), mdb.HashAction(mdb.FIELD, "time,hash,type,name,text,usernick,username,userrole", mdb.EXPIRE, mdb.DAYS)), Hand: func(m *ice.Message, arg ...string) {
 			if kit.IsIn(m.Option(ice.MSG_USERROLE), aaa.ROOT, aaa.TECH) || len(arg) > 0 && arg[0] != "" {
 				mdb.HashSelect(m, arg...)
 			}
diff --git a/base/web/stats.go b/base/web/stats.go
index a46a4d7a..157b13cb 100644
--- a/base/web/stats.go
+++ b/base/web/stats.go
@@ -19,25 +19,27 @@ func init() {
 	Index.MergeCommands(ice.Commands{
 		STATS: {Name: "stats refresh", Help: "汇总量", Meta: kit.Dict(
 			ice.CTX_TRANS, kit.Dict(html.INPUT, kit.Dict(
-				"command.total", "命令总数",
-				"repos.total", "代码库总数",
-				"dream.total", "空间总数",
-				"dream.start", "已启动空间",
-				"asset.amount", "资产总额",
-				"asset.count", "资产数量",
 				"goods.amount", "商品总额",
 				"goods.count", "商品数量",
+				"asset.amount", "资产总额",
+				"asset.count", "资产数量",
+				"task.total", "任务总数",
+				"dream.total", "空间总数",
+				"dream.start", "已启动空间",
+				"repos.total", "代码库总数",
+				"command.total", "命令总数",
+				"share.total", "共享总数",
+				"token.total", "令牌总数",
 				"user.total", "用户总数",
 				"sess.total", "会话总数",
-				"task.total", "任务总数",
-				"disk.total", "磁盘总量",
-				"disk.used", "磁盘用量",
-				"mem.total", "内存总量",
-				"mem.used", "内存用量",
 				"cpu.total", "处理器核数",
+				"mem.used", "内存用量",
+				"mem.total", "内存总量",
+				"disk.used", "磁盘用量",
+				"disk.total", "磁盘总量",
 			)),
 		), Hand: func(m *ice.Message, arg ...string) {
-			defer ctx.DisplayStory(m, "stats.js")
+			defer ctx.DisplayStory(m, "")
 			if m.Option(ice.MSG_USERPOD) == "" {
 				PushStats(m, kit.Keys(aaa.SESS, mdb.TOTAL), m.Cmd(aaa.SESS).Length(), "")
 				if ice.Info.Username == ice.Info.Make.Username {
diff --git a/base/web/token.go b/base/web/token.go
index d514376f..9009f222 100644
--- a/base/web/token.go
+++ b/base/web/token.go
@@ -43,6 +43,11 @@ func init() {
 				}).Cmd(nfs.SAVE, kit.HomePath(FILE), strings.Join(list, lex.NL)+lex.NL)
 				m.ProcessClose()
 			}},
-		}, mdb.HashAction(mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,type,name,text", mdb.EXPIRE, mdb.MONTH))},
+		}, StatsAction(), mdb.HashAction(mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,type,name,text", mdb.EXPIRE, mdb.MONTH)), Hand: func(m *ice.Message, arg ...string) {
+			mdb.HashSelect(m, arg...)
+			if len(arg) > 0 {
+				m.EchoScript(kit.Format("ish_miss_serve_log dev %s token %s", UserHost(m), arg[0]))
+			}
+		}},
 	})
 }
diff --git a/conf.go b/conf.go
index 14d85a3d..04072137 100644
--- a/conf.go
+++ b/conf.go
@@ -228,6 +228,7 @@ const ( // MSG
 	MSG_STORM   = "sess.storm"
 	MSG_COUNT   = "sess.count"
 	MSG_DAEMON  = "sess.daemon"
+	MSG_REFERER = "sess.referer"
 	MSG_FILES   = "file.system"
 	LOG_DISABLE = "log.disable"
 	LOG_TRACEID = "log.id"
diff --git a/core/chat/header.go b/core/chat/header.go
index 5616c4de..15bb6cfe 100644
--- a/core/chat/header.go
+++ b/core/chat/header.go
@@ -122,14 +122,13 @@ func init() {
 			m.Option("icon.lib", mdb.Conf(m, ICON, kit.Keym(nfs.PATH)))
 			m.Option(MENUS, mdb.Config(m, MENUS))
 			m.Echo(mdb.Config(m, TITLE))
-			mdb.HashSelect(m, arg...).Sort("order", "int")
-			if m.Option(ice.MSG_USERROLE) == aaa.TECH {
-				m.Action(mdb.CREATE, ice.DEMO)
-			}
+			mdb.HashSelect(m, arg...).Sort(mdb.ORDER, ice.INT)
+			m.Table(func(value ice.Maps) { m.Push(mdb.STATUS, kit.Select("enable", "disable", value[mdb.ORDER] == "")) })
+			kit.If(m.Option(ice.MSG_USERROLE) == aaa.TECH, func() { m.Action(mdb.CREATE, ice.DEMO) })
 			kit.If(GetSSO(m), func(p string) {
 				m.Push(mdb.TIME, m.Time()).Push(mdb.NAME, web.SERVE).Push(mdb.ICONS, nfs.USR_ICONS_ICEBERGS).Push(mdb.TYPE, "oauth").Push(web.LINK, p)
 			})
-			m.StatusTimeCount(kit.Dict(ice.DEMO, mdb.Config(m, ice.DEMO)))
+			m.StatusTimeCount(kit.Dict(mdb.ConfigSimple(m, ice.DEMO)))
 			if gdb.Event(m, HEADER_AGENT); !_header_check(m, arg...) {
 				return
 			}
diff --git a/misc/mp/login.go b/misc/mp/login.go
index b072388b..0a5fd3cd 100644
--- a/misc/mp/login.go
+++ b/misc/mp/login.go
@@ -1,23 +1,14 @@
 package mp
 
 import (
-	"encoding/base64"
-	"net/http"
-	"time"
-
 	ice "shylinux.com/x/icebergs"
 	"shylinux.com/x/icebergs/base/aaa"
-	"shylinux.com/x/icebergs/base/cli"
 	"shylinux.com/x/icebergs/base/ctx"
 	"shylinux.com/x/icebergs/base/mdb"
 	"shylinux.com/x/icebergs/base/tcp"
 	"shylinux.com/x/icebergs/base/web"
-	kit "shylinux.com/x/toolkits"
 )
 
-const (
-	AUTH_CODE = "/sns/jscode2session?grant_type=authorization_code"
-)
 const (
 	APPID  = "appid"
 	SECRET = "secret"
@@ -40,41 +31,10 @@ func init() {
 			ice.CTX_INIT: {Hand: func(m *ice.Message, arg ...string) {
 				m.Cmd(web.SPIDE, mdb.CREATE, MP, mdb.Config(m, tcp.SERVER))
 			}},
-			aaa.SESS: {Name: "sess code", Help: "会话", Hand: func(m *ice.Message, arg ...string) {
-				m.Option(ice.MSG_USERZONE, MP)
-				msg := m.Cmd(web.SPIDE, MP, http.MethodGet, AUTH_CODE, "js_code", m.Option(cli.CODE), mdb.ConfigSimple(m, APPID, SECRET))
-				m.Echo(aaa.SessCreate(msg, msg.Append(OPENID)))
-			}},
-			aaa.USER: {Help: "用户", Hand: func(m *ice.Message, arg ...string) {
-				if m.Cmd(aaa.USER, m.Option(aaa.USERNAME, m.Option(ice.MSG_USERNAME))).Length() == 0 {
-					m.Cmd(aaa.USER, mdb.CREATE, aaa.USERNICK, "", m.OptionSimple(aaa.USERNAME))
-				}
-				m.Cmd(aaa.USER, mdb.MODIFY, m.OptionSimple(aaa.USERNAME), aaa.USERNICK, m.Option("nickName"), aaa.USERZONE, MP,
-					aaa.AVATAR, m.Option("avatarUrl"), aaa.GENDER, kit.Select("女", "男", m.Option(aaa.GENDER) == "1"),
-					m.OptionSimple(aaa.CITY, aaa.COUNTRY, aaa.LANGUAGE, aaa.PROVINCE),
-				)
-			}},
 		}, aaa.WhiteAction(aaa.SESS, aaa.USER), ctx.ConfAction(tcp.SERVER, "https://api.weixin.qq.com"))},
 
-		LOGIN: {Name: "login appid auto qrcode tokens create", Help: "认证", Actions: ice.Actions{
-			mdb.CREATE: {Name: "create appid secret", Hand: func(m *ice.Message, arg ...string) {
-				ctx.ConfigFromOption(m, APPID, SECRET)
-			}},
-			TOKENS: {Help: "令牌", Hand: func(m *ice.Message, arg ...string) {
-				if now := time.Now().Unix(); mdb.Config(m, TOKENS) == "" || now > kit.Int64(mdb.Config(m, EXPIRES)) {
-					msg := m.Cmd(web.SPIDE, MP, http.MethodGet, "/cgi-bin/token?grant_type=client_credential", APPID, mdb.Config(m, APPID), SECRET, mdb.Config(m, SECRET))
-					if m.Warn(msg.Append(ERRCODE) != "", msg.Append(ERRCODE), msg.Append(ERRMSG)) {
-						return
-					}
-					mdb.Config(m, EXPIRES, now+kit.Int64(msg.Append("expires_in")))
-					mdb.Config(m, TOKENS, msg.Append("access_token"))
-				}
-				m.Echo(mdb.Config(m, TOKENS)).Status(EXPIRES, time.Unix(kit.Int64(mdb.Config(m, EXPIRES)), 0).Format(ice.MOD_TIME))
-			}},
-			QRCODE: {Name: "qrcode path scene", Help: "扫码", Hand: func(m *ice.Message, arg ...string) {
-				msg := m.Cmd(web.SPIDE, MP, http.MethodPost, "/wxa/getwxacodeunlimit?access_token="+m.Cmdx(LOGIN, TOKENS), m.OptionSimple("path,scene"))
-				m.Echo(kit.Format(`<img src="data:image/png;base64,%s" title='%s'>`, base64.StdEncoding.EncodeToString([]byte(msg.Result())), "some")).ProcessInner()
-			}},
-		}, Hand: func(m *ice.Message, arg ...string) { m.Echo(mdb.Config(m, APPID)) }},
+		LOGIN: {Name: "login list", Help: "登录", Actions: ice.Actions{
+			mdb.CREATE: {Hand: func(m *ice.Message, arg ...string) { m.Cmd("web.chat.wx.access", mdb.CREATE, arg) }},
+		}, Hand: func(m *ice.Message, arg ...string) { m.Cmdy("web.chat.wx.access") }},
 	})
 }
diff --git a/misc/mp/mp.shy b/misc/mp/mp.shy
index 7b08a0b8..e69de29b 100644
--- a/misc/mp/mp.shy
+++ b/misc/mp/mp.shy
@@ -1,12 +0,0 @@
-title "微信小程序"
-refer `
-官网 https://weixin.qq.com/
-后台 https://mp.weixin.qq.com/
-文档 https://developers.weixin.qq.com/miniprogram/dev/api/
-`
-qrcode `https://mp.weixin.qq.com/a/~HkylKD4DZShrgSm5GuXWLQ~~`
-return
-
-chapter "应用"
-field "认证" web.chat.mp.login
-field "位置" web.chat.location
diff --git a/misc/wx/login.go b/misc/wx/login.go
index 69405750..14e4b9ab 100644
--- a/misc/wx/login.go
+++ b/misc/wx/login.go
@@ -4,13 +4,16 @@ import (
 	"bytes"
 	"encoding/xml"
 	"io/ioutil"
+	"net/http"
 	"strings"
 
 	ice "shylinux.com/x/icebergs"
 	"shylinux.com/x/icebergs/base/aaa"
+	"shylinux.com/x/icebergs/base/cli"
 	"shylinux.com/x/icebergs/base/ctx"
 	"shylinux.com/x/icebergs/base/gdb"
 	"shylinux.com/x/icebergs/base/mdb"
+	"shylinux.com/x/icebergs/base/nfs"
 	"shylinux.com/x/icebergs/base/web"
 	"shylinux.com/x/icebergs/core/chat"
 	"shylinux.com/x/icebergs/core/chat/location"
@@ -68,11 +71,30 @@ func _wx_parse(m *ice.Message) {
 const LOGIN = "login"
 
 func init() {
+	const (
+		AUTH_CODE = "/sns/jscode2session?grant_type=authorization_code"
+	)
 	web.Index.MergeCommands(ice.Commands{
 		"/MP_verify_0xp0zkW3fIzIq2Bo.txt": {Actions: aaa.WhiteAction(), Hand: func(m *ice.Message, arg ...string) { m.RenderResult("0xp0zkW3fIzIq2Bo") }},
 	})
 	Index.MergeCommands(ice.Commands{
-		web.PP(LOGIN): {Actions: aaa.WhiteAction(), Hand: func(m *ice.Message, arg ...string) {
+		web.PP(LOGIN): {Actions: ice.MergeActions(ice.Actions{
+			aaa.SESS: {Name: "sess code", Help: "会话", Hand: func(m *ice.Message, arg ...string) {
+				m.Option(ice.MSG_USERZONE, WX)
+				msg := m.Cmd(ACCESS, kit.Split(kit.ParseURL(m.Option(ice.MSG_REFERER)).Path, nfs.PS)[0])
+				msg = m.Cmd(web.SPIDE, WX, http.MethodGet, AUTH_CODE, "js_code", m.Option(cli.CODE), msg.AppendSimple(APPID, SECRET))
+				m.Echo(aaa.SessCreate(msg, msg.Append(OPENID)))
+			}},
+			aaa.USER: {Help: "用户", Hand: func(m *ice.Message, arg ...string) {
+				if m.Cmd(aaa.USER, m.Option(aaa.USERNAME, m.Option(ice.MSG_USERNAME))).Length() == 0 {
+					m.Cmd(aaa.USER, mdb.CREATE, aaa.USERNICK, "", m.OptionSimple(aaa.USERNAME))
+				}
+				m.Cmd(aaa.USER, mdb.MODIFY, m.OptionSimple(aaa.USERNAME), aaa.USERNICK, m.Option("nickName"), aaa.USERZONE, WX,
+					aaa.AVATAR, m.Option("avatarUrl"), aaa.GENDER, kit.Select("女", "男", m.Option(aaa.GENDER) == "1"),
+					m.OptionSimple(aaa.CITY, aaa.COUNTRY, aaa.LANGUAGE, aaa.PROVINCE),
+				)
+			}},
+		}, aaa.WhiteAction()), Hand: func(m *ice.Message, arg ...string) {
 			if m.Cmdx(ACCESS, aaa.CHECK) == "" {
 				return
 			} else if m.Option("echostr") != "" {
diff --git a/misc/wx/scan.go b/misc/wx/scan.go
index dbd64442..1846a4f1 100644
--- a/misc/wx/scan.go
+++ b/misc/wx/scan.go
@@ -1,6 +1,9 @@
 package wx
 
 import (
+	"encoding/base64"
+	"net/http"
+
 	ice "shylinux.com/x/icebergs"
 	"shylinux.com/x/icebergs/base/cli"
 	"shylinux.com/x/icebergs/base/mdb"
@@ -25,11 +28,16 @@ func init() {
 				mdb.HashModify(m, mdb.HASH, h, mdb.LINK, kit.Value(res, web.URL), mdb.TIME, m.Time(kit.Format("%ss", kit.Select("60", m.Option(EXPIRE_SECONDS)))))
 				m.EchoQRCode(kit.Format(kit.Value(res, web.URL)))
 			}},
+			"unlimit": {Name: "unlimit path scene", Help: "小程序码", Hand: func(m *ice.Message, arg ...string) {
+				msg := m.Cmd(web.SPIDE, WX, web.SPIDE_RAW, http.MethodPost, "/wxa/getwxacodeunlimit?access_token="+m.Cmdx(ACCESS, TOKENS), m.OptionSimple("path,scene"))
+				m.Echo(kit.Format(`<img src="data:image/png;base64,%s" title='%s'>`, base64.StdEncoding.EncodeToString([]byte(msg.Result())), "some")).ProcessInner()
+			}},
 		}, mdb.ExportHashAction(mdb.SHORT, mdb.UNIQ, mdb.FIELD, "time,hash,name,text,icons,space,index,args,type,link")), Hand: func(m *ice.Message, arg ...string) {
 			if len(arg) == 0 {
 				m.Cmdy(ACCESS).PushAction("").Option(ice.MSG_ACTION, "")
 			} else if mdb.HashSelect(m, arg[1:]...); len(arg) == 1 {
 				m.Table(func(value ice.Maps) { m.Push(mdb.STATUS, kit.Select("valid", "expired", value[mdb.TIME] < m.Time())) })
+				m.Action("unlimit")
 			} else {
 				kit.If(m.Time() < m.Append(mdb.TIME), func() { m.PushQRCode(cli.QRCODE, m.Append(mdb.LINK)) })
 			}
diff --git a/misc/wx/wx.shy b/misc/wx/wx.shy
index d2551afe..3b90191b 100644
--- a/misc/wx/wx.shy
+++ b/misc/wx/wx.shy
@@ -15,4 +15,12 @@ field web.chat.wx.users
 
 chapter "数据"
 field web.chat.favor
-field web.chat.location
\ No newline at end of file
+field web.chat.location
+
+title "微信小程序"
+refer `
+官网 https://weixin.qq.com/
+后台 https://mp.weixin.qq.com/
+文档 https://developers.weixin.qq.com/miniprogram/dev/api/
+`
+qrcode `https://mp.weixin.qq.com/a/~HkylKD4DZShrgSm5GuXWLQ~~`