diff --git a/handler/users.js b/handler/users.js
index 35c4e2e..10029d9 100644
--- a/handler/users.js
+++ b/handler/users.js
@@ -42,7 +42,7 @@ class HandlerUser {
 
       // 从上图获取手机号
       const phoneNumber = phoneData.phone_info?.phoneNumber;
-      return ResponseUtil.success(ctx, {phoneNumber}, "获取手机号成功");
+      return ResponseUtil.success(ctx, { phoneNumber }, "获取手机号成功");
     } catch (err) {
       return ResponseUtil.internalError(ctx, err.message);
     }
@@ -73,7 +73,7 @@ class HandlerUser {
       if (!openid) {
         return ResponseUtil.error(ctx, "微信登录失败，未获取到 openid", null, 400);
       }
-      
+
       // 使用openid和phoneNumber查询用户
       let key = `app.${appId}.wxopenid`;
       let user = await DBModel.User.findOne({ [key]: openid });
@@ -94,7 +94,7 @@ class HandlerUser {
           user = await DBModel.User.setUser(newUser);
         }
       }
-      
+
       // 
       if (user) {
         if (phoneNumber && phoneNumber.length > 0 && user.profile.mobile !== phoneNumber) {
@@ -117,7 +117,7 @@ class HandlerUser {
         const token = await this.genToken(user._id.toString());
         user.security.token = token;
       }
-      user.security.tokenExpiry = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
+      user.security.tokenExpiry = new Date(Date.now() + 15 * 24 * 60 * 60 * 1000);
       await user.save();
 
       // 安全起见删除密码相关字段
@@ -199,6 +199,43 @@ class HandlerUser {
     return ResponseUtil.success(ctx, null, "退出登录成功");
   }
 
+  // 获取用户信息
+  async userInfo(ctx) {
+    try {
+      const { token, userId } = ctx.request.body;
+      if (!token || !userId) {
+        return ResponseUtil.badRequest(ctx, "缺少 token 或 userId");
+      }
+
+      let user = null;
+      if (token) {
+        user = await DBModel.User.findOne({ "security.token": token });
+      }
+      else {
+        user = await DBModel.User.findOne({ "_id": userId });
+      }
+      
+      if (!user) {
+        return ResponseUtil.unauthorized(ctx, "用户未登录或 token 无效");
+      }
+
+      const isTokenValid = user.security.token &&
+        user.security.tokenExpiry &&
+        new Date() < user.security.tokenExpiry;
+      if (!isTokenValid) {
+        return ResponseUtil.unauthorized(ctx, "登录已过期，请重新登录");
+      }
+
+      // 安全起见删除密码相关字段
+      delete user.security.passwd;
+      delete user.security.passwdSalt;
+
+      return ResponseUtil.success(ctx, { user }, "获取用户信息成功");
+    } catch (err) {
+      return ResponseUtil.internalError(ctx, err.message);
+    }
+  }
+
   // 生成 token
   async genToken(uid) {
     const crypto = await import("crypto");
diff --git a/routes/index.js b/routes/index.js
index 90d640d..4d3be8f 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -15,6 +15,7 @@ class ApiRouter {
     userRouter.post('/wxsignin', this.handler.wxSignin.bind(this.handler));
     userRouter.post('/update', this.handler.updateUser.bind(this.handler));
     userRouter.post('/signout', this.handler.signout.bind(this.handler));
+    userRouter.post('/userInfo', this.handler.userInfo.bind(this.handler));
 
     this.router.use(userRouter.routes());