diff --git a/pom.xml b/pom.xml
index 13c123fa..62cbfacd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -263,6 +263,12 @@
             <version>2.15.1</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.13.0</version>
+        </dependency>
+
         <dependency>
             <groupId>com.stripe</groupId>
             <artifactId>stripe-java</artifactId>
diff --git a/src/main/java/com/ai/da/common/config/exception/ExceptionCatch.java b/src/main/java/com/ai/da/common/config/exception/ExceptionCatch.java
index 6ccb952a..b40d5038 100644
--- a/src/main/java/com/ai/da/common/config/exception/ExceptionCatch.java
+++ b/src/main/java/com/ai/da/common/config/exception/ExceptionCatch.java
@@ -1,89 +1,99 @@
-package com.ai.da.common.config.exception;
-
-import com.ai.da.common.response.Response;
-import com.google.common.collect.ImmutableMap;
-import com.ai.da.common.response.ResultEnum;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.validation.BindException;
-import org.springframework.web.bind.MethodArgumentNotValidException;
-import org.springframework.web.bind.annotation.ControllerAdvice;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseBody;
-
-/**
- * @author: dangweijian
- * @description: 全局异常捕获
- * @create: 2019-12-03 10:24
- **/
-@Slf4j
-@ControllerAdvice
-public class ExceptionCatch {
-
-    /**
-     * 线程安全,且构建后不可更改
-     */
-    private static ImmutableMap<Class<? extends Throwable>, ResultEnum> EXCEPTIONS;
-
-    /**
-     * 用于构建ImmutableMap
-     */
-    private static ImmutableMap.Builder<Class<? extends Throwable>, ResultEnum> builder = ImmutableMap.builder();
-
-    @ResponseBody
-    @ExceptionHandler(BusinessException.class)
-    public Response<String> businessExceptionCatch(BusinessException e) {
-        log.error("发生业务异常,code:[{}],msg:[{}]", e.getCode(), e.getMsg(), e);
-        return Response.error(e.getCode(), e.getMsg());
-    }
-
-    @ResponseBody
-    @ExceptionHandler(Exception.class)
-    public Response<String> exceptionCatch(Exception e) {
-        log.error("发生系统异常,message:[{}]", e.getMessage(), e);
-        //如果ImmutableMap集合为空,构建ImmutableMap
-        if (EXCEPTIONS == null || EXCEPTIONS.size() == 0) {
-            EXCEPTIONS = builder.build();
-        }
-        //获取不可预知异常自定义错误码
-        if (EXCEPTIONS != null) {
-            ResultEnum resultEnum = EXCEPTIONS.get(e.getClass());
-            if (resultEnum != null) {
-                return Response.error(resultEnum.getCode(), resultEnum.getMsg());
-            }
-        }
-        return Response.error(ResultEnum.ERROR.getCode(), e.getMessage() == null ? ResultEnum.ERROR.getMsg() : e.getMessage());
-    }
-
-    /**
-     * 处理参数校验异常
-     *
-     * @param e
-     * @return ResponseData
-     */
-    @ResponseBody
-    @ExceptionHandler(BindException.class)
-    public Response<String> bindExceptionHandler(BindException e) {
-        log.error("参数错误bind：{}", e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
-        BusinessException businessException = new BusinessException(e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
-        return Response.error(businessException.getCode(), businessException.getMsg());
-    }
-
-    /**
-     * 处理参数校验异常
-     *
-     * @param e
-     * @return ResponseData
-     */
-    @ResponseBody
-    @ExceptionHandler(MethodArgumentNotValidException.class)
-    public Response<String> handleValidationException(MethodArgumentNotValidException e) {
-        log.error("参数错误bind：{}", e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
-        BusinessException businessException = new BusinessException(e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
-        return Response.error(businessException.getCode(), businessException.getMsg());
-    }
-
-    //初始化,不可预知异常自定义错误编码
-    static {
-//        builder.put(FileNotFoundException.class, ResultEnum.FILE_NOT_EXIST);
-    }
-}
+package com.ai.da.common.config.exception;
+
+import com.ai.da.common.response.Response;
+import com.google.common.collect.ImmutableMap;
+import com.ai.da.common.response.ResultEnum;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.validation.BindException;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+/**
+ * @author: dangweijian
+ * @description: 全局异常捕获
+ * @create: 2019-12-03 10:24
+ **/
+@Slf4j
+@ControllerAdvice
+public class ExceptionCatch {
+
+    /**
+     * 线程安全,且构建后不可更改
+     */
+    private static ImmutableMap<Class<? extends Throwable>, ResultEnum> EXCEPTIONS;
+
+    /**
+     * 用于构建ImmutableMap
+     */
+    private static ImmutableMap.Builder<Class<? extends Throwable>, ResultEnum> builder = ImmutableMap.builder();
+
+    @ResponseBody
+    @ExceptionHandler(BusinessException.class)
+    public Response<String> businessExceptionCatch(BusinessException e) {
+        log.error("发生业务异常,code:[{}],msg:[{}]", e.getCode(), e.getMsg(), e);
+        return Response.error(e.getCode(), e.getMsg());
+    }
+
+    @ResponseBody
+    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+    @ExceptionHandler(UnauthorizedException.class)
+    public Response<String> unauthorizedExceptionCatch(UnauthorizedException e) {
+        log.error("Unauthorized: {}", e.getMessage());
+        return Response.error(401, e.getMessage());
+    }
+
+    @ResponseBody
+    @ExceptionHandler(Exception.class)
+    public Response<String> exceptionCatch(Exception e) {
+        log.error("发生系统异常,message:[{}]", e.getMessage(), e);
+        //如果ImmutableMap集合为空,构建ImmutableMap
+        if (EXCEPTIONS == null || EXCEPTIONS.size() == 0) {
+            EXCEPTIONS = builder.build();
+        }
+        //获取不可预知异常自定义错误码
+        if (EXCEPTIONS != null) {
+            ResultEnum resultEnum = EXCEPTIONS.get(e.getClass());
+            if (resultEnum != null) {
+                return Response.error(resultEnum.getCode(), resultEnum.getMsg());
+            }
+        }
+        return Response.error(ResultEnum.ERROR.getCode(), e.getMessage() == null ? ResultEnum.ERROR.getMsg() : e.getMessage());
+    }
+
+    /**
+     * 处理参数校验异常
+     *
+     * @param e
+     * @return ResponseData
+     */
+    @ResponseBody
+    @ExceptionHandler(BindException.class)
+    public Response<String> bindExceptionHandler(BindException e) {
+        log.error("参数错误bind：{}", e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
+        BusinessException businessException = new BusinessException(e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
+        return Response.error(businessException.getCode(), businessException.getMsg());
+    }
+
+    /**
+     * 处理参数校验异常
+     *
+     * @param e
+     * @return ResponseData
+     */
+    @ResponseBody
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public Response<String> handleValidationException(MethodArgumentNotValidException e) {
+        log.error("参数错误bind：{}", e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
+        BusinessException businessException = new BusinessException(e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
+        return Response.error(businessException.getCode(), businessException.getMsg());
+    }
+
+    //初始化,不可预知异常自定义错误编码
+    static {
+//        builder.put(FileNotFoundException.class, ResultEnum.FILE_NOT_EXIST);
+    }
+}
diff --git a/src/main/java/com/ai/da/common/config/exception/UnauthorizedException.java b/src/main/java/com/ai/da/common/config/exception/UnauthorizedException.java
new file mode 100644
index 00000000..9ea1c589
--- /dev/null
+++ b/src/main/java/com/ai/da/common/config/exception/UnauthorizedException.java
@@ -0,0 +1,12 @@
+package com.ai.da.common.config.exception;
+
+public class UnauthorizedException extends RuntimeException {
+
+    public UnauthorizedException(String message) {
+        super(message);
+    }
+
+    public UnauthorizedException() {
+        super("Gateway token verification failed");
+    }
+}
diff --git a/src/main/java/com/ai/da/common/context/UserContext.java b/src/main/java/com/ai/da/common/context/UserContext.java
index 71a0a36e..ce0a3d90 100644
--- a/src/main/java/com/ai/da/common/context/UserContext.java
+++ b/src/main/java/com/ai/da/common/context/UserContext.java
@@ -1,19 +1,41 @@
-package com.ai.da.common.context;
-
-import com.ai.da.model.vo.AuthPrincipalVo;
-
-public class UserContext {
-    private static ThreadLocal<AuthPrincipalVo> userHolder = new ThreadLocal<AuthPrincipalVo>();
-
-    public static AuthPrincipalVo getUserHolder() {
-        return userHolder.get();
-    }
-
-    public static void delete() {
-        userHolder.remove();
-    }
-
-    public static void setUserHolder(AuthPrincipalVo authPrincipalVo) {
-        userHolder.set(authPrincipalVo);
-    }
-}
+package com.ai.da.common.context;
+
+import com.ai.da.model.vo.AuthPrincipalVo;
+
+public class UserContext {
+    private static final ThreadLocal<AuthPrincipalVo> userHolder = new ThreadLocal<>();
+
+    public static void setUserHolder(AuthPrincipalVo authPrincipalVo) {
+        userHolder.set(authPrincipalVo);
+    }
+
+    public static AuthPrincipalVo getUserHolder() {
+        AuthPrincipalVo holder = userHolder.get();
+        if (holder == null) {
+            throw new RuntimeException("User not authenticated");
+        }
+        if (!"AIDA".equals(holder.getSource())) {
+            throw new RuntimeException("Access denied: source must be AIDA");
+        }
+        return holder;
+    }
+
+    public static void delete() {
+        userHolder.remove();
+    }
+
+    public static Long getUserId() {
+        return getUserHolder().getId();
+    }
+
+    public static Long getBuyerId() {
+        AuthPrincipalVo holder = userHolder.get();
+        if (holder == null) {
+            throw new RuntimeException("User not authenticated");
+        }
+        if (!"BUYER".equals(holder.getSource())) {
+            throw new RuntimeException("Access denied: source must be BUYER");
+        }
+        return holder.getId();
+    }
+}
diff --git a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
index e036e5e2..45bf2025 100644
--- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
+++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
@@ -358,6 +358,8 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
         principal.setUsername(account.getUserName());
         principal.setLanguage(account.getLanguage());
         principal.setCountry(account.getCountry());
+        //区分买家端登录
+        principal.setSource("AIDA");
         String token2 = tokenGenerateUtils.createToken(principal);
         // 本地 JVM 缓存（适配旧逻辑）
         LocalCacheUtils.setTokenCache(String.valueOf(account.getId()), token2);
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index a51add02..7d6fb8d4 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -11,14 +11,6 @@ spring:
   application:
     name: aida-back
 
-  # ---------- 副数据源（back 私有，由 Nacos 统一管理） ----------
-
-  # ---------- Token 生成参数（由 TokenGenerateUtils 使用） ----------
-  security:
-    jwtSecret: JWTSECRET
-    jwtTokenHeader: Authorization
-    jwtTokenPrefix: Bearer-
-    jwtExpiration: 8640000000
 
 # ---------- MinIO Buckets ----------
 minio: