diff --git a/admin-web/src/components/Product/ProductSkuAddOrUpdateTable.js b/admin-web/src/components/Product/ProductSkuAddOrUpdateTable.js
index 8e9452b92..c383785ea 100644
--- a/admin-web/src/components/Product/ProductSkuAddOrUpdateTable.js
+++ b/admin-web/src/components/Product/ProductSkuAddOrUpdateTable.js
@@ -78,8 +78,8 @@ export default class ProductSkuAddOrUpdateTable extends PureComponent {
         return <SkuInputNumber {...props} />;
       }
     });
-    return <Table columns={columns} dataSource={skus} rowKey="index" />;
+    return <Table columns={columns} dataSource={skus} rowKey="index" pagination={false} />;
     // return <div />;
   }
 
-}
\ No newline at end of file
+}
diff --git a/admin-web/src/pages/Product/ProductSpuAddOrUpdate.js b/admin-web/src/pages/Product/ProductSpuAddOrUpdate.js
index f0910898a..2e464d9fb 100644
--- a/admin-web/src/pages/Product/ProductSpuAddOrUpdate.js
+++ b/admin-web/src/pages/Product/ProductSpuAddOrUpdate.js
@@ -239,12 +239,6 @@ class ProductSpuAddOrUpdate extends Component {
                 initialValue: '', // TODO 修改
               })(<Input placeholder="请输入" />)}
             </FormItem>
-            <FormItem labelCol={{ span: 5 }} wrapperCol={{ span: 15 }} label="商品描述">
-              {form.getFieldDecorator('description', {
-                rules: [{ required: true, message: '请输入商品描述！' }],
-                initialValue: '', // TODO 修改
-              })(<Input.TextArea placeholder="请输入" />)}
-            </FormItem>
             <FormItem labelCol={{ span: 5 }} wrapperCol={{ span: 15 }} label="分类编号">
               {form.getFieldDecorator('cid', {
                 rules: [{ required: true, message: '请输入分类编号！' }],
@@ -279,7 +273,12 @@ class ProductSpuAddOrUpdate extends Component {
             <FormItem labelCol={{ span: 5 }} wrapperCol={{ span: 15 }} label="规格明细">
               {/*<Table defaultExpandAllRows={true} columns={columns} rowKey="id" />*/}
               <ProductSkuAddOrUpdateTable {...productSkuProps} />
-
+            </FormItem>
+            <FormItem labelCol={{ span: 5 }} wrapperCol={{ span: 15 }} label="商品描述">
+              {form.getFieldDecorator('description', {
+                rules: [{ required: true, message: '请输入商品描述！' }],
+                initialValue: '', // TODO 修改
+              })(<Input.TextArea placeholder="请输入" />)}
               <Button type="primary" htmlType="submit" style={{ marginLeft: 8 }} onSubmit={this.handleSubmit}>保存</Button>
             </FormItem>
           </Form>
diff --git a/admin/admin-application/pom.xml b/admin/admin-application/pom.xml
index 16dbb54e3..061cc411d 100644
--- a/admin/admin-application/pom.xml
+++ b/admin/admin-application/pom.xml
@@ -75,6 +75,11 @@
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>com.qiniu</groupId>
+            <artifactId>qiniu-java-sdk</artifactId>
+        </dependency>
+
     </dependencies>
 
     <build>
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/MVCConfiguration.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/MVCConfiguration.java
index b4f199ad4..163052c88 100644
--- a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/MVCConfiguration.java
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/MVCConfiguration.java
@@ -5,11 +5,17 @@ import cn.iocoder.common.framework.servlet.CorsFilter;
 import cn.iocoder.mall.admin.sdk.interceptor.AdminAccessLogInterceptor;
 import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
-import org.springframework.web.servlet.config.annotation.*;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.Set;
 
 @EnableWebMvc
 @Configuration
@@ -24,13 +30,15 @@ public class MVCConfiguration implements WebMvcConfigurer {
     private AdminSecurityInterceptor adminSecurityInterceptor;
     @Autowired
     private AdminAccessLogInterceptor adminAccessLogInterceptor;
-//
+
+    @Value("${auth.ignore-urls}")
+    private Set<String> ignoreUrls;
+
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
 //        registry.addInterceptor(securityInterceptor).addPathPatterns("/user/**", "/admin/**"); // 只拦截我们定义的接口
         registry.addInterceptor(adminAccessLogInterceptor).addPathPatterns("/admins/**");
-        registry.addInterceptor(adminSecurityInterceptor).addPathPatterns("/admins/**")
-                .excludePathPatterns("/admins/passport/login"); // 排除登陆接口
+        registry.addInterceptor(adminSecurityInterceptor.setIgnoreUrls(ignoreUrls)).addPathPatterns("/admins/**");
     }
 
     @Override
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/QiniuConfiguration.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/QiniuConfiguration.java
new file mode 100644
index 000000000..f01bf37f7
--- /dev/null
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/config/QiniuConfiguration.java
@@ -0,0 +1,21 @@
+package cn.iocoder.mall.admin.application.config;
+
+import com.qiniu.util.Auth;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class QiniuConfiguration {
+
+    @Value("${qiniu.access-key}")
+    private String accessKey;
+    @Value("${qiniu.secret-key}")
+    private String secretKey;
+
+    @Bean
+    public Auth auth() {
+        return Auth.create(accessKey, secretKey);
+    }
+
+}
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/controller/admins/FileController.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/controller/admins/FileController.java
new file mode 100644
index 000000000..5000528d9
--- /dev/null
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/application/controller/admins/FileController.java
@@ -0,0 +1,33 @@
+package cn.iocoder.mall.admin.application.controller.admins;
+
+import cn.iocoder.common.framework.vo.CommonResult;
+import com.qiniu.util.Auth;
+import io.swagger.annotations.Api;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("admins/file")
+@Api("文件模块")
+public class FileController {
+
+    private Logger logger = LoggerFactory.getLogger(getClass());
+
+    @Autowired
+    private Auth auth;
+    @Value("${qiniu.bucket}")
+    private String bucket;
+
+    @GetMapping("/get_qiniu_token")
+    public CommonResult<String> getQiniuToken() {
+        String token = auth.uploadToken(bucket);
+        logger.info("[qiniu_token][token({}) get]", token);
+        return CommonResult.success(token);
+    }
+
+}
diff --git a/admin/admin-application/src/main/resources/application.yaml b/admin/admin-application/src/main/resources/application.yaml
index a37e6a54f..b17cc27bc 100644
--- a/admin/admin-application/src/main/resources/application.yaml
+++ b/admin/admin-application/src/main/resources/application.yaml
@@ -6,4 +6,14 @@ spring:
 server:
   port: 18083
   servlet:
-    context-path: /admin-api/
\ No newline at end of file
+    context-path: /admin-api/
+
+# auth
+auth:
+  ignore-urls: /admin-api/admins/admin/passport/login, /admin-api/admins/file/get_qiniu_token
+
+# qiniu
+qiniu:
+  access-key: YldfyUC7OewoWM63TPYTairqnq8GMJvNek9EGoID
+  secret-key: zZ7Q8wwZRyaklVvkyLmVydA4WygOBqtc_gTYzalS
+  bucket: onemall
diff --git a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
index df5227d2d..47ec86953 100644
--- a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
+++ b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
@@ -26,6 +26,15 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
     @Reference(validation = "true")
     @Autowired(required = false) // TODO 芋艿，初始化时，会存在 spring boot 启动时，服务无法引用的情况，先暂时这么解决。
     private OAuth2Service oauth2Service;
+    /**
+     * 忽略的 URL 集合，即无需经过认证
+     */
+    private Set<String> ignoreUrls;
+
+    public AdminSecurityInterceptor setIgnoreUrls(Set<String> ignoreUrls) {
+        this.ignoreUrls = ignoreUrls;
+        return this;
+    }
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@@ -50,7 +59,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
             }
         } else {
             String url = request.getRequestURI();
-            if (!url.equals("/admin/passport/login")) { // TODO 临时写死。非登陆接口，必须已经认证身份，不允许匿名访问
+            if (ignoreUrls != null && !ignoreUrls.contains(url)) { // TODO 临时写死。非登陆接口，必须已经认证身份，不允许匿名访问
                 throw new ServiceException(AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getCode(), AdminErrorCodeEnum.OAUTH_NOT_LOGIN.getMessage());
             }
         }
diff --git a/pom.xml b/pom.xml
index f2bef62f1..741f51cdb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,6 +44,8 @@
         <maven-compiler-plugin.version>3.8.0</maven-compiler-plugin.version>
         <org.projectlombok.version>1.16.14</org.projectlombok.version>
 
+        <qiniu.version>7.2.18</qiniu.version>
+
         <java.version>1.8</java.version>
     </properties>
 
@@ -164,6 +166,12 @@
 <!--                </exclusions>-->
             </dependency>
 
+            <dependency>
+                <groupId>com.qiniu</groupId>
+                <artifactId>qiniu-java-sdk</artifactId>
+                <version>${qiniu.version}</version>
+            </dependency>
+
         </dependencies>
     </dependencyManagement>