diff --git a/routes/stream.js b/routes/stream.js
index ad5b901..e0bbf0a 100644
--- a/routes/stream.js
+++ b/routes/stream.js
@@ -17,7 +17,7 @@ const config = require('../config'); // 引入配置
 const router = express.Router();
 
 router.get('/', (req, res) => {
-    const token = req.query.token;
+    const { token } = req.query;
     // 增加解析token逻辑，
     if (!token) {
         res.status(401).json({message: 'Unauthorized: Token missing'});
@@ -30,9 +30,11 @@ router.get('/', (req, res) => {
         // 解析Token并验证签名：
         const decoded = jwt.verify(token, config.jwt.jwtSecret, {
             algorithms: ['HS256'],
-            clockTolerance: 15 // 防止 Hyperf 生成后立即验证因 nbf 失败
+            clockTolerance: 15, // 防止 Hyperf 生成后立即验证因 nbf 失败
+            ignoreExpiration: false,
+            maxAge: '5m', // 设置最大有效期
+            clockTimestamp: Math.floor(Date.now() / 1000) - 30 // 添加30秒宽限时间处理并发请求
         });
-
         clientId = decoded.claims?.user_client_id || decoded.sub || uuidV4();
     } catch (err) {
         res.status(401).json({
@@ -44,13 +46,14 @@ router.get('/', (req, res) => {
 
     setupSSEHeaders(res);
 
-    // 立即发送确认
-    res.write(`data: ${JSON.stringify({
+    const initialData = {
         status: 'connected',
         clientId,
         clientCount: clients.size(),
         time: timestamp.formatTime()
-    })}\n\n`);
+    };
+    // 立即发送确认
+    res.write(`data: ${JSON.stringify(initialData)}\n\n`);
 
     clients.add(clientId, res);