diff --git a/controllers/admin_menu.go b/controllers/backend_menu.go
similarity index 86%
rename from controllers/admin_menu.go
rename to controllers/backend_menu.go
index 30b7537..d60086c 100644
--- a/controllers/admin_menu.go
+++ b/controllers/backend_menu.go
@@ -63,6 +63,37 @@ func (c *AdminMenuController) GetMenu() {
 	_ = c.ServeJSON()
 }
 
+// GetBackendMenu 获取租户端用户可见的菜单列表（简化版：当前先忽略用户权限，返回全部启用且租户端菜单）
+// 路由示例：GET /backend/menu/1
+func (c *AdminMenuController) GetBackendMenu() {
+	// 从路由参数中解析用户 ID，占位保留，方便后续按用户权限过滤
+	_ = c.Ctx.Input.Param(":id")
+
+	var menus []models.SystemMenu
+	qs := models.Orm.
+		QueryTable(new(models.SystemMenu)).
+		Filter("status", 1).
+		Filter("is_platform", 0)
+	_, err := qs.All(&menus)
+	if err != nil {
+		c.Data["json"] = map[string]interface{}{
+			"code": 500,
+			"msg":  "获取菜单失败: " + err.Error(),
+			"data": nil,
+		}
+		_ = c.ServeJSON()
+		return
+	}
+
+	menuTree := buildMenuTree(menus, 0)
+	c.Data["json"] = map[string]interface{}{
+		"code": 200,
+		"msg":  "success",
+		"data": menuTree,
+	}
+	_ = c.ServeJSON()
+}
+
 // GetAllMenus 获取平台端全部菜单（用于菜单管理界面）
 // 路由：GET /platform/allmenu
 func (c *AdminMenuController) GetAllMenus() {
@@ -98,6 +129,31 @@ func (c *AdminMenuController) GetAllMenus() {
 	_ = c.ServeJSON()
 }
 
+// GetAllBackendMenus 获取租户端全部菜单（用于菜单管理界面）
+// 路由：GET /backend/allmenu
+func (c *AdminMenuController) GetAllBackendMenus() {
+	var menus []models.SystemMenu
+	_, err := models.Orm.QueryTable(new(models.SystemMenu)).
+		Filter("is_platform", 0).
+		All(&menus)
+	if err != nil {
+		c.Data["json"] = map[string]interface{}{
+			"code": 500,
+			"msg":  "获取菜单失败: " + err.Error(),
+			"data": nil,
+		}
+		_ = c.ServeJSON()
+		return
+	}
+	tree := buildMenuTree(menus, 0)
+	c.Data["json"] = map[string]interface{}{
+		"code": 200,
+		"msg":  "success",
+		"data": tree,
+	}
+	_ = c.ServeJSON()
+}
+
 // menuNode 用于 JSON 返回的菜单结构
 type menuNode struct {
 	ID            uint64      `json:"id"`
diff --git a/controllers/platform_auth.go b/controllers/platform_auth.go
index 02f6347..1efd692 100644
--- a/controllers/platform_auth.go
+++ b/controllers/platform_auth.go
@@ -12,6 +12,11 @@ import (
 )
 
 type platformLoginRequest struct {
+	Account  string `json:"account"`
+	Password string `json:"password"`
+}
+
+type backendLoginRequest struct {
 	TenantName string `json:"tenant_name"`
 	Account    string `json:"account"`
 	Password   string `json:"password"`
@@ -22,8 +27,8 @@ type PlatformAuthController struct {
 	beego.Controller
 }
 
-// Login 平台登录
-func (c *PlatformAuthController) Login() {
+// LoginPlatform 平台端登录（不需要租户）
+func (c *PlatformAuthController) LoginPlatform() {
 	var req platformLoginRequest
 
 	// 支持前端以 JSON body 方式提交
@@ -46,17 +51,17 @@ func (c *PlatformAuthController) Login() {
 		return
 	}
 
-	if req.TenantName == "" || req.Account == "" || req.Password == "" {
+	if req.Account == "" || req.Password == "" {
 		c.Data["json"] = map[string]interface{}{
 			"code": 400,
-			"msg":  "租户名称、用户名或密码不能为空",
+			"msg":  "用户名或密码不能为空",
 		}
 		_ = c.ServeJSON()
 		return
 	}
 
 	// 控制器只做 HTTP 解析与响应编排，业务逻辑放 services 层
-	token, loginUser, err := services.PlatformLogin(req.TenantName, req.Account, req.Password)
+	token, loginUser, err := services.PlatformAdminLogin(req.Account, req.Password)
 	if err != nil {
 		c.Data["json"] = map[string]interface{}{
 			"code": 401,
@@ -85,6 +90,53 @@ func (c *PlatformAuthController) Login() {
 	_ = c.ServeJSON()
 }
 
+// LoginBackend backend 登录（需要租户）
+func (c *PlatformAuthController) LoginBackend() {
+	var req backendLoginRequest
+
+	body, err := io.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.Data["json"] = map[string]interface{}{"code": 400, "msg": "参数错误"}
+		_ = c.ServeJSON()
+		return
+	}
+	if err := json.Unmarshal(body, &req); err != nil {
+		c.Data["json"] = map[string]interface{}{"code": 400, "msg": "参数错误"}
+		_ = c.ServeJSON()
+		return
+	}
+	if req.TenantName == "" || req.Account == "" || req.Password == "" {
+		c.Data["json"] = map[string]interface{}{"code": 400, "msg": "租户名称、用户名或密码不能为空"}
+		_ = c.ServeJSON()
+		return
+	}
+
+	token, loginUser, err := services.BackendLogin(req.TenantName, req.Account, req.Password)
+	if err != nil {
+		c.Data["json"] = map[string]interface{}{"code": 401, "msg": err.Error()}
+		_ = c.ServeJSON()
+		return
+	}
+
+	c.Data["json"] = map[string]interface{}{
+		"code": 200,
+		"msg":  "登录成功",
+		"data": map[string]interface{}{
+			"token": token,
+			"user": map[string]interface{}{
+				"id":        loginUser.ID,
+				"account":   loginUser.Account,
+				"name":      loginUser.Name,
+				"tid":       loginUser.Tid,
+				"rid":       loginUser.Rid,
+				"avatar":    loginUser.Avatar,
+				"role_name": loginUser.RoleName,
+			},
+		},
+	}
+	_ = c.ServeJSON()
+}
+
 // GetCurrentUser 当前登录平台用户信息（含角色名称），需 Bearer Token
 func (c *PlatformAuthController) GetCurrentUser() {
 	authHeader := c.Ctx.Request.Header.Get("Authorization")
diff --git a/controllers/platform_modules.go b/controllers/platform_modules.go
new file mode 100644
index 0000000..3e8b534
--- /dev/null
+++ b/controllers/platform_modules.go
@@ -0,0 +1,389 @@
+package controllers
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+	"time"
+
+	"server/models"
+	"server/pkg/jwtutil"
+
+	beego "github.com/beego/beego/v2/server/web"
+)
+
+// PlatformModulesController 模块管理（yz_system_modules）
+type PlatformModulesController struct {
+	beego.Controller
+}
+
+func (c *PlatformModulesController) platformClaims() (*jwtutil.Claims, error) {
+	auth := c.Ctx.Request.Header.Get("Authorization")
+	if auth == "" {
+		return nil, fmt.Errorf("未登录")
+	}
+	parts := strings.SplitN(auth, " ", 2)
+	if len(parts) != 2 || parts[0] != "Bearer" {
+		return nil, fmt.Errorf("认证信息格式错误")
+	}
+	claims, err := jwtutil.ParseToken(parts[1])
+	if err != nil {
+		return nil, fmt.Errorf("无效的token")
+	}
+	if claims.UserType != "platform" {
+		return nil, fmt.Errorf("无权访问")
+	}
+	return claims, nil
+}
+
+func (c *PlatformModulesController) jsonErr(httpStatus, bizCode int, msg string) {
+	c.Ctx.Output.SetStatus(httpStatus)
+	c.Data["json"] = map[string]interface{}{"code": bizCode, "msg": msg}
+	_ = c.ServeJSON()
+}
+
+// GetList GET /platform/modules/list
+func (c *PlatformModulesController) GetList() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	var rows []models.SystemModules
+	_, err := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("delete_time__isnull", true).
+		OrderBy("sort", "id").
+		All(&rows)
+	if err != nil {
+		c.jsonErr(500, 500, "获取失败："+err.Error())
+		return
+	}
+	c.Data["json"] = map[string]interface{}{
+		"code": 200,
+		"msg":  "获取成功",
+		"data": map[string]interface{}{
+			"list":  rows,
+			"total": len(rows),
+		},
+	}
+	_ = c.ServeJSON()
+}
+
+// GetTenantList GET /platform/modules/getTenantList
+// 兼容旧接口命名：返回当前账号可见的模块。当前实现：返回 status=1 且 is_show=1 的全部模块。
+func (c *PlatformModulesController) GetTenantList() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	var rows []models.SystemModules
+	_, err := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("delete_time__isnull", true).
+		Filter("status", 1).
+		Filter("is_show", 1).
+		OrderBy("sort", "id").
+		All(&rows)
+	if err != nil {
+		c.jsonErr(500, 500, "获取失败："+err.Error())
+		return
+	}
+	c.Data["json"] = map[string]interface{}{
+		"code": 200,
+		"msg":  "获取成功",
+		"data": map[string]interface{}{
+			"list":  rows,
+			"total": len(rows),
+		},
+	}
+	_ = c.ServeJSON()
+}
+
+// GetDetail GET /platform/modules/:id
+func (c *PlatformModulesController) GetDetail() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	idStr := c.Ctx.Input.Param(":id")
+	id, err := strconv.ParseUint(idStr, 10, 64)
+	if err != nil || id == 0 {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	var row models.SystemModules
+	err = models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("id", id).
+		Filter("delete_time__isnull", true).
+		One(&row)
+	if err != nil {
+		c.jsonErr(404, 404, "模块不存在")
+		return
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "获取成功", "data": row}
+	_ = c.ServeJSON()
+}
+
+type modulePayload struct {
+	Mid         *uint64 `json:"mid"`
+	Name        string  `json:"name"`
+	Code        string  `json:"code"`
+	Path        string  `json:"path"`
+	Icon        string  `json:"icon"`
+	Description string  `json:"description"`
+	Type        int     `json:"type"`
+	Sort        int     `json:"sort"`
+	Status      int8    `json:"status"`
+	IsShow      int8    `json:"is_show"`
+}
+
+// Add POST /platform/modules
+func (c *PlatformModulesController) Add() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	raw, err := io.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	var p modulePayload
+	if err := json.Unmarshal(raw, &p); err != nil {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	p.Name = strings.TrimSpace(p.Name)
+	p.Code = strings.TrimSpace(p.Code)
+	if p.Name == "" || p.Code == "" {
+		c.jsonErr(400, 400, "模块名称和编码不能为空")
+		return
+	}
+	// code 唯一（排除软删）
+	cnt, _ := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("code", p.Code).
+		Filter("delete_time__isnull", true).
+		Count()
+	if cnt > 0 {
+		c.jsonErr(400, 400, "模块编码已存在")
+		return
+	}
+	now := time.Now()
+	row := &models.SystemModules{
+		Mid:         p.Mid,
+		Name:        p.Name,
+		Code:        p.Code,
+		Path:        strings.TrimSpace(p.Path),
+		Icon:        strings.TrimSpace(p.Icon),
+		Description: strings.TrimSpace(p.Description),
+		Type:        p.Type,
+		Sort:        p.Sort,
+		Status:      p.Status,
+		IsShow:      p.IsShow,
+		CreateTime:  &now,
+		UpdateTime:  &now,
+	}
+	id, err := models.Orm.Insert(row)
+	if err != nil {
+		c.jsonErr(500, 500, "添加失败："+err.Error())
+		return
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "添加成功", "data": map[string]interface{}{"id": uint64(id)}}
+	_ = c.ServeJSON()
+}
+
+// Edit PUT /platform/modules/:id
+func (c *PlatformModulesController) Edit() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	idStr := c.Ctx.Input.Param(":id")
+	id, err := strconv.ParseUint(idStr, 10, 64)
+	if err != nil || id == 0 {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	raw, err := io.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	var p modulePayload
+	if err := json.Unmarshal(raw, &p); err != nil {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	p.Name = strings.TrimSpace(p.Name)
+	p.Code = strings.TrimSpace(p.Code)
+	if p.Name == "" || p.Code == "" {
+		c.jsonErr(400, 400, "模块名称和编码不能为空")
+		return
+	}
+	// code 唯一（排除自身与软删）
+	cnt, _ := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("code", p.Code).
+		Filter("id__ne", id).
+		Filter("delete_time__isnull", true).
+		Count()
+	if cnt > 0 {
+		c.jsonErr(400, 400, "模块编码已存在")
+		return
+	}
+	now := time.Now()
+	up := map[string]interface{}{
+		"mid":         p.Mid,
+		"name":        p.Name,
+		"code":        p.Code,
+		"path":        strings.TrimSpace(p.Path),
+		"icon":        strings.TrimSpace(p.Icon),
+		"description": strings.TrimSpace(p.Description),
+		"type":        p.Type,
+		"sort":        p.Sort,
+		"status":      p.Status,
+		"is_show":     p.IsShow,
+		"update_time": now,
+	}
+	n, err := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("id", id).
+		Filter("delete_time__isnull", true).
+		Update(up)
+	if err != nil {
+		c.jsonErr(500, 500, "编辑失败："+err.Error())
+		return
+	}
+	if n == 0 {
+		c.jsonErr(404, 404, "模块不存在")
+		return
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "编辑成功"}
+	_ = c.ServeJSON()
+}
+
+// Delete DELETE /platform/modules/:id（软删）
+func (c *PlatformModulesController) Delete() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	idStr := c.Ctx.Input.Param(":id")
+	id, err := strconv.ParseUint(idStr, 10, 64)
+	if err != nil || id == 0 {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	now := time.Now()
+	n, err := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("id", id).
+		Filter("delete_time__isnull", true).
+		Update(map[string]interface{}{"delete_time": now, "update_time": now})
+	if err != nil {
+		c.jsonErr(500, 500, "删除失败："+err.Error())
+		return
+	}
+	if n == 0 {
+		c.jsonErr(404, 404, "模块不存在")
+		return
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "删除成功"}
+	_ = c.ServeJSON()
+}
+
+// BatchDelete POST /platform/modules/batchDelete body:{ids:[]}
+func (c *PlatformModulesController) BatchDelete() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	raw, err := io.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	var p struct {
+		IDs []uint64 `json:"ids"`
+	}
+	if err := json.Unmarshal(raw, &p); err != nil || len(p.IDs) == 0 {
+		c.jsonErr(400, 400, "请选择要删除的模块")
+		return
+	}
+	now := time.Now()
+	_, err = models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("id__in", p.IDs).
+		Filter("delete_time__isnull", true).
+		Update(map[string]interface{}{"delete_time": now, "update_time": now})
+	if err != nil {
+		c.jsonErr(500, 500, "批量删除失败："+err.Error())
+		return
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "批量删除成功"}
+	_ = c.ServeJSON()
+}
+
+// ChangeStatus POST /platform/modules/status body:{id,status}
+// 兼容前端：这里的 status 实际用于切换 is_show（显示开关）。
+func (c *PlatformModulesController) ChangeStatus() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	raw, err := io.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	var p struct {
+		ID     uint64 `json:"id"`
+		Status int8   `json:"status"`
+	}
+	if err := json.Unmarshal(raw, &p); err != nil || p.ID == 0 {
+		c.jsonErr(400, 400, "参数错误")
+		return
+	}
+	if p.Status != 0 && p.Status != 1 {
+		p.Status = 1
+	}
+	now := time.Now()
+	n, err := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("id", p.ID).
+		Filter("delete_time__isnull", true).
+		Update(map[string]interface{}{"is_show": p.Status, "update_time": now})
+	if err != nil {
+		c.jsonErr(500, 500, "状态修改失败："+err.Error())
+		return
+	}
+	if n == 0 {
+		c.jsonErr(404, 404, "模块不存在")
+		return
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "success"}
+	_ = c.ServeJSON()
+}
+
+// GetSelectList GET /platform/modules/select/list
+func (c *PlatformModulesController) GetSelectList() {
+	if _, err := c.platformClaims(); err != nil {
+		c.jsonErr(401, 401, err.Error())
+		return
+	}
+	var rows []models.SystemModules
+	_, err := models.Orm.QueryTable(new(models.SystemModules)).
+		Filter("delete_time__isnull", true).
+		Filter("status", 1).
+		OrderBy("sort", "id").
+		All(&rows, "ID", "Name", "Code")
+	if err != nil {
+		c.jsonErr(500, 500, "获取失败："+err.Error())
+		return
+	}
+	list := make([]map[string]interface{}, 0, len(rows))
+	for i := range rows {
+		list = append(list, map[string]interface{}{
+			"id":   rows[i].ID,
+			"name": rows[i].Name,
+			"code": rows[i].Code,
+		})
+	}
+	c.Data["json"] = map[string]interface{}{"code": 200, "msg": "success", "data": list}
+	_ = c.ServeJSON()
+}
diff --git a/models/init.go b/models/init.go
index 9264ebc..9c408ac 100644
--- a/models/init.go
+++ b/models/init.go
@@ -46,6 +46,7 @@ func Init(_ string) {
 		new(SystemOperationLog),
 		new(SystemDomainPool),
 		new(SystemTenantDomain),
+		new(SystemModules),
 	)
 
 	// 创建全局 Ormer
diff --git a/models/system_modules.go b/models/system_modules.go
new file mode 100644
index 0000000..a520b81
--- /dev/null
+++ b/models/system_modules.go
@@ -0,0 +1,25 @@
+package models
+
+import "time"
+
+// SystemModules 系统模块表 yz_system_modules
+type SystemModules struct {
+	ID          uint64     `orm:"column(id);pk;auto" json:"id"`
+	Mid         *uint64    `orm:"column(mid);null" json:"mid"`
+	Name        string     `orm:"column(name);size(50)" json:"name"`
+	Code        string     `orm:"column(code);size(50)" json:"code"`
+	Path        string     `orm:"column(path);size(100)" json:"path"`
+	Icon        string     `orm:"column(icon);size(50)" json:"icon"`
+	Description string     `orm:"column(description);size(255)" json:"description"`
+	Type        int        `orm:"column(type);default(0)" json:"type"` // 0未分类 1功能模块 2系统配置
+	Sort        int        `orm:"column(sort);default(0)" json:"sort"`
+	Status      int8       `orm:"column(status);default(1)" json:"status"`   // 0禁用 1启用
+	IsShow      int8       `orm:"column(is_show);default(1)" json:"is_show"` // 0否 1是
+	CreateTime  *time.Time `orm:"column(create_time);type(datetime);null" json:"create_time"`
+	UpdateTime  *time.Time `orm:"column(update_time);type(datetime);null" json:"update_time"`
+	DeleteTime  *time.Time `orm:"column(delete_time);type(datetime);null" json:"delete_time"`
+}
+
+func (m *SystemModules) TableName() string {
+	return "yz_system_modules"
+}
diff --git a/routers/backend/backend.go b/routers/backend/backend.go
index a2f2751..e9eccbf 100644
--- a/routers/backend/backend.go
+++ b/routers/backend/backend.go
@@ -15,7 +15,7 @@ func Register() {
 // RegisterAuthRoutes 注册 backend 认证相关路由。
 func RegisterAuthRoutes() {
 	// backend 登录相关（统一走 /backend/*）
-	beego.Router("/backend/login", &controllers.PlatformAuthController{}, "post:Login")
+	beego.Router("/backend/login", &controllers.PlatformAuthController{}, "post:LoginBackend")
 	beego.Router("/backend/sendLoginCode", &controllers.PlatformAuthController{}, "post:SendLoginCode")
 	beego.Router("/backend/loginBySms", &controllers.PlatformAuthController{}, "post:LoginBySms")
 	beego.Router("/backend/logout", &controllers.PlatformAuthController{}, "post:Logout")
@@ -30,4 +30,12 @@ func RegisterAuthRoutes() {
 	beego.Router("/backend/sendRegisterCode", &controllers.PlatformAuthController{}, "post:SendRegisterCode")
 	beego.Router("/backend/resetPassword", &controllers.PlatformAuthController{}, "post:ResetPassword")
 	beego.Router("/backend/sendResetCode", &controllers.PlatformAuthController{}, "post:SendResetCode")
+
+	// backend 菜单相关（租户端菜单）
+	beego.Router("/backend/menu/:id", &controllers.AdminMenuController{}, "get:GetBackendMenu")
+	beego.Router("/backend/allmenu", &controllers.AdminMenuController{}, "get:GetAllBackendMenus")
+	beego.Router("/backend/menu/status/:id", &controllers.AdminMenuController{}, "patch:UpdateMenuStatus")
+	beego.Router("/backend/createmenu", &controllers.AdminMenuController{}, "post:CreateMenu")
+	beego.Router("/backend/updatemenu/:id", &controllers.AdminMenuController{}, "put:UpdateMenu")
+	beego.Router("/backend/deletemenu/:id", &controllers.AdminMenuController{}, "delete:DeleteMenu")
 }
diff --git a/routers/platform/platform.go b/routers/platform/platform.go
index cdf44fe..b1a6f26 100644
--- a/routers/platform/platform.go
+++ b/routers/platform/platform.go
@@ -9,7 +9,7 @@ import (
 // Register 注册平台端路由
 func Register() {
 	// 平台登录相关
-	beego.Router("/platform/login", &controllers.PlatformAuthController{}, "post:Login")
+	beego.Router("/platform/login", &controllers.PlatformAuthController{}, "post:LoginPlatform")
 	beego.Router("/platform/currentUser", &controllers.PlatformAuthController{}, "get:GetCurrentUser")
 	beego.Router("/platform/sendLoginCode", &controllers.PlatformAuthController{}, "post:SendLoginCode")
 	beego.Router("/platform/loginBySms", &controllers.PlatformAuthController{}, "post:LoginBySms")
@@ -84,6 +84,15 @@ func Register() {
 	beego.Router("/platform/domain/tenant/toggleStatus", &controllers.PlatformTenantDomainController{}, "post:ToggleStatus")
 	beego.Router("/platform/domain/tenant/delete/:id", &controllers.PlatformTenantDomainController{}, "delete:Delete")
 
+	// 模块管理（yz_system_modules）
+	beego.Router("/platform/modules/list", &controllers.PlatformModulesController{}, "get:GetList")
+	beego.Router("/platform/modules/getTenantList", &controllers.PlatformModulesController{}, "get:GetTenantList")
+	beego.Router("/platform/modules/select/list", &controllers.PlatformModulesController{}, "get:GetSelectList")
+	beego.Router("/platform/modules/status", &controllers.PlatformModulesController{}, "post:ChangeStatus")
+	beego.Router("/platform/modules/batchDelete", &controllers.PlatformModulesController{}, "post:BatchDelete")
+	beego.Router("/platform/modules", &controllers.PlatformModulesController{}, "post:Add")
+	beego.Router("/platform/modules/:id", &controllers.PlatformModulesController{}, "get:GetDetail;put:Edit;delete:Delete")
+
 	// 系统邮箱配置（yz_system_email）
 	beego.Router("/platform/email/info", &controllers.PlatformEmailController{}, "get:GetInfo")
 	beego.Router("/platform/email/editinfo", &controllers.PlatformEmailController{}, "post:EditInfo")
diff --git a/services/platform_auth.go b/services/platform_auth.go
index 674a74a..e06c689 100644
--- a/services/platform_auth.go
+++ b/services/platform_auth.go
@@ -51,8 +51,41 @@ func toPlatformLoginUser(user *models.AdminUser) *PlatformLoginUser {
 	}
 }
 
-// PlatformLogin 登录业务：先校验租户，再校验租户下用户
-func PlatformLogin(tenantName, account, password string) (string, *PlatformLoginUser, error) {
+// PlatformAdminLogin 平台端登录：仅校验 yz_system_admin_user（不需要租户）
+func PlatformAdminLogin(account, password string) (string, *PlatformLoginUser, error) {
+	account = strings.TrimSpace(account)
+	password = strings.TrimSpace(password)
+	if account == "" || password == "" {
+		return "", nil, errors.New("用户名或密码不能为空")
+	}
+
+	var user models.AdminUser
+	err := models.Orm.QueryTable(new(models.AdminUser)).
+		Filter("account", account).
+		One(&user)
+	if err != nil {
+		return "", nil, errors.New("用户名或密码错误")
+	}
+	if user.Status == 0 {
+		return "", nil, errors.New("账号已禁用")
+	}
+	if !passwordutil.Verify(user.Password, password) {
+		return "", nil, errors.New("用户名或密码错误")
+	}
+
+	const tenantID = 0
+	const userType = "platform"
+	token, err := jwtutil.GenerateToken(int(user.ID), user.Account, tenantID, userType)
+	if err != nil {
+		return "", nil, err
+	}
+
+	loginUser := toPlatformLoginUser(&user)
+	return token, loginUser, nil
+}
+
+// BackendLogin backend 登录：先校验租户，再校验租户下用户
+func BackendLogin(tenantName, account, password string) (string, *PlatformLoginUser, error) {
 	tenantName = strings.TrimSpace(tenantName)
 	account = strings.TrimSpace(account)
 	password = strings.TrimSpace(password)
@@ -88,27 +121,28 @@ func PlatformLogin(tenantName, account, password string) (string, *PlatformLogin
 		return "", nil, errors.New("用户名或密码错误")
 	}
 
-	// 3) 读取用户主档用于返回资料与角色信息
-	var user models.AdminUser
-	err = models.Orm.QueryTable(new(models.AdminUser)).
-		Filter("id", tenantUser.Uid).
-		One(&user)
-	if err != nil {
-		return "", nil, errors.New("用户不存在")
-	}
-	if user.Status == 0 {
-		return "", nil, errors.New("账号已禁用")
-	}
-
 	tenantID := int(tenant.ID)
-	const userType = "platform"
-	token, err := jwtutil.GenerateToken(int(user.ID), user.Account, tenantID, userType)
+	const userType = "backend"
+	token, err := jwtutil.GenerateToken(int(tenantUser.Uid), account, tenantID, userType)
 	if err != nil {
 		return "", nil, err
 	}
 
-	loginUser := toPlatformLoginUser(&user)
-	loginUser.Tid = tenant.ID
+	loginUser := &PlatformLoginUser{
+		ID:       tenantUser.Uid,
+		Account:  account,
+		Name:     "",
+		Tid:      tenant.ID,
+		Rid:      0,
+		Avatar:   "",
+		RoleName: "",
+	}
+	if tenantUser.Account != nil && strings.TrimSpace(*tenantUser.Account) != "" {
+		loginUser.Account = strings.TrimSpace(*tenantUser.Account)
+	}
+	if tenantUser.Name != nil {
+		loginUser.Name = strings.TrimSpace(*tenantUser.Name)
+	}
 	return token, loginUser, nil
 }