diff --git a/backend/src/controllers/adminController.ts b/backend/src/controllers/adminController.ts
index 16048a4..b890187 100644
--- a/backend/src/controllers/adminController.ts
+++ b/backend/src/controllers/adminController.ts
@@ -64,7 +64,7 @@ export const adminController = {
           username: admin.username, 
           role: admin.isAdmin ? 'admin' : 'user'
         },
-        process.env.JWT_SECRET!,
+        "pandora",
         { expiresIn: '24h' }
       );
 
diff --git a/backend/src/controllers/authController.ts b/backend/src/controllers/authController.ts
index 12469ca..35784f1 100644
--- a/backend/src/controllers/authController.ts
+++ b/backend/src/controllers/authController.ts
@@ -8,7 +8,7 @@ import type { Secret, SignOptions } from 'jsonwebtoken';
 
 // Generate JWT token
 function generateToken(userId: string): string {
-  const secret = process.env.JWT_SECRET;
+  const secret = "pandora";
   if (!secret) {
     throw new Error('JWT_SECRET is not configured');
   }
@@ -303,7 +303,7 @@ export const authController = {
     }
 
     try {
-      const decoded = jwt.verify(refreshToken, process.env.JWT_SECRET!) as any;
+      const decoded = jwt.verify(refreshToken, "pandora") as any;
       
       const session = await prisma.session.findFirst({
         where: {
diff --git a/backend/src/middleware/auth.ts b/backend/src/middleware/auth.ts
index 2103869..ea2ecf3 100644
--- a/backend/src/middleware/auth.ts
+++ b/backend/src/middleware/auth.ts
@@ -28,7 +28,7 @@ export const authenticateToken = async (
     }
 
     const token = authHeader.substring(7);
-    const decoded = jwt.verify(token, process.env.JWT_SECRET!) as any;
+    const decoded = jwt.verify(token, "pandora") as any;
 
     // 检查用户是否存在
     const user = await prisma.user.findUnique({
diff --git a/backend/src/middleware/authMiddleware.ts b/backend/src/middleware/authMiddleware.ts
index 0444f83..d91d30b 100644
--- a/backend/src/middleware/authMiddleware.ts
+++ b/backend/src/middleware/authMiddleware.ts
@@ -26,7 +26,7 @@ export async function authMiddleware(
     const token = authHeader.substring(7);
     console.log('验证token:', { token: token.substring(0, 20) + '...' })
     
-    const decoded = jwt.verify(token, process.env.JWT_SECRET!) as any;
+    const decoded = jwt.verify(token, "pandora") as any;
     console.log('JWT解码成功:', { userId: decoded.userId })
 
     // Check if session exists and is valid