diff --git a/app/Middleware/Auth/UserMiddleware.php b/app/Middleware/Auth/UserMiddleware.php
index 2341ceb..6d3da25 100644
--- a/app/Middleware/Auth/UserMiddleware.php
+++ b/app/Middleware/Auth/UserMiddleware.php
@@ -2,8 +2,12 @@
 
 namespace App\Middleware\Auth;
 
+use App\Model\v3\User;
+use App\TaskWorker\SSDBTask;
+use Hashids\Hashids;
 use Hyperf\HttpServer\Contract\RequestInterface as HttpRequest;
 use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
+use Hyperf\Utils\ApplicationContext;
 use Psr\Container\ContainerInterface;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
@@ -33,6 +37,7 @@ class UserMiddleware implements MiddlewareInterface
         $this->container = $container;
         $this->response = $response;
         $this->request = $request;
+        make(Hashids::class, ['secret' => config('auth.user.hash_ids_secret')]);
     }
 
     /**
@@ -63,5 +68,18 @@ class UserMiddleware implements MiddlewareInterface
     private function checkLogin()
     {
         return true;
+
+        $userToken = $this->request->input('user_token', '');
+        $ssdb = ApplicationContext::getContainer()->get(SSDBTask::class);
+        $exists = $ssdb->exec('exists', $userToken);
+        if (!$userToken || !$exists) {
+            return false;
+        }
+
+        $hashIds = ApplicationContext::getContainer()->get(Hashids::class);
+        $user = $hashIds->decode($userToken);
+        $this->request->user = User::find($user[0]);
+
+        return true;
     }
 }
\ No newline at end of file
diff --git a/app/Service/v3/Implementations/WxLoginService.php b/app/Service/v3/Implementations/WxLoginService.php
index 11f8e69..97a0e3a 100644
--- a/app/Service/v3/Implementations/WxLoginService.php
+++ b/app/Service/v3/Implementations/WxLoginService.php
@@ -35,20 +35,24 @@ class WxLoginService implements \App\Service\v3\Interfaces\WxLoginServiceInterfa
         )->toArray();
 
         // 登录成功
-        $hash = new Hashids(config('hash_ids_secret'));
-        $hashIds = $hash->encode((int)$user['id']);
+        $hash = ApplicationContext::getContainer()->get(Hashids::class);
+        $hashIds = $hash->encode((int)$user['id'], time());
         $user['user_token'] = $hashIds;
 
+        $ssdb = ApplicationContext::getContainer()->get(SSDBTask::class);
+        $ssdb->exec('setnx', $hashIds, 1);
+        $ssdb->exec('expire', $hashIds, config('auth.user.expire_time'));
+
         $return = array_merge($user, $result);
+
         $kvs = [];
         foreach ($return as $k => $v) {
             $kvs[] = $k;
             $kvs[] = $v;
         }
-        $ssdb = ApplicationContext::getContainer()->get(SSDBTask::class);
         $ssdb->exec('multi_hset', SsdbKeys::USER_INFO.$user['id'], $kvs);
 
-        return $user;
+        return $return;
     }
 
     public function check($userId)
diff --git a/config/autoload/auth.php b/config/autoload/auth.php
index 89bafcf..c98bf87 100644
--- a/config/autoload/auth.php
+++ b/config/autoload/auth.php
@@ -7,8 +7,12 @@ declare(strict_types=1);
 return [
     'api' => [
         'sign' => [
-            'secret_key' => 'lanzu@123',
-            'expire_time' => 200
+            'secret_key' => env('API_AUTH_SECRET'),
+            'expire_time' => env('API_AUTH_EXPIRE_TIME')
         ]
     ],
+    'user' => [
+        'hash_ids_secret' => env('HASH_IDS_SECRET'),
+        'expire_time' => env('HASH_IDS_EXPIRE_TIME')
+    ]
 ];
\ No newline at end of file
diff --git a/config/config.php b/config/config.php
index 26b4014..ad49d28 100644
--- a/config/config.php
+++ b/config/config.php
@@ -52,5 +52,4 @@ return [
     'alioss' => [
         'img_host' => env('OSS_IMG_HOST', ''),
     ],
-    'hash_ids_secret' => env('HASH_IDS_SECRET'),
 ];