diff --git a/backend/app.yaml b/backend/app.yaml
index c0b834d6c..afbf7288d 100644
--- a/backend/app.yaml
+++ b/backend/app.yaml
@@ -1,32 +1,45 @@
 system:
   port: 9999
-  db_type: 'mysql'
+  db_type: mysql
 
 jwt:
-  signing_key: "1panelKey"
+  header_name: Authorization
+  signing_key: 1panelKey
   expires_time: 604800 #过期时间
-#  buffer_time: 86400 #缓冲时间 缓冲时间内会获取新的token刷新令牌
-  issuer: "1Panel"
+  buffer_time: 86400 #缓冲时间 缓冲时间内会获取新的token刷新令牌
+  issuer: 1Panel
 
+session:
+  session_key: 1panel-session
+  session_name: psession
+  expires_time: 604800
+
+captcha:
+  enable: true
+  source: "1234567890QWERTYUIOPLKJHGFDSAZXCVBNMqwertyuioplkjhgfdsazxcvbnm"
+  length: 4
+  noise-count: 0
+  img-width: 120
+  img-height: 50
 
 mysql:
-  path: 'localhost'
-  port: '3306'
-  db_name: '1Panel'
-  username: 'root'
-  password: 'KubeOperator123@mysql'
+  path: localhost
+  port: 3306
+  db_name: 1Panel
+  username: root
+  password: KubeOperator123@mysql
   max_idle_conns: 10
   max_open_conns: 100
 
 sqlite:
-  path: "/opt/1Panel/data/db"
-  db_file: "1Panel.db"
+  path: /opt/1Panel/data/db
+  db_file: 1Panel.db
 
 log:
-  level: "info"
-  path: "/opt/1Panel/log"
-  log_name: "1Panel"
-  log_suffix: ".log"
+  level: info
+  path: /opt/1Panel/log
+  log_name: 1Panel
+  log_suffix: .log
   log_size: 50    #日志文件大小，单位是 MB
   log_backup: 10  #最大过期日志保留个数
   log_data: 7     #保留过期文件最大时间，单位 天
@@ -44,4 +57,8 @@ cors:
       allow-headers: content-type
       allow-methods: GET, POST
       expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
-      allow-credentials: true # 布尔值
\ No newline at end of file
+      allow-credentials: true # 布尔值
+
+# 加密设置
+encrypt:
+  key: 1Panel123@2022!
\ No newline at end of file
diff --git a/backend/app/api/v1/helper/helper.go b/backend/app/api/v1/helper/helper.go
new file mode 100644
index 000000000..2e6f5f984
--- /dev/null
+++ b/backend/app/api/v1/helper/helper.go
@@ -0,0 +1,51 @@
+package helper
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/1Panel-dev/1Panel/app/dto"
+	"github.com/1Panel-dev/1Panel/constant"
+	"github.com/1Panel-dev/1Panel/i18n"
+	"github.com/gin-gonic/gin"
+)
+
+func GeneratePaginationFromReq(c *gin.Context) (dto.PageInfo, bool) {
+	p, ok1 := c.GetQuery("page")
+	ps, ok2 := c.GetQuery("pageSize")
+	if !(ok1 && ok2) {
+		return dto.PageInfo{Page: 1, PageSize: 10}, false
+	}
+
+	page, err := strconv.Atoi(p)
+	if err != nil {
+		return dto.PageInfo{Page: 1, PageSize: 10}, false
+	}
+	pageSize, err := strconv.Atoi(ps)
+	if err != nil {
+		return dto.PageInfo{Page: 1, PageSize: 10}, false
+	}
+
+	return dto.PageInfo{Page: page, PageSize: pageSize}, false
+}
+
+func ErrorWithDetail(ctx *gin.Context, code int, msgKey string, err error) {
+	res := dto.Response{
+		Code: code,
+		Msg:  i18n.GetMsgWithMap(msgKey, map[string]interface{}{"detail": err}),
+	}
+	ctx.JSON(http.StatusOK, res)
+	ctx.Abort()
+}
+
+func SuccessWithData(ctx *gin.Context, data interface{}) {
+	if data == nil {
+		data = gin.H{}
+	}
+	res := dto.Response{
+		Code: constant.CodeSuccess,
+		Data: data,
+	}
+	ctx.JSON(http.StatusOK, res)
+	ctx.Abort()
+}
diff --git a/backend/app/api/v1/user.go b/backend/app/api/v1/user.go
index 5f169faeb..07f7046a9 100644
--- a/backend/app/api/v1/user.go
+++ b/backend/app/api/v1/user.go
@@ -1,67 +1,80 @@
 package v1
 
 import (
-	"github.com/1Panel-dev/1Panel/constant/errres"
-	"strconv"
+	"errors"
 
+	"github.com/1Panel-dev/1Panel/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/app/dto"
+	"github.com/1Panel-dev/1Panel/constant"
 	"github.com/1Panel-dev/1Panel/global"
-
+	"github.com/1Panel-dev/1Panel/utils/captcha"
 	"github.com/gin-gonic/gin"
 )
 
 type BaseApi struct{}
 
 func (b *BaseApi) Login(c *gin.Context) {
+	var req dto.Login
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqBody, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamValid, err)
+		return
+	}
+	if err := captcha.VerifyCode(req.CaptchaID, req.Captcha); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqBody, errors.New("captcha code error"))
+		return
+	}
 
+	user, err := userService.Login(c, req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, user)
+}
+
+func (b *BaseApi) Captcha(c *gin.Context) {
+	captcha, err := captcha.CreateCaptcha()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+	}
+	helper.SuccessWithData(c, captcha)
 }
 
 func (b *BaseApi) Register(c *gin.Context) {
 	var req dto.UserCreate
-	_ = c.ShouldBindJSON(&req)
-	res := dto.NewResult(c)
-
-	if err := global.Validator.Struct(req); err != nil {
-		res.ErrorWithDetail(errres.InvalidParam, err.Error())
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqBody, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamValid, err)
 		return
 	}
 	if err := userService.Register(req); err != nil {
-		dto.NewResult(c).ErrorCode(500, err.Error())
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
-	res.Success()
+	helper.SuccessWithData(c, nil)
 }
 
 func (b *BaseApi) GetUserList(c *gin.Context) {
-	// 这里到时候一起拦截一下
-	p, ok1 := c.GetQuery("page")
-	ps, ok2 := c.GetQuery("pageSize")
-	res := dto.NewResult(c)
-
-	if !(ok1 && ok2) {
-		res.Error(errres.InvalidParam)
-		return
-	}
-	page, err := strconv.Atoi(p)
-	if err != nil {
-		global.Logger.Error("获取失败!", err)
-		dto.NewResult(c).ErrorCode(500, err.Error())
-		return
-	}
-	pageSize, err := strconv.Atoi(ps)
-	if err != nil {
-		global.Logger.Error("获取失败!", err)
-		dto.NewResult(c).ErrorCode(500, err.Error())
+	pagenation, isOK := helper.GeneratePaginationFromReq(c)
+	if !isOK {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqQuery, constant.ErrPageParam)
 		return
 	}
 
-	total, list, err := userService.Page(page, pageSize)
+	total, list, err := userService.Page(pagenation.Page, pagenation.PageSize)
 	if err != nil {
-		global.Logger.Error("获取失败!", err)
-		dto.NewResult(c).ErrorCode(500, err.Error())
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
-	res.SuccessWithData(dto.PageResult{
+
+	helper.SuccessWithData(c, dto.PageResult{
 		Items: list,
 		Total: total,
 	})
@@ -69,54 +82,53 @@ func (b *BaseApi) GetUserList(c *gin.Context) {
 
 func (b *BaseApi) DeleteUser(c *gin.Context) {
 	var req dto.OperationWithName
-	_ = c.ShouldBindJSON(&req)
-	res := dto.NewResult(c)
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqBody, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamValid, err)
+		return
+	}
 
-	if err := global.Validator.Struct(req); err != nil {
-		res.Error(errres.InvalidParam)
-		return
-	}
 	if err := userService.Delete(req.Name); err != nil {
-		global.Logger.Error("删除失败!", err)
-		dto.NewResult(c).ErrorCode(500, err.Error())
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
-	dto.NewResult(c).Success()
+	helper.SuccessWithData(c, nil)
 }
 
 func (b *BaseApi) UpdateUser(c *gin.Context) {
 	var req dto.UserUpdate
-	_ = c.ShouldBindJSON(&req)
-	res := dto.NewResult(c)
-
-	if err := global.Validator.Struct(req); err != nil {
-		res.Error(errres.InvalidParam)
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqBody, err)
 		return
 	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamValid, err)
+		return
+	}
+
 	upMap := make(map[string]interface{})
 	upMap["email"] = req.Email
 	if err := userService.Update(upMap); err != nil {
-		global.Logger.Error("更新失败!", err)
-		dto.NewResult(c).ErrorCode(500, err.Error())
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
-	dto.NewResult(c).Success()
+	helper.SuccessWithData(c, nil)
 }
 
 func (b *BaseApi) GetUserInfo(c *gin.Context) {
 	name, ok := c.Params.Get("name")
-	res := dto.NewResult(c)
-
 	if !ok {
-		res.Error(errres.InvalidParam)
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeParamInReqQuery, errors.New("error name"))
 		return
 	}
 
 	user, err := userService.Get(name)
 	if err != nil {
-		global.Logger.Error("更新失败!", err)
-		dto.NewResult(c).ErrorCode(500, err.Error())
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
-	dto.NewResult(c).SuccessWithData(user)
+	helper.SuccessWithData(c, user)
 }
diff --git a/backend/app/dto/common_req.go b/backend/app/dto/common_req.go
index 76af32657..c7b4c4936 100644
--- a/backend/app/dto/common_req.go
+++ b/backend/app/dto/common_req.go
@@ -13,3 +13,11 @@ type OperationWithNameAndType struct {
 	Name string `json:"name" validate:"required"`
 	Type string `json:"type" validate:"required"`
 }
+
+type Login struct {
+	Name       string `json:"name" validate:"name,required"`
+	Password   string `json:"password" validate:"required"`
+	Captcha    string `json:"captcha"`
+	CaptchaID  string `json:"captchaID"`
+	AuthMethod string `json:"authMethod"`
+}
diff --git a/backend/app/dto/common_res.go b/backend/app/dto/common_res.go
index af3fbc6c9..6596a6b99 100644
--- a/backend/app/dto/common_res.go
+++ b/backend/app/dto/common_res.go
@@ -1,82 +1,12 @@
 package dto
 
-import (
-	"github.com/1Panel-dev/1Panel/i18n"
-	"net/http"
-
-	"github.com/gin-gonic/gin"
-)
-
 type PageResult struct {
 	Total int64       `json:"total"`
 	Items interface{} `json:"items"`
 }
 
-type ResDef struct {
-	Code  int
-	MsgID string
-}
-
 type Response struct {
-	Code int         `json:"code"` //提示代码
-	Msg  string      `json:"msg"`  //提示信息
-	Data interface{} `json:"data"` //出错
-}
-
-type Result struct {
-	Ctx *gin.Context
-}
-
-func NewResult(ctx *gin.Context) *Result {
-	return &Result{Ctx: ctx}
-}
-
-func NewError(code int, msg string) ResDef {
-	return ResDef{
-		Code:  code,
-		MsgID: msg,
-	}
-}
-
-func (r *Result) Success() {
-	r.Ctx.JSON(http.StatusOK, map[string]interface{}{})
-	r.Ctx.Abort()
-}
-
-func (r *Result) Error(re ResDef) {
-	res := Response{
-		Code: re.Code,
-		Msg:  i18n.GetMsg(re.MsgID),
-	}
-	r.Ctx.JSON(http.StatusOK, res)
-	r.Ctx.Abort()
-}
-
-func (r *Result) ErrorWithDetail(re ResDef, err string) {
-	res := Response{
-		Code: re.Code,
-		Msg:  i18n.GetMsgWithMap(re.MsgID, map[string]interface{}{"detail": err}),
-	}
-	r.Ctx.JSON(http.StatusOK, res)
-	r.Ctx.Abort()
-}
-
-func (r *Result) SuccessWithData(data interface{}) {
-	if data == nil {
-		data = gin.H{}
-	}
-	res := Response{}
-	res.Code = 0
-	res.Msg = ""
-	res.Data = data
-	r.Ctx.JSON(http.StatusOK, res)
-}
-
-func (r *Result) ErrorCode(code int, msg string) {
-	res := Response{}
-	res.Code = code
-	res.Msg = msg
-	res.Data = gin.H{}
-	r.Ctx.JSON(http.StatusOK, res)
-	r.Ctx.Abort()
+	Code int         `json:"code"`
+	Msg  string      `json:"msg"`
+	Data interface{} `json:"data"`
 }
diff --git a/backend/app/dto/jwt.go b/backend/app/dto/jwt.go
deleted file mode 100644
index b6c85a8fb..000000000
--- a/backend/app/dto/jwt.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package dto
-
-import "github.com/golang-jwt/jwt/v4"
-
-type JwtRequest struct {
-	BaseClaims
-	BufferTime int64
-	jwt.RegisteredClaims
-}
-
-type BaseClaims struct {
-	Username string
-}
diff --git a/backend/app/dto/user.go b/backend/app/dto/user.go
index e5a7fc256..53a8953c1 100644
--- a/backend/app/dto/user.go
+++ b/backend/app/dto/user.go
@@ -2,8 +2,6 @@ package dto
 
 import (
 	"time"
-
-	"github.com/1Panel-dev/1Panel/app/model"
 )
 
 type UserCreate struct {
@@ -12,6 +10,11 @@ type UserCreate struct {
 	Email    string `json:"email" validate:"required,email"`
 }
 
+type CaptchaResponse struct {
+	CaptchaID string `json:"captchaID"`
+	ImagePath string `json:"imagePath"`
+}
+
 type UserUpdate struct {
 	Email string `json:"email" validate:"required,email"`
 }
@@ -22,10 +25,7 @@ type UserBack struct {
 	CreatedAt time.Time `json:"createdAt"`
 }
 
-func (u UserCreate) UserCreateToMo() model.User {
-	return model.User{
-		Name:     u.Name,
-		Password: u.Password,
-		Email:    u.Email,
-	}
+type UserLoginInfo struct {
+	Name  string `json:"name"`
+	Token string `json:"token"`
 }
diff --git a/backend/app/model/log.go b/backend/app/model/operate_log.go
similarity index 100%
rename from backend/app/model/log.go
rename to backend/app/model/operate_log.go
diff --git a/backend/app/service/user.go b/backend/app/service/user.go
index ae5c0ecc0..31a300951 100644
--- a/backend/app/service/user.go
+++ b/backend/app/service/user.go
@@ -5,7 +5,12 @@ import (
 
 	"github.com/1Panel-dev/1Panel/app/dto"
 	"github.com/1Panel-dev/1Panel/app/model"
+	"github.com/1Panel-dev/1Panel/constant"
 	"github.com/1Panel-dev/1Panel/global"
+	"github.com/1Panel-dev/1Panel/utils/encrypt"
+	"github.com/1Panel-dev/1Panel/utils/jwt"
+	"github.com/gin-gonic/gin"
+	"github.com/jinzhu/copier"
 
 	"gorm.io/gorm"
 )
@@ -16,7 +21,7 @@ type IUserService interface {
 	Get(name string) (*dto.UserBack, error)
 	Page(page, size int) (int64, interface{}, error)
 	Register(userDto dto.UserCreate) error
-	Login(info *model.User) (*dto.UserBack, error)
+	Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo, error)
 	Delete(name string) error
 	Save(req model.User) error
 	Update(upMap map[string]interface{}) error
@@ -31,49 +36,76 @@ func (u *UserService) Get(name string) (*dto.UserBack, error) {
 	if err != nil {
 		return nil, err
 	}
-	dtoUser := &dto.UserBack{
-		Name:      user.Name,
-		Email:     user.Email,
-		CreatedAt: user.CreatedAt,
+	var dtoUser dto.UserBack
+	if err := copier.Copy(&dtoUser, &user); err != nil {
+		return nil, constant.ErrCopyTransform
 	}
-	return dtoUser, nil
+	return &dtoUser, err
 }
 
 func (u *UserService) Page(page, size int) (int64, interface{}, error) {
 	total, users, err := userRepo.Page(page, size)
 	var dtoUsers []dto.UserBack
 	for _, user := range users {
-		dtoUsers = append(dtoUsers, dto.UserBack{
-			Name:      user.Name,
-			Email:     user.Email,
-			CreatedAt: user.CreatedAt,
-		})
+		var item dto.UserBack
+		if err := copier.Copy(&item, &user); err != nil {
+			return 0, nil, constant.ErrCopyTransform
+		}
+		dtoUsers = append(dtoUsers, item)
 	}
 	return total, dtoUsers, err
 }
 
 func (u *UserService) Register(userDto dto.UserCreate) error {
-	user := userDto.UserCreateToMo()
+	var user model.User
+	if err := copier.Copy(&user, &userDto); err != nil {
+		return constant.ErrCopyTransform
+	}
 	if !errors.Is(global.DB.Where("name = ?", user.Name).First(&user).Error, gorm.ErrRecordNotFound) {
-		return errors.New("用户名已注册")
+		return constant.ErrRecordExist
 	}
 	return userRepo.Create(&user)
 }
 
-func (u *UserService) Login(info *model.User) (*dto.UserBack, error) {
+func (u *UserService) Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo, error) {
 	user, err := userRepo.Get(commonRepo.WithByName(info.Name))
 	if err != nil {
 		return nil, err
 	}
-	if user.Password != info.Password {
-		return nil, errors.New("登录失败")
+	pass, err := encrypt.StringDecrypt(user.Password)
+	if err != nil {
+		return nil, err
 	}
-	dtoUser := &dto.UserBack{
-		Name:      user.Name,
-		Email:     user.Email,
-		CreatedAt: user.CreatedAt,
+	if info.Password != pass {
+		return nil, errors.New("login failed")
 	}
-	return dtoUser, err
+	if info.AuthMethod == constant.AuthMethodJWT {
+		j := jwt.NewJWT()
+		claims := j.CreateClaims(jwt.BaseClaims{
+			ID:   user.ID,
+			Name: user.Name,
+		})
+		token, err := j.CreateToken(claims)
+		if err != nil {
+			return nil, err
+		}
+		return &dto.UserLoginInfo{Name: user.Name, Token: token}, err
+	}
+
+	sID, _ := c.Cookie(global.CONF.Session.SessionName)
+	if sID != "" {
+		c.SetCookie(global.CONF.Session.SessionName, "", -1, "", "", false, false)
+	}
+	session, err := global.SESSION.New(c.Request, global.CONF.Session.SessionName)
+	if err != nil {
+		return nil, err
+	}
+	session.Values[global.CONF.Session.SessionUserKey] = user
+	if err := global.SESSION.Save(c.Request, c.Writer, session); err != nil {
+		return nil, err
+	}
+
+	return &dto.UserLoginInfo{Name: user.Name}, err
 }
 
 func (u *UserService) Delete(name string) error {
diff --git a/backend/configs/captcha.go b/backend/configs/captcha.go
new file mode 100644
index 000000000..25510e8a6
--- /dev/null
+++ b/backend/configs/captcha.go
@@ -0,0 +1,10 @@
+package configs
+
+type Captcha struct {
+	Enable     bool   `mapstructure:"enable" json:"enable" yaml:"enable"`
+	Source     string `mapstructure:"source" json:"source" yaml:"source"`
+	Length     int    `mapstructure:"length" json:"length" yaml:"length"`
+	NoiseCount int    `mapstructure:"noise-count" json:"noise-count" yaml:"noise-count"`
+	ImgWidth   int    `mapstructure:"img-width" json:"img-width" yaml:"img-width"`
+	ImgHeight  int    `mapstructure:"img-height" json:"img-height" yaml:"img-height"`
+}
diff --git a/backend/configs/config.go b/backend/configs/config.go
index 881b8d251..1c0fd786b 100644
--- a/backend/configs/config.go
+++ b/backend/configs/config.go
@@ -6,5 +6,8 @@ type ServerConfig struct {
 	System    System    `mapstructure:"system"`
 	LogConfig LogConfig `mapstructure:"log"`
 	JWT       JWT       `mapstructure:"jwt"`
+	Session   Session   `mapstructure:"session"`
 	CORS      CORS      `mapstructure:"cors"`
+	Captcha   Captcha   `mapstructure:"captcha"`
+	Encrypt   Encrypt   `mapstructure:"encrypt"`
 }
diff --git a/backend/configs/encrypt.go b/backend/configs/encrypt.go
new file mode 100644
index 000000000..9af42c174
--- /dev/null
+++ b/backend/configs/encrypt.go
@@ -0,0 +1,5 @@
+package configs
+
+type Encrypt struct {
+	Key string `mapstructure:"key" json:"key" yaml:"key"`
+}
diff --git a/backend/configs/jwt.go b/backend/configs/jwt.go
index 95fca79ee..6f0b0ab88 100644
--- a/backend/configs/jwt.go
+++ b/backend/configs/jwt.go
@@ -1,8 +1,9 @@
 package configs
 
 type JWT struct {
-	SigningKey  string `mapstructure:"signing_key"`  // jwt签名
-	ExpiresTime int64  `mapstructure:"expires_time"` // 过期时间
-	BufferTime  int64  `mapstructure:"buffer_time"`  // 缓冲时间
+	HeaderName  string `mapstructure:"header_name"`
+	SigningKey  string `mapstructure:"signing_key"`
+	ExpiresTime int64  `mapstructure:"expires_time"`
+	BufferTime  int64  `mapstructure:"buffer_time"`
 	Issuer      string `mapstructure:"issuer"`
 }
diff --git a/backend/configs/session.go b/backend/configs/session.go
new file mode 100644
index 000000000..b9a1f843f
--- /dev/null
+++ b/backend/configs/session.go
@@ -0,0 +1,8 @@
+package configs
+
+type Session struct {
+	SessionKey     string `mapstructure:"session_key"`
+	SessionUserKey string `mapstructure:"session_user_key"`
+	SessionName    string `mapstructure:"session_name"`
+	ExpiresTime    int    `mapstructure:"expires_time"`
+}
diff --git a/backend/constant/errres/errs.go b/backend/constant/errres/errs.go
deleted file mode 100644
index 178b9f959..000000000
--- a/backend/constant/errres/errs.go
+++ /dev/null
@@ -1,30 +0,0 @@
-package errres
-
-import (
-	"errors"
-
-	"github.com/1Panel-dev/1Panel/app/dto"
-)
-
-const (
-	Success            = 0
-	Error              = 500
-	InvalidParams      = 400
-	InvalidCommon      = 10000
-	InvalidJwtExpired  = 10001
-	InvalidJwtNotFound = 10002
-)
-
-var (
-	OK           = dto.NewError(Success, "Ok")
-	InvalidParam = dto.NewError(InvalidParams, "InvalidParams")
-	JwtExpired   = dto.NewError(InvalidJwtExpired, "JwtExpired")
-	JwtNotFound  = dto.NewError(InvalidJwtNotFound, "JwtNotFound")
-)
-
-var (
-	TokenExpired     = errors.New("token is expired")
-	TokenNotValidYet = errors.New("token not active yet")
-	TokenMalformed   = errors.New("that's not even a token")
-	TokenInvalid     = errors.New("couldn't handle this token")
-)
diff --git a/backend/constant/errs.go b/backend/constant/errs.go
new file mode 100644
index 000000000..a19401fc2
--- /dev/null
+++ b/backend/constant/errs.go
@@ -0,0 +1,37 @@
+package constant
+
+import (
+	"errors"
+)
+
+const (
+	CodeSuccess           = 200
+	CodeErrBadRequest     = 400
+	CodeErrUnauthorized   = 401
+	CodeErrForbidden      = 403
+	CodeErrNotFound       = 404
+	CodeErrInternalServer = 500
+	CodeErrHeader         = 406
+)
+
+var (
+	ErrTypeToken        = "ErrToken"
+	ErrTypeTokenExpired = "ErrTokenExpired"
+
+	ErrTypeParamInReqBody  = "ErrParamInReqBody"
+	ErrTypeParamInReqQuery = "ErrParamInReqQuery"
+	ErrTypeInternalServer  = "ErrInternalServer"
+	ErrTypeParamValid      = "ErrParamValid"
+)
+
+var (
+	ErrTokenExpired     = errors.New("token is expired")
+	ErrTokenNotValidYet = errors.New("token not active yet")
+	ErrTokenMalformed   = errors.New("that's not even a token")
+	ErrTokenInvalid     = errors.New("couldn't handle this token")
+
+	ErrCaptchaCode   = errors.New("captcha code error")
+	ErrPageParam     = errors.New("paging parameter error")
+	ErrRecordExist   = errors.New("record already exists")
+	ErrCopyTransform = errors.New("type conversion failure")
+)
diff --git a/backend/constant/session.go b/backend/constant/session.go
new file mode 100644
index 000000000..8fb81212b
--- /dev/null
+++ b/backend/constant/session.go
@@ -0,0 +1,6 @@
+package constant
+
+const (
+	AuthMethodSession = "session"
+	AuthMethodJWT     = "jwt"
+)
diff --git a/backend/global/global.go b/backend/global/global.go
index 01a8ef19c..bf71c6687 100644
--- a/backend/global/global.go
+++ b/backend/global/global.go
@@ -3,13 +3,15 @@ package global
 import (
 	"github.com/1Panel-dev/1Panel/configs"
 	"github.com/go-playground/validator/v10"
+	"github.com/gorilla/sessions"
 	"github.com/sirupsen/logrus"
 	"gorm.io/gorm"
 )
 
 var (
-	DB        *gorm.DB
-	Logger    *logrus.Logger
-	Config    configs.ServerConfig
-	Validator *validator.Validate
+	DB      *gorm.DB
+	LOG     *logrus.Logger
+	CONF    configs.ServerConfig
+	VALID   *validator.Validate
+	SESSION *sessions.CookieStore
 )
diff --git a/backend/go.mod b/backend/go.mod
index a5aa6d83f..b999f1313 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -10,8 +10,12 @@ require (
 	github.com/go-gormigrate/gormigrate/v2 v2.0.2
 	github.com/go-playground/validator/v10 v10.11.0
 	github.com/golang-jwt/jwt/v4 v4.4.2
+	github.com/gorilla/securecookie v1.1.1
+	github.com/gorilla/sessions v1.2.1
 	github.com/jinzhu/copier v0.3.5
+	github.com/mojocn/base64Captcha v1.3.5
 	github.com/natefinch/lumberjack v2.0.0+incompatible
+	github.com/nicksnyder/go-i18n/v2 v2.1.2
 	github.com/pelletier/go-toml/v2 v2.0.2
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.0
@@ -38,6 +42,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
 	github.com/goccy/go-json v0.9.7 // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
@@ -47,11 +52,10 @@ require (
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/mattn/go-sqlite3 v1.14.12 // indirect
+	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/nicksnyder/go-i18n/v2 v2.1.2 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
@@ -60,6 +64,7 @@ require (
 	github.com/subosito/gotenv v1.3.0 // indirect
 	github.com/ugorji/go/codec v1.2.7 // indirect
 	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+	golang.org/x/image v0.0.0-20190802002840-cff245a6509b // indirect
 	golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2 // indirect
 	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
 	golang.org/x/tools v0.1.10 // indirect
diff --git a/backend/go.sum b/backend/go.sum
index 040ba089f..a23807375 100644
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -116,6 +116,8 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/sqlexp v0.0.0-20170517235910-f1bb20e5a188 h1:+eHOFJl1BaXrQxKX+T06f78590z4qA2ZzBTqahsKSE4=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -175,6 +177,10 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -227,8 +233,9 @@ github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJ
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-sqlite3 v1.14.12 h1:TJ1bhYJPV44phC+IMu1u2K/i5RriLTPe+yc68XDJ1Z0=
 github.com/mattn/go-sqlite3 v1.14.12/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -237,6 +244,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mojocn/base64Captcha v1.3.5 h1:Qeilr7Ta6eDtG4S+tQuZ5+hO+QHbiGAJdi4PfoagaA0=
+github.com/mojocn/base64Captcha v1.3.5/go.mod h1:/tTTXn4WTpX9CfrmipqRytCpJ27Uw3G6I7NcP2WwcmY=
 github.com/natefinch/lumberjack v2.0.0+incompatible h1:4QJd3OLAMgj7ph+yZTuX13Ld4UpgHp07nNdFX7mqFfM=
 github.com/natefinch/lumberjack v2.0.0+incompatible/go.mod h1:Wi9p2TTF5DG5oU+6YfsmYQpsTIOm0B1VNzQg9Mw6nPk=
 github.com/nicksnyder/go-i18n/v2 v2.1.2 h1:QHYxcUJnGHBaq7XbvgunmZ2Pn0focXFqTD61CkH146c=
@@ -340,6 +349,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190501045829-6d32002ffd75/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
diff --git a/backend/i18n/i18n.go b/backend/i18n/i18n.go
index e437ec927..bb8eb02ed 100644
--- a/backend/i18n/i18n.go
+++ b/backend/i18n/i18n.go
@@ -2,6 +2,7 @@ package i18n
 
 import (
 	"embed"
+
 	ginI18n "github.com/gin-contrib/i18n"
 	"github.com/gin-gonic/gin"
 	"github.com/nicksnyder/go-i18n/v2/i18n"
@@ -34,14 +35,15 @@ func GetMsgWithMap(msg string, maps map[string]interface{}) string {
 var fs embed.FS
 
 func GinI18nLocalize() gin.HandlerFunc {
-	return ginI18n.Localize(ginI18n.WithBundle(&ginI18n.BundleCfg{
-		RootPath:         "./lang",
-		AcceptLanguage:   []language.Tag{language.Chinese, language.English},
-		DefaultLanguage:  language.Chinese,
-		FormatBundleFile: "toml",
-		UnmarshalFunc:    toml.Unmarshal,
-		Loader:           &ginI18n.EmbedLoader{FS: fs},
-	}),
+	return ginI18n.Localize(
+		ginI18n.WithBundle(&ginI18n.BundleCfg{
+			RootPath:         "./lang",
+			AcceptLanguage:   []language.Tag{language.Chinese, language.English},
+			DefaultLanguage:  language.Chinese,
+			FormatBundleFile: "toml",
+			UnmarshalFunc:    toml.Unmarshal,
+			Loader:           &ginI18n.EmbedLoader{FS: fs},
+		}),
 		ginI18n.WithGetLngHandle(
 			func(context *gin.Context, defaultLng string) string {
 				lng := context.GetHeader("Accept-Language")
diff --git a/backend/i18n/lang/zh.toml b/backend/i18n/lang/zh.toml
index ada7403b7..226581582 100644
--- a/backend/i18n/lang/zh.toml
+++ b/backend/i18n/lang/zh.toml
@@ -1,3 +1,8 @@
 #common
-InvalidParams = "参数错误: {.detail}"
-JwtNotFound = "需要jwt校验"
\ No newline at end of file
+ErrInvalidParams = "请求参数错误: {.detail}"
+ErrTokenTimeOut = "登陆信息已过期: {.detail}"
+ErrCaptchaCode = "错误的验证码信息"
+ErrRecordExist = "记录已存在: {.detail}"
+ErrRecordNotFound = "记录未能找到: {.detail}"
+ErrStructTransform = "类型转换失败: {.detail}"
+ErrInternalServer = "服务内部错误: {.detail}"
\ No newline at end of file
diff --git a/backend/init/db/db.go b/backend/init/db/db.go
index b7e1df08c..7428a6367 100644
--- a/backend/init/db/db.go
+++ b/backend/init/db/db.go
@@ -3,7 +3,7 @@ package db
 import "github.com/1Panel-dev/1Panel/global"
 
 func Init() {
-	switch global.Config.System.DbType {
+	switch global.CONF.System.DbType {
 	case "mysql":
 		global.DB = MysqlGorm()
 	case "sqlite":
diff --git a/backend/init/db/mysql.go b/backend/init/db/mysql.go
index 661802003..6664c5850 100644
--- a/backend/init/db/mysql.go
+++ b/backend/init/db/mysql.go
@@ -8,7 +8,7 @@ import (
 )
 
 func MysqlGorm() *gorm.DB {
-	m := global.Config.Mysql
+	m := global.CONF.Mysql
 	if m.Dbname == "" {
 		return nil
 	}
diff --git a/backend/init/db/sqlite.go b/backend/init/db/sqlite.go
index bc1af7522..472a339f7 100644
--- a/backend/init/db/sqlite.go
+++ b/backend/init/db/sqlite.go
@@ -8,7 +8,7 @@ import (
 )
 
 func SqliteGorm() *gorm.DB {
-	s := global.Config.Sqlite
+	s := global.CONF.Sqlite
 	if db, err := gorm.Open(sqlite.Open(s.Dsn()), &gorm.Config{}); err != nil {
 		panic(err)
 	} else {
diff --git a/backend/init/log/log.go b/backend/init/log/log.go
index 54c3b4d93..dbdca0797 100644
--- a/backend/init/log/log.go
+++ b/backend/init/log/log.go
@@ -12,8 +12,8 @@ import (
 
 func Init() {
 	l := logrus.New()
-	setOutput(l, global.Config.LogConfig)
-	global.Logger = l
+	setOutput(l, global.CONF.LogConfig)
+	global.LOG = l
 }
 
 func setOutput(log *logrus.Logger, config configs.LogConfig) {
diff --git a/backend/init/migration/migrate.go b/backend/init/migration/migrate.go
index 818861b31..57a2dda85 100644
--- a/backend/init/migration/migrate.go
+++ b/backend/init/migration/migrate.go
@@ -13,8 +13,8 @@ func Init() {
 		migrations.AddData,
 	})
 	if err := m.Migrate(); err != nil {
-		global.Logger.Error(err)
+		global.LOG.Error(err)
 		panic(err)
 	}
-	global.Logger.Infof("Migration did run successfully")
+	global.LOG.Infof("Migration did run successfully")
 }
diff --git a/backend/init/router/router.go b/backend/init/router/router.go
index f6b4b224b..384e03b1b 100644
--- a/backend/init/router/router.go
+++ b/backend/init/router/router.go
@@ -1,6 +1,8 @@
 package router
 
 import (
+	"html/template"
+
 	"github.com/1Panel-dev/1Panel/docs"
 	"github.com/1Panel-dev/1Panel/i18n"
 	"github.com/1Panel-dev/1Panel/middleware"
@@ -9,7 +11,6 @@ import (
 	"github.com/gin-gonic/gin"
 	swaggerfiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
-	"html/template"
 )
 
 func Routers() *gin.Engine {
diff --git a/backend/init/session/session.go b/backend/init/session/session.go
new file mode 100644
index 000000000..8ad4c511c
--- /dev/null
+++ b/backend/init/session/session.go
@@ -0,0 +1,18 @@
+package session
+
+import (
+	"github.com/1Panel-dev/1Panel/global"
+	"github.com/gorilla/securecookie"
+	"github.com/gorilla/sessions"
+)
+
+func Init() {
+	cs := &sessions.CookieStore{
+		Codecs: securecookie.CodecsFromPairs([]byte(global.CONF.Session.SessionKey)),
+		Options: &sessions.Options{
+			Path:   "/",
+			MaxAge: global.CONF.Session.ExpiresTime,
+		},
+	}
+	global.SESSION = cs
+}
diff --git a/backend/init/validator/validator.go b/backend/init/validator/validator.go
index c731c901f..51307a71b 100644
--- a/backend/init/validator/validator.go
+++ b/backend/init/validator/validator.go
@@ -20,14 +20,14 @@ func Init() {
 	if err := validator.RegisterValidation("password", checkPasswordPattern); err != nil {
 		panic(err)
 	}
-	global.Validator = validator
+	global.VALID = validator
 }
 
 func checkNamePattern(fl validator.FieldLevel) bool {
 	value := fl.Field().String()
 	result, err := regexp.MatchString("^[a-zA-Z\u4e00-\u9fa5]{1}[a-zA-Z0-9_\u4e00-\u9fa5]{0,30}$", value)
 	if err != nil {
-		global.Logger.Errorf("regexp matchString failed, %v", err)
+		global.LOG.Errorf("regexp matchString failed, %v", err)
 	}
 	return result
 }
@@ -36,7 +36,7 @@ func checkIpPattern(fl validator.FieldLevel) bool {
 	value := fl.Field().String()
 	result, err := regexp.MatchString(`^((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}$`, value)
 	if err != nil {
-		global.Logger.Errorf("regexp check ip matchString failed, %v", err)
+		global.LOG.Errorf("regexp check ip matchString failed, %v", err)
 	}
 	return result
 }
diff --git a/backend/init/viper/viper.go b/backend/init/viper/viper.go
index a744453c9..e646d08f3 100644
--- a/backend/init/viper/viper.go
+++ b/backend/init/viper/viper.go
@@ -21,7 +21,7 @@ func Init() {
 	v.WatchConfig()
 	v.OnConfigChange(func(e fsnotify.Event) {
 		fmt.Println("config file changed:", e.Name)
-		if err := v.Unmarshal(&global.Config); err != nil {
+		if err := v.Unmarshal(&global.CONF); err != nil {
 			panic(err)
 		}
 	})
@@ -29,5 +29,5 @@ func Init() {
 	if err := v.Unmarshal(&serverConfig); err != nil {
 		panic(err)
 	}
-	global.Config = serverConfig
+	global.CONF = serverConfig
 }
diff --git a/backend/middleware/cors.go b/backend/middleware/cors.go
index 98c6e50dc..19a8e0dfe 100644
--- a/backend/middleware/cors.go
+++ b/backend/middleware/cors.go
@@ -27,7 +27,7 @@ func Cors() gin.HandlerFunc {
 }
 
 func CorsByRules() gin.HandlerFunc {
-	mode := global.Config.CORS.Mode
+	mode := global.CONF.CORS.Mode
 	if mode == "allow-all" {
 		return Cors()
 	}
@@ -55,7 +55,7 @@ func CorsByRules() gin.HandlerFunc {
 }
 
 func checkCors(currentOrigin string) *configs.CORSWhiteList {
-	for _, whitelist := range global.Config.CORS.WhiteList {
+	for _, whitelist := range global.CONF.CORS.WhiteList {
 		if currentOrigin == whitelist.AllowOrigin {
 			return &whitelist
 		}
diff --git a/backend/middleware/jwt.go b/backend/middleware/jwt.go
index 9af734ee2..7b83fc498 100644
--- a/backend/middleware/jwt.go
+++ b/backend/middleware/jwt.go
@@ -1,38 +1,36 @@
 package middleware
 
 import (
-	"errors"
 	"time"
 
-	"github.com/1Panel-dev/1Panel/app/dto"
-	"github.com/1Panel-dev/1Panel/constant/errres"
-	"github.com/1Panel-dev/1Panel/utils"
+	"github.com/1Panel-dev/1Panel/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/constant"
+	"github.com/1Panel-dev/1Panel/global"
+	jwtUtils "github.com/1Panel-dev/1Panel/utils/jwt"
+	"github.com/golang-jwt/jwt/v4"
 
 	"github.com/gin-gonic/gin"
 )
 
 func JwtAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		token := c.Request.Header.Get("Authorization")
-		re := dto.NewResult(c)
+		c.Set("authMethod", "")
+		token := c.Request.Header.Get(global.CONF.JWT.HeaderName)
 		if token == "" {
-			re.Error(errres.JwtNotFound)
+			c.Next()
 			return
 		}
-		j := utils.NewJWT()
+		j := jwtUtils.NewJWT()
 		claims, err := j.ParseToken(token)
 		if err != nil {
-			if errors.Is(err, errres.TokenExpired) {
-				re.Error(errres.JwtExpired)
-				return
-			}
-			re.ErrorCode(errres.InvalidCommon, err.Error())
+			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeToken, err)
 			return
 		}
 		if claims.ExpiresAt.Unix()-time.Now().Unix() < claims.BufferTime {
-			//TODO 续签
+			claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(global.CONF.JWT.ExpiresTime)))
 		}
 		c.Set("claims", claims)
+		c.Set("authMethod", constant.AuthMethodJWT)
 		c.Next()
 	}
 }
diff --git a/backend/middleware/session.go b/backend/middleware/session.go
new file mode 100644
index 000000000..436b89c86
--- /dev/null
+++ b/backend/middleware/session.go
@@ -0,0 +1,31 @@
+package middleware
+
+import (
+	"github.com/1Panel-dev/1Panel/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/constant"
+	"github.com/1Panel-dev/1Panel/global"
+	"github.com/gin-gonic/gin"
+)
+
+func SessionAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if method, exist := c.Get("authMethod"); exist && method == constant.AuthMethodJWT {
+			c.Next()
+		}
+		sID, err := c.Cookie(global.CONF.Session.SessionName)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeToken, nil)
+			return
+		}
+		sess, err := global.SESSION.Get(c.Request, sID)
+		if err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeToken, nil)
+			return
+		}
+		if _, ok := sess.Values[global.CONF.Session.SessionUserKey]; !ok {
+			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeToken, nil)
+			return
+		}
+		c.Next()
+	}
+}
diff --git a/backend/router/ro_base.go b/backend/router/ro_base.go
index 99663914b..edf446807 100644
--- a/backend/router/ro_base.go
+++ b/backend/router/ro_base.go
@@ -12,6 +12,8 @@ func (s *BaseRouter) InitBaseRouter(Router *gin.RouterGroup) (R gin.IRoutes) {
 	baseApi := v1.ApiGroupApp.BaseApi
 	{
 		baseRouter.POST("login", baseApi.Login)
+		baseRouter.GET("captcha", baseApi.Captcha)
+
 	}
 	return baseRouter
 }
diff --git a/backend/router/ro_user.go b/backend/router/ro_user.go
index b11fc57cb..da6d95ddb 100644
--- a/backend/router/ro_user.go
+++ b/backend/router/ro_user.go
@@ -2,6 +2,7 @@ package router
 
 import (
 	v1 "github.com/1Panel-dev/1Panel/app/api/v1"
+	"github.com/1Panel-dev/1Panel/middleware"
 
 	"github.com/gin-gonic/gin"
 )
@@ -10,6 +11,7 @@ type UserRouter struct{}
 
 func (s *UserRouter) InitUserRouter(Router *gin.RouterGroup) {
 	userRouter := Router.Group("users")
+	userRouter.Use(middleware.JwtAuth()).Use(middleware.SessionAuth())
 	baseApi := v1.ApiGroupApp.BaseApi
 	{
 		userRouter.POST("", baseApi.Register)
diff --git a/backend/server/server.go b/backend/server/server.go
index c685adca3..5bf192fe3 100644
--- a/backend/server/server.go
+++ b/backend/server/server.go
@@ -9,6 +9,7 @@ import (
 	"github.com/1Panel-dev/1Panel/init/log"
 	"github.com/1Panel-dev/1Panel/init/migration"
 	"github.com/1Panel-dev/1Panel/init/router"
+	"github.com/1Panel-dev/1Panel/init/session"
 	"github.com/1Panel-dev/1Panel/init/validator"
 	"github.com/1Panel-dev/1Panel/init/viper"
 
@@ -22,12 +23,13 @@ func Start() {
 	db.Init()
 	migration.Init()
 	validator.Init()
+	session.Init()
 	routers := router.Routers()
-	address := fmt.Sprintf(":%d", global.Config.System.Port)
+	address := fmt.Sprintf(":%d", global.CONF.System.Port)
 	s := initServer(address, routers)
-	global.Logger.Info(fmt.Sprintf("server run success on %d", global.Config.System.Port))
+	global.LOG.Infof("server run success on %d", global.CONF.System.Port)
 	if err := s.ListenAndServe(); err != nil {
-		global.Logger.Error(err)
+		global.LOG.Error(err)
 		panic(err)
 	}
 }
diff --git a/backend/utils/captcha/captcha.go b/backend/utils/captcha/captcha.go
new file mode 100644
index 000000000..7eb736d89
--- /dev/null
+++ b/backend/utils/captcha/captcha.go
@@ -0,0 +1,49 @@
+package captcha
+
+import (
+	"strings"
+
+	"github.com/1Panel-dev/1Panel/app/dto"
+	"github.com/1Panel-dev/1Panel/constant"
+	"github.com/1Panel-dev/1Panel/global"
+	"github.com/mojocn/base64Captcha"
+)
+
+var store = base64Captcha.DefaultMemStore
+
+func VerifyCode(codeID string, code string) error {
+	if !global.CONF.Captcha.Enable {
+		return nil
+	}
+	if codeID == "" {
+		return constant.ErrCaptchaCode
+	}
+	vv := store.Get(codeID, true)
+	vv = strings.TrimSpace(vv)
+	code = strings.TrimSpace(code)
+
+	if strings.EqualFold(vv, code) {
+		return nil
+	}
+	return constant.ErrCaptchaCode
+}
+
+func CreateCaptcha() (*dto.CaptchaResponse, error) {
+	var driverString base64Captcha.DriverString
+	driverString.Source = global.CONF.Captcha.Source
+	driverString.Width = global.CONF.Captcha.ImgWidth
+	driverString.Height = global.CONF.Captcha.ImgHeight
+	driverString.NoiseCount = global.CONF.Captcha.NoiseCount
+	driverString.Length = global.CONF.Captcha.Length
+	driverString.Fonts = []string{"wqy-microhei.ttc"}
+	driver := driverString.ConvertFonts()
+	c := base64Captcha.NewCaptcha(driver, store)
+	id, b64s, err := c.Generate()
+	if err != nil {
+		return nil, err
+	}
+	return &dto.CaptchaResponse{
+		CaptchaID: id,
+		ImagePath: b64s,
+	}, nil
+}
diff --git a/backend/utils/copier/copier.go b/backend/utils/copier/copier.go
index 20cad0d67..eb99b8978 100644
--- a/backend/utils/copier/copier.go
+++ b/backend/utils/copier/copier.go
@@ -6,7 +6,6 @@ import (
 	"github.com/pkg/errors"
 )
 
-// Copy 从一个结构体复制到另一个结构体
 func Copy(to, from interface{}) error {
 	b, err := json.Marshal(from)
 	if err != nil {
diff --git a/backend/utils/cover.go b/backend/utils/cover.go
deleted file mode 100644
index 24d2ab722..000000000
--- a/backend/utils/cover.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package utils
-
-import (
-	"github.com/jinzhu/copier"
-	"github.com/pkg/errors"
-)
-
-func ModelToDTO(dto, model interface{}) error {
-	if err := copier.Copy(dto, model); err != nil {
-		return errors.Wrap(err, "cover to dto err")
-	}
-	return nil
-}
-
-func DTOToModel(model, dto interface{}) error {
-	if err := copier.Copy(dto, model); err != nil {
-		return errors.Wrap(err, "cover to model err")
-	}
-	return nil
-}
diff --git a/backend/utils/encrypt/encrypt.go b/backend/utils/encrypt/encrypt.go
new file mode 100644
index 000000000..5204ad528
--- /dev/null
+++ b/backend/utils/encrypt/encrypt.go
@@ -0,0 +1,83 @@
+package encrypt
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"io"
+
+	"github.com/1Panel-dev/1Panel/global"
+)
+
+func StringEncrypt(text string) (string, error) {
+	key := global.CONF.Encrypt.Key
+	pass := []byte(text)
+	xpass, err := aesEncryptWithSalt([]byte(key), pass)
+	if err == nil {
+		pass64 := base64.StdEncoding.EncodeToString(xpass)
+		return pass64, err
+	}
+	return "", err
+}
+
+func StringDecrypt(text string) (string, error) {
+	key := global.CONF.Encrypt.Key
+	bytesPass, err := base64.StdEncoding.DecodeString(text)
+	if err != nil {
+		return "", err
+	}
+	var tpass []byte
+	tpass, err = aesDecryptWithSalt([]byte(key), bytesPass)
+	if err == nil {
+		result := string(tpass[:])
+		return result, err
+	}
+	return "", err
+}
+
+func padding(plaintext []byte, blockSize int) []byte {
+	padding := blockSize - len(plaintext)%blockSize
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(plaintext, padtext...)
+}
+
+func unPadding(origData []byte) []byte {
+	length := len(origData)
+	unpadding := int(origData[length-1])
+	return origData[:(length - unpadding)]
+}
+
+func aesEncryptWithSalt(key, plaintext []byte) ([]byte, error) {
+	plaintext = padding(plaintext, aes.BlockSize)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[0:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, err
+	}
+	cbc := cipher.NewCBCEncrypter(block, iv)
+	cbc.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
+	return ciphertext, nil
+}
+func aesDecryptWithSalt(key, ciphertext []byte) ([]byte, error) {
+	var block cipher.Block
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+	if len(ciphertext) < aes.BlockSize {
+		return nil, fmt.Errorf("iciphertext too short")
+	}
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+	cbc := cipher.NewCBCDecrypter(block, iv)
+	cbc.CryptBlocks(ciphertext, ciphertext)
+	ciphertext = unPadding(ciphertext)
+	return ciphertext, nil
+}
diff --git a/backend/utils/encrypt/encrypt_test.go b/backend/utils/encrypt/encrypt_test.go
new file mode 100644
index 000000000..7b04f1fdc
--- /dev/null
+++ b/backend/utils/encrypt/encrypt_test.go
@@ -0,0 +1,26 @@
+package encrypt
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/1Panel-dev/1Panel/init/viper"
+)
+
+func TestStringEncrypt(t *testing.T) {
+	viper.Init()
+	p, err := StringEncrypt("Songliu123++")
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Println(p)
+}
+
+func TestStringDecrypt(t *testing.T) {
+	viper.Init()
+	p, err := StringDecrypt("5WYEZ4XcitdomVvAyimt9WwJwBJJSbTTHncZoqyOraQ=")
+	if err != nil {
+		t.Fatal(err)
+	}
+	fmt.Println(p)
+}
diff --git a/backend/utils/jwt.go b/backend/utils/jwt.go
deleted file mode 100644
index eb7c56335..000000000
--- a/backend/utils/jwt.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package utils
-
-import (
-	"time"
-
-	"github.com/1Panel-dev/1Panel/app/dto"
-	"github.com/1Panel-dev/1Panel/constant/errres"
-	"github.com/1Panel-dev/1Panel/global"
-
-	"github.com/golang-jwt/jwt/v4"
-)
-
-type JWT struct {
-	SigningKey []byte
-}
-
-func NewJWT() *JWT {
-	return &JWT{
-		[]byte(global.Config.JWT.SigningKey),
-	}
-}
-
-func (j *JWT) CreateToken(request dto.JwtRequest) (string, error) {
-	request.RegisteredClaims = jwt.RegisteredClaims{
-		Issuer:    global.Config.JWT.Issuer,
-		NotBefore: jwt.NewNumericDate(time.Now()),
-		ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
-	}
-	token := jwt.NewWithClaims(jwt.SigningMethodES256, &request)
-	return token.SignedString(j.SigningKey)
-}
-
-func (j *JWT) ParseToken(tokenStr string) (*dto.JwtRequest, error) {
-	token, err := jwt.ParseWithClaims(tokenStr, &dto.JwtRequest{}, func(token *jwt.Token) (interface{}, error) {
-		return j.SigningKey, nil
-	})
-	if err != nil {
-		if ve, ok := err.(*jwt.ValidationError); ok {
-			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
-				return nil, errres.TokenMalformed
-			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
-				return nil, errres.TokenExpired
-			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
-				return nil, errres.TokenNotValidYet
-			} else {
-				return nil, errres.TokenInvalid
-			}
-		}
-	}
-	if token != nil {
-		if claims, ok := token.Claims.(*dto.JwtRequest); ok && token.Valid {
-			return claims, nil
-		}
-		return nil, errres.TokenInvalid
-
-	} else {
-		return nil, errres.TokenInvalid
-	}
-}
diff --git a/backend/utils/jwt/jwt.go b/backend/utils/jwt/jwt.go
new file mode 100644
index 000000000..896cb7aea
--- /dev/null
+++ b/backend/utils/jwt/jwt.go
@@ -0,0 +1,85 @@
+package jwt
+
+import (
+	"time"
+
+	"github.com/1Panel-dev/1Panel/constant"
+	"github.com/1Panel-dev/1Panel/global"
+
+	"github.com/golang-jwt/jwt/v4"
+)
+
+type JWT struct {
+	SigningKey []byte
+}
+
+type JwtRequest struct {
+	BaseClaims
+	BufferTime int64
+	jwt.RegisteredClaims
+}
+
+type CustomClaims struct {
+	BaseClaims
+	BufferTime int64
+	jwt.RegisteredClaims
+}
+
+type BaseClaims struct {
+	ID   uint
+	Name string
+}
+
+func NewJWT() *JWT {
+	return &JWT{
+		[]byte(global.CONF.JWT.SigningKey),
+	}
+}
+
+func (j *JWT) CreateClaims(baseClaims BaseClaims) CustomClaims {
+	claims := CustomClaims{
+		BaseClaims: baseClaims,
+		BufferTime: global.CONF.JWT.BufferTime,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(global.CONF.JWT.ExpiresTime))),
+			Issuer:    global.CONF.JWT.Issuer,
+		},
+	}
+	return claims
+}
+
+func (j *JWT) CreateToken(request CustomClaims) (string, error) {
+	request.RegisteredClaims = jwt.RegisteredClaims{
+		Issuer:    global.CONF.JWT.Issuer,
+		NotBefore: jwt.NewNumericDate(time.Now()),
+		ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(global.CONF.JWT.ExpiresTime))),
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodES256, &request)
+	return token.SignedString(j.SigningKey)
+}
+
+func (j *JWT) ParseToken(tokenStr string) (*JwtRequest, error) {
+	token, err := jwt.ParseWithClaims(tokenStr, &JwtRequest{}, func(token *jwt.Token) (interface{}, error) {
+		return j.SigningKey, nil
+	})
+	if err != nil {
+		if ve, ok := err.(*jwt.ValidationError); ok {
+			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
+				return nil, constant.ErrTokenMalformed
+			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
+				return nil, constant.ErrTokenExpired
+			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
+				return nil, constant.ErrTokenNotValidYet
+			} else {
+				return nil, constant.ErrTokenInvalid
+			}
+		}
+	}
+	if token == nil {
+		return nil, constant.ErrTokenInvalid
+	}
+	if claims, ok := token.Claims.(*JwtRequest); ok && token.Valid {
+		return claims, nil
+	}
+	return nil, constant.ErrTokenInvalid
+}
diff --git a/frontend/src/api/modules/login.ts b/frontend/src/api/modules/login.ts
index 8a3696d8b..551bb690e 100644
--- a/frontend/src/api/modules/login.ts
+++ b/frontend/src/api/modules/login.ts
@@ -1,8 +1,8 @@
 import { Login } from '@/api/interface/index';
-// import { PORT1 } from '@/api/config/servicePort';
+import { PORT1 } from '@/api/config/servicePort';
 // import qs from 'qs';
 
-// import http from '@/api';
+import http from '@/api';
 
 /**
  * @name 登录模块
@@ -10,14 +10,14 @@ import { Login } from '@/api/interface/index';
 // * 用户登录接口
 export const loginApi = (params: Login.ReqLoginForm) => {
     console.log(params);
-    // return http.post<Login.ResLogin>(PORT1 + `/login`, params); // 正常 post json 请求  ==>  application/json
+    return http.post<Login.ResLogin>(PORT1 + `base/login`, params); // 正常 post json 请求  ==>  application/json
     // return http.post<Login.ResLogin>(PORT1 + `/login`, {}, { params }); // post 请求携带 query 参数  ==>  ?username=admin&password=123456
     // return http.post<Login.ResLogin>(PORT1 + `/login`, qs.stringify(params)); // post 请求携带 表单 参数  ==>  application/x-www-form-urlencoded
     // return http.post<Login.ResLogin>(PORT1 + `/login`, params, {
     //     headers: { noLoading: true },
     // }); // 控制当前请求不显示 loading
 
-    return { data: { access_token: '565656565' } };
+    // return { data: { access_token: '565656565' } };
 };
 
 // // * 获取按钮权限
@@ -25,9 +25,7 @@ export const loginApi = (params: Login.ReqLoginForm) => {
 //     return http.get<Login.ResAuthButtons>(PORT1 + `/auth/buttons`);
 // };
 
-// * 获取菜单列表
-export const getMenuList = () => {
-    // return http.get<Menu.MenuOptions[]>(PORT1 + `/menu/list`);
-    // 如果想让菜单变为本地数据，注释上一行代码，并引入本地 Menu.json 数据
-    return {};
+// * 获取验证码
+export const getCaptcha = () => {
+    return http.post<Login.ResCaptcha>(PORT1 + `base/captcha`);
 };
diff --git a/frontend/src/views/login/components/LoginForm.vue b/frontend/src/views/login/components/LoginForm.vue
index b76f253e5..a20a223eb 100644
--- a/frontend/src/views/login/components/LoginForm.vue
+++ b/frontend/src/views/login/components/LoginForm.vue
@@ -1,66 +1,41 @@
 <template>
-    <el-form
-        ref="loginFormRef"
-        :model="loginForm"
-        :rules="loginRules"
-        size="large"
-    >
-        <el-form-item prop="username">
-            <el-input
-                v-model="loginForm.username"
-                placeholder="用户名：admin / user"
-            >
-                <template #prefix>
-                    <el-icon class="el-input__icon"><user /></el-icon>
-                </template>
-            </el-input>
-        </el-form-item>
-        <el-form-item prop="password">
-            <el-input
-                type="password"
-                v-model="loginForm.password"
-                placeholder="密码：123456"
-                show-password
-                autocomplete="new-password"
-            >
-                <template #prefix>
-                    <el-icon class="el-input__icon"><lock /></el-icon>
-                </template>
-            </el-input>
-        </el-form-item>
-    </el-form>
-    <div class="login-btn">
-        <el-button
-            :icon="CircleClose"
-            round
-            @click="resetForm(loginFormRef)"
-            size="large"
-            >重置</el-button
-        >
-        <el-button
-            :icon="UserFilled"
-            round
-            @click="login(loginFormRef)"
-            size="large"
-            type="primary"
-            :loading="loading"
-        >
-            登录
-        </el-button>
-    </div>
+  <el-form ref="loginFormRef" :model="loginForm" :rules="loginRules" size="large">
+    <el-form-item prop="username">
+      <el-input v-model="loginForm.username" placeholder="用户名：admin / user">
+        <template #prefix>
+          <el-icon class="el-input__icon">
+            <user />
+          </el-icon>
+        </template>
+      </el-input>
+    </el-form-item>
+    <el-form-item prop="password">
+      <el-input type="password" v-model="loginForm.password" placeholder="密码：123456" show-password autocomplete="new-password">
+        <template #prefix>
+          <el-icon class="el-input__icon">
+            <lock />
+          </el-icon>
+        </template>
+      </el-input>
+    </el-form-item>
+  </el-form>
+  <div class="login-btn">
+    <el-button :icon="CircleClose" round @click="resetForm(loginFormRef)" size="large">重置</el-button>
+    <el-button :icon="UserFilled" round @click="login(loginFormRef)" size="large" type="primary" :loading="loading">
+      登录
+    </el-button>
+  </div>
 </template>
 
 <script setup lang="ts">
 import { ref, reactive, onMounted } from 'vue';
 import { useRouter } from 'vue-router';
-import { Login } from '@/api/interface';
-import { CircleClose, UserFilled } from '@element-plus/icons-vue';
+import { Login,getCaptcha } from '@/api/interface';
 import type { ElForm } from 'element-plus';
 import { ElMessage } from 'element-plus';
 import { loginApi } from '@/api/modules/login';
 import { GlobalStore } from '@/store';
 import { MenuStore } from '@/store/modules/menu';
-import md5 from 'js-md5';
 
 const globalStore = GlobalStore();
 const menuStore = MenuStore();
@@ -69,13 +44,13 @@ const menuStore = MenuStore();
 type FormInstance = InstanceType<typeof ElForm>;
 const loginFormRef = ref<FormInstance>();
 const loginRules = reactive({
-    username: [{ required: true, message: '请输入用户名', trigger: 'blur' }],
+    name: [{ required: true, message: '请输入用户名', trigger: 'blur' }],
     password: [{ required: true, message: '请输入密码', trigger: 'blur' }],
 });
 
 // 登录表单数据
 const loginForm = reactive<Login.ReqLoginForm>({
-    username: '',
+    name: '',
     password: '',
 });
 
@@ -89,8 +64,8 @@ const login = (formEl: FormInstance | undefined) => {
         loading.value = true;
         try {
             const requestLoginForm: Login.ReqLoginForm = {
-                username: loginForm.username,
-                password: md5(loginForm.password),
+                name: loginForm.username,
+                password: loginForm.password,
             };
             const res = await loginApi(requestLoginForm);
             // * 存储 token