diff --git a/server/app/controller/auth.js b/server/app/controller/auth.js
new file mode 100644
index 0000000..a28b202
--- /dev/null
+++ b/server/app/controller/auth.js
@@ -0,0 +1,20 @@
+const Controller = require("egg").Controller
+
+const table = "sys_user";
+
+class Auth extends Controller {
+  async token() {
+    const {ctx: {query}, ctx, app} = this
+    ctx.validate({phone: "string", password: "password"}, query)
+    const {phone, password} = query
+    const user = await app.mysql.get(table, {phone, password})
+    if (!user?.id) {
+      return this.ctx.body = {code: 1, msg: "用户名或密码不正确"}
+    }
+    const token = app.jwt.sign({id: user?.id}, app.config.jwt.secret)
+    this.ctx.body = {code: 0, data: "bearer " + token}
+    this.ctx.status = 200
+  }
+}
+
+module.exports = Auth
diff --git a/server/config/config.default.js b/server/config/config.default.js
index c4f20c9..db43244 100644
--- a/server/config/config.default.js
+++ b/server/config/config.default.js
@@ -34,5 +34,8 @@ module.exports = {
   cors: {
     origin: '*',
     allowMethods: 'GET,HEAD,POST',
+  },
+  validate: {
+    convert: true
   }
 }
diff --git a/server/config/plugin.js b/server/config/plugin.js
index 697df50..3952778 100644
--- a/server/config/plugin.js
+++ b/server/config/plugin.js
@@ -11,4 +11,8 @@ module.exports = {
     enable: true,
     package: 'egg-cors',
   },
+  validate: {
+    enable: true,
+    package: 'egg-validate',
+  },
 }
diff --git a/server/package.json b/server/package.json
index 86b5f86..1b119a4 100644
--- a/server/package.json
+++ b/server/package.json
@@ -20,6 +20,7 @@
     "egg-mysql": "^3.3.0",
     "egg-passport": "^2.1.1",
     "egg-scripts": "^2.17.0",
+    "egg-validate": "^2.0.2",
     "uuid": "^9.0.0"
   },
   "devDependencies": {