diff --git a/api/views_api.py b/api/views_api.py
index 2c4dc86..d753b8d 100644
--- a/api/views_api.py
+++ b/api/views_api.py
@@ -91,18 +91,22 @@ def currentUser(request):
     if request.method == 'GET':
         result['error'] = '错误的提交方式！'
         return JsonResponse(result)
-
     postdata = json.loads(request.body)
     rid = postdata.get('id', '')
     uuid = postdata.get('uuid', '')
-
-    user = UserProfile.objects.filter(Q(rid=rid) & Q(uuid=uuid)).first()
-    token = RustDeskToken.objects.filter(Q(uid=user.id) & Q(rid=user.rid)).first()
+    
+    access_token = request.META.get('HTTP_AUTHORIZATION', '')
+    access_token = access_token.split('Bearer ')[-1]
+    token = RustDeskToken.objects.filter(Q(access_token=access_token) ).first()
+    user = None
+    if token:
+        user = UserProfile.objects.filter(Q(id=token.uid)).first()
+    
     if user:
         if token:
             result['access_token'] = token.access_token
         result['type'] = 'access_token'
-        result['user'] = {'name':user.username}
+        result['name'] = {user.username}
     return JsonResponse(result)
 
 
diff --git a/rustdesk_server_api/settings.py b/rustdesk_server_api/settings.py
index 3604bfa..f790d0d 100644
--- a/rustdesk_server_api/settings.py
+++ b/rustdesk_server_api/settings.py
@@ -23,7 +23,7 @@ CSRF_TRUSTED_ORIGINS = [os.environ.get("CSRF_TRUSTED_ORIGINS", "http://www.baidu
 SECRET_KEY = 'j%7yjvygpih=6b%qf!q%&ixpn+27dngzdu-i3xh-^3xgy3^nnc'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 ALLOWED_HOSTS = ["*"]
 AUTH_USER_MODEL = 'api.UserProfile'      #AppName.自定义user