diff --git a/app/common/middleware/SignMiddleware.php b/app/common/middleware/SignMiddleware.php
new file mode 100755
index 00000000..7a783ed4
--- /dev/null
+++ b/app/common/middleware/SignMiddleware.php
@@ -0,0 +1,84 @@
+<?php
+
+// +----------------------------------------------------------------------
+// | CRMEB [ CRMEB赋能开发者，助力企业发展 ]
+// +----------------------------------------------------------------------
+// | Copyright (c) 2016~2022 https://www.crmeb.com All rights reserved.
+// +----------------------------------------------------------------------
+// | Licensed CRMEB并不是自由软件，未经许可不能去掉CRMEB相关版权
+// +----------------------------------------------------------------------
+// | Author: CRMEB Team <admin@crmeb.com>
+// +----------------------------------------------------------------------
+
+
+namespace app\common\middleware;
+
+use app\Request;
+use crmeb\exceptions\AuthException;
+use think\exception\ValidateException;
+use think\Response;
+use Throwable;
+
+class SignMiddleware extends BaseMiddleware
+{
+
+    /**
+     * @param Request $request
+     * @throws Throwable
+     * @author xaboy
+     * @day 2020-04-10
+     */
+    public function before(Request $request)
+    {
+        try {
+            $appid = $request->header('appid');
+			$timestamp = $request->header('timestamp');
+			$sign = $request->header('sign');
+            // 中台系统secret
+            $appSecret = 'St@tF!8r@fgjCu88fJB9eo4PTRHxsntC';
+            $this->verifySign(['appid'=>$appid,'timestamp'=>$timestamp,'sign'=>$sign], $appSecret);
+        } catch (AuthException $e) {
+            $eArray = ($e->getResponse())->getData();
+            throw new AuthException($eArray['message'] ?? '非法签名');
+            return; 
+        } catch (Throwable $e) {
+            throw new AuthException('非法请求');
+            return;
+        }
+    }
+
+    public function after(Response $response)
+    {
+        
+    }
+
+    private function makeSign($data, $appSecret)
+    {
+        ksort($data);
+        $string = "";
+        foreach ($data as $k => $v) {
+            if ($k == "sign" || is_array($v)) {
+                continue;
+            }
+            $string .= $k . "=" . $v . "&";
+        }
+        $string = trim($string, "&");
+        $string = $string . "&key=" . $appSecret;
+        $string = md5(md5($string));
+        return strtolower($string);
+    }
+
+    private function verifySign($data, $appSecret)
+    {
+        // 验证请求， 10秒钟失效
+        if (time() - ($data['timestamp'] ?? 0) > 10) {
+            throw new AuthException('签名已失效');
+        }
+        // 比对签名
+        $clientSign = $data['sign'] ?? '';
+        $serverSign = $this->makeSign($data, $appSecret);
+        if ($clientSign != $serverSign) {
+            throw new AuthException('签名校验失败');
+        }
+    }
+}
\ No newline at end of file
diff --git a/app/controller/middle/Merchant.php b/app/controller/middle/Merchant.php
new file mode 100644
index 00000000..0e8c665f
--- /dev/null
+++ b/app/controller/middle/Merchant.php
@@ -0,0 +1,45 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use think\facade\Db;
+use app\common\repositories\system\merchant\MerchantRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class Merchant extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, MerchantRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function get_area(){
+        $city_code = $this->request->param('city_code', '');
+        $select = Db::name('geo_area')->where('city_code',$city_code)->field('area_id id,area_code code,area_name name')->select();
+        return app('json')->success($select);
+    }
+
+    public function count()
+    {
+        $where = $this->request->params(['keyword', 'date', 'status', 'statusTag', 'is_trader', 'category_id', 'type_id']);
+        return app('json')->success($this->repository->count($where));
+    }
+
+    public function lst()
+    {
+        [$page, $limit] = $this->getPage();
+        $where = $this->request->params(['keyword', 'date', 'status', 'statusTag', 'is_trader', 'category_id', 'type_id', 'area_id', 'street_id']);
+        return app('json')->success($this->repository->lst($where, $page, $limit));
+    }
+
+}
diff --git a/app/controller/middle/MerchantCategory.php b/app/controller/middle/MerchantCategory.php
new file mode 100644
index 00000000..b915faf9
--- /dev/null
+++ b/app/controller/middle/MerchantCategory.php
@@ -0,0 +1,31 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use think\facade\Db;
+use app\common\repositories\system\merchant\MerchantCategoryRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class MerchantCategory extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, MerchantCategoryRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function getOptions()
+    {
+        return app('json')->success($this->repository->allOptions());
+    }
+
+}
diff --git a/app/controller/middle/MerchantType.php b/app/controller/middle/MerchantType.php
new file mode 100644
index 00000000..72f5f51b
--- /dev/null
+++ b/app/controller/middle/MerchantType.php
@@ -0,0 +1,31 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use think\facade\Db;
+use app\common\repositories\system\merchant\MerchantTypeRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class MerchantType extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, MerchantTypeRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function options()
+    {
+        return app('json')->success($this->repository->getOptions());
+    }
+
+}
diff --git a/app/controller/middle/ProductLabel.php b/app/controller/middle/ProductLabel.php
new file mode 100644
index 00000000..0bd62384
--- /dev/null
+++ b/app/controller/middle/ProductLabel.php
@@ -0,0 +1,32 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use app\common\repositories\store\product\ProductLabelRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class ProductLabel extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, ProductLabelRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function getOptions()
+    {
+        $data = $this->repository->getOptions(0);
+        return  app('json')->success($data);
+    }
+
+
+}
diff --git a/app/controller/middle/StoreCategory.php b/app/controller/middle/StoreCategory.php
new file mode 100644
index 00000000..99149f71
--- /dev/null
+++ b/app/controller/middle/StoreCategory.php
@@ -0,0 +1,35 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use app\common\repositories\store\StoreCategoryRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class StoreCategory extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, StoreCategoryRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function getList()
+    {
+        $type = $this->request->param('type',null);
+        $lv = $this->request->param('lv',null);
+        if (!is_null($lv)) $lv = $lv + 1;
+        $data = $this->repository->getList($type, $lv);
+        return app('json')->success($data);
+    }
+
+
+}
diff --git a/app/controller/middle/StoreProduct.php b/app/controller/middle/StoreProduct.php
new file mode 100644
index 00000000..e41713c3
--- /dev/null
+++ b/app/controller/middle/StoreProduct.php
@@ -0,0 +1,52 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use app\common\repositories\store\product\ProductRepository;
+use app\common\repositories\system\merchant\MerchantRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class StoreProduct extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, ProductRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function getStatusFilter()
+    {
+        return app('json')->success($this->repository->getFilter(null,'商品',0));
+    }
+
+    public function lst()
+    {
+        [$page, $limit] = $this->getPage();
+        $where = $this->request->params(['cate_id', 'keyword', ['type', 1], 'mer_cate_id', 'pid','store_name','is_trader','us_status','product_id','star','sys_labels','hot_type','svip_price_type']);
+        $mer_id = $this->request->param('mer_id','');
+        $merId = $mer_id ? $mer_id : null;
+        $where['is_gift_bag'] = 0;
+        $_where = $this->repository->switchType($where['type'], null,0);
+        unset($_where['product_type']);
+        unset($_where['star']);
+        $where = array_merge($where, $_where);
+        return app('json')->success($this->repository->getAdminList($merId, $where, $page, $limit));
+    }
+
+    public function lists()
+    {
+        $make = app()->make(MerchantRepository::class);
+        $data = $make->selectWhere(['is_del' => 0],'mer_id,mer_name');
+        return app('json')->success($data);
+    }
+
+}
diff --git a/app/controller/middle/User.php b/app/controller/middle/User.php
new file mode 100644
index 00000000..5b0eee33
--- /dev/null
+++ b/app/controller/middle/User.php
@@ -0,0 +1,47 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use app\common\repositories\user\UserRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class User extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, UserRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function lst()
+    {
+        $where = $this->request->params([
+            'label_id',
+            'user_type',
+            'sex',
+            'is_promoter',
+            'country',
+            'pay_count',
+            'user_time_type',
+            'user_time',
+            'nickname',
+            'province',
+            'city',
+            'group_id',
+            'phone',
+            'uid',
+            ]);
+        [$page, $limit] = $this->getPage();
+        return app('json')->success($this->repository->getList($where, $page, $limit));
+    }
+
+}
diff --git a/app/controller/middle/UserGroup.php b/app/controller/middle/UserGroup.php
new file mode 100644
index 00000000..b433b740
--- /dev/null
+++ b/app/controller/middle/UserGroup.php
@@ -0,0 +1,32 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use app\common\repositories\user\UserGroupRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class UserGroup extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, UserGroupRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function lst()
+    {
+        $page = 1;
+        $limit = 9999;
+        return app('json')->success($this->repository->getList([], $page, $limit));
+    }
+
+}
diff --git a/app/controller/middle/UserLabel.php b/app/controller/middle/UserLabel.php
new file mode 100644
index 00000000..06bfe7f1
--- /dev/null
+++ b/app/controller/middle/UserLabel.php
@@ -0,0 +1,34 @@
+<?php
+namespace app\controller\middle;
+
+use crmeb\basic\BaseController;
+use think\App;
+use app\common\repositories\user\UserLabelRepository;
+
+/**
+ * Class Auth
+ * @package app\controller\api
+ * @author xaboy
+ * @day 2020-05-06
+ */
+class UserLabel extends BaseController
+{
+
+    protected $repository;
+
+    public function __construct(App $app, UserLabelRepository $repository)
+    {
+        parent::__construct($app);
+        $this->repository = $repository;
+    }
+
+    public function lst()
+    {
+        $page = 1;
+        $limit = 9999;
+        $where = $this->request->params(['type', 'all']);
+        $where['mer_id'] = $this->request->merId();
+        return app('json')->success($this->repository->getList($where, $page, $limit));
+    }
+
+}
diff --git a/route/middle.php b/route/middle.php
new file mode 100755
index 00000000..5eff9653
--- /dev/null
+++ b/route/middle.php
@@ -0,0 +1,33 @@
+<?php
+
+// +----------------------------------------------------------------------
+// | CRMEB [ CRMEB赋能开发者，助力企业发展 ]
+// +----------------------------------------------------------------------
+// | Copyright (c) 2016~2022 https://www.crmeb.com All rights reserved.
+// +----------------------------------------------------------------------
+// | Licensed CRMEB并不是自由软件，未经许可不能去掉CRMEB相关版权
+// +----------------------------------------------------------------------
+// | Author: CRMEB Team <admin@crmeb.com>
+// +----------------------------------------------------------------------
+
+use app\common\middleware\SignMiddleware;
+use think\facade\Route;
+
+Route::group('middle/', function () {
+    Route::any('product/label/option', 'middle.ProductLabel/getOptions');
+    Route::any('store/product/lst_filter', 'middle.StoreProduct/getStatusFilter');
+    Route::any('store/product/lst', 'middle.StoreProduct/lst');
+    Route::any('store/product/mer_select', 'middle.StoreProduct/lists');
+    Route::any('store/category/list', 'middle.StoreCategory/getList');
+
+    Route::any('user/group/lst', 'middle.UserGroup/lst');
+    Route::any('user/label/lst', 'middle.UserLabel/lst');
+    Route::any('user/lst', 'middle.User/lst');
+
+    Route::any('merchant/city/get_area', 'middle.Merchant/get_area');
+    Route::any('merchant/count', 'middle.Merchant/count');
+    Route::any('merchant/category/options', 'middle.MerchantCategory/getOptions');
+    Route::any('merchant/type/options', 'middle.MerchantType/options');
+    Route::any('merchant/lst', 'middle.Merchant/lst');
+
+})->middleware(SignMiddleware::class);
\ No newline at end of file