diff --git a/backend/app/Command/AppInstall.php b/backend/app/Command/AppInstall.php
new file mode 100644
index 0000000..785e0fa
--- /dev/null
+++ b/backend/app/Command/AppInstall.php
@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Command;
+
+use App\Model\User;
+use Hyperf\Command\Command as HyperfCommand;
+use Hyperf\Command\Annotation\Command;
+use Psr\Container\ContainerInterface;
+
+#[Command]
+class AppInstall extends HyperfCommand
+{
+    public function __construct(protected ContainerInterface $container)
+    {
+        parent::__construct('app:install');
+    }
+
+    public function configure()
+    {
+        parent::configure();
+        $this->setDescription('Install application and create default admin user');
+    }
+
+    public function handle()
+    {
+        $this->line('Starting application installation...', 'info');
+
+        // 检查 admin 用户是否已存在
+        $existingUser = User::query()
+            ->where('username', 'adminstrator')
+            ->orWhere('email', 'admin@admin.com')
+            ->first();
+
+        if ($existingUser) {
+            $this->error('Admin user already exists!');
+            $this->line('Username: ' . $existingUser->username);
+            $this->line('Email: ' . $existingUser->email);
+            return 1;
+        }
+
+        // 创建默认 admin 用户
+        try {
+            $user = User::create([
+                'username' => 'adminstrator',
+                'email' => 'admin@admin.com',
+                'password' => 'admin',
+                'status' => 1,
+                'ext' => [],
+            ]);
+
+            $this->line('Default admin user created successfully!', 'info');
+            $this->line('Username: adminstrator', 'comment');
+            $this->line('Email: admin@admin.com', 'comment');
+            $this->line('Password: admin', 'comment');
+            $this->line('');
+            $this->warn('Please change the default password after first login!');
+
+            return 0;
+        } catch (\Exception $e) {
+            $this->error('Failed to create admin user: ' . $e->getMessage());
+            return 1;
+        }
+    }
+}
diff --git a/backend/app/Controller/AuthController.php b/backend/app/Controller/AuthController.php
index a2b3167..6500d87 100644
--- a/backend/app/Controller/AuthController.php
+++ b/backend/app/Controller/AuthController.php
@@ -9,12 +9,19 @@ use Hyperf\HttpServer\Contract\RequestInterface;
 use Hyperf\HttpServer\Contract\ResponseInterface;
 use Qbhy\HyperfAuth\AuthManager;
 use Carbon\Carbon;
+use Hyperf\HttpServer\Annotation\Controller;
+use Hyperf\HttpServer\Annotation\RequestMapping;
+use Hyperf\HttpServer\Annotation\Middleware;
+use Qbhy\HyperfAuth\AuthMiddleware;
 
+
+ #[Controller]
 class AuthController extends AbstractController
 {
     /**
      * 用户注册
      */
+    #[RequestMapping(path:'/register', methods:'post')]
     public function register(RequestInterface $request, ResponseInterface $response)
     {
         $username = $request->input('username');
@@ -58,6 +65,7 @@ class AuthController extends AbstractController
     /**
      * 用户登录
      */
+    #[RequestMapping(path:'/login', methods:'post')]
     public function login(RequestInterface $request, ResponseInterface $response, AuthManager $auth)
     {
         $username = $request->input('username');
@@ -118,6 +126,8 @@ class AuthController extends AbstractController
     /**
      * 刷新 Access Token
      */
+    #[RequestMapping(path:'/refresh', methods:'get')]
+    #[Middleware(AuthMiddleware::class)]
     public function refresh(RequestInterface $request, ResponseInterface $response, AuthManager $auth)
     {
         $refreshToken = $request->input('refresh_token');
@@ -179,6 +189,8 @@ class AuthController extends AbstractController
     /**
      * 获取当前用户信息
      */
+    #[RequestMapping(path:'/me', methods:'get')]
+    #[Middleware(AuthMiddleware::class)]
     public function me(AuthManager $auth, ResponseInterface $response)
     {
         $user = $auth->guard('jwt')->user();
@@ -207,6 +219,8 @@ class AuthController extends AbstractController
     /**
      * 退出登录
      */
+    #[RequestMapping(path:'/logout', methods:'get')]
+    #[Middleware(AuthMiddleware::class)]
     public function logout(AuthManager $auth, ResponseInterface $response)
     {
         $user = $auth->guard('jwt')->user();
diff --git a/backend/config/routes.php b/backend/config/routes.php
index 44e9e4d..0b34404 100644
--- a/backend/config/routes.php
+++ b/backend/config/routes.php
@@ -17,19 +17,4 @@ Router::get('/favicon.ico', function () {
     return '';
 });
 
-// 认证相关路由（无需认证）
-Router::addGroup('/api/auth', function () {
-    Router::post('/register', 'App\Controller\AuthController@register');
-    Router::post('/login', 'App\Controller\AuthController@login');
-    Router::post('/refresh', 'App\Controller\AuthController@refresh');
-});
 
-// 需要认证的路由
-Router::addGroup('/api', function () {
-    Router::get('/user/me', 'App\Controller\AuthController@me');
-    Router::post('/auth/logout', 'App\Controller\AuthController@logout');
-
-    // 在这里添加其他需要认证的路由
-}, [
-    'middleware' => [App\Middleware\AuthMiddleware::class],
-]);