diff --git a/Merge/front/src/App.jsx b/Merge/front/src/App.jsx
index 3ab9fca..6dab985 100644
--- a/Merge/front/src/App.jsx
+++ b/Merge/front/src/App.jsx
@@ -1,19 +1,44 @@
-import React from 'react';
-import Header from './components/Header';
-import Sidebar from './components/Sidebar';
-import AppRoutes from './router/App';
-import './App.css';
+// src/App.jsx
+import React, { useState, useEffect } from 'react'
+import { useLocation } from 'react-router-dom'
+import Header  from './components/Header'
+import Sidebar from './components/Sidebar'
+import AppRoutes from './router/App'
+import { getUserInfo } from './utils/auth'
+import './App.css'
 
 export default function App() {
+  const location = useLocation()
+
+  // 初始 role = null （未登录或刚进来时）
+  const [role, setRole] = useState(null)
+
+  // 每次路由变化（含登录後 navigate），都重新从 storage 读一遍 userInfo
+  useEffect(() => {
+    const u = getUserInfo()
+    setRole(u?.role || null)
+  }, [location.pathname])
+
+  // 只有普通 user 才显示侧边栏
+  const showSidebar = role === 'user'
+
   return (
     <div className="app">
       <Header />
-      <Sidebar />
-      <main className="main-content">
+
+      {showSidebar && <Sidebar />}
+
+      <main
+        className="main-content"
+        style={{
+          // 没侧边栏时去掉左边距
+          marginLeft: showSidebar ? undefined : 0
+        }}
+      >
         <div className="content-wrapper">
           <AppRoutes />
         </div>
       </main>
     </div>
-  );
-}
\ No newline at end of file
+  )
+}
diff --git a/Merge/front/src/api/posts_wzy.js b/Merge/front/src/api/posts_wzy.js
index b449c43..d901500 100644
--- a/Merge/front/src/api/posts_wzy.js
+++ b/Merge/front/src/api/posts_wzy.js
@@ -1,15 +1,25 @@
 // src/api/posts.js
-const BASE = 'http://10.126.59.25:5714/'  // 如果有代理可以留空，否则填完整域名，如 'http://localhost:3000'
+const BASE = 'http://10.126.59.25:5714'  // 如果有代理可以留空，否则填完整域名，如 'http://localhost:3000'
 
 /**
- * 获取所有已发布的帖子列表
- * GET /posts
+ * 获取帖子列表
+ * - GET /posts
+ * - GET /posts?user_id=123
+ *
+ * @param {number?} userId 可选，传了就加 ?user_id= 用户 ID
+ * @returns Promise<[{ id, title, status, heat, created_at }, …]>
  */
-export async function fetchPosts() {
-  const res = await fetch(`${BASE}/posts`)
-  if (!res.ok) throw new Error(`fetchPosts: ${res.status}`)
-  console.log('fetchPosts response:', res)  // debug: inspect response
-  return res.json()  // 返回 [ { id, title, heat, created_at }, … ]
+export async function fetchPosts(userId) {
+  // 自动拼接 query
+  const url = userId != null
+    ? `${BASE}/posts?user_id=${encodeURIComponent(userId)}`
+    : `${BASE}/posts`
+
+  const res = await fetch(url)
+  if (!res.ok) {
+    throw new Error(`fetchPosts${userId != null ? `(user ${userId})` : ''}: ${res.status}`)
+  }
+  return res.json()
 }
 
 /**
diff --git a/Merge/front/src/components/CreatePost.jsx b/Merge/front/src/components/CreatePost.jsx
index 9817ac0..1d2f306 100644
--- a/Merge/front/src/components/CreatePost.jsx
+++ b/Merge/front/src/components/CreatePost.jsx
@@ -1,5 +1,3 @@
-// src/components/CreatePost.jsx
-
 import React, { useState, useEffect } from 'react'
 import { useNavigate, useParams } from 'react-router-dom'
 import UploadPage from './UploadPage'
@@ -8,6 +6,7 @@
   updatePost, 
   fetchPost as fetchPostDetail 
 } from '../api/posts_wzy'
+import { getUserInfo } from '../utils/auth'
 import '../style/CreatePost.css'
 
 export default function CreatePost() {
@@ -36,6 +35,10 @@
     { id: 3, name: '我染上了拼豆' },
   ]
 
+  // 获取当前登录用户id
+  const user = getUserInfo()
+  const currentUserId = user?.id
+
   // 编辑模式：拉取原帖数据填入
   useEffect(() => {
     if (!isEdit) return
@@ -68,6 +71,10 @@
       setError('标题和正文必填')
       return
     }
+    if (!currentUserId) {
+      setError('未获取到用户ID，请重新登录')
+      return
+    }
     setError(null)
     try {
       if (isEdit) {
@@ -81,7 +88,7 @@
         alert('更新成功！')
       } else {
         await createPost({
-          user_id: 1,
+          user_id: currentUserId,
           topic_id: topicId || undefined,
           title: title.trim(),
           content: content.trim(),
diff --git a/Merge/front/src/components/Header.jsx b/Merge/front/src/components/Header.jsx
index 3b21c98..96ae6ac 100644
--- a/Merge/front/src/components/Header.jsx
+++ b/Merge/front/src/components/Header.jsx
@@ -1,13 +1,21 @@
+// src/components/Header.jsx
 import React from 'react'
 import { useNavigate } from 'react-router-dom'
 import { User } from 'lucide-react'
-import '../App.css' // 或者单独的 Header.css
+import { getUserInfo } from '../utils/auth'
+import '../App.css'
 
 export default function Header() {
   const navigate = useNavigate()
+  const user = getUserInfo() || {}
+  const userId = user.id
+  // 假设后端返回的 user 对象里有个 nickname 字段，否则 fallback 到 “小红薯”
+  const displayName = user.nickname || user.username || '小红薯'
 
   const handleUserClick = () => {
-    navigate('/user/1') // 或者使用实际的用户ID
+    if (userId) {
+      navigate(`/user/${userId}`)
+    }
   }
 
   return (
@@ -16,16 +24,19 @@
         <div className="logo">小红书</div>
         <h1 className="header-title">创作服务平台</h1>
       </div>
-      <div 
+      <div
         className="header-right"
         onClick={handleUserClick}
-        style={{ cursor: 'pointer' }}
+        style={{ cursor: userId ? 'pointer' : 'default' }}
       >
         <div className="user-info">
           <User size={16} />
-          <span>小红薯1</span>
+          <span>
+            {displayName}
+            {userId ? userId : ''}
+          </span>
         </div>
       </div>
     </header>
   )
-}
\ No newline at end of file
+}
diff --git a/Merge/front/src/components/NotebookPage.jsx b/Merge/front/src/components/NotebookPage.jsx
index 25264ec..4214213 100644
--- a/Merge/front/src/components/NotebookPage.jsx
+++ b/Merge/front/src/components/NotebookPage.jsx
@@ -3,6 +3,7 @@
 import React, { useState, useEffect } from 'react'
 import { useNavigate } from 'react-router-dom'
 import { fetchPosts, deletePost } from '../api/posts_wzy'
+import { getUserInfo } from '../utils/auth'   // ← 导入 getUserInfo
 import '../style/NotebookPage.css'
 
 export default function NotebookPage() {
@@ -11,13 +12,20 @@
   const [loading, setLoading] = useState(true)
   const [error, setError]     = useState(null)
 
-  // TODO: 替换成真实用户 ID
-  const currentUserId = 2
+  // 从 auth 获取当前用户信息
+  const userInfo = getUserInfo()
+  const currentUserId = userInfo?.id
 
   useEffect(() => {
+    if (!currentUserId) {
+      setError('未获取到用户信息，无法加载帖子。')
+      setLoading(false)
+      return
+    }
+
     async function load() {
       try {
-        // GET /posts?user_id=1
+        // GET /posts?user_id=currentUserId
         const list = await fetchPosts(currentUserId)
         setPosts(list)
       } catch (e) {
@@ -27,7 +35,7 @@
       }
     }
     load()
-  }, [])
+  }, [currentUserId])
 
   async function handleDelete(id) {
     if (!window.confirm('确定要删除该帖子吗？')) return
@@ -41,7 +49,6 @@
   }
 
   function handleEdit(id) {
-    // 假设你在路由里挂载了 /posts/edit/:postId
     navigate(`/posts/edit/${id}`)
   }
 
diff --git a/Merge/front/src/components/RequireAuth.jsx b/Merge/front/src/components/RequireAuth.jsx
new file mode 100644
index 0000000..e217e4f
--- /dev/null
+++ b/Merge/front/src/components/RequireAuth.jsx
@@ -0,0 +1,13 @@
+// src/components/RequireAuth.jsx
+import React from 'react'
+import { Navigate, useLocation } from 'react-router-dom'
+import { isLoggedIn } from '../utils/auth'
+
+export function RequireAuth({ children }) {
+  const location = useLocation()
+  if (!isLoggedIn()) {
+    // 未登录跳到 /login，并保存当前尝试访问的地址
+    return <Navigate to="/login" replace state={{ from: location }} />
+  }
+  return children
+}
diff --git a/Merge/front/src/components/RequireRole.jsx b/Merge/front/src/components/RequireRole.jsx
new file mode 100644
index 0000000..75a4c28
--- /dev/null
+++ b/Merge/front/src/components/RequireRole.jsx
@@ -0,0 +1,17 @@
+// src/components/RequireRole.jsx
+import React from 'react'
+import { Navigate } from 'react-router-dom'
+import { getUserInfo, isLoggedIn } from '../utils/auth'
+
+export function RequireRole({ role, children }) {
+  if (!isLoggedIn()) {
+    // 未登录
+    return <Navigate to="/login" replace />
+  }
+  const user = getUserInfo()
+  if (user.role !== role) {
+    // 角色不匹配，回首页
+    return <Navigate to="/" replace />
+  }
+  return children
+}
diff --git a/Merge/front/src/pages/LoginPage/LoginPage.js b/Merge/front/src/pages/LoginPage/LoginPage.js
index c315b7d..31453a4 100644
--- a/Merge/front/src/pages/LoginPage/LoginPage.js
+++ b/Merge/front/src/pages/LoginPage/LoginPage.js
@@ -1,380 +1,234 @@
-import React, { useState, useEffect } from 'react';
-import { Link } from 'react-router-dom';
-import { Input, Checkbox, Modal, Alert } from 'antd';
-import { MailOutlined, LockOutlined, ExclamationCircleOutlined, CheckCircleOutlined } from '@ant-design/icons';
-import { 
-  getRememberedLoginInfo, 
-  saveRememberedLoginInfo, 
-  saveAuthInfo, 
-  isLoggedIn 
-} from '../../utils/auth';
-import { hashPassword } from '../../utils/crypto';
-import './LoginPage.css';
+// src/pages/LoginPage/LoginPage.jsx
+import React, { useState, useEffect } from 'react'
+import { useNavigate, Link } from 'react-router-dom'
+import { Input, Checkbox, Modal, Alert } from 'antd'
+import {
+  MailOutlined,
+  LockOutlined,
+  ExclamationCircleOutlined,
+  CheckCircleOutlined
+} from '@ant-design/icons'
+import {
+  getRememberedLoginInfo,
+  saveRememberedLoginInfo,
+  saveAuthInfo,
+  isLoggedIn
+} from '../../utils/auth'
+import { hashPassword } from '../../utils/crypto'
+import './LoginPage.css'
 
-const baseURL = 'http://10.126.59.25:8082';
+const baseURL = 'http://10.126.59.25:8082'
 
-const LoginPage = () => {
+export default function LoginPage() {
+  const navigate = useNavigate()
+
   const [formData, setFormData] = useState({
     email: '',
     password: ''
-  });
-
-  const [rememberMe, setRememberMe] = useState(false);
-  const [isLoading, setIsLoading] = useState(false);
-  const [errors, setErrors] = useState({
-    email: '',
-    password: ''
-  });
+  })
+  const [rememberMe, setRememberMe] = useState(false)
+  const [isLoading, setIsLoading] = useState(false)
+  const [errors, setErrors] = useState({ email: '', password: '' })
   const [errorModal, setErrorModal] = useState({
     visible: false,
     title: '',
     content: ''
-  });
+  })
   const [successAlert, setSuccessAlert] = useState({
     visible: false,
     message: ''
-  });
+  })
 
   // 显示错误弹窗
   const showErrorModal = (title, content) => {
-    setErrorModal({
-      visible: true,
-      title: title,
-      content: content
-    });
-  };
-
+    setErrorModal({ visible: true, title, content })
+  }
   // 关闭错误弹窗
   const closeErrorModal = () => {
-    setErrorModal({
-      visible: false,
-      title: '',
-      content: ''
-    });
-  };
-
+    setErrorModal({ visible: false, title: '', content: '' })
+  }
   // 显示成功提示
   const showSuccessAlert = (message) => {
-    setSuccessAlert({
-      visible: true,
-      message: message
-    });
-    
-    // 3秒后自动隐藏
+    setSuccessAlert({ visible: true, message })
     setTimeout(() => {
-      setSuccessAlert({
-        visible: false,
-        message: ''
-      });
-    }, 3000);
-  };
+      setSuccessAlert({ visible: false, message: '' })
+    }, 3000)
+  }
 
-  // 页面加载时检查是否有记住的登录信息
+  // 初始化：检查登录 & 填充“记住我”
   useEffect(() => {
-    // 检查是否已经登录
     if (isLoggedIn()) {
-      // 如果已经有token，可以选择直接跳转到主页面
-      // window.location.href = '/test-dashboard';
-      console.log('用户已登录');
+      console.log('用户已登录')
+      // 如果要自动跳转可以在这里：
+      // navigate('/home', { replace: true })
     }
-
-    // 获取记住的登录信息
-    const rememberedInfo = getRememberedLoginInfo();
-    if (rememberedInfo.rememberMe && rememberedInfo.email) {
-      setFormData({
-        email: rememberedInfo.email,
-        password: rememberedInfo.password
-      });
-      setRememberMe(true);
+    const { email, password, rememberMe } = getRememberedLoginInfo()
+    if (rememberMe && email) {
+      setFormData({ email, password })
+      setRememberMe(true)
     }
-  }, []);
+  }, [navigate])
 
   const handleEmailChange = (e) => {
-    const value = e.target.value;
-    setFormData(prev => ({
-      ...prev,
-      email: value
-    }));
-    
-    // 清除邮箱错误提示
-    if (errors.email) {
-      setErrors(prev => ({
-        ...prev,
-        email: ''
-      }));
-    }
-  };
-
+    setFormData(f => ({ ...f, email: e.target.value }))
+    if (errors.email) setErrors(e => ({ ...e, email: '' }))
+  }
   const handlePasswordChange = (e) => {
-    const value = e.target.value;
-    setFormData(prev => ({
-      ...prev,
-      password: value
-    }));
-    
-    // 清除密码错误提示
-    if (errors.password) {
-      setErrors(prev => ({
-        ...prev,
-        password: ''
-      }));
-    }
-  };
-
+    setFormData(f => ({ ...f, password: e.target.value }))
+    if (errors.password) setErrors(e => ({ ...e, password: '' }))
+  }
   const handleRememberMeChange = (e) => {
-    const checked = e.target.checked;
-    setRememberMe(checked);
-    
-    // 如果取消记住我，清除已保存的登录信息
+    const checked = e.target.checked
+    setRememberMe(checked)
     if (!checked) {
-      saveRememberedLoginInfo('', '', false);
+      saveRememberedLoginInfo('', '', false)
     }
-  };
+  }
 
   const validateForm = () => {
-    const newErrors = {
-      email: '',
-      password: ''
-    };
-    
-    let hasError = false;
-    
-    // 验证邮箱
-    if (!formData.email || typeof formData.email !== 'string' || !formData.email.trim()) {
-      newErrors.email = '请输入邮箱地址';
-      hasError = true;
-    } else if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(formData.email)) {
-      newErrors.email = '请输入有效的邮箱地址';
-      hasError = true;
+    const newErr = { email: '', password: '' }
+    let hasError = false
+    if (!formData.email.trim() || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(formData.email)) {
+      newErr.email = '请输入有效的邮箱地址'
+      hasError = true
     }
-    
-    // 验证密码
-    if (!formData.password || typeof formData.password !== 'string' || !formData.password.trim()) {
-      newErrors.password = '请输入密码';
-      hasError = true;
-    } else if (formData.password.length < 6) {
-      newErrors.password = '密码长度至少6位';
-      hasError = true;
+    if (!formData.password.trim() || formData.password.length < 6) {
+      newErr.password = '密码长度至少6位'
+      hasError = true
     }
-    
-    setErrors(newErrors);
-    return !hasError;
-  };
+    setErrors(newErr)
+    return !hasError
+  }
 
   const handleSubmit = async (e) => {
-    e.preventDefault();
-    
-    // 验证表单
-    if (!validateForm()) {
-      return;
-    }
-    
-    setIsLoading(true);
-    
+    e.preventDefault()
+    if (!validateForm()) return
+
+    setIsLoading(true)
     try {
-      // 发送登录请求到后端
-      const response = await fetch(baseURL + '/login', {
+      const res = await fetch(baseURL + '/login', {
         method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-        },
+        headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
-          email: formData.email, // 后端支持邮箱登录
-          password: hashPassword(formData.password) // 前端加密密码
+          email: formData.email,
+          password: hashPassword(formData.password)
         })
-      });
-      
-      const result = await response.json();
-      
+      })
+      const result = await res.json()
       if (result.success) {
-        // 显示成功提示
-        showSuccessAlert('登录成功！正在跳转...');
-        
-        // 保存认证信息
-        saveAuthInfo(result.token, result.user, rememberMe);
-        
-        // 保存或清除记住的登录信息
-        saveRememberedLoginInfo(formData.email, formData.password, rememberMe);
-        
-        // 延迟跳转，让用户看到成功提示
+        showSuccessAlert('登录成功！正在跳转...')
+        saveAuthInfo(result.token, result.user, rememberMe)
+        saveRememberedLoginInfo(formData.email, formData.password, rememberMe)
         setTimeout(() => {
-          window.location.href = '/test-dashboard';
-        }, 1500);
+        // 根据不同角色跳转
+          switch (result.user.role) {
+            case 'admin':
+              navigate('/admin', { replace: true })
+              break
+            case 'superadmin':
+              navigate('/superadmin', { replace: true })
+              break
+            default:
+              navigate('/home', { replace: true })
+          }
+        }, 1500)
       } else {
-        // 登录失败，显示错误信息
-        let errorTitle = '登录失败';
-        let errorContent = result.message || '登录失败，请检查您的邮箱和密码';
-        
-        // 根据错误类型提供更详细的信息
+        let title = '登录失败'
+        let content = result.message || '登录失败，请检查您的邮箱和密码'
         if (result.message) {
-          if (result.message.includes('邮箱') || result.message.includes('email')) {
-            errorTitle = '邮箱验证失败';
-            errorContent = '您输入的邮箱地址不存在或格式不正确，请检查后重试。';
-          } else if (result.message.includes('密码') || result.message.includes('password')) {
-            errorTitle = '密码验证失败';
-            errorContent = '您输入的密码不正确，请检查后重试。如果忘记密码，请点击"忘记密码"进行重置。';
-          } else if (result.message.includes('用户不存在')) {
-            errorTitle = '用户不存在';
-            errorContent = '该邮箱尚未注册，请先注册账户或检查邮箱地址是否正确。';
-          } else if (result.message.includes('账户被锁定') || result.message.includes('locked')) {
-            errorTitle = '账户被锁定';
-            errorContent = '您的账户因安全原因被暂时锁定，请联系客服或稍后重试。';
+          if (/邮箱|email/.test(result.message)) {
+            title = '邮箱验证失败'
+            content = '请输入正确的邮箱地址'
+          } else if (/密码|password/.test(result.message)) {
+            title = '密码验证失败'
+            content = '密码不正确，请重试'
           }
         }
-        
-        showErrorModal(errorTitle, errorContent);
+        showErrorModal(title, content)
       }
-    } catch (error) {
-      console.error('登录请求失败:', error);
-      
-      // 根据错误类型显示不同的错误信息
-      if (error.name === 'TypeError' && error.message.includes('fetch')) {
-        showErrorModal('网络连接失败', '无法连接到服务器，请检查您的网络连接后重试。如果问题持续存在，请联系客服。');
-      } else if (error.name === 'AbortError') {
-        showErrorModal('请求超时', '请求超时，请检查网络连接后重试。');
-      } else {
-        showErrorModal('登录失败', '网络连接失败，请检查网络或稍后重试。如果问题持续存在，请联系客服。');
-      }
+    } catch (err) {
+      console.error(err)
+      showErrorModal('网络异常', '无法连接到服务器，请稍后重试')
     } finally {
-      setIsLoading(false);
+      setIsLoading(false)
     }
-  };
+  }
 
   return (
     <div className="login-container">
-      <div className="login-background"></div>
-      
+      <div className="login-background" />
       {isLoading && (
         <div className="loading-overlay">
           <div className="loading-content">
-            <div className="loading-spinner-large"></div>
+            <div className="loading-spinner-large" />
             <p className="loading-text">正在登录...</p>
           </div>
         </div>
       )}
-      
       <div className="login-content">
         <div className="login-card">
-          {/* 成功提示 */}
           {successAlert.visible && (
-            <div style={{ marginBottom: '16px' }}>
-              <Alert
-                message={successAlert.message}
-                type="success"
-                icon={<CheckCircleOutlined />}
-                showIcon
-                closable
-                onClose={() => setSuccessAlert({ visible: false, message: '' })}
-                style={{
-                  borderRadius: '8px',
-                  border: '1px solid #b7eb8f',
-                  backgroundColor: '#f6ffed'
-                }}
-              />
-            </div>
+            <Alert
+              message={successAlert.message}
+              type="success"
+              icon={<CheckCircleOutlined />}
+              closable
+              style={{ marginBottom: 16, borderRadius: 8 }}
+            />
           )}
-          
           <div className="login-header">
-            <h1 className="login-title">欢迎来到小红书</h1>
-            <p className="login-subtitle">标记我的生活</p>
+            <h1>欢迎来到小红书</h1>
+            <p>标记我的生活</p>
           </div>
-
           <form className="login-form" onSubmit={handleSubmit}>
             <div className="form-group">
               <Input
                 type="email"
-                id="email"
-                name="email"
-                className={`form-input ${errors.email ? 'input-error' : ''}`}
-                placeholder="请输入您的邮箱"
+                placeholder="邮箱"
                 value={formData.email}
                 onChange={handleEmailChange}
                 prefix={<MailOutlined />}
-                size="large"
-                title=""
                 status={errors.email ? 'error' : ''}
               />
-              {errors.email && (
-                <div className="error-message">
-                  {errors.email}
-                </div>
-              )}
+              {errors.email && <div className="error-message">{errors.email}</div>}
             </div>
-
             <div className="form-group">
               <Input.Password
-                id="password"
-                name="password"
-                className={`form-input ${errors.password ? 'input-error' : ''}`}
-                placeholder="请输入您的密码"
+                placeholder="密码"
                 value={formData.password}
                 onChange={handlePasswordChange}
                 prefix={<LockOutlined />}
-                size="large"
-                title=""
                 status={errors.password ? 'error' : ''}
               />
-              {errors.password && (
-                <div className="error-message">
-                  {errors.password}
-                </div>
-              )}
+              {errors.password && <div className="error-message">{errors.password}</div>}
             </div>
-
             <div className="form-options">
-              <Checkbox 
-                checked={rememberMe}
-                onChange={handleRememberMeChange}
-              >
+              <Checkbox checked={rememberMe} onChange={handleRememberMeChange}>
                 记住我
               </Checkbox>
-              <Link to="/forgot-password" className="forgot-password">忘记密码？</Link>
+              <Link to="/forgot-password">忘记密码？</Link>
             </div>
-
             <button
               type="submit"
               className={`login-button ${isLoading ? 'loading' : ''}`}
               disabled={isLoading}
             >
-              {isLoading ? (
-                <>
-                  <div className="loading-spinner"></div>
-                  登录中...
-                </>
-              ) : (
-                '登录'
-              )}
+              {isLoading ? '登录中...' : '登录'}
             </button>
           </form>
-
           <div className="signup-link">
-            <p>还没有账户？ <Link to="/register">立即注册</Link></p>
+            <p>还没有账户？<Link to="/register">立即注册</Link></p>
           </div>
         </div>
       </div>
-
-      {/* 错误弹窗 */}
       <Modal
-        title={
-          <div style={{ display: 'flex', alignItems: 'center', gap: '8px' }}>
-            <ExclamationCircleOutlined style={{ color: '#ff4d4f', fontSize: '18px' }} />
-            {errorModal.title}
-          </div>
-        }
+        title={<><ExclamationCircleOutlined style={{ color: '#ff4d4f' }} /> {errorModal.title}</>}
         open={errorModal.visible}
         onOk={closeErrorModal}
-        onCancel={closeErrorModal}
-        okText="我知道了"
         cancelButtonProps={{ style: { display: 'none' } }}
-        centered
-        className="error-modal"
       >
-        <div style={{ padding: '16px 0', fontSize: '14px', lineHeight: '1.6' }}>
-          {errorModal.content}
-        </div>
+        <p>{errorModal.content}</p>
       </Modal>
     </div>
-  );
-};
-
-export default LoginPage;
+  )
+}
diff --git a/Merge/front/src/router/App.js b/Merge/front/src/router/App.js
index d91b3b7..4da6f49 100644
--- a/Merge/front/src/router/App.js
+++ b/Merge/front/src/router/App.js
@@ -1,72 +1,75 @@
-import React from 'react';
-import {
-  Routes,
-  Route,
-  Navigate,
-} from 'react-router-dom';
-import AdminPage from '../components/Admin';
-import UserManagement from '../components/UserManagement';
-import LogsDashboard from '../components/LogsDashboard';
-import SuperAdmin from '../components/SuperAdmin';
+// src/router/index.jsx
+import React from 'react'
+import { Routes, Route, Navigate, Outlet } from 'react-router-dom'
 
-import CreatePost     from '../components/CreatePost'      // src/components/CreatePost.jsx
-import HomeFeed       from '../components/HomeFeed'        // src/components/HomeFeed.jsx
-import PlaceholderPage from '../components/PlaceholderPage'// src/components/PlaceholderPage.jsx
-import UploadPage     from '../components/UploadPage'      // src/components/UploadPage.jsx
+import LoginPage           from '../pages/LoginPage/LoginPage'
+import RegisterPage        from '../pages/RegisterPage/RegisterPage'
+import ForgotPasswordPage  from '../pages/ForgotPasswordPage/ForgotPasswordPage'
+import TestDashboard       from '../pages/TestDashboard/TestDashboard'
+import HomeFeed            from '../components/HomeFeed'
+import CreatePost          from '../components/CreatePost'
+import NotebookPage        from '../components/NotebookPage'
+import PlaceholderPage     from '../components/PlaceholderPage'
+import UserProfile         from '../components/UserProfile'
 
-import UserProfile from '../components/UserProfile'; // src/components/UserProfileRoute.jsx
+import AdminPage           from '../components/Admin'
+import SuperAdmin          from '../components/SuperAdmin'
+import UserManagement      from '../components/UserManagement'
+import LogsDashboard       from '../components/LogsDashboard'
+import TransactionLogs     from '../components/TransactionLogs'
+import PerformanceLogs     from '../components/PerformanceLogs'
 
-import LoginPage from '../pages/LoginPage/LoginPage';
-import RegisterPage from '../pages/RegisterPage/RegisterPage';
-import ForgotPasswordPage from '../pages/ForgotPasswordPage/ForgotPasswordPage';
-import TestDashboard from '../pages/TestDashboard/TestDashboard';
-
-import TransactionLogs from '../components/TransactionLogs';
-import PerformanceLogs from '../components/PerformanceLogs';
-import NotebookPage    from '../components/NotebookPage'
+import { RequireAuth, RequireRole } from './Guards'
 
 export default function AppRoutes() {
   return (
     <Routes>
-      <Route path="/posts/new" element={<CreatePost />} />
-    
-      <Route path="/home"      element={<HomeFeed />} />
+      {/* ### 公开路由（不用登录就能看） */}
+      <Route path="/login"            element={<LoginPage />} />
+      <Route path="/register"         element={<RegisterPage />} />
+      <Route path="/forgot-password"  element={<ForgotPasswordPage />} />
 
-      <Route path="/notebooks" element={<NotebookPage />} />
-      <Route path="/activity"  element={<PlaceholderPage pageId="activity"  />} />
-      <Route path="/notes"     element={<PlaceholderPage pageId="notes"     />} />
-      <Route path="/creator"   element={<PlaceholderPage pageId="creator"   />} />
-      <Route path="/journal"   element={<PlaceholderPage pageId="journal"   />} />
-      <Route path="/user/:userId" element={<UserProfile />} />
-      <Route path="/dashboard/*" element={<UploadPage />} />
+      {/* ### 需要登录才能访问的区域 */}
+      <Route element={<RequireAuth />}>
+        {/* ---- 普通用户区块 ---- */}
+        <Route element={<RequireRole allowedRoles={['user']} />}>
+          <Route path="/home"      element={<HomeFeed />} />
+          <Route path="/posts/new" element={<CreatePost />} />
+          <Route path="/notebooks" element={<NotebookPage />} />
+          <Route path="/user/:userId" element={<UserProfile />} />
+          <Route path="/activity"  element={<PlaceholderPage pageId="activity" />} />
+          <Route path="/notes"     element={<PlaceholderPage pageId="notes" />} />
+          <Route path="/creator"   element={<PlaceholderPage pageId="creator" />} />
+          <Route path="/journal"   element={<PlaceholderPage pageId="journal" />} />
 
-      {/* 根路径重定向到 dashboard */}
-      {/* <Route path="/" element={<Navigate to="/dashboard/overview" replace />} /> */}
+          <Route path="/dashboard/*" element={<PlaceholderPage />} />
+          <Route path="/posts/new"           element={<CreatePost />} />
+          <Route path="/posts/edit/:postId"  element={<CreatePost />} />
+          <Route path="/" element={<Navigate to="/dashboard/overview" replace />} />
+        </Route>
 
-      <Route path="/" element={<LoginPage />} />
-      <Route path="/login" element={<LoginPage />} />
-      <Route path="/register" element={<RegisterPage />} />
-      <Route path="/forgot-password" element={<ForgotPasswordPage />} />
-      <Route path="/test-dashboard" element={<TestDashboard />} />
+        {/* ---- 管理员区块 ---- */}
+        <Route element={<RequireRole allowedRoles={['admin']} />}>
+          <Route path="/admin" element={<AdminPage />} />
+          <Route path="/test-dashboard" element={<TestDashboard  />} />
+        </Route>
 
-      {/* 普通管理员，无 header */}
-      <Route path="admin" element={<AdminPage />} />
-
-      {/* 超级管理员，只用 SuperAdminLayout */}
-      <Route path="superadmin" element={<SuperAdmin />}>
-        <Route index element={<Navigate to="users" replace />} />
-        <Route path="users" element={<UserManagement superAdminId={3} />} />
-
-        {/* dashboard as layout */}
-        <Route path="dashboard" element={<LogsDashboard />}>
-          <Route index element={<Navigate to="transactions" replace />} />
-          <Route path="transactions" element={<TransactionLogs userId={1} />} />
-          <Route path="performance" element={<PerformanceLogs userId={1} />} />
+        {/* ---- 超级管理员区块 ---- */}
+        <Route element={<RequireRole allowedRoles={['superadmin']} />}>
+          <Route path="/superadmin" element={<SuperAdmin />}>
+            <Route index element={<Navigate to="users" replace />} />
+            <Route path="users"         element={<UserManagement superAdminId={3} />} />
+            <Route path="dashboard"     element={<LogsDashboard />}>
+              <Route index element={<Navigate to="transactions" replace />} />
+              <Route path="transactions" element={<TransactionLogs userId={1} />} />
+              <Route path="performance"  element={<PerformanceLogs userId={1} />} />
+            </Route>
+          </Route>
         </Route>
       </Route>
 
-      {/* 最后一个兜底，放在最末尾 */}
-      <Route path="*" element={<PlaceholderPage pageId="home" />} />
+      {/* ### 兜底：不认识的地址都重定向到 /login */}
+      <Route path="*" element={<Navigate to="/login" replace />} />
     </Routes>
-  );
-}
\ No newline at end of file
+  )
+}
diff --git a/Merge/front/src/router/Guards.jsx b/Merge/front/src/router/Guards.jsx
new file mode 100644
index 0000000..3fa7408
--- /dev/null
+++ b/Merge/front/src/router/Guards.jsx
@@ -0,0 +1,24 @@
+// src/router/Guards.jsx
+import React from 'react'
+import { Navigate, Outlet, useLocation } from 'react-router-dom'
+import { getAuthToken, getUserInfo } from '../utils/auth'
+
+/** 登录检查：有 token 才放行，否则跳到 /login */
+export function RequireAuth({ children }) {
+  const token = getAuthToken()
+  const loc   = useLocation()
+  if (!token) {
+    return <Navigate to="/login" state={{ from: loc }} replace />
+  }
+  return children ?? <Outlet />
+}
+
+/** 角色检查：只有 allowedRoles 内的角色才能访问 */
+export function RequireRole({ allowedRoles, children }) {
+  const user = getUserInfo()
+  // user 里应该有 .role
+  if (!user || !allowedRoles.includes(user.role)) {
+    return <Navigate to="/login" replace />
+  }
+  return children ?? <Outlet />
+}
