diff --git a/.env.example b/.env.example
index 736875e..65aa5fe 100644
--- a/.env.example
+++ b/.env.example
@@ -40,3 +40,10 @@ MAIL_PASSWORD=RYD18798276809
 MAIL_FROM_ADDRESS=18798276809@163.com
 MAIL_FROM_NAME="Lumen IM 在线聊天"
 MAIL_ENCRYPTION=ssl
+
+# ---- Rabbit MQ 配置 ----
+AMQP_HOST=127.0.0.1
+AMQP_PORT=5672
+AMQP_USER=guest
+AMQP_PASSWORD=guest
+AMQP_VHOST=/
diff --git a/app/Controller/Api/V1/AuthController.php b/app/Controller/Api/V1/AuthController.php
index 323b9c0..68cba4d 100644
--- a/app/Controller/Api/V1/AuthController.php
+++ b/app/Controller/Api/V1/AuthController.php
@@ -120,7 +120,7 @@ class AuthController extends CController
         ]);
 
         if (!$this->smsCodeService->check('user_register', $params['mobile'], $params['sms_code'])) {
-            //return $this->response->fail('验证码填写错误...');
+            return $this->response->fail('验证码填写错误...');
         }
 
         $isTrue = $this->userService->register([
@@ -133,7 +133,9 @@ class AuthController extends CController
             return $this->response->fail('账号注册失败...');
         }
 
+        // 删除验证码缓存
         $this->smsCodeService->delCode('user_register', $params['mobile']);
+
         return $this->response->success([], '账号注册成功...');
     }
 
@@ -156,12 +158,14 @@ class AuthController extends CController
         }
 
         $isTrue = $this->userService->resetPassword($params['mobile'], $params['password']);
-        if ($isTrue) {
-            $this->smsCodeService->delCode('forget_password', $params['mobile']);
-            return $this->response->success([], '账号注册成功...');
+        if (!$isTrue) {
+            return $this->response->fail('重置密码失败...', ResponseCode::FAIL);
         }
 
-        return $this->response->fail('重置密码失败...', ResponseCode::FAIL);
+        // 删除验证码缓存
+        $this->smsCodeService->delCode('forget_password', $params['mobile']);
+
+        return $this->response->success([], '账号注册成功...');
     }
 
     /**
@@ -177,7 +181,7 @@ class AuthController extends CController
                 'token' => $this->jwt->refreshToken(),
                 'expire' => $this->jwt->getTTL()
             ]
-        ], '刷新 Token 成功...');
+        ]);
     }
 
     /**
@@ -211,12 +215,12 @@ class AuthController extends CController
 
         $data = ['is_debug' => true];
         [$isTrue, $result] = $this->smsCodeService->send($params['type'], $params['mobile']);
-        if ($isTrue) {
-            // 测试环境下直接返回验证码
-            $data['sms_code'] = $result['data']['code'];
-        } else {
+        if (!$isTrue) {
             // ... 处理发送失败逻辑，当前默认发送成功
         }
+        
+        // 测试环境下直接返回验证码
+        $data['sms_code'] = $result['data']['code'];
 
         return $this->response->success($data, '验证码发送成功...');
     }
diff --git a/app/Controller/Api/V1/CController.php b/app/Controller/Api/V1/CController.php
index c1a779f..92d229c 100644
--- a/app/Controller/Api/V1/CController.php
+++ b/app/Controller/Api/V1/CController.php
@@ -27,7 +27,8 @@ class CController extends AbstractController
      * @return int
      */
     public function uid(){
-        $data = container()->get(JWT::class)->getParserData();
+        $token = request()->getQueryParams()['token']??null;
+        $data = container()->get(JWT::class)->getParserData($token);
         return $data['user_id'];
     }
 }
diff --git a/app/Controller/Api/V1/DownloadController.php b/app/Controller/Api/V1/DownloadController.php
index 5c40403..4ffdf87 100644
--- a/app/Controller/Api/V1/DownloadController.php
+++ b/app/Controller/Api/V1/DownloadController.php
@@ -1,23 +1,24 @@
 <?php
 
-
 namespace App\Controller\Api\V1;
 
-use App\Model\Chat\ChatRecord;
-use App\Model\Chat\ChatRecordsFile;
-use App\Model\Group\UsersGroup;
-use App\Service\UploadService;
 use Hyperf\Di\Annotation\Inject;
 use Hyperf\HttpServer\Annotation\Controller;
 use Hyperf\HttpServer\Annotation\RequestMapping;
 use Hyperf\HttpServer\Annotation\Middleware;
-use Hyperf\HttpServer\Contract\ResponseInterface;
 use App\Middleware\JWTAuthMiddleware;
+use App\Model\Article\ArticleAnnex;
+use App\Model\Chat\ChatRecord;
+use App\Model\Chat\ChatRecordsFile;
+use App\Model\Group\UsersGroup;
+use App\Service\UploadService;
+use Hyperf\HttpServer\Contract\ResponseInterface;
 
 /**
  * Class DownloadController
  *
  * @Controller(path="/api/v1/download")
+ * @Middleware(JWTAuthMiddleware::class)
  *
  * @package App\Controller\Api\V1
  */
@@ -28,36 +29,70 @@ class DownloadController extends CController
      *
      * @RequestMapping(path="user-chat-file", methods="get")
      *
-     * @return mixed
+     * @param ResponseInterface $response
+     * @param UploadService $uploadService
+     * @return \Psr\Http\Message\ResponseInterface
      */
     public function userChatFile(ResponseInterface $response, UploadService $uploadService)
     {
-        $crId = $this->request->input('cr_id', 0);
-        $uid = 2054;
+        $params = $this->request->inputs(['cr_id']);
+        $this->validate($params, [
+            'cr_id' => 'required|integer',
+        ]);
 
-        $recordsInfo = ChatRecord::select(['msg_type', 'source', 'user_id', 'receive_id'])->where('id', $crId)->first();
+        $recordsInfo = ChatRecord::select(['msg_type', 'source', 'user_id', 'receive_id'])->where('id', $params['cr_id'])->first();
         if (!$recordsInfo) {
             return $this->response->fail('文件不存在...');
         }
 
+        $user_id = $this->uid();
+
         //判断消息是否是当前用户发送(如果是则跳过权限验证)
-        if ($recordsInfo->user_id != $uid) {
+        if ($recordsInfo->user_id != $user_id) {
             if ($recordsInfo->source == 1) {
-                if ($recordsInfo->receive_id != $uid) {
+                if ($recordsInfo->receive_id != $user_id) {
                     return $this->response->fail('非法请求...');
                 }
             } else {
-                if (!UsersGroup::isMember($recordsInfo->receive_id, $uid)) {
+                if (!UsersGroup::isMember($recordsInfo->receive_id, $user_id)) {
                     return $this->response->fail('非法请求...');
                 }
             }
         }
 
-        $fileInfo = ChatRecordsFile::select(['save_dir', 'original_name'])->where('record_id', $crId)->first();
+        $fileInfo = ChatRecordsFile::select(['save_dir', 'original_name'])->where('record_id', $params['cr_id'])->first();
         if (!$fileInfo) {
             return $this->response->fail('文件不存在或没有下载权限...');
         }
 
         return $response->download($uploadService->driver($fileInfo->save_dir), $fileInfo->original_name);
     }
+
+    /**
+     * 下载笔记附件
+     *
+     * @RequestMapping(path="article-annex", methods="get")
+     *
+     * @param ResponseInterface $response
+     * @param UploadService $uploadService
+     * @return \Psr\Http\Message\ResponseInterface
+     */
+    public function articleAnnex(ResponseInterface $response, UploadService $uploadService)
+    {
+        $params = $this->request->inputs(['annex_id']);
+        $this->validate($params, [
+            'annex_id' => 'required|integer',
+        ]);
+
+        $info = ArticleAnnex::select(['save_dir', 'original_name'])
+            ->where('id', $params['annex_id'])
+            ->where('user_id', $this->uid())
+            ->first();
+
+        if (!$info) {
+            return $this->response->fail('文件不存在或没有下载权限...');
+        }
+
+        return $response->download($uploadService->driver($info->save_dir), $info->original_name);
+    }
 }
diff --git a/app/Controller/Api/V1/UsersController.php b/app/Controller/Api/V1/UsersController.php
index d7c1920..ca74d79 100644
--- a/app/Controller/Api/V1/UsersController.php
+++ b/app/Controller/Api/V1/UsersController.php
@@ -299,7 +299,7 @@ class UsersController extends CController
         }
 
         //判断对方是否在线。如果在线发送消息通知
-//        if ($this->socketFDService->isOnlineAll((int)$params['friend_id'])) {
+        if ($this->socketFDService->isOnlineAll((int)$params['friend_id'])) {
 //            $this->producer->produce(
 //                new ChatMessageProducer('event_friend_apply', [
 //                    'sender' => $user_id,
@@ -309,7 +309,7 @@ class UsersController extends CController
 //                    'remark' => ''
 //                ])
 //            );
-//        }
+        }
 
         return $this->response->success([], '处理成功...');
     }
diff --git a/app/Model/Article/ArticleAnnex.php b/app/Model/Article/ArticleAnnex.php
index 97bfd1a..612d58d 100644
--- a/app/Model/Article/ArticleAnnex.php
+++ b/app/Model/Article/ArticleAnnex.php
@@ -37,9 +37,17 @@ class ArticleAnnex extends BaseModel
      * @var array
      */
     protected $fillable = [
-        'user_id', 'article_id', 'file_size', 'status', 'created_at'
+        'user_id',
+        'article_id',
+        'file_suffix',
+        'file_size',
+        'save_dir',
+        'original_name',
+        'status',
+        'created_at',
+        'deleted_at'
     ];
-
+    
     /**
      * The attributes that should be cast to native types.
      *
diff --git a/app/Service/UploadService.php b/app/Service/UploadService.php
index 523466e..a9e0c6f 100644
--- a/app/Service/UploadService.php
+++ b/app/Service/UploadService.php
@@ -42,6 +42,12 @@ class UploadService extends BaseService
         $this->makeDirectory($save_dir);
 
         $file->moveTo(sprintf('%s/%s', $save_dir, $filename));
+
+        if ($file->isMoved()) {
+            // 修改文集权限
+            @chmod(sprintf('%s/%s', $save_dir, $filename), 0644);
+        }
+
         return $file->isMoved() ? sprintf('/%s/%s', trim($dir, '/'), $filename) : false;
     }
 }
diff --git a/config/autoload/server.php b/config/autoload/server.php
index 1e4513f..1cef078 100644
--- a/config/autoload/server.php
+++ b/config/autoload/server.php
@@ -1,6 +1,7 @@
 <?php
 
 declare(strict_types=1);
+
 /**
  * This file is part of Hyperf.
  *
@@ -9,6 +10,7 @@ declare(strict_types=1);
  * @contact  group@hyperf.io
  * @license  https://github.com/hyperf/hyperf/blob/master/LICENSE
  */
+
 use Hyperf\Server\Server;
 use Hyperf\Server\SwooleEvent;
 
@@ -37,7 +39,7 @@ return [
                 SwooleEvent::ON_MESSAGE => [Hyperf\WebSocketServer\Server::class, 'onMessage'],
                 SwooleEvent::ON_CLOSE => [Hyperf\WebSocketServer\Server::class, 'onClose'],
             ],
-            'settings'=>[
+            'settings' => [
                 //设置心跳检测
                 'heartbeat_idle_time' => 70,
                 'heartbeat_check_interval' => 30,
@@ -46,7 +48,7 @@ return [
     ],
     'settings' => [
         'enable_coroutine' => true,
-        'worker_num' => 1,
+        'worker_num' => swoole_cpu_num() * 4,
         'pid_file' => BASE_PATH . '/runtime/hyperf.pid',
         'open_tcp_nodelay' => true,
         'max_coroutine' => 100000,
@@ -54,7 +56,7 @@ return [
         'max_request' => 10000,
         'socket_buffer_size' => 3 * 1024 * 1024,
         'buffer_output_size' => 3 * 1024 * 1024,
-        'package_max_length'=> 10 * 1024 * 1024,
+        'package_max_length' => 10 * 1024 * 1024,
     ],
     'callbacks' => [
         //自定义启动前事件
diff --git a/upload-test.html b/upload-test.html
deleted file mode 100644
index 6cb0007..0000000
--- a/upload-test.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="utf-8">
-    <title></title>
-</head>
-<body>
-<input type="file" name="filename" id="upload-btn"/>
-<script src="http://libs.baidu.com/jquery/2.0.0/jquery.min.js"></script>
-<script type="text/javascript">
-    $('#upload-btn').on('change', function (file) {
-        var file = $(this)[0].files[0];
-        var fileData = new FormData();
-        fileData.append("file", file);
-
-        var i = 0;
-        var func = function () {
-            if (i >= 2000) {return;}
-
-            $.ajax({
-                url: 'http://47.105.180.123:9503/upload',
-                data: fileData,
-                dataType: 'json', //服务器返回json格式数据
-                type: 'post', //HTTP请求类型
-                processData: false,
-                success: function () {
-                    i++;
-                    func();
-                }
-            })
-        };
-
-        func();
-    });
-</script>
-</body>
-</html>