diff --git a/conf/app.conf b/conf/app.conf
index 08495bf..44849c9 100644
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -8,6 +8,9 @@ ServerTimeOut = 0
 # 最大请求体大小（字节），0 表示不限制
 MaxMemory = 0
 
+# 最大请求体大小（用于普通请求，10MB）
+maxmemory = 10485760
+
 # 数据库配置
 # MySQL - 远程连接配置
 mysqluser = go-platform
diff --git a/controllers/platform_auth.go b/controllers/platform_auth.go
index 2cbce7a..c772f87 100644
--- a/controllers/platform_auth.go
+++ b/controllers/platform_auth.go
@@ -2,6 +2,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"fmt"
 	"io"
 	"strings"
 
@@ -13,9 +14,15 @@ import (
 )
 
 type platformLoginRequest struct {
-	Account  string `json:"account"`
-	Password string `json:"password"`
-	Code     string `json:"code"`
+	Account      string `json:"account"`
+	Password     string `json:"password"`
+	Code         string `json:"code"`
+	// 极验4验证参数
+	CaptchaID     string `json:"captcha_id"`
+	LotNumber     string `json:"lot_number"`
+	PassToken     string `json:"pass_token"`
+	GenTime       string `json:"gen_time"`
+	CaptchaOutput string `json:"captcha_output"`
 }
 
 type backendLoginRequest struct {
@@ -34,9 +41,26 @@ type PlatformAuthController struct {
 func (c *PlatformAuthController) LoginPlatform() {
 	var req platformLoginRequest
 
-	// 支持前端以 JSON body 方式提交
-	body, err := io.ReadAll(c.Ctx.Request.Body)
-	if err != nil {
+	// 先尝试从缓存读取
+	body := c.Ctx.Input.RequestBody
+	
+	// 如果缓存为空，直接从请求体读取
+	if len(body) == 0 {
+		var err error
+		body, err = io.ReadAll(c.Ctx.Request.Body)
+		if err != nil {
+			fmt.Println("读取请求体失败:", err)
+			c.Data["json"] = map[string]interface{}{
+				"code": 400,
+				"msg":  "参数错误",
+			}
+			_ = c.ServeJSON()
+			return
+		}
+	}
+
+	if len(body) == 0 {
+		fmt.Println("请求体为空")
 		c.Data["json"] = map[string]interface{}{
 			"code": 400,
 			"msg":  "参数错误",
@@ -45,16 +69,22 @@ func (c *PlatformAuthController) LoginPlatform() {
 		return
 	}
 
+	fmt.Println("登录请求体:", string(body))
+
 	if err := json.Unmarshal(body, &req); err != nil {
+		fmt.Println("JSON解析失败:", err, "body:", string(body))
 		c.Data["json"] = map[string]interface{}{
 			"code": 400,
-			"msg":  "参数错误",
+			"msg":  "参数错误: " + err.Error(),
 		}
 		_ = c.ServeJSON()
 		return
 	}
 
+	fmt.Printf("解析后的请求: %+v\n", req)
+
 	if req.Account == "" || req.Password == "" {
+		fmt.Println("账号或密码为空, account:", req.Account, "password:", req.Password)
 		c.Data["json"] = map[string]interface{}{
 			"code": 400,
 			"msg":  "用户名或密码不能为空",
@@ -62,9 +92,27 @@ func (c *PlatformAuthController) LoginPlatform() {
 		_ = c.ServeJSON()
 		return
 	}
+	
 	cfg, _ := models.GetPlatformLoginVerify()
 	if cfg.OpenVerifyEnabled == 1 {
-		if cfg.VerifyType == "sms" || cfg.VerifyType == "email" {
+		// 极验验证
+		if cfg.VerifyType == "geetest4" {
+			if req.LotNumber == "" || req.PassToken == "" || req.GenTime == "" || req.CaptchaOutput == "" {
+				c.Data["json"] = map[string]interface{}{"code": 400, "msg": "请完成人机验证"}
+				_ = c.ServeJSON()
+				return
+			}
+			// TODO: 这里应该调用极验服务端SDK验证，暂时跳过验证
+			// 如果需要严格验证，需要集成极验服务端SDK
+		} else if cfg.VerifyType == "geetest3" {
+			// 极验3验证
+			if req.CaptchaOutput == "" {
+				c.Data["json"] = map[string]interface{}{"code": 400, "msg": "请完成人机验证"}
+				_ = c.ServeJSON()
+				return
+			}
+			// TODO: 这里应该调用极验服务端SDK验证，暂时跳过验证
+		} else if cfg.VerifyType == "sms" || cfg.VerifyType == "email" {
 			if strings.TrimSpace(req.Code) == "" {
 				c.Data["json"] = map[string]interface{}{"code": 400, "msg": "请输入验证码"}
 				_ = c.ServeJSON()
@@ -111,8 +159,8 @@ func (c *PlatformAuthController) LoginPlatform() {
 func (c *PlatformAuthController) LoginBackend() {
 	var req backendLoginRequest
 
-	body, err := io.ReadAll(c.Ctx.Request.Body)
-	if err != nil {
+	body := c.Ctx.Input.RequestBody
+	if len(body) == 0 {
 		c.Data["json"] = map[string]interface{}{"code": 400, "msg": "参数错误"}
 		_ = c.ServeJSON()
 		return
@@ -222,7 +270,7 @@ func (c *PlatformAuthController) SendLoginCode() {
 		TenantName string `json:"tenant_name"`
 		Channel    string `json:"channel"`
 	}
-	body, _ := io.ReadAll(c.Ctx.Request.Body)
+	body := c.Ctx.Input.RequestBody
 	if err := json.Unmarshal(body, &req); err != nil {
 		c.Data["json"] = map[string]interface{}{"code": 400, "msg": "参数错误"}
 		_ = c.ServeJSON()
diff --git a/controllers/qiniu_upload.go b/controllers/qiniu_upload.go
index b0b1fa8..c70c810 100644
--- a/controllers/qiniu_upload.go
+++ b/controllers/qiniu_upload.go
@@ -71,7 +71,7 @@ func (c *QiniuUploadController) ParseJSON(v interface{}) error {
 // GetUploadToken 获取上传凭证
 // GET /platform/qiniu/token
 func (c *QiniuUploadController) GetUploadToken() {
-	claims, err := c.platformClaims()
+	_, err := c.platformClaims()
 	if err != nil {
 		c.jsonErr(401, 401, err.Error())
 		return
diff --git a/main.go b/main.go
index e6212eb..5dab968 100644
--- a/main.go
+++ b/main.go
@@ -1,33 +1,19 @@
 package main
 
 import (
-	"strings"
-
 	"server/models"
 	_ "server/routers"
 	"server/version"
 
 	beego "github.com/beego/beego/v2/server/web"
-	"github.com/beego/beego/v2/server/web/context"
 )
 
 func main() {
 	// 初始化数据库
 	models.Init(version.Version)
 
-	// CORS配置已移至router.go中统一管理
-	// 确保请求体被正确读取（包括 POST、PUT、PATCH）
-	beego.InsertFilter("*", beego.BeforeRouter, func(ctx *context.Context) {
-		method := ctx.Input.Method()
-		if method == "PUT" || method == "POST" || method == "PATCH" {
-			uri := ctx.Request.URL.Path
-			// 大文件 multipart 不能先 CopyBody 截断，否则上传解析失败
-			if strings.Contains(uri, "/uploadfile") || strings.Contains(uri, "/uploadfiles") || strings.Contains(uri, "/uploadavatar") {
-				return
-			}
-			ctx.Input.CopyBody(1024 * 1024) // 1MB 缓冲区
-		}
-	})
+	// 设置最大请求体大小（10MB，足够登录请求使用）
+	beego.BConfig.MaxMemory = 10 << 20 // 10MB
 
 	// 静态资源：映射 /uploads 到本地 uploads 目录，供前端访问上传文件
 	beego.SetStaticPath("/uploads", "uploads")