diff --git a/nflg-mobilebroken-admin/src/main/java/com/nflg/mobilebroken/admin/controller/AppUserController.java b/nflg-mobilebroken-admin/src/main/java/com/nflg/mobilebroken/admin/controller/AppUserController.java
index 8b2d00d6..3244b625 100644
--- a/nflg-mobilebroken-admin/src/main/java/com/nflg/mobilebroken/admin/controller/AppUserController.java
+++ b/nflg-mobilebroken-admin/src/main/java/com/nflg/mobilebroken/admin/controller/AppUserController.java
@@ -151,7 +151,6 @@ public class AppUserController extends ControllerBase {
 
     /**
      * 搜索代理商子账号列表(根据公司名称或主账号)
-     *
      * @param request 请求参数
      */
     @PostMapping("searchSimpleUsers")
diff --git a/nflg-mobilebroken-admin/src/test/java/ControllerTest.java b/nflg-mobilebroken-admin/src/test/java/ControllerTest.java
index e78fd0c9..9a3a76d5 100644
--- a/nflg-mobilebroken-admin/src/test/java/ControllerTest.java
+++ b/nflg-mobilebroken-admin/src/test/java/ControllerTest.java
@@ -28,7 +28,7 @@ public class ControllerTest {
     @Test
     public void test2() {
 //        List<AdminApi> apis = new ArrayList<>();
-        String pre = "";
+        String pre = "/admin";
         // 获取所有的请求映射
         Map<RequestMappingInfo, HandlerMethod> handlerMethods = requestMappingHandlerMapping.getHandlerMethods();
         for (Map.Entry<RequestMappingInfo, HandlerMethod> entry : handlerMethods.entrySet()) {
diff --git a/nflg-mobilebroken-auth/src/main/java/com/nflg/mobilebroken/auth/controller/AppController.java b/nflg-mobilebroken-auth/src/main/java/com/nflg/mobilebroken/auth/controller/AppController.java
index 198adaa1..ce037ec9 100644
--- a/nflg-mobilebroken-auth/src/main/java/com/nflg/mobilebroken/auth/controller/AppController.java
+++ b/nflg-mobilebroken-auth/src/main/java/com/nflg/mobilebroken/auth/controller/AppController.java
@@ -49,7 +49,7 @@ public class AppController extends ControllerBase {
                 .setExtra("from", "app")
                 .setExtra("name", user.getName())
                 .setExtra("email", user.getEmail())
-                .setExtra("companys", StrUtil.split(user.getCompanyId(), ",").stream().map(Integer::valueOf).collect(Collectors.toList()))
+                .setExtra("companyIds", StrUtil.split(user.getCompanyId(), ",").stream().map(Integer::valueOf).collect(Collectors.toList()))
                 .setExtra("isPrimary", user.getIsPrimary()));
         user.setLastLoginTime(LocalDateTime.now());
         appUserService.updateById(user);
diff --git a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/SearchAppUserForAdminRequest.java b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/SearchAppUserForAdminRequest.java
index 14a9ca82..41d9876e 100644
--- a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/SearchAppUserForAdminRequest.java
+++ b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/SearchAppUserForAdminRequest.java
@@ -16,8 +16,8 @@ public class SearchAppUserForAdminRequest extends PageRequest {
     //公司名称
     private String companyName;
 
-    // 是否启用
-    private Boolean enable;
+    // 状态，0：待激活，1-启用，2：禁用
+    private Integer userState;
 
     //状态，0：审核中，1：使用中，2：已过期
     private Integer state;
diff --git a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/UserSearchRequest.java b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/UserSearchRequest.java
index 27992720..43f17ff5 100644
--- a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/UserSearchRequest.java
+++ b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/request/UserSearchRequest.java
@@ -12,7 +12,7 @@ public class UserSearchRequest extends PageRequest{
     private String key;
 
     //是否启用
-    private Boolean enabled;
+    private Integer state;
 
     //公司id
     @JsonIgnore
diff --git a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/vo/DeviceInfoVO.java b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/vo/DeviceInfoVO.java
index 90f3b494..bd076a67 100644
--- a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/vo/DeviceInfoVO.java
+++ b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/pojo/vo/DeviceInfoVO.java
@@ -1,7 +1,6 @@
 package com.nflg.mobilebroken.common.pojo.vo;
 
 import cn.hutool.core.util.StrUtil;
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
 import lombok.experimental.Accessors;
 
@@ -37,7 +36,6 @@ public class DeviceInfoVO {
     private Integer warrantyMonth;
 
     //机型部件
-    @JsonIgnore
     private String component;
 
     //设备部件列表
diff --git a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AdminUserUtil.java b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AdminUserUtil.java
index da383af7..a6ccabe8 100644
--- a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AdminUserUtil.java
+++ b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AdminUserUtil.java
@@ -1,7 +1,6 @@
 package com.nflg.mobilebroken.common.util;
 
-import cn.dev33.satoken.stp.SaTokenInfo;
-import cn.hutool.core.collection.ListUtil;
+import com.nflg.mobilebroken.common.constant.STATE;
 
 import java.util.List;
 import java.util.Map;
@@ -12,32 +11,49 @@ public class AdminUserUtil {
     private static final Map<Integer, List<String>> PERMISSION_MAP = new ConcurrentHashMap<>();
 
     public static Integer getUserId(){
-        SaTokenInfo tokenValue = SaTokenAdminUtil.getTokenInfo();
-        if (SaTokenAdminUtil.isLogin()) {
-            return SaTokenAdminUtil.getLoginIdAsInt();
-        }
-        return 1;
+//        SaTokenInfo tokenValue = SaTokenAdminUtil.getTokenInfo();
+//        if (SaTokenAdminUtil.isLogin()) {
+//            return SaTokenAdminUtil.getLoginIdAsInt();
+//        }
+//        return 1;
+        VUtils.trueThrow(!SaTokenAdminUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return SaTokenAdminUtil.getLoginIdAsInt();
     }
 
     public static String getUserName() {
-        if (SaTokenAdminUtil.isLogin()) {
-            return (String) SaTokenAdminUtil.getExtra("name");
-        }
-        return "admin";
+//        if (SaTokenAdminUtil.isLogin()) {
+//            return (String) SaTokenAdminUtil.getExtra("name");
+//        }
+//        return "admin";
+        VUtils.trueThrow(!SaTokenAdminUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (String) SaTokenAdminUtil.getExtra("name");
     }
 
     public static List<String> getRoles() {
-        if (SaTokenAdminUtil.isLogin()) {
-            return (List<String>) SaTokenAdminUtil.getExtra("roles");
-        }
-        return ListUtil.of("管理员");
+//        if (SaTokenAdminUtil.isLogin()) {
+//            return (List<String>) SaTokenAdminUtil.getExtra("roles");
+//        }
+//        return ListUtil.of("管理员");
+        VUtils.trueThrow(!SaTokenAdminUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (List<String>) SaTokenAdminUtil.getExtra("roles");
     }
 
     public static  String getUserNo(){
-        if (SaTokenAdminUtil.isLogin()) {
-            return (String) SaTokenAdminUtil.getExtra("code");
-        }
-        return "admin";
+//        if (SaTokenAdminUtil.isLogin()) {
+//            return (String) SaTokenAdminUtil.getExtra("code");
+//        }
+//        return "admin";
+        VUtils.trueThrow(!SaTokenAdminUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (String) SaTokenAdminUtil.getExtra("code");
+    }
+
+    public static String getEmail() {
+//        if (SaTokenAdminUtil.isLogin()) {
+//            return (String) SaTokenAdminUtil.getExtra("email");
+//        }
+//        return "aa@gmail.com";
+        VUtils.trueThrow(!SaTokenAdminUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (String) SaTokenAdminUtil.getExtra("email");
     }
 
     public static List<String> getPermissions() {
@@ -51,11 +67,4 @@ public class AdminUserUtil {
     public static void clearPermissions() {
         PERMISSION_MAP.remove(getUserId());
     }
-
-    public static String getEmail() {
-        if (SaTokenAdminUtil.isLogin()) {
-            return (String) SaTokenAdminUtil.getExtra("email");
-        }
-        return "aa@gmail.com";
-    }
 }
diff --git a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AppUserUtil.java b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AppUserUtil.java
index ffd9eee3..53c14ce1 100644
--- a/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AppUserUtil.java
+++ b/nflg-mobilebroken-common/src/main/java/com/nflg/mobilebroken/common/util/AppUserUtil.java
@@ -1,6 +1,6 @@
 package com.nflg.mobilebroken.common.util;
 
-import cn.hutool.core.collection.ListUtil;
+import com.nflg.mobilebroken.common.constant.STATE;
 import com.nflg.mobilebroken.common.pojo.dto.UserDTO;
 
 import java.util.List;
@@ -8,31 +8,39 @@ import java.util.List;
 public class AppUserUtil {
 
     public static Integer getUserId() {
-        if (SaTokenAppUtil.isLogin()) {
-            return SaTokenAppUtil.getLoginIdAsInt();
-        }
-        return 1;
+//        if (SaTokenAppUtil.isLogin()) {
+//            return SaTokenAppUtil.getLoginIdAsInt();
+//        }
+//        return 1;
+        VUtils.trueThrow(!SaTokenAppUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return SaTokenAppUtil.getLoginIdAsInt();
     }
 
     public static String getUserName() {
-        if (SaTokenAppUtil.isLogin()) {
-            return (String) SaTokenAppUtil.getExtra("name");
-        }
-        return "admin";
+//        if (SaTokenAppUtil.isLogin()) {
+//            return (String) SaTokenAppUtil.getExtra("name");
+//        }
+//        return "admin";
+        VUtils.trueThrow(!SaTokenAppUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (String) SaTokenAppUtil.getExtra("name");
     }
 
     public static String getEmail() {
-        if (SaTokenAppUtil.isLogin()) {
-            return (String) SaTokenAppUtil.getExtra("email");
-        }
-        return "aa@gmail.com";
+//        if (SaTokenAppUtil.isLogin()) {
+//            return (String) SaTokenAppUtil.getExtra("email");
+//        }
+//        return "aa@gmail.com";
+        VUtils.trueThrow(!SaTokenAppUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (String) SaTokenAppUtil.getExtra("email");
     }
 
     public static List<Integer> getCompanyIds() {
-        if (SaTokenAppUtil.isLogin()) {
-            return (List<Integer>) SaTokenAppUtil.getExtra("companyIds");
-        }
-        return ListUtil.of(1);
+//        if (SaTokenAppUtil.isLogin()) {
+//            return (List<Integer>) SaTokenAppUtil.getExtra("companyIds");
+//        }
+//        return ListUtil.of(1);
+        VUtils.trueThrow(!SaTokenAppUtil.isLogin()).throwMessage(STATE.LoginError, "请重新登录");
+        return (List<Integer>) SaTokenAppUtil.getExtra("companyIds");
     }
 
     public static UserDTO getUser() {
diff --git a/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/StpInterfaceImpl.java b/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/StpInterfaceImpl.java
index d15ca4d4..9b20e57c 100644
--- a/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/StpInterfaceImpl.java
+++ b/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/StpInterfaceImpl.java
@@ -33,8 +33,8 @@ public class StpInterfaceImpl implements StpInterface {
             if (CollectionUtil.isEmpty(urls)) {
                 List<String> roleCodes = (List<String>) SaTokenAdminUtil.getExtra("roles");
                 urls = adminRoleService.getUrlsByRoleCodes(roleCodes);
-                AdminUserUtil.setPermissions(urls);
                 urls.addAll(adminApiService.getPublics());
+                AdminUserUtil.setPermissions(urls);
             }
             return urls;
         }
diff --git a/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/config/SaTokenConfigure.java b/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/config/SaTokenConfigure.java
index ce26afa2..b3f5ba64 100644
--- a/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/config/SaTokenConfigure.java
+++ b/nflg-mobilebroken-gateway/src/main/java/com/nflg/mobilebroken/gateway/config/SaTokenConfigure.java
@@ -3,9 +3,9 @@ package com.nflg.mobilebroken.gateway.config;
 import cn.dev33.satoken.reactor.context.SaReactorSyncHolder;
 import cn.dev33.satoken.reactor.filter.SaReactorFilter;
 import cn.dev33.satoken.router.SaRouter;
-import cn.dev33.satoken.stp.StpUtil;
 import com.nflg.mobilebroken.common.constant.STATE;
 import com.nflg.mobilebroken.common.pojo.ApiResult;
+import com.nflg.mobilebroken.common.util.SaTokenAdminUtil;
 import com.nflg.mobilebroken.common.util.SaTokenAppUtil;
 import com.nflg.mobilebroken.common.util.VUtils;
 import lombok.extern.slf4j.Slf4j;
@@ -21,19 +21,18 @@ public class SaTokenConfigure {
     public SaReactorFilter getSaReactorFilter() {
         return new SaReactorFilter()
                 // 拦截地址
-                .addInclude("/**")    /* 拦截用户端 */
+                .addInclude("/**")    /* 拦截所有 */
                 // 开放地址
-                //.addExclude("/favicon.ico")
+                .addExclude("/auth/**") /* 排除授权接口 */
                 // 鉴权方法：每次访问进入
                 .setAuth(obj -> {
-                    // 登录校验 -- 拦截所有路由，并排除/user/doLogin 用于开放登录
                     SaRouter.match("/app/**", r -> SaTokenAppUtil.checkLogin());
                     SaRouter.match("/admin/**", r -> {
-                        VUtils.trueThrow(!StpUtil.isLogin()).throwMessage(STATE.LoginError,"请登录");
+                        VUtils.trueThrow(!SaTokenAdminUtil.isLogin()).throwMessage(STATE.LoginError, STATE.LoginError.getType());
                         ServerWebExchange exchange = SaReactorSyncHolder.getContext();
                         String requestUrl = exchange.getRequest().getPath().value();
                         log.debug("当前访问地址:"+requestUrl);
-                        VUtils.trueThrow(SaTokenAppUtil.hasPermission(requestUrl)).throwMessage(STATE.PermissionDenied,"无权限访问");
+                        VUtils.trueThrow(SaTokenAdminUtil.hasPermission(requestUrl)).throwMessage(STATE.PermissionDenied, "无权限访问");
                     });
                 })
                 // 异常处理方法：每次setAuth函数出现异常时进入
diff --git a/nflg-mobilebroken-repository/src/main/java/com/nflg/mobilebroken/repository/service/impl/AppUserServiceImpl.java b/nflg-mobilebroken-repository/src/main/java/com/nflg/mobilebroken/repository/service/impl/AppUserServiceImpl.java
index 40999c99..4f09c309 100644
--- a/nflg-mobilebroken-repository/src/main/java/com/nflg/mobilebroken/repository/service/impl/AppUserServiceImpl.java
+++ b/nflg-mobilebroken-repository/src/main/java/com/nflg/mobilebroken/repository/service/impl/AppUserServiceImpl.java
@@ -208,6 +208,7 @@ public class AppUserServiceImpl extends ServiceImpl<AppUserMapper, AppUser> impl
     public PageData<AppUserForAdminVO> searchAppUserForAdmin(SearchAppUserForAdminRequest request) {
         IPage<AppUser> page = lambdaQuery()
                 .eq(AppUser::getIsPrimary, true)
+                .eq(Objects.nonNull(request.getUserState()), AppUser::getState, request.getUserState())
                 .like(StrUtil.isNotBlank(request.getLoginName()), AppUser::getLoginName, request.getLoginName())
                 .like(StrUtil.isNotBlank(request.getName()), AppUser::getName, request.getName())
                 .page(new Page<>(request.getPage(), request.getPageSize()));
diff --git a/nflg-mobilebroken-repository/src/main/resources/mapper/AppUserMapper.xml b/nflg-mobilebroken-repository/src/main/resources/mapper/AppUserMapper.xml
index c304ec35..eda85cde 100644
--- a/nflg-mobilebroken-repository/src/main/resources/mapper/AppUserMapper.xml
+++ b/nflg-mobilebroken-repository/src/main/resources/mapper/AppUserMapper.xml
@@ -3,7 +3,7 @@
 <mapper namespace="com.nflg.mobilebroken.repository.mapper.AppUserMapper">
 
     <select id="search" resultType="com.nflg.mobilebroken.common.pojo.vo.AppUserVO">
-        SELECT u.id,c.agency_company_name AS 'companyName',u.`name`,u.email,u.avatar,a.`name` AS 'areaName',u.`enable`,uc.`name` AS 'createBy',u.create_time AS 'createTime',uu.`name` AS 'updateBy',u.update_time AS 'updateTime',u.last_login_time AS 'lastLoginTime',u.expire_time AS 'expireTime',u.is_primary AS 'isPrimary',IF(u.expire_time>now(),1,2) AS 'state'
+        SELECT u.id,c.agency_company_name AS 'companyName',u.`name`,u.email,u.avatar,a.`name` AS 'areaName',u.`state` AS 'userState',uc.`name` AS 'createBy',u.create_time AS 'createTime',uu.`name` AS 'updateBy',u.update_time AS 'updateTime',u.last_login_time AS 'lastLoginTime',u.expire_time AS 'expireTime',u.is_primary AS 'isPrimary',IF(u.expire_time>now(),1,2) AS 'state'
         FROM app_user u
         INNER JOIN t_base_customer c ON u.company_id=c.id
         INNER JOIN app_area a ON u.area_id=a.id
@@ -14,8 +14,8 @@
             #{companyId}
         </foreach>
         <where>
-            <if test="request.enabled != null">
-                AND u.enabled = #{request.enabled}
+            <if test="request.state != null">
+                AND u.state = #{request.state}
             </if>
             <if test="request.key != null and request.key != ''">
                 AND
@@ -27,7 +27,7 @@
             </if>
         </where>
         UNION
-        SELECT u.id,c.agency_company_name AS 'companyName',u.user_name AS 'name',u.user_email AS 'email',u.user_avatar AS 'avatar',a.`name` AS 'areaName',false AS `enable`,uc.`name` AS 'createBy',u.create_time AS 'createTime',null AS 'updateBy',null AS 'updateTime',null AS 'lastLoginTime',null AS 'expireTime',false AS 'isPrimary',0 AS 'state'
+        SELECT u.id,c.agency_company_name AS 'companyName',u.user_name AS 'name',u.user_email AS 'email',u.user_avatar AS 'avatar',a.`name` AS 'areaName',0 AS 'userState',uc.`name` AS 'createBy',u.create_time AS 'createTime',null AS 'updateBy',null AS 'updateTime',null AS 'lastLoginTime',null AS 'expireTime',false AS 'isPrimary',0 AS 'state'
         FROM app_user_applyfor u
         INNER JOIN t_base_customer c ON u.company_id=c.id
         INNER JOIN app_area a ON u.area_id=a.id
@@ -48,7 +48,7 @@
     </select>
 
     <select id="searchByCompany" parameterType="com.nflg.mobilebroken.common.pojo.request.UserSearchRequest" resultType="com.nflg.mobilebroken.common.pojo.vo.AppUserVO">
-        SELECT u.id,u.phone,u.state AS 'userState',u.title_id AS 'titleId',u.area_id AS 'areaId',u.company_id AS 'companyId',p.position_name AS 'title',u.expire_time AS 'expireTime',c.agency_company_name AS 'companyName',u.login_name AS 'loginName',u.`name`,u.email,u.avatar,a.`name` AS 'areaName',u.`enable`,uc.`name` AS 'createBy',u.create_time AS 'createTime',uu.`name` AS 'updateBy',u.update_time AS 'updateTime',u.last_login_time AS 'lastLoginTime',u.expire_time AS 'expireTime',u.is_primary AS 'isPrimary',IF(u.expire_time>now(),1,2) AS 'state'
+        SELECT u.id,u.phone,u.state AS 'userState',u.title_id AS 'titleId',u.area_id AS 'areaId',u.company_id AS 'companyId',p.position_name AS 'title',u.expire_time AS 'expireTime',c.agency_company_name AS 'companyName',u.login_name AS 'loginName',u.`name`,u.email,u.avatar,a.`name` AS 'areaName',uc.`name` AS 'createBy',u.create_time AS 'createTime',uu.`name` AS 'updateBy',u.update_time AS 'updateTime',u.last_login_time AS 'lastLoginTime',u.expire_time AS 'expireTime',u.is_primary AS 'isPrimary',IF(u.expire_time>now(),1,2) AS 'state'
         FROM app_user u
         INNER JOIN t_base_customer c ON u.company_id=c.id
         INNER JOIN app_area a ON u.area_id=a.id
@@ -57,8 +57,8 @@
         LEFT JOIN t_base_position p ON u.title_id=p.id
         WHERE u.is_primary=false AND u.company_id=#{companyId}
         <where>
-            <if test="enabled != null">
-                AND u.enabled = #{enabled}
+            <if test="state != null">
+                AND u.state = #{state}
             </if>
             <if test="key != null and key != ''">
                 AND
@@ -70,7 +70,7 @@
             </if>
         </where>
         UNION
-        SELECT u.id,u.user_phone AS 'phone',0 AS 'userState',u.title_id AS 'titleId',u.area_id AS 'areaId',u.company_id AS 'companyId',p.position_name AS 'title',null AS 'expireTime',c.agency_company_name AS 'companyName',u.user_email AS 'loginName',u.user_name AS 'name',u.user_email AS 'email',u.user_avatar AS 'avatar',a.`name` AS 'areaName',false AS `enable`,uc.`name` AS 'createBy',u.create_time AS 'createTime',null AS 'updateBy',null AS 'updateTime',null AS 'lastLoginTime',null AS 'expireTime',false AS 'isPrimary',0 AS 'state'
+        SELECT u.id,u.user_phone AS 'phone',0 AS 'userState',u.title_id AS 'titleId',u.area_id AS 'areaId',u.company_id AS 'companyId',p.position_name AS 'title',null AS 'expireTime',c.agency_company_name AS 'companyName',u.user_email AS 'loginName',u.user_name AS 'name',u.user_email AS 'email',u.user_avatar AS 'avatar',a.`name` AS 'areaName',uc.`name` AS 'createBy',u.create_time AS 'createTime',null AS 'updateBy',null AS 'updateTime',null AS 'lastLoginTime',null AS 'expireTime',false AS 'isPrimary',0 AS 'state'
         FROM app_user_applyfor u
         INNER JOIN t_base_customer c ON u.company_id=c.id
         INNER JOIN app_area a ON u.area_id=a.id
diff --git a/nflg-mobilebroken-starter/src/main/java/com/nflg/mobilebroken/starter/config/CorsConfig.java b/nflg-mobilebroken-starter/src/main/java/com/nflg/mobilebroken/starter/config/CorsConfig.java
new file mode 100644
index 00000000..7d65da0b
--- /dev/null
+++ b/nflg-mobilebroken-starter/src/main/java/com/nflg/mobilebroken/starter/config/CorsConfig.java
@@ -0,0 +1,25 @@
+package com.nflg.mobilebroken.starter.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**") // 允许所有路径
+                        .allowedOrigins("*") // 允许所有来源
+                        .allowedMethods("GET", "POST", "PUT", "DELETE") // 允许的HTTP方法
+                        .allowedHeaders("*") // 允许所有请求头
+                        .allowCredentials(true) // 允许携带凭证（如cookies）
+                        .maxAge(3600); // 预检请求的缓存时间（秒）
+            }
+        };
+    }
+}