diff --git a/component/jwt.go b/component/jwt.go
index 2361581..ee0d8b5 100644
--- a/component/jwt.go
+++ b/component/jwt.go
@@ -12,6 +12,7 @@ import (
 	"wireguard-ui/config"
 	"wireguard-ui/global/client"
 	"wireguard-ui/global/constant"
+	"wireguard-ui/utils"
 )
 
 // jwt密钥
@@ -96,6 +97,16 @@ func (JwtComponent) ParseToken(token, secret string) (*JwtComponent, error) {
 	}
 }
 
+// GenerateSecret
+// @description: 生成token解析密钥【每个用户的secret不一样，提高安全性】
+// @receiver JwtComponent
+// @param secret
+// @return string
+func (JwtComponent) GenerateSecret(secret ...string) string {
+	secretStr := strings.Join(secret, ".")
+	return utils.Hash().MD5(utils.Hash().SHA256(utils.Hash().SHA512(secretStr)))
+}
+
 // Logout
 // @description: 退出登陆
 // @receiver JwtComponent
diff --git a/http/api/login.go b/http/api/login.go
index bb5d94a..08b43b3 100644
--- a/http/api/login.go
+++ b/http/api/login.go
@@ -4,7 +4,9 @@ import (
 	"fmt"
 	"gitee.ltd/lxh/logger/log"
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	"github.com/mojocn/base64Captcha"
+	"time"
 	"wireguard-ui/component"
 	"wireguard-ui/http/param"
 	"wireguard-ui/http/response"
@@ -71,15 +73,16 @@ func (LoginApi) Login(c *gin.Context) {
 		return
 	}
 
+	secret := component.JWT().GenerateSecret(p.Password, uuid.NewString(), time.Now().Local().String())
 	// 生成token
-	token, expireAt, err := component.JWT().GenerateToken(user.Id, utils.Hash().SHA256(p.Password))
+	token, expireAt, err := component.JWT().GenerateToken(user.Id, secret)
 	if err != nil {
 		log.Errorf("用户[%s]生成token失败: %v", user.Account, err.Error())
 		response.R(c).FailedWithError("登陆失败！")
 		return
 	}
 
-	c.Writer.Header().Set("X-TOKEN", utils.Hash().SHA256(p.Password))
+	c.Writer.Header().Set("X-TOKEN", secret)
 	response.R(c).OkWithData(map[string]any{
 		"token":    token,
 		"type":     "Bearer",