diff --git a/index.js b/index.js
index 21164e4..2400f84 100755
--- a/index.js
+++ b/index.js
@@ -9,7 +9,7 @@ const usersRouter = require("./routers/users");
 const redisClient = require("./redis");
 const authenticateToken = require("./middleware/authenticateToken");
 const cors = require("@koa/cors");
-
+require("./models");
 require("dotenv").config({ path: ".env.local" });
 
 const app = new Koa();
diff --git a/middleware/authenticateToken.js b/middleware/authenticateToken.js
index 3d84fe3..27a695a 100644
--- a/middleware/authenticateToken.js
+++ b/middleware/authenticateToken.js
@@ -25,7 +25,7 @@ const isWhitelisted = (url, method) => {
 const authenticateToken = async (ctx, next) => {
   // token 不存在并且在白名单类，免除校验
   const token = ctx.headers["authorization"]?.replace("Bearer ", "");
-  if (isWhitelisted(ctx.path, ctx.method) && !token) {
+  if (isWhitelisted(ctx.path, ctx.method)) {
     await next();
     return;
   }
diff --git a/models/files.js b/models/files.js
index 14f0430..c9bcff5 100644
--- a/models/files.js
+++ b/models/files.js
@@ -1,99 +1,104 @@
-const { DataTypes } = require('sequelize');
-const sequelize = require('../utils/dbInstance'); // 修改为实际的sequelize实例路径
-const Files = sequelize.define('Files', {
-  id: {
-    type: DataTypes.STRING(50),
-    allowNull: false, // 必须为 NOT NULL
-    primaryKey: true,
-  },
-  filename: {
-    type: DataTypes.STRING(255),
-    allowNull: false,
-  },
-  file_size: {
-    type: DataTypes.BIGINT,
-    allowNull: false,
-  },
-  file_location: {
-    type: DataTypes.STRING(255),
-    allowNull: false,
-  },
-  created_by: {
-    type: DataTypes.STRING(255),
-    allowNull: false,
-  },
-  created_at: {
-    type: DataTypes.DATE,
-    allowNull: true,
-    defaultValue: DataTypes.NOW,
-  },
-  updated_by: {
-    type: DataTypes.STRING(255),
-    allowNull: true,
-    defaultValue: null,
-  },
-  updated_at: {
-    type: DataTypes.DATE,
-    allowNull: true,
-    defaultValue: DataTypes.NOW,
-    onUpdate: DataTypes.NOW,
-  },
-  is_public: {
-    type: DataTypes.BOOLEAN,
-    allowNull: true,
-    defaultValue: false,
-  },
-  public_expiration: {
-    type: DataTypes.DATE,
-    allowNull: true,
-    defaultValue: null,
-  },
-  public_by: {
-    type: DataTypes.STRING(255),
-    allowNull: true,
-    defaultValue: null,
-  },
-  is_thumb: {
-    type: DataTypes.BOOLEAN,
-    allowNull: true,
-    defaultValue: null,
-  },
-  thumb_location: {
-    type: DataTypes.STRING(255),
-    allowNull: true,
-    defaultValue: null,
-  },
-  is_delete: {
-    type: DataTypes.BOOLEAN,
-    allowNull: false,
-    defaultValue: false,
-  },
-  real_file_location: {
-    type: DataTypes.STRING(255),
-    allowNull: true,
-    defaultValue: null,
-  },
-  real_file_thumb_location: {
-    type: DataTypes.STRING(255),
-    allowNull: true,
-    defaultValue: null,
-  },
-  mime: {
-    type: DataTypes.STRING(255),
-    allowNull: true,
-    defaultValue: null,
-  },
-  ext: {
-    type: DataTypes.STRING(50),
-    allowNull: true,
-    defaultValue: null,
-  },
-}, {
-  tableName: 'files',
-  timestamps: false,
-  underscored: true,
-  charset: 'utf8mb4',
-  collate: 'utf8mb4_general_ci',
-});
+const { DataTypes } = require("sequelize");
+const sequelize = require("../utils/dbInstance"); // 修改为实际的sequelize实例路径
+
+const Files = sequelize.define(
+  "Files",
+  {
+    id: {
+      type: DataTypes.STRING(50),
+      allowNull: false, // 必须为 NOT NULL
+      primaryKey: true,
+    },
+    filename: {
+      type: DataTypes.STRING(255),
+      allowNull: false,
+    },
+    file_size: {
+      type: DataTypes.BIGINT,
+      allowNull: false,
+    },
+    file_location: {
+      type: DataTypes.STRING(255),
+      allowNull: false,
+    },
+    created_by: {
+      type: DataTypes.INTEGER,
+      allowNull: false,
+    },
+    created_at: {
+      type: DataTypes.DATE,
+      allowNull: true,
+      defaultValue: DataTypes.NOW,
+    },
+    updated_by: {
+      type: DataTypes.INTEGER,
+      allowNull: true,
+      defaultValue: null,
+    },
+    updated_at: {
+      type: DataTypes.DATE,
+      allowNull: true,
+      defaultValue: DataTypes.NOW,
+      onUpdate: DataTypes.NOW,
+    },
+    is_public: {
+      type: DataTypes.BOOLEAN,
+      allowNull: true,
+      defaultValue: false,
+    },
+    public_expiration: {
+      type: DataTypes.DATE,
+      allowNull: true,
+      defaultValue: null,
+    },
+    public_by: {
+      type: DataTypes.INTEGER,
+      allowNull: true,
+      defaultValue: null,
+    },
+    is_thumb: {
+      type: DataTypes.BOOLEAN,
+      allowNull: true,
+      defaultValue: null,
+    },
+    thumb_location: {
+      type: DataTypes.STRING(255),
+      allowNull: true,
+      defaultValue: null,
+    },
+    is_delete: {
+      type: DataTypes.BOOLEAN,
+      allowNull: false,
+      defaultValue: false,
+    },
+    real_file_location: {
+      type: DataTypes.STRING(255),
+      allowNull: true,
+      defaultValue: null,
+    },
+    real_file_thumb_location: {
+      type: DataTypes.STRING(255),
+      allowNull: true,
+      defaultValue: null,
+    },
+    mime: {
+      type: DataTypes.STRING(255),
+      allowNull: true,
+      defaultValue: null,
+    },
+    ext: {
+      type: DataTypes.STRING(50),
+      allowNull: true,
+      defaultValue: null,
+    },
+  },
+  {
+    tableName: "files",
+    timestamps: false,
+    underscored: true,
+    charset: "utf8mb4",
+    collate: "utf8mb4_general_ci",
+  }
+);
 
 module.exports = Files;
diff --git a/models/index.js b/models/index.js
new file mode 100644
index 0000000..676a7b0
--- /dev/null
+++ b/models/index.js
@@ -0,0 +1,11 @@
+const Users = require("./users");
+const Files = require("./files");
+
+// 定义关联关系
+Users.hasMany(Files, { as: "createdFiles", foreignKey: "created_by" });
+Users.hasMany(Files, { as: "updatedFiles", foreignKey: "updated_by" });
+Users.hasMany(Files, { as: "publicFiles", foreignKey: "public_by" });
+
+Files.belongsTo(Users, { as: "creator", foreignKey: "created_by" });
+Files.belongsTo(Users, { as: "updater", foreignKey: "updated_by" });
+Files.belongsTo(Users, { as: "publisher", foreignKey: "public_by" });
diff --git a/models/users.js b/models/users.js
index a5610f7..a5ba08f 100644
--- a/models/users.js
+++ b/models/users.js
@@ -2,7 +2,6 @@ const { DataTypes } = require("sequelize");
 const sequelize = require("../utils/dbInstance");
 const { USER_STATUS } = require("../constants/users");
 
-// 定义 User 模型
 const Users = sequelize.define(
   "User",
   {
@@ -80,4 +79,5 @@ const Users = sequelize.define(
     collate: "utf8mb4_unicode_ci",
   }
 );
+
 module.exports = Users;
diff --git a/routers/files.js b/routers/files.js
index 3bb8022..4ad3281 100644
--- a/routers/files.js
+++ b/routers/files.js
@@ -11,6 +11,7 @@ const { filesize } = require("filesize");
 
 const { detectFileType } = require("../utils/detectFileType");
 const Files = require("../models/files");
+const Users = require("../models/users");
 const {
   imageMimeTypes,
   tinifySupportedMimeTypes,
@@ -209,14 +210,16 @@ router.get("/files", validateQuery(FILES_LIST_GET_QUERY), async (ctx) => {
       },
       limit,
       offset,
+      include: [
+        { model: Users, as: "creator", attributes: ["id", "username"] },
+        { model: Users, as: "updater", attributes: ["id", "username"] },
+        { model: Users, as: "publisher", attributes: ["id", "username"] },
+      ],
       attributes: [
         "id",
-        "created_by",
         "created_at",
-        "public_by",
         "public_expiration",
         "updated_at",
-        "updated_by",
         "file_size",
         "filename",
         "file_location",