diff --git a/src/main/java/com/bonus/imgTool/system/controller/LoginController.java b/src/main/java/com/bonus/imgTool/system/controller/LoginController.java
new file mode 100644
index 0000000..c6df11f
--- /dev/null
+++ b/src/main/java/com/bonus/imgTool/system/controller/LoginController.java
@@ -0,0 +1,174 @@
+package com.bonus.imgTool.system.controller;
+
+import com.bonus.imgTool.annotation.DecryptAndVerify;
+import com.bonus.imgTool.annotation.LogAnnotation;
+import com.bonus.imgTool.backstage.entity.QueryParamDto;
+import com.bonus.imgTool.model.Permission;
+import com.bonus.imgTool.model.SysLogs;
+import com.bonus.imgTool.model.SysUser;
+import com.bonus.imgTool.system.dao.PermissionDao;
+import com.bonus.imgTool.system.dao.SysConfigDao;
+import com.bonus.imgTool.system.dao.SysLogsDao;
+import com.bonus.imgTool.system.dao.UserDao;
+import com.bonus.imgTool.system.service.TokenService;
+import com.bonus.imgTool.system.service.UserService;
+import com.bonus.imgTool.system.vo.*;
+import com.bonus.imgTool.utils.*;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * @Author：liang.chao
+ * @Date：2025/4/16 - 16:45
+ */
+@RestController
+@RequestMapping("/loginApp")
+@Slf4j
+public class LoginController {
+
+    @Resource
+    private UserService userService;
+
+    @Resource
+    private RedisUtil redisUtil;
+
+    @Resource
+    private PermissionDao permissionDao;
+
+    @Resource
+    private SysConfigDao sysConfigDao;
+
+    @Resource
+    private SysLogsDao sysLogsDao;
+
+    @Resource
+    private UserDao userDao;
+
+    @Autowired
+    private TokenService tokenService;
+
+    @Autowired
+    private BCryptPasswordEncoder passwordEncoder;
+
+    @ApiOperation("APP登录")
+    @PostMapping
+    @DecryptAndVerify(decryptedClass = UserDto.class)
+    public Token loginApp(EncryptedReq<UserDto> user) {
+        String userName = user.getData().getUsername();
+        String passWord = user.getData().getPassword();
+        SysUser sysUser = userService.getUser(userName);
+
+        if (sysUser != null && !passwordEncoder.matches(passWord, sysUser.getPassword())) {
+            throw new AuthenticationCredentialsNotFoundException("用户名/密码错误!");
+        }
+
+        userConfig(sysUser);
+        LoginUser loginUser = new LoginUser();
+        BeanUtils.copyProperties(sysUser, loginUser);
+        List<Permission> permissions = permissionDao.listByUserId(sysUser.getId());
+        loginUser.setPermissions(permissions);
+        Token token = tokenService.saveToken(loginUser);
+        saveLogs(loginUser, "成功", "登录成功");
+        userDao.updateLoginTime(loginUser);
+        redisUtil.set(RedisPerfixUtil.USER_STATE + ":" + loginUser.getLoginName(), "1", 60 * 5);
+        return token;
+    }
+
+    public void userConfig(SysUser user) {
+        if (user == null) {
+            throw new AuthenticationCredentialsNotFoundException("用户名/密码错误!");
+        }
+
+        long num = 0L;
+        try {
+            num = redisUtil.countKeys();//在线用户
+        } catch (Exception e) {
+            throw new LockedException("redis未连接,请检查服务!");
+        }
+
+        SysConfigVo sysConfigVo0 = sysConfigDao.getSysConfigByCode("sys_user_concurrency");//并发
+        String nums = sysConfigVo0.getSystemValue();
+        if (num > Integer.parseInt(nums)) {
+            throw new LockedException("系统繁忙,请稍后重试");
+        }
+        SysConfigVo sysConfigVo = sysConfigDao.getSysConfigByCode("sys_err_time");//锁定时间
+        String times = sysConfigVo.getSystemValue();
+        String looker = redisUtil.get("lock", user.getLoginName());
+        if (StringHelper.isEmpty(looker)) {//用户锁定
+            if ("1".equals(looker)) {
+                throw new LockedException("用户被锁定,请" + times + "分钟后重试");
+            }
+        }
+        if (user == null) {
+            saveLogs(user, "失败", "用户名或密码错误");
+            throw new AuthenticationCredentialsNotFoundException("用户名或密码错误");
+        } else {
+            if (StringHelper.isNotEmpty(user.getLoginType())) {
+                if (!user.getLoginType().contains("3")) {
+                    saveLogs(user, "失败", "用户未授权请联系管理员授权");
+                    throw new AuthenticationCredentialsNotFoundException("用户未授权请联系管理员授权");
+                }
+                int state = user.getState();
+                if (0 == state) {
+                    saveLogs(user, "失败", "用户未激活");
+                    throw new DisabledException("用户未激活,请联系管理员");
+                } else if (2 == state) {
+                    saveLogs(user, "失败", "用户被锁定");
+                    throw new LockedException("用户被锁定,请" + times + "分钟后重试");
+                }
+            } else {
+                saveLogs(user, "失败", "用户未授权请联系管理员授权");
+                throw new AuthenticationCredentialsNotFoundException("用户未授权请联系管理员授权");
+            }
+        }
+    }
+
+    public void saveLogs(SysUser user, String result, String msg) {
+        try {
+            SysLogs sysLogs = new SysLogs();
+            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+            sysLogs.setUserId(user.getId() + "");//用户id
+            sysLogs.setOperatorUser(user.getLoginName());//用户名
+            sysLogs.setIp(WebUtils.getIpAddr(request));//ip
+            sysLogs.setId(UUID.randomUUID().toString().replace("-", "") + "");//主键
+            sysLogs.setUri("/login");//请求路径
+            sysLogs.setMethod("/login.login()");//方法名称
+            //获取参数
+            Map<String, Object> map = new HashMap<>();
+            sysLogs.setOperatorModel("系统登录");//操作模块
+            sysLogs.setOperatorType("登录");//操作类型 怎删改查
+            sysLogs.setLogsType("系统日志");//日志类型  业务日志/系统日志
+            sysLogs.setOperatorDetail("用户登录");//操作详情
+            sysLogs.setOperateTime(DateTimeHelper.getNowTime());
+            sysLogs.setResult(result);
+            sysLogs.setFailureReason(msg);
+            sysLogs.setTypes("0");
+            sysLogsDao.save(sysLogs);
+        } catch (Exception e) {
+            log.error(e.toString(), e);
+        }
+
+    }
+}