diff --git a/loopback/server/middleware/renew-token.js b/loopback/server/middleware/renew-token.js
new file mode 100644
index 0000000000..ab58259426
--- /dev/null
+++ b/loopback/server/middleware/renew-token.js
@@ -0,0 +1,24 @@
+const {models} = require('vn-loopback/server/server');
+
+module.exports = function(options) {
+    return async function(req, res, next) {
+        const token = req.headers.authorization;
+        if (!token) return next();
+
+        const accessToken = await models.AccessToken.findById(token);
+        if (!accessToken) return next();
+        const maxDate = accessToken.created.setSeconds(accessToken.ttl);
+        if (new Date().getTime() > new Date(maxDate)) return next();
+
+        const vnUser = await models.VnUser.findById(accessToken.userId);
+        if (!vnUser) return next();
+        const newToken = await vnUser.createAccessToken(accessToken.ttl);
+
+        // console.log(accessToken, newToken);
+        // req.accessToken = newToken;
+        // res.headers.authorization = newToken;
+        res.setHeader('Authorization', newToken.id);
+        // const removed = await accessToken.delete({id: token});
+        next();
+    };
+};