diff --git a/app/api/BaseController.php b/app/api/BaseController.php
new file mode 100644
index 0000000..6f79d98
--- /dev/null
+++ b/app/api/BaseController.php
@@ -0,0 +1,102 @@
+<?php
+
+declare(strict_types=1);
+
+// 关键修正：命名空间对应控制器目录
+namespace app\api;
+
+use think\App;
+use think\exception\ValidateException;
+use think\Validate;
+use think\Request;
+
+// 在控制器方法中添加
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
+header('Access-Control-Allow-Headers: Content-Type, Authorization');
+
+/**
+ * 控制器基础类
+ */
+abstract class BaseController
+{
+    /**
+     * Request实例
+     * @var Request
+     */
+    protected $request;
+
+    /**
+     * 应用实例
+     * @var App
+     */
+    protected $app;
+
+    /**
+     * 是否批量验证
+     * @var bool
+     */
+    protected $batchValidate = false;
+
+    /**
+     * 控制器中间件
+     * @var array
+     */
+    protected $middleware = [];
+
+    /**
+     * 构造方法
+     * @access public
+     * @param  App  $app  应用对象
+     */
+    public function __construct(App $app)
+    {
+        $this->app = $app;
+        $this->request = $this->app->request;
+
+        // 控制器初始化
+        $this->initialize();
+    }
+
+    // 初始化
+    protected function initialize()
+    {
+    }
+
+    /**
+     * 验证数据
+     * @access protected
+     * @param  array        $data     数据
+     * @param  string|array $validate 验证器名或者验证规则数组
+     * @param  array        $message  提示信息
+     * @param  bool         $batch    是否批量验证
+     * @return array|string|true
+     * @throws ValidateException
+     */
+    protected function validate(array $data, string|array $validate, array $message = [], bool $batch = false)
+    {
+        if (is_array($validate)) {
+            $v = new Validate();
+            $v->rule($validate);
+        } else {
+            if (strpos($validate, '.')) {
+                // 支持场景
+                [$validate, $scene] = explode('.', $validate);
+            }
+            $class = false !== strpos($validate, '\\') ? $validate : $this->app->parseClass('validate', $validate);
+            $v = new $class();
+            if (!empty($scene)) {
+                $v->scene($scene);
+            }
+        }
+
+        $v->message($message);
+
+        // 是否批量验证
+        if ($batch || $this->batchValidate) {
+            $v->batch(true);
+        }
+
+        return $v->failException(true)->check($data);
+    }
+}
diff --git a/app/api/common.php b/app/api/common.php
new file mode 100644
index 0000000..1243615
--- /dev/null
+++ b/app/api/common.php
@@ -0,0 +1,2 @@
+<?php
+// 这是系统自动生成的公共文件
diff --git a/app/api/controller/Index.php b/app/api/controller/Index.php
new file mode 100644
index 0000000..551f9bf
--- /dev/null
+++ b/app/api/controller/Index.php
@@ -0,0 +1,19 @@
+<?php
+declare (strict_types = 1);
+
+namespace app\api\controller;
+use app\api\BaseController;
+
+
+class Index extends BaseController
+{
+    public function index()
+    {
+        return '后端运行中...';
+    }
+
+    public function hello($name = 'ThinkPHP8')
+    {
+        return 'hello,' . $name;
+    }
+}
diff --git a/app/api/controller/LoginController.php b/app/api/controller/LoginController.php
new file mode 100644
index 0000000..8ceea43
--- /dev/null
+++ b/app/api/controller/LoginController.php
@@ -0,0 +1,176 @@
+<?php
+
+declare(strict_types=1);
+
+namespace app\api\controller;
+
+use app\api\BaseController;
+use think\exception\ValidateException;
+use think\facade\Db;
+use think\facade\Cache;
+use think\response\Json;
+use app\service\JwtService;
+
+use app\model\AdminUser;
+use app\model\System\SystemSiteSettings;
+
+class LoginController extends BaseController
+{
+    private function generateToken($userInfo): string
+    {
+        return JwtService::generateToken($userInfo);
+    }
+
+    private function verifyToken($token): ?array
+    {
+        return JwtService::verifyToken($token);
+    }
+
+    /**
+     * 登录接口
+     * @return Json
+     */
+    public function login(): Json
+    {
+        $data = $this->request->param();
+
+        if (isset($data['email'])) {
+            $data['account'] = $data['email'];
+        } elseif (isset($data['phone'])) {
+            $data['account'] = $data['phone'];
+        }
+
+        try {
+            $this->validate($data, [
+                'account|账号' => 'require|length:3,32',
+                'password|密码' => 'require|length:6,32'
+            ]);
+        } catch (ValidateException $e) {
+            return json([
+                'code' => 400,
+                'msg' => $e->getError()
+            ]);
+        }
+
+        $user = AdminUser::where('account', $data['account'])
+            ->where('status', 1)
+            ->where('delete_time', null)
+            ->find();
+
+        if (!$user) {
+            return json([
+                'code' => 401,
+                'msg' => '账号不存在或已禁用'
+            ]);
+        }
+
+        if (md5($data['password']) !== $user['password']) {
+            return json([
+                'code' => 401,
+                'msg' => '密码错误'
+            ]);
+        }
+
+        AdminUser::where('id', $user['id'])->update([
+            'login_count' => $user['login_count'] + 1,
+            'last_login_ip' => $this->request->ip()
+        ]);
+
+        $userInfo = [
+            'id' => $user['id'],
+            'account' => $user['account'],
+            'name' => $user['name'],
+            'group_id' => $user['group_id']
+        ];
+
+        $token = $this->generateToken($userInfo);
+
+        return json([
+            'code' => 200,
+            'msg' => '登录成功',
+            'data' => [
+                'token' => $token,
+                'user' => $userInfo
+            ]
+        ]);
+    }
+
+    /**
+     * 退出登录
+     * @return Json
+     */
+    public function logout(): Json
+    {
+        $authHeader = $this->request->header('Authorization', '');
+        $userInfo = null;
+
+        return json([
+            'code' => 200,
+            'msg' => '退出成功'
+        ]);
+    }
+
+    /**
+     * 获取当前登录用户信息
+     * @return Json
+     */
+    public function userInfo(): Json
+    {
+        $authHeader = $this->request->header('Authorization', '');
+
+        if (!preg_match('/Bearer\s+(.+)/i', $authHeader, $matches)) {
+            return json([
+                'code' => 401,
+                'msg' => '未登录'
+            ]);
+        }
+
+        $tokenData = $this->verifyToken($matches[1]);
+
+        if (!$tokenData || !isset($tokenData['user'])) {
+            return json([
+                'code' => 401,
+                'msg' => 'Token无效'
+            ]);
+        }
+
+        $user = (array)$tokenData['user'];
+        $user_id = $user['id'];
+
+        $userData = AdminUser::where('id', $user_id)
+            ->where('delete_time', null)
+            ->field('id, account, name, phone, qq, sex, group_id, status, create_time, update_time')
+            ->find();
+
+        if (!$userData) {
+            return json([
+                'code' => 404,
+                'msg' => '用户不存在'
+            ]);
+        }
+
+        return json([
+            'code' => 200,
+            'msg' => '获取成功',
+            'data' => $userData->toArray()
+        ]);
+    }
+
+    public function getAdminUserFromToken(): array
+    {
+        return JwtService::getUserFromHeader($this->request->header('Authorization', ''));
+    }
+
+    
+
+    public function loginInfo()
+    {
+        
+        $loginInfo = SystemSiteSettings::select();
+        return json([
+            'code' => 200,
+            'msg' => '获取成功',
+            'data' => $loginInfo
+        ]);
+    }
+}
diff --git a/app/api/controller/UserController.php b/app/api/controller/UserController.php
new file mode 100644
index 0000000..5c89786
--- /dev/null
+++ b/app/api/controller/UserController.php
@@ -0,0 +1,144 @@
+<?php
+
+declare(strict_types=1);
+
+namespace app\api\controller;
+
+use app\api\BaseController;
+use think\exception\ValidateException;
+use think\facade\Db;
+use think\facade\Session;
+use think\response\Json;
+
+use app\model\AdminUser;
+
+class UserController extends BaseController
+{
+    /**
+     * 获取所有用户信息
+     * @return Json
+     */
+    public function getAllUsers()
+    {
+        $users = AdminUser::where('delete_time', null)->field('id, account, name, phone, birth, email, qq, sex, group_id, status, last_login_ip, login_count, create_time, update_time')->select()->toArray();
+        return json([
+            'code' => 200,
+            'msg' => '获取成功',
+            'data' => [
+                'list' => $users,
+                'total' => count($users)
+            ]
+        ]);
+    }
+
+    /**
+     * 获取用户信息
+     * @return Json
+     */
+    public function getUserInfo(int $id)
+    {
+        $user = AdminUser::where('id', $id)
+            ->field('id, account, name, phone, email, birth, qq, sex, group_id, status, create_time, last_login_ip')
+            ->find();
+
+        // 记录操作日志
+        $this->logSuccess('用户管理', '获取用户信息', ['id' => $id]);
+
+        return json([
+            'code' => 200,
+            'msg' => '获取成功',
+            'data' => $user
+        ]);
+    }
+
+    /**
+     * 修改密码
+     * @return Json
+     */
+    public function changePassword(int $id, string $password)
+    {
+        try {
+            AdminUser::where('id', $id)->update([
+                'password' => md5($password),
+                'update_time' => date('Y-m-d H:i:s')
+            ]);
+            // 记录操作日志
+            $this->logSuccess('用户管理', '修改密码', ['id' => $id]);
+            return json([
+                'code' => 200,
+                'msg' => '修改成功'
+            ]);
+        } catch (\Exception $e) {
+            // 记录失败日志
+            $this->logFail('用户管理', '修改密码', $e->getMessage());
+            return json([
+                'code' => 500,
+                'msg' => '修改失败'
+            ]);
+        }
+    }
+
+    /**
+     * 添加用户
+     * @return Json
+     */
+    public function addUser()
+    {
+        $data = request()->param();
+        $data['password'] = md5($data['password']);
+        $data['create_time'] = date('Y-m-d H:i:s');
+        $data['update_time'] = $data['create_time'];
+        $data['group_id'] = 2;
+        $id = AdminUser::insertGetId($data);
+        // 记录操作日志
+        $this->logSuccess('用户管理', '添加用户', ['data' => $data]);
+        return json([
+            'code' => 200,
+            'msg' => '添加成功',
+            'data' => ['id' => $id]
+        ]);
+    }
+
+    /**
+     * 编辑用户
+     * @return Json
+     */
+    public function editUser(int $id)
+    {
+        $data = request()->param();
+        unset($data['_t'], $data['id']);
+        $data['update_time'] = date('Y-m-d H:i:s');
+        AdminUser::where('id', $id)->update($data);
+        $this->logSuccess('用户管理', '编辑用户', ['id' => $id]);
+        return json([
+            'code' => 200,
+            'msg' => '编辑成功'
+        ]);
+    }
+
+    /**
+     * 删除用户
+     * @return Json
+     */
+    public function deleteUser(int $id)
+    {
+        $user = AdminUser::where('id', $id)->where('delete_time', null)->find();
+
+        if (!$user) {
+            return json([
+                'code' => 404,
+                'msg' => '用户不存在或已删除'
+            ]);
+        }
+
+        AdminUser::where('id', $id)->update([
+            'delete_time' => date('Y-m-d H:i:s')
+        ]);
+
+        $this->logSuccess('用户管理', '删除用户', ['id' => $id]);
+        return json([
+            'code' => 200,
+            'msg' => '删除成功'
+        ]);
+    }
+}
diff --git a/app/api/event.php b/app/api/event.php
new file mode 100644
index 0000000..4eff890
--- /dev/null
+++ b/app/api/event.php
@@ -0,0 +1,5 @@
+<?php
+// 这是系统自动生成的event定义文件
+return [
+
+];
diff --git a/app/api/middleware.php b/app/api/middleware.php
new file mode 100644
index 0000000..cb3dd53
--- /dev/null
+++ b/app/api/middleware.php
@@ -0,0 +1,12 @@
+<?php
+// 全局中间件定义文件
+return [
+    // 全局请求缓存
+    // \think\middleware\CheckRequestCache::class,
+    // 多语言加载
+    // \think\middleware\LoadLangPack::class,
+    // Session初始化
+    \app\common\middleware\AllowCrossDomain::class,
+    \think\middleware\SessionInit::class,
+];
+
diff --git a/app/api/route/app.php b/app/api/route/app.php
new file mode 100644
index 0000000..cb01d4a
--- /dev/null
+++ b/app/api/route/app.php
@@ -0,0 +1,22 @@
+<?php
+use think\facade\Route;
+
+/**
+ * 自动加载子路由文件
+ * 路由文件存放在 routes/ 目录下
+ */
+$routesPath = __DIR__ . '/routes';
+
+// 检查路由目录是否存在
+if (is_dir($routesPath)) {
+    // 获取所有 .php 文件
+    $routeFiles = glob($routesPath . '/*.php');
+
+    // 按名称排序，确保加载顺序
+    sort($routeFiles);
+
+    // 加载每个路由文件
+    foreach ($routeFiles as $file) {
+        require_once $file;
+    }
+}
diff --git a/app/api/route/routes/login.php b/app/api/route/routes/login.php
new file mode 100644
index 0000000..ca8126d
--- /dev/null
+++ b/app/api/route/routes/login.php
@@ -0,0 +1,8 @@
+<?php
+use think\facade\Route;
+
+// 登录相关路由（统一加 /api 前缀，和前端保持一致）
+Route::post('loginInfo', 'app\\api\\controller\\LoginController@loginInfo');
+Route::post('login', 'app\\api\\controller\\LoginController@login');
+Route::post('logout', 'app\\api\\controller\\LoginController@logout');
+Route::get('user/info', 'app\\api\\controller\\LoginController@userInfo');
diff --git a/app/api/route/routes/user.php b/app/api/route/routes/user.php
new file mode 100644
index 0000000..04a7e79
--- /dev/null
+++ b/app/api/route/routes/user.php
@@ -0,0 +1,10 @@
+<?php
+use think\facade\Route;
+
+// 用户路由
+Route::get('getAllUsers', 'app\\api\\controller\\UserController@getAllUsers');
+Route::get('getUserInfo/:id', 'app\\api\\controller\\UserController@getUserInfo');
+Route::post('addUser', 'app\\api\\controller\\UserController@addUser');
+Route::post('editUser/:id', 'app\\api\\controller\\UserController@editUser');
+Route::delete('deleteUser/:id', 'app\\api\\controller\\UserController@deleteUser');
+Route::post('changePassword', 'app\\api\\controller\\UserController@changePassword');