diff --git a/oa/api/token/token.go b/oa/api/token/token.go
index a68642b..82fa41e 100644
--- a/oa/api/token/token.go
+++ b/oa/api/token/token.go
@@ -66,7 +66,7 @@ func tokenPost(x *rest.X) (any, error) {
 		if err != nil {
 			return nil, err
 		}
-		if oldClaim.AID == *opts.AppID {
+		if oldClaim.AID == aid {
 			// refresh token
 			claim.AID = oldClaim.AID
 			claim.UID = oldClaim.UID
@@ -95,7 +95,7 @@ func tokenPost(x *rest.X) (any, error) {
 		key := logv.AssertFuncErr(hex.DecodeString(user.Code))
 		de, err := utils.AesDecrypt([]byte(code), key, salt)
 		if err != nil || de != user.ID {
-			return nil, errs.AuthInvalid
+			return nil, errs.AuthFailed
 		}
 		data.UserID = opts.UserID
 		data.AppID = aid
@@ -110,6 +110,7 @@ func tokenPost(x *rest.X) (any, error) {
 		if opts.Device != nil {
 			data.Device = *opts.Device
 		}
+		data.Ip = x.GetRemoteIp()
 		data.ExpiredAt = time.Now().Add(time.Hour)
 		logv.AssertError(cfg.DB().Create(data).Error)
 		claim.ID = data.ID
diff --git a/oa/libs/auth/jwt.go b/oa/libs/auth/jwt.go
index 01e83a7..4ca2567 100644
--- a/oa/libs/auth/jwt.go
+++ b/oa/libs/auth/jwt.go
@@ -9,6 +9,7 @@ package auth
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"oa/cfg"
 	"oa/errs"
@@ -39,6 +40,9 @@ func ParseJwt(tokenString string) (*Claims, error) {
 		}
 		return []byte(cfg.Config.Key), nil
 	})
+	if errors.Is(err, jwt.ErrTokenExpired) {
+		return nil, errs.AuthExpired
+	}
 
 	if err != nil || !token.Valid {
 		return nil, errs.AuthInvalid
@@ -78,7 +82,7 @@ func Check(target string, pid string, l AuthLevel) func(x *rest.X) error {
 			tid = x.Params.GetStr(pid)
 		}
 		if !claims.Access.Check(target, tid, l) {
-			return errs.AuthFailed
+			return errs.AuthNoPerm
 		}
 		return nil
 	}
diff --git a/oa/models/token.go b/oa/models/token.go
index 76655bd..22211b8 100644
--- a/oa/models/token.go
+++ b/oa/models/token.go
@@ -14,4 +14,5 @@ type Token struct {
 	ExpiredAt time.Time `json:"expired_at" methods:"*post,*patch" parse:"json"`
 	OverPerm  string    `json:"over_perm" methods:"*post,*patch" parse:"json"`
 	Device    string    `json:"device" methods:"*post" parse:"json"`
+	Ip        string    `json:"ip"`
 }
diff --git a/oaweb/composables/api/access.ts b/oaweb/composables/api/access.ts
index cd0405d..e977cec 100644
--- a/oaweb/composables/api/access.ts
+++ b/oaweb/composables/api/access.ts
@@ -7,10 +7,10 @@
 import webapi from "./webapi"
 import * as models from "./models"
 export interface ListOpts { 
-  app_id: String
-  user_id?: String
-  role_id?: String
-  name?: String
+  app_id: string
+  user_id?: string
+  role_id?: string
+  name?: string
 }
 export interface ListQuery { 
   created_at?: Date
@@ -21,12 +21,12 @@ export function List(json: ListOpts, query: ListQuery) {
 }
 
 export interface PostOpts { 
-  app_id: String
-  user_id?: String
-  role_id?: String
-  name: String
-  t_id: String
-  level: Number
+  app_id: string
+  user_id?: string
+  role_id?: string
+  name: string
+  t_id: string
+  level: number
 }
 export function Post(json: PostOpts) {
   return webapi.Post<models.Access>(`/access`, { json })
diff --git a/oaweb/composables/api/app.ts b/oaweb/composables/api/app.ts
index c22b682..7d325d5 100644
--- a/oaweb/composables/api/app.ts
+++ b/oaweb/composables/api/app.ts
@@ -7,46 +7,46 @@
 import webapi from "./webapi"
 import * as models from "./models"
 export interface GetOpts { 
-  name: String
+  name: string
 }
-export function Get(app_id: String, json: GetOpts) {
+export function Get(app_id: string, json: GetOpts) {
   return webapi.Get<models.App>(`/app/${app_id}`, { json })
 }
 
-export function AppUserDelete(app_user_id: String, app_id: String) {
+export function AppUserDelete(app_user_id: string, app_id: string) {
   return webapi.Delete<models.AppUser>(`/app/${app_id}/app_user/${app_user_id}`, {  })
 }
 
-export function ResourcePatch(app_id: String) {
+export function ResourcePatch(app_id: string) {
   return webapi.Patch<models.Resource>(`/app/${app_id}/resource`, {  })
 }
 
 export interface PatchOpts { 
-  name?: String
-  icon?: String
-  des?: String
-  participate?: String
-  init_role_id?: String
+  name?: string
+  icon?: string
+  des?: string
+  participate?: string
+  init_role_id?: string
 }
-export function Patch(app_id: String, json: PatchOpts) {
+export function Patch(app_id: string, json: PatchOpts) {
   return webapi.Patch<models.App>(`/app/${app_id}`, { json })
 }
 
 export interface PostOpts { 
-  name: String
-  icon: String
-  des: String
-  participate: String
+  name: string
+  icon: string
+  des: string
+  participate: string
 }
 export function Post(json: PostOpts) {
   return webapi.Post<models.App>(`/app`, { json })
 }
 
 export interface AppUserListOpts { 
-  user_id?: String
-  status?: String
+  user_id?: string
+  status?: string
 }
-export function AppUserList(app_id: String, json: AppUserListOpts) {
+export function AppUserList(app_id: string, json: AppUserListOpts) {
   return webapi.Get<models.AppUser>(`/app/${app_id}/app_user`, { json })
 }
 
@@ -54,59 +54,59 @@ export interface ResourceListQuery {
   created_at?: Date
   updated_at?: Date
 }
-export function ResourceList(app_id: String, query: ResourceListQuery) {
+export function ResourceList(app_id: string, query: ResourceListQuery) {
   return webapi.Get<models.Resource>(`/app/${app_id}/resource`, { query })
 }
 
 export interface ResourcePostOpts { 
-  name: String
-  des: String
+  name: string
+  des: string
 }
-export function ResourcePost(app_id: String, json: ResourcePostOpts) {
+export function ResourcePost(app_id: string, json: ResourcePostOpts) {
   return webapi.Post<models.Resource>(`/app/${app_id}/resource`, { json })
 }
 
-export function Delete(app_id: String) {
+export function Delete(app_id: string) {
   return webapi.Delete<models.App>(`/app/${app_id}`, {  })
 }
 
 export interface ListOpts { 
-  name?: String
+  name?: string
 }
 export function List(json: ListOpts) {
   return webapi.Get<models.App>(`/app`, { json })
 }
 
 export interface AppUserGetOpts { 
-  user_id: String
+  user_id: string
 }
-export function AppUserGet(app_user_id: String, app_id: String, json: AppUserGetOpts) {
+export function AppUserGet(app_user_id: string, app_id: string, json: AppUserGetOpts) {
   return webapi.Get<models.AppUser>(`/app/${app_id}/app_user/${app_user_id}`, { json })
 }
 
-export function ResourceGet(app_id: String) {
+export function ResourceGet(app_id: string) {
   return webapi.Get<models.Resource>(`/app/${app_id}/resource`, {  })
 }
 
 export interface AppUserPatchOpts { 
-  status?: String
+  status?: string
 }
-export function AppUserPatch(app_user_id: String, app_id: String, json: AppUserPatchOpts) {
+export function AppUserPatch(app_user_id: string, app_id: string, json: AppUserPatchOpts) {
   return webapi.Patch<models.AppUser>(`/app/${app_id}/app_user/${app_user_id}`, { json })
 }
 
 export interface AppUserPostOpts { 
-  status: String
-  user_id: String
+  status: string
+  user_id: string
 }
-export function AppUserPost(app_id: String, json: AppUserPostOpts) {
+export function AppUserPost(app_id: string, json: AppUserPostOpts) {
   return webapi.Post<models.AppUser>(`/app/${app_id}/app_user`, { json })
 }
 
 export interface ResourceDeleteOpts { 
-  name: String
+  name: string
 }
-export function ResourceDelete(app_id: String, json: ResourceDeleteOpts) {
+export function ResourceDelete(app_id: string, json: ResourceDeleteOpts) {
   return webapi.Delete<models.Resource>(`/app/${app_id}/resource`, { json })
 }
 
diff --git a/oaweb/composables/api/models.ts b/oaweb/composables/api/models.ts
index 70eca39..b71146f 100644
--- a/oaweb/composables/api/models.ts
+++ b/oaweb/composables/api/models.ts
@@ -1,44 +1,44 @@
 export interface Access { 
-  app_id: String
+  app_id: string
   app?: App
-  user_id?: String
+  user_id?: string
   user?: User
-  role_id?: String
+  role_id?: string
   role?: Role
-  name: String
-  t_id: String
-  level: Number
+  name: string
+  t_id: string
+  level: number
 }
 export interface App { 
-  name: String
-  icon: String
-  des: String
-  participate: String
-  init_role_id?: String
+  name: string
+  icon: string
+  des: string
+  participate: string
+  init_role_id?: string
   init_role?: Role
-  init_url: String
-  user_count: Number
-  key: String
+  init_url: string
+  user_count: number
+  key: string
 }
 export interface AppUser { 
-  app_id: String
+  app_id: string
   app?: App
-  user_id: String
+  user_id: string
   user?: User
-  status: String
+  status: string
 }
 export interface Resource { 
-  app_id: String
+  app_id: string
   app?: App
-  name: String
-  des: String
+  name: string
+  des: string
 }
 export interface Role { 
-  name: String
-  des: String
-  app_id: String
+  name: string
+  des: string
+  app_id: string
   app?: App
-  user_count: Number
+  user_count: number
   access: any
 }
 export interface Testb { 
@@ -50,30 +50,30 @@ export interface Test {
   name: String
 }
 export interface Token { 
-  user_id: String
+  user_id: string
   user?: User
-  app_id: String
+  app_id: string
   app?: App
   expired_at: Date
-  over_perm: String
-  device: String
+  over_perm: string
+  device: string
 }
 export interface User { 
-  username: String
-  nickname: String
-  icon: String
-  email: String
-  phone: String
-  status: Number
-  salt: String
-  code: String
+  username: string
+  nickname: string
+  icon: string
+  email: string
+  phone: string
+  status: number
+  salt: string
+  code: string
 }
 export interface UserRole { 
-  user_id: String
+  user_id: string
   user?: User
-  role_id: String
+  role_id: string
   role?: Role
-  app_id: String
+  app_id: string
   app?: App
-  status: String
+  status: string
 }
diff --git a/oaweb/composables/api/role.ts b/oaweb/composables/api/role.ts
index 121f2fa..dcac35c 100644
--- a/oaweb/composables/api/role.ts
+++ b/oaweb/composables/api/role.ts
@@ -7,33 +7,33 @@
 import webapi from "./webapi"
 import * as models from "./models"
 export interface ListOpts { 
-  name?: String
+  name?: string
 }
 export function List(json: ListOpts) {
   return webapi.Get<models.Role>(`/role`, { json })
 }
 
-export function Get(role_id: String) {
+export function Get(role_id: string) {
   return webapi.Get<models.Role>(`/role/${role_id}`, {  })
 }
 
 export interface PatchOpts { 
-  name?: String
-  des?: String
-  app_id?: String
+  name?: string
+  des?: string
+  app_id?: string
 }
-export function Patch(role_id: String, json: PatchOpts) {
+export function Patch(role_id: string, json: PatchOpts) {
   return webapi.Patch<models.Role>(`/role/${role_id}`, { json })
 }
 
-export function Delete(role_id: String) {
+export function Delete(role_id: string) {
   return webapi.Delete<models.Role>(`/role/${role_id}`, {  })
 }
 
 export interface PostOpts { 
-  name: String
-  des: String
-  app_id: String
+  name: string
+  des: string
+  app_id: string
 }
 export function Post(json: PostOpts) {
   return webapi.Post<models.Role>(`/role`, { json })
diff --git a/oaweb/composables/api/token.ts b/oaweb/composables/api/token.ts
index 44d8220..cfed237 100644
--- a/oaweb/composables/api/token.ts
+++ b/oaweb/composables/api/token.ts
@@ -6,51 +6,52 @@
 
 import webapi from "./webapi"
 import * as models from "./models"
-export function Delete(token_id: String) {
+export function Delete(token_id: string) {
   return webapi.Delete<models.Token>(`/token/${token_id}`, {})
 }
 
 export interface ListOpts {
-  user_id: String
-  app_id: String
+  user_id: string
+  app_id: string
 }
 export function List(json: ListOpts) {
   return webapi.Get<models.Token>(`/token`, { json })
 }
 
 export interface TokenSaltOpts {
-  username: String
-  typ?: String
+  username: string
+  typ?: string
 }
 
 // keep
 export function TokenSalt(json: TokenSaltOpts) {
-  return webapi.Post<String>(`/token/salt`, { json })
+  return webapi.Post<{ id: string, salt: string }>(`/token/salt`, { json })
 }
 
 export interface PostOpts {
-  user_id: String
-  token?: String
-  salt?: String
-  code?: String
-  app_id?: String
+  user_id: string
+  token?: string
+  salt?: string
+  code?: string
+  app_id?: string
   expired_at?: Date
-  over_perm?: String
-  device?: String
+  over_perm?: string
+  device?: string
 }
+// keep
 export function Post(json: PostOpts) {
-  return webapi.Post<models.Token>(`/token`, { json })
+  return webapi.Post<string>(`/token`, { json })
 }
 
-export function Get(token_id: String) {
+export function Get(token_id: string) {
   return webapi.Get<models.Token>(`/token/${token_id}`, {})
 }
 
 export interface PatchOpts {
   expired_at?: Date
-  over_perm?: String
+  over_perm?: string
 }
-export function Patch(token_id: String, json: PatchOpts) {
+export function Patch(token_id: string, json: PatchOpts) {
   return webapi.Patch<models.Token>(`/token/${token_id}`, { json })
 }
 
diff --git a/oaweb/composables/api/user.ts b/oaweb/composables/api/user.ts
index 4aa4763..3e09a28 100644
--- a/oaweb/composables/api/user.ts
+++ b/oaweb/composables/api/user.ts
@@ -7,43 +7,43 @@
 import webapi from "./webapi"
 import * as models from "./models"
 export interface PostOpts {
-  username: String
-  nickname?: String
-  icon?: String
-  email?: String
-  phone?: String
-  salt: String
-  code: String
+  username: string
+  nickname?: string
+  icon?: string
+  email?: string
+  phone?: string
+  salt: string
+  code: string
 }
 export function Post(json: PostOpts) {
   return webapi.Post<models.User>(`/user`, { json })
 }
 
-export function UserRoleGet(user_role_id: String, user_id: String) {
-  return webapi.Get<models.UserRole>(`/user/${user_id}/user_role/${user_role_id}`, {})
+export function UserRoleGet(user_role_id: string, user_id: string) {
+  return webapi.Get<models.UserRole>(`/user/${user_id}/user_role/${user_role_id}`, {  })
 }
 
 export interface UserRolePatchOpts {
-  status?: String
+  status?: string
 }
-export function UserRolePatch(user_role_id: String, user_id: String, json: UserRolePatchOpts) {
+export function UserRolePatch(user_role_id: string, user_id: string, json: UserRolePatchOpts) {
   return webapi.Patch<models.UserRole>(`/user/${user_id}/user_role/${user_role_id}`, { json })
 }
 
 export interface UserRoleDeleteOpts {
-  role_id: String
-  app_id: String
+  role_id: string
+  app_id: string
 }
-export function UserRoleDelete(user_role_id: String, user_id: String, json: UserRoleDeleteOpts) {
+export function UserRoleDelete(user_role_id: string, user_id: string, json: UserRoleDeleteOpts) {
   return webapi.Delete<models.UserRole>(`/user/${user_id}/user_role/${user_role_id}`, { json })
 }
 
 export interface UserRolePostOpts {
-  status: String
-  role_id: String
-  app_id: String
+  status: string
+  role_id: string
+  app_id: string
 }
-export function UserRolePost(user_id: String, json: UserRolePostOpts) {
+export function UserRolePost(user_id: string, json: UserRolePostOpts) {
   return webapi.Post<models.UserRole>(`/user/${user_id}/user_role`, { json })
 }
 
@@ -52,39 +52,39 @@ export interface UserLoginOpts {
   typ: String
 }
 
-export function Get(user_id: String) {
-  return webapi.Get<models.User>(`/user/${user_id}`, {})
+export function Get(user_id: string) {
+  return webapi.Get<models.User>(`/user/${user_id}`, {  })
 }
 
-export function Delete(user_id: String) {
-  return webapi.Delete<models.User>(`/user/${user_id}`, {})
+export function Delete(user_id: string) {
+  return webapi.Delete<models.User>(`/user/${user_id}`, {  })
 }
 
 export interface UserRoleListOpts {
-  status?: String
+  status?: string
 }
-export function UserRoleList(user_id: String, json: UserRoleListOpts) {
+export function UserRoleList(user_id: string, json: UserRoleListOpts) {
   return webapi.Get<models.UserRole>(`/user/${user_id}/user_role`, { json })
 }
 
 export interface PatchOpts {
-  username?: String
-  nickname?: String
-  icon?: String
-  email?: String
-  phone?: String
-  status?: Number
-}
-export function Patch(user_id: String, json: PatchOpts) {
+  username?: string
+  nickname?: string
+  icon?: string
+  email?: string
+  phone?: string
+  status?: number
+}
+export function Patch(user_id: string, json: PatchOpts) {
   return webapi.Patch<models.User>(`/user/${user_id}`, { json })
 }
 
 export interface ListOpts {
-  username?: String
-  nickname?: String
-  email?: String
-  phone?: String
-  status?: Number
+  username?: string
+  nickname?: string
+  email?: string
+  phone?: string
+  status?: number
 }
 export function List(json: ListOpts) {
   return webapi.Get<models.User>(`/user`, { json })
diff --git a/oaweb/composables/api/webapi.ts b/oaweb/composables/api/webapi.ts
index 18ce1ee..857af8f 100644
--- a/oaweb/composables/api/webapi.ts
+++ b/oaweb/composables/api/webapi.ts
@@ -1,6 +1,6 @@
 //
 // Copyright (C) 2024 veypi <i@veypi.com>
-// 2024-10-11 00:21:45
+// 2024-10-11 01:39:37
 // Distributed under terms of the MIT license.
 //
 
@@ -41,34 +41,44 @@ const responseSuccess = (response: AxiosResponse) => {
   // 这里没有必要进行判断，axios 内部已经判断
   // const isOk = 200 <= response.status && response.status < 300
   let data = response.data
+  if (typeof data === 'object') {
+    if (data.code !== 0) {
+      return responseFailed({ response } as any)
+    }
+    data = data.data
+  }
   return Promise.resolve(data)
 }
 
 const responseFailed = (error: AxiosError) => {
-  const { response, config } = error
+  const { response } = error
+  const config = response?.config
+  const data = response?.data || {} as any
   if (!window.navigator.onLine) {
-
     alert('没有网络')
     return Promise.reject(new Error('请检查网络连接'))
   }
 
-  console.log(response)
-  let needRetry = false
+  let needRetry = true
+  if (response?.status == 404) {
+    needRetry = false
+  } else if (response?.status == 401) {
+    needRetry = false
+    if (data.code === 40103) {
+    }
+  }
   if (!needRetry) {
-    return Promise.reject(response?.data || response?.headers.error)
+    return Promise.reject(data || response)
   };
   // @ts-ignore
   const { __retryCount = 0, retryDelay = 1000, retryTimes } = config;
   // 在请求对象上设置重试次数
   // @ts-ignore
-  config.__retryCount = __retryCount;
+  config.__retryCount = __retryCount + 1;
   // 判断是否超过了重试次数
   if (__retryCount >= retryTimes) {
     return Promise.reject(response?.data || response?.headers.error)
   }
-  // 增加重试次数
-  // @ts-ignore
-  config.__retryCount++;
   // 延时处理
   const delay = new Promise<void>((resolve) => {
     setTimeout(() => {
diff --git a/oaweb/composables/auth.ts b/oaweb/composables/auth.ts
new file mode 100644
index 0000000..3704af5
--- /dev/null
+++ b/oaweb/composables/auth.ts
@@ -0,0 +1,99 @@
+/*
+ * auth.ts
+ * Copyright (C) 2024 veypi <i@veypi.com>
+ * 2024-10-11 12:01
+ * Distributed under terms of the MIT license.
+ */
+
+export interface modelsSimpleAuth {
+  level: number
+  name: string
+  tid: string
+}
+
+
+export const R = {
+  // 应用管理配置权限
+  App: 'app',
+  // 用户管理和绑定应用权限
+  User: 'user',
+  // 权限资源定义权限
+  Resource: 'resource',
+  // 角色管理和绑定用户权限
+  Role: 'role',
+  // 权限管理和绑定角色权限
+  Auth: 'auth',
+}
+
+
+export enum AccessLevel {
+  None = 0,
+  Do = 1,
+  Read = 1,
+  Create = 2,
+  Update = 3,
+  Delete = 4,
+  All = 5
+}
+
+export const LevelOptions = [
+  { key: 0, name: '无权限' },
+  { key: 1, name: '读取数据权限' },
+  { key: 2, name: '创建数据权限' },
+  { key: 3, name: '更新数据权限' },
+  { key: 4, name: '删除数据权限' },
+  { key: 5, name: '管理员权限' },
+]
+
+class authLevel {
+  level = AccessLevel.None
+  constructor(level: number) {
+    this.level = level
+  }
+  CanDo(): boolean {
+    return this.level >= AccessLevel.Do
+  }
+  CanRead(): boolean {
+    return this.level >= AccessLevel.Read
+  }
+  CanCreate(): boolean {
+    return this.level >= AccessLevel.Create
+  }
+  CanUpdate(): boolean {
+    return this.level >= AccessLevel.Update
+  }
+  CanDelete(): boolean {
+    return this.level >= AccessLevel.Delete
+  }
+  CanDoAny(): boolean {
+    return this.level >= AccessLevel.All
+  }
+}
+
+export class auths {
+  private readonly list: modelsSimpleAuth[]
+
+  constructor(auths: modelsSimpleAuth[]) {
+    this.list = auths
+  }
+
+  Get(name: string, rid: string): authLevel {
+    let l = AccessLevel.None
+    for (let i of this.list) {
+      if (i.name == name && (!i.tid || i.tid === rid) && i.level > l) {
+        l = i.level
+      }
+    }
+    return new authLevel(l)
+  }
+}
+
+export interface Auths {
+  Get(name: string, rid: string): authLevel
+}
+
+
+export function NewAuths(a: modelsSimpleAuth[]): Auths {
+  return new auths(a)
+}
+
diff --git a/oaweb/composables/index.ts b/oaweb/composables/index.ts
index 83c128f..d2aa80b 100644
--- a/oaweb/composables/index.ts
+++ b/oaweb/composables/index.ts
@@ -6,6 +6,7 @@
  */
 
 import api from './api'
-export * from './models'
-export { type Auths, type modelsSimpleAuth } from './models'
-export { api }
+import * as auth from './auth'
+// export * from './models'
+import * as models from './models'
+export { api, models, auth }
diff --git a/oaweb/composables/models.ts b/oaweb/composables/models.ts
new file mode 100644
index 0000000..718ff6c
--- /dev/null
+++ b/oaweb/composables/models.ts
@@ -0,0 +1,55 @@
+/*
+ * models.ts
+ * Copyright (C) 2024 veypi <i@veypi.com>
+ * 2024-10-11 12:02
+ * Distributed under terms of the MIT license.
+ */
+
+
+export * from './api/models'
+export type Dict = { [key: string]: any }
+
+export enum ArgType {
+  Text = 'text',
+  Password = 'password',
+  Bool = 'bool',
+  Select = 'select',
+  Radio = 'radio',
+  Number = 'number',
+  Region = 'region',
+  NumList = 'numList',
+  StrList = 'strList',
+  Table = 'table',
+  Grid = 'grid',
+  File = 'file',
+  Img = 'img'
+}
+
+export const ArgTypesTrans = {
+  [ArgType.Text]: '文本',
+  [ArgType.Password]: '密码',
+  [ArgType.Select]: '选择器',
+  [ArgType.Radio]: '单选框',
+  [ArgType.Number]: '数字',
+  [ArgType.Region]: '区间',
+  [ArgType.NumList]: '数组',
+  [ArgType.StrList]: '文本集合',
+  [ArgType.Table]: '表格',
+  [ArgType.Grid]: '矩阵',
+  [ArgType.File]: '文件',
+  [ArgType.Img]: '图片',
+  [ArgType.Bool]: '开关',
+}
+
+export interface DocItem {
+  name: string
+  url: string
+  version?: string
+
+}
+export interface DocGroup {
+  name: string
+  icon: string
+  items?: DocItem[]
+}
+
diff --git a/oaweb/composables/models/auth.ts b/oaweb/composables/models/auth.ts
index 82a2761..e754286 100644
--- a/oaweb/composables/models/auth.ts
+++ b/oaweb/composables/models/auth.ts
@@ -10,7 +10,7 @@
 export interface modelsSimpleAuth {
   level: number
   name: string
-  rid: string
+  tid: string
 }
 
 
@@ -82,7 +82,7 @@ export class auths {
   Get(name: string, rid: string): authLevel {
     let l = AccessLevel.None
     for (let i of this.list) {
-      if (i.name == name && (!i.rid || i.rid === rid) && i.level > l) {
+      if (i.name == name && (!i.tid || i.tid === rid) && i.level > l) {
         l = i.level
       }
     }
diff --git a/oaweb/composables/models/index.ts b/oaweb/composables/models/index.ts
index 00d8262..5977590 100644
--- a/oaweb/composables/models/index.ts
+++ b/oaweb/composables/models/index.ts
@@ -5,139 +5,5 @@
 * @description：index
 */
 
-import { AccessLevel } from './auth';
-
 export { type Auths, type modelsSimpleAuth, NewAuths, R, AccessLevel, LevelOptions } from './auth'
 
-export type Dict = { [key: string]: any }
-
-export enum ArgType {
-  Text = 'text',
-  Password = 'password',
-  Bool = 'bool',
-  Select = 'select',
-  Radio = 'radio',
-  Number = 'number',
-  Region = 'region',
-  NumList = 'numList',
-  StrList = 'strList',
-  Table = 'table',
-  Grid = 'grid',
-  File = 'file',
-  Img = 'img'
-}
-
-export const ArgTypesTrans = {
-  [ArgType.Text]: '文本',
-  [ArgType.Password]: '密码',
-  [ArgType.Select]: '选择器',
-  [ArgType.Radio]: '单选框',
-  [ArgType.Number]: '数字',
-  [ArgType.Region]: '区间',
-  [ArgType.NumList]: '数组',
-  [ArgType.StrList]: '文本集合',
-  [ArgType.Table]: '表格',
-  [ArgType.Grid]: '矩阵',
-  [ArgType.File]: '文件',
-  [ArgType.Img]: '图片',
-  [ArgType.Bool]: '开关',
-}
-
-export interface DocItem {
-  name: string
-  url: string
-  version?: string
-
-}
-export interface DocGroup {
-  name: string
-  icon: string
-  items?: DocItem[]
-}
-
-export interface modelsBread {
-  Index: number
-  Name: string
-  Type?: string
-  RName: string
-  RParams?: any
-  RQuery?: any
-}
-
-
-export interface modelsApp {
-  created: string
-  updated: string
-  delete_flag: boolean
-  des: string
-  hide: boolean
-  icon: string
-  id: string
-  name: string
-  redirect: string
-  role_id: string
-  status: number
-  user_count: number
-
-  au: modelsAppUser
-}
-
-export enum AUStatus {
-  OK = 0,
-  Disabled = 1,
-  Applying = 2,
-  Deny = 3,
-}
-
-export interface modelsAppUser {
-  app: modelsApp,
-  user: modelsUser,
-  app_id: string
-  user_id: string
-  status: AUStatus
-}
-
-export interface modelsUser {
-  id: string
-  created: string
-  updated: string
-  username: string
-  nickname: string
-  email: string
-  phone: string
-  icon: string
-  status: number
-  used: number
-  space: number
-  au: AUStatus
-}
-
-export interface modelsAccess {
-  id: number
-  created: string
-  updated: string
-  name: string
-  app_id: string,
-  role_id?: string,
-  user_id?: string,
-  level: AccessLevel,
-  rid?: string
-}
-
-export interface modelsRole {
-  created: string
-  updated: string
-  app_id: string
-  id: string
-  name: string
-  des: string
-  user_count: number
-}
-
-export interface modelsResource {
-  created: string
-  updated: string
-  app_id: string
-  name: string
-  des: string
-}
diff --git a/oaweb/composables/util.ts b/oaweb/composables/util.ts
index ed4c5f3..0a0a186 100644
--- a/oaweb/composables/util.ts
+++ b/oaweb/composables/util.ts
@@ -65,18 +65,17 @@ const util = {
       name + '=' + escape(value) + ';expires=' + exp.toLocaleString()
   },
   getToken() {
-    return localStorage.getItem('auth_token') || ''
+    return localStorage.getItem('token') || ''
   },
   setToken(t: string) {
-    localStorage.setItem('auth_token', t)
+    localStorage.setItem('token', t)
     bus.emit('token', t)
   },
   addTokenOf(url: string) {
-    return url + '?auth_token=' + encodeURIComponent(this.getToken())
+    return url + '?token=' + encodeURIComponent(this.getToken())
   },
   checkLogin() {
-    // return parseInt(this.getCookie('stat')) === 1
-    return Boolean(localStorage.auth_token)
+    return Boolean(localStorage.token)
   },
 
   formatDate(date: Date, fmt: string) {
diff --git a/oaweb/package.json b/oaweb/package.json
index 1f19337..5d4d804 100644
--- a/oaweb/package.json
+++ b/oaweb/package.json
@@ -10,13 +10,13 @@
     "postinstall": "nuxt prepare"
   },
   "dependencies": {
-    "@nuxt/ui": "^2.16.0",
     "@pinia/nuxt": "^0.5.1",
     "@veypi/msg": "^0.2.0",
     "@veypi/oaer": "^0.2.4",
     "@veypi/one-icon": "^3.0.0",
     "axios": "^1.7.2",
     "cherry-markdown": "^0.8.42",
+    "crypto-js": "^4.2.0",
     "echarts": "^5.5.0",
     "js-base64": "^3.7.7",
     "nuxt": "^3.11.2",
@@ -25,6 +25,7 @@
   },
   "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e",
   "devDependencies": {
+    "@types/crypto-js": "^4.2.2",
     "sass": "^1.77.4"
   }
 }
diff --git a/oaweb/pages/login.vue b/oaweb/pages/login.vue
index 252ba9d..355e31e 100644
--- a/oaweb/pages/login.vue
+++ b/oaweb/pages/login.vue
@@ -88,7 +88,7 @@
 
 <script lang="ts" setup>
 import msg from '@veypi/msg';
-import { Base64 } from 'js-base64';
+import * as crypto from 'crypto-js'
 
 
 definePageMeta({
@@ -120,23 +120,70 @@ const check = () => {
   checks.value.p = !Boolean(!data.value.password || !pReg.test(data.value.password))
   checks.value.p2 = !Boolean(data.value.confirm !== data.value.password)
 }
+
+function deriveKey(password: string, salt: any) {
+  return crypto.PBKDF2(password, salt, {
+    keySize: 256 / 32, iterations:
+      100, hasher: crypto.algo.SHA256
+  })
+}
+
 const login = () => {
   enable_check.value = true
   check()
   if (!checks.value.u || !checks.value.p) {
     return
   }
-  api.user.login(data.value.username,
-    { client: 'vvv', typ: 'sss', pwd: Base64.encodeURL(data.value.password) }).then((data: any) => {
-      util.setToken(data.auth_token)
-      // msg.Info('登录成功')
-      // user.fetchUserData()
-      let url = route.query.redirect || data.redirect || ''
-      console.log([url])
-      redirect(url)
+
+  api.token.TokenSalt({ username: data.value.username }).then(e => {
+    let id = e.id
+    let key = deriveKey(data.value.password, e.salt)
+    let salt = crypto.lib.WordArray.random(128 / 8)
+    let opts = {
+      iv: salt,
+      mode: crypto.mode.CBC,
+      padding: crypto.pad.Pkcs7
+    }
+    let p = crypto.AES.encrypt(e.id, key, opts)
+    api.token.Post({
+      user_id: id, code: p.toString(), salt:
+        salt.toString()
+    }).then(e => {
+      localStorage.setItem('refresh', e)
+      api.token.Post({ user_id: id, token: e }).then(e => {
+        localStorage.setItem('token', e)
+        console.log(e)
+      })
     }).catch(e => {
-      msg.Warn(e)
+      msg.Warn('登录失败：' + (e.err || e))
     })
+  })
+  // api.user.salt(data.value.username).then((e: any) => {
+  //   let id = e.data.id
+  //   let key = deriveKey(data.value.password, e.data.salt)
+  //   let salt = crypto.lib.WordArray.random(128 / 8)
+  //   let opts = {
+  //     iv: salt,
+  //     mode: crypto.mode.CBC,
+  //     padding: crypto.pad.Pkcs7
+  //   }
+  //   let p = crypto.AES.encrypt(id, key, opts)
+  //   api.user.token(id, p.toString(), salt.toString()).then(e => {
+  //     console.log(e)
+  //   })
+  // })
+
+  // api.user.login(data.value.username,
+  //   { client: 'vvv', typ: 'sss', pwd: Base64.encodeURL(data.value.password) }).then((data: any) => {
+  //     util.setToken(data.auth_token)
+  //     // msg.Info('登录成功')
+  //     // user.fetchUserData()
+  //     let url = route.query.redirect || data.redirect || ''
+  //     console.log([url])
+  //     redirect(url)
+  //   }).catch(e => {
+  //     msg.Warn(e)
+  //   })
 }
 const register = () => {
   enable_check.value = true
@@ -144,16 +191,18 @@ const register = () => {
   if (!checks.value.u || !checks.value.p || !checks.value.p2) {
     return
   }
+  let salt = crypto.lib.WordArray.random(128 / 8).toString()
+  let key = deriveKey(data.value.password, salt)
   api.user.reg({
-    username: data.value.username, pwd:
-      Base64.encodeURL(data.value.password)
-  }).then(u => {
-    console.log(u)
+    username: data.value.username,
+    salt: salt,
+    code: key.toString(crypto.enc.Hex)
+  }).then(() => {
     msg.Info('注册成功')
     aOpt.value = ''
   }).catch(e => {
     console.log(e)
-    msg.Warn('注册失败：' + e)
+    msg.Warn('注册失败：' + (e.err || e))
   })
 }
 const reset = () => {
@@ -243,6 +292,7 @@ onMounted(() => {
   position: sticky;
   padding: 2rem;
   width: 50%;
+  max-width: 50rem;
   min-width: 20rem;
   height: 50%;
 
diff --git a/oaweb/stores/user.ts b/oaweb/stores/user.ts
index 7e4932d..d4ed551 100644
--- a/oaweb/stores/user.ts
+++ b/oaweb/stores/user.ts
@@ -5,14 +5,14 @@
  * Distributed under terms of the MIT license.
  */
 
-import { type Auths } from '@/composables/models'
 import { Base64 } from 'js-base64'
+import type { auth, models } from '~/composables';
 
 export const useUserStore = defineStore('user', {
   state: () => ({
     id: '',
-    local: {} as modelsUser,
-    auth: {} as Auths,
+    local: {} as models.User,
+    auth: {} as auth.Auths,
     ready: false
   }),
   getters: {
@@ -30,12 +30,12 @@ export const useUserStore = defineStore('user', {
         return false
       }
       let data = JSON.parse(Base64.decode(token[1]))
-      if (data.id) {
+      if (data.uid) {
         let l = 'access to'
         data.access.map((e: any) => l = l + `\n${e.name}.${e.level}`)
         console.log(l)
         this.auth = NewAuths(data.access)
-        api.user.get(data.id).then((e: modelsUser) => {
+        api.user.Get(data.id).then((e) => {
           this.id = e.id
           this.local = e
           this.ready = true
diff --git a/oaweb/yarn.lock b/oaweb/yarn.lock
index 854870d..f88408f 100644
--- a/oaweb/yarn.lock
+++ b/oaweb/yarn.lock
@@ -1513,6 +1513,11 @@
   dependencies:
     "@types/tern" "*"
 
+"@types/crypto-js@^4.2.2":
+  version "4.2.2"
+  resolved "https://registry.yarnpkg.com/@types/crypto-js/-/crypto-js-4.2.2.tgz#771c4a768d94eb5922cc202a3009558204df0cea"
+  integrity sha512-sDOLlVbHhXpAUAL0YHDUUwDZf3iN4Bwi4W6a0W0b+QcAezUbRtH4FVb+9J4h+XFPW7l/gQ9F8qC7P+Ec4k8QVQ==
+
 "@types/dompurify@^2.2.3":
   version "2.4.0"
   resolved "https://registry.yarnpkg.com/@types/dompurify/-/dompurify-2.4.0.tgz#fd9706392a88e0e0e6d367f3588482d817df0ab9"
@@ -2691,6 +2696,11 @@ crypt@0.0.2:
   resolved "https://registry.yarnpkg.com/crypt/-/crypt-0.0.2.tgz#88d7ff7ec0dfb86f713dc87bbb42d044d3e6c41b"
   integrity sha512-mCxBlsHFYh9C+HVpiEacem8FEBnMXgU9gy4zmNC+SXAZNB/1idgp/aulFJ4FgCi7GPEVbfyng092GqL2k2rmow==
 
+crypto-js@^4.2.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-4.2.0.tgz#4d931639ecdfd12ff80e8186dba6af2c2e856631"
+  integrity sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==
+
 css-declaration-sorter@^7.2.0:
   version "7.2.0"
   resolved "https://registry.yarnpkg.com/css-declaration-sorter/-/css-declaration-sorter-7.2.0.tgz#6dec1c9523bc4a643e088aab8f09e67a54961024"