diff --git a/app/api/miniprogram/phone/route.ts b/app/api/miniprogram/phone/route.ts
new file mode 100644
index 0000000..880b0c0
--- /dev/null
+++ b/app/api/miniprogram/phone/route.ts
@@ -0,0 +1,86 @@
+/**
+ * 微信手机号解密API
+ * 获取用户手机号（需要小程序 getPhoneNumber 授权）
+ */
+
+import { NextRequest, NextResponse } from 'next/server'
+import { query } from '@/lib/db'
+
+const APPID = process.env.WECHAT_APPID || 'wxb8bbb2b10dec74aa'
+const APPSECRET = process.env.WECHAT_APPSECRET || '25b7e7fdb7998e5107e242ebb6ddabd0'
+
+/**
+ * POST - 解密手机号
+ */
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json()
+    const { code, userId } = body
+    
+    if (!code) {
+      return NextResponse.json({ success: false, message: '缺少code参数' }, { status: 400 })
+    }
+    
+    // 1. 获取 access_token
+    const tokenUrl = `https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=${APPID}&secret=${APPSECRET}`
+    const tokenRes = await fetch(tokenUrl)
+    const tokenData = await tokenRes.json()
+    
+    if (!tokenData.access_token) {
+      console.error('[Phone] 获取access_token失败:', tokenData)
+      return NextResponse.json({ 
+        success: false, 
+        message: '获取access_token失败',
+        error: tokenData.errmsg 
+      }, { status: 500 })
+    }
+    
+    // 2. 获取手机号
+    const phoneUrl = `https://api.weixin.qq.com/wxa/business/getuserphonenumber?access_token=${tokenData.access_token}`
+    const phoneRes = await fetch(phoneUrl, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ code })
+    })
+    const phoneData = await phoneRes.json()
+    
+    if (phoneData.errcode !== 0) {
+      console.error('[Phone] 获取手机号失败:', phoneData)
+      return NextResponse.json({ 
+        success: false, 
+        message: '获取手机号失败',
+        error: phoneData.errmsg 
+      }, { status: 500 })
+    }
+    
+    const phoneNumber = phoneData.phone_info?.phoneNumber || phoneData.phone_info?.purePhoneNumber
+    
+    if (!phoneNumber) {
+      return NextResponse.json({ success: false, message: '未获取到手机号' }, { status: 500 })
+    }
+    
+    // 3. 如果有userId，更新到数据库
+    if (userId) {
+      try {
+        await query('UPDATE users SET phone = ? WHERE id = ?', [phoneNumber, userId])
+        console.log('[Phone] 手机号已绑定到用户:', userId)
+      } catch (e) {
+        console.log('[Phone] 更新数据库失败，但返回手机号成功')
+      }
+    }
+    
+    return NextResponse.json({
+      success: true,
+      phoneNumber,
+      countryCode: phoneData.phone_info?.countryCode || '86'
+    })
+    
+  } catch (error) {
+    console.error('[Phone] Error:', error)
+    return NextResponse.json({
+      success: false,
+      message: '服务器错误',
+      error: String(error)
+    }, { status: 500 })
+  }
+}