diff --git a/app.js b/app.js
index 329cf50..1f57f94 100644
--- a/app.js
+++ b/app.js
@@ -8,6 +8,7 @@ const cookieParser = require('cookie-parser');
 
 const indexRouter = require('./routes/index');
 const mongodbConfig = require('./db/mongodb.config');
+const loginUtils = require("./utils/LoginUtil");
 
 const app = express();
 
@@ -16,9 +17,10 @@ require("dotenv").config();
 const dbAccount = process.env.DB_ACCOUNT;
 const dbPassword = process.env.DB_PASSWORD;
 const loginSecret = process.env.SESSION_SECRET;
+console.log(dbAccount, dbPassword);
 mongodbConfig.connectMongoDB(dbAccount, dbPassword);
 
-app.use(cors());
+app.use(cors({ origin: 'http://localhost:5173', credentials: true }));
 app.use(logger('dev'));
 app.use(express.json());
 app.use(express.urlencoded({ extended: false }));
@@ -35,7 +37,7 @@ app.use(session({
   },
 }));
 
-app.use('/', indexRouter);
+app.use('/', loginUtils.aopMiddleware, indexRouter);
 
 // catch 404 and forward to error handler
 app.use(function (req, res, next) {
diff --git a/routes/index.js b/routes/index.js
index 540e1f6..3073f5a 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -26,12 +26,11 @@ router.get('/user', async function (req, res, next) {
 })
 
 router.post('/login', async function (req, res, next) {
-  const body = JSON.parse(JSON.stringify(req.body));
+  const body = req.body;
   if (!StringUtils.isNotEmpty(body)) {
-    res.json({ ret_code: -1, ret_msg: '登录失败' });
+    return res.json({ ret_code: -1, ret_msg: '登录失败' });
   }
-  const account = body.account;
-  const password = body.password;
+  const { account, password } = body;
 
   if (account === '' || account === undefined || account === null) {
     return res.json({ ret_code: -1, ret_msg: '没有填写账号' });
@@ -54,17 +53,12 @@ router.post('/login', async function (req, res, next) {
       return res.json({ ret_code: -1, ret_msg: '登录失败' });
     }
     req.session.account = account;
-    console.log(req.session.account);
     res.json({ ret_code: 0, ret_msg: '登录成功' });
   });
 });
 
 router.get('/logout', async function (req, res, next) {
-  console.log(req.session);
-  console.log(req.sessionID);
-  console.log(req.session.account);
-  console.log(req.session.cookie);
-  res.json({ ret_code: 1, ret_msg: '成功' });
+  res.json({ ret_code: 1, ret_msg: '退出登录成功' });
 });
 
 module.exports = router;
diff --git a/utils/LoginUtil.js b/utils/LoginUtil.js
index 5f137ac..967c58e 100644
--- a/utils/LoginUtil.js
+++ b/utils/LoginUtil.js
@@ -1,10 +1,12 @@
 exports.aopMiddleware = function (req, res, next) {
     console.log(req.url);
-    console.log(req.method);
-
-    if (req.session) {
-
+    if (req.url === '/login') {
+        next();
+    } else {
+        if (req.session.account === undefined) {
+            res.status('404').json({ error: 'Acess is denied' });
+        } else {
+            next();
+        }
     }
-
-    next();
 }
\ No newline at end of file