diff --git a/src/dao/auth.lua b/src/dao/auth.lua
index d38756c..1c26e25 100644
--- a/src/dao/auth.lua
+++ b/src/dao/auth.lua
@@ -69,4 +69,8 @@ function _M.logout(jsonData)
     return code, ret
 end
 
+function _M.getUser(userid)
+    return userModel:find(userid)
+end
+
 return _M
\ No newline at end of file
diff --git a/src/service/auth/auth.lua b/src/service/auth/auth.lua
index 145bbb7..0029f4c 100644
--- a/src/service/auth/auth.lua
+++ b/src/service/auth/auth.lua
@@ -41,7 +41,7 @@ function _M.login()
     end
 
     --获取的登陆的用户信息，返回tocken
-    ngx.log(ngx.INFO, "userid:"..id.." username:"..username)
+    --ngx.log(ngx.INFO, "userid:"..id.." username:"..username)
     local jwt_token = token.generateToken(id, username)
     local data = {}
     data["token"] = jwt_token
@@ -99,7 +99,6 @@ function _M.logout()
         return
     end
     --验证成功记录登出的日志信息
-    ngx.log(ngx.INFO, cjson.encode(ret["body"]))
     local userid = ret["body"]["payload"]["userid"]
     local username = ret["body"]["payload"]["username"]
     ngx.log(ngx.INFO, "userid:"..userid.." username:"..username.." logout system")
@@ -109,36 +108,28 @@ end
 
 --根据token获取用户信息
 function _M.user()
-    --读取请求体的数据
-    ngx.req.read_body()
-    --获取请求数据
-    local body_data = ngx.req.get_body_data()
-    -- 验证数据是否符合json
-    local retJson = validator.validatorJson(body_data)
+    --获取请求头中的令牌数据
+    local auth_header = ngx.var.http_Authorization
+    --验证数据的正确性
+    local retToken = token.authorizationToken(auth_header)
     --验证失败则返回
-    if not retJson then
-        local result = resp:json(0x000001)
+    local code = retToken["code"]
+    if code ~= 200 then
+        local result = resp:json(code, retToken["message"])
         resp:send(result)
         return
     end
-    --ngx.say(body_data)
-    local code, ret = authDao.login(cjson.decode(body_data))
+    --验证成功获取用户id信息
+    local userid = retToken["body"]["payload"]["userid"]
+    local code, ret = authDao.getUser(userid)
     --读取数据错误
     if code ~= 0 or table.getn(ret) < 0 then
         local result = resp:json(0x000001)
         resp:send(result)
         return
     end
-    --获取的登陆的用户信息，返回tocken
-    obj.payload.userid = ret["id"]
-    obj.payload.username = ret["name"]
-    obj.payload.role = ""
-    local jwt_token = jwt:sign(conf.secret_key, obj)
-    --ngx.say(jwt_token)
-    local data = {}
-    data["token"] = jwt_token
-    data["userInfo"] = ret
-    local result = resp:json(code, data)
+    --获取的登陆的用户信息
+    local result = resp:json(code, ret)
     resp:send(result)
 end
 
diff --git a/src/util/token.lua b/src/util/token.lua
index b935558..0da0262 100644
--- a/src/util/token.lua
+++ b/src/util/token.lua
@@ -64,7 +64,11 @@ function _M.authorizationToken(auth_header)
         return response
     end
     --判断token是否超时
-
+    if jwt_obj.payload.exp and ngx.time() > jwt_obj.payload.exp then
+        response["code"] = 401
+        response["message"] = "令牌已过期"
+        return response
+    end
     --全部校验完成后，说明令牌有效，返回令牌数据
     response["code"] = 200
     response["message"] = "令牌校验通过"