diff --git a/business/auth2/auth2.go b/business/auth2/auth2.go
index 17360fa40..5c5ebd61c 100644
--- a/business/auth2/auth2.go
+++ b/business/auth2/auth2.go
@@ -3,6 +3,7 @@ package auth2
 import (
 	"bytes"
 	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"regexp"
 	"strings"
@@ -316,6 +317,42 @@ func Login(ctx *Context, authType, authID, authIDType, authSecret string) (authI
 	return LoginInternal(ctx, authType, authID, authIDType, authSecret)
 }
 
+// 抖音用户信息解密
+type TikTokDecryptInfo struct {
+	CountryCode     string `json:"countryCode"`
+	PhoneNumber     string `json:"phoneNumber"`
+	PurePhoneNumber string `json:"purePhoneNumber"`
+	Watermark       *struct {
+		AppID     string `json:"appid"`
+		Timestamp int64  `json:"timestamp"`
+	} `json:"watermark"`
+}
+
+func DecryptUserMsg(sessionKey, iv, msg string) (string, error) {
+	decodeMsg, err := base64.StdEncoding.DecodeString(msg)
+	if err != nil {
+		return "", err
+	}
+	decodeIv, err := base64.StdEncoding.DecodeString(iv)
+	if err != nil {
+		return "", err
+	}
+	decodeSessionKey, err := base64.StdEncoding.DecodeString(sessionKey)
+	if err != nil {
+		return "", err
+	}
+
+	userInfo, err := utils.AESCBC16Decrypt(decodeSessionKey, decodeIv, decodeMsg)
+	if err != nil {
+		return "", err
+	}
+	result := &TikTokDecryptInfo{}
+	if err := json.Unmarshal(userInfo, result); err != nil {
+		return "", err
+	}
+	return result.PhoneNumber, nil
+}
+
 // 通过临时TOKEN绑定新创建的用户
 func BindUser(inauthInfo *AuthInfo, user IUser) (outauthInfo *AuthInfo, err error) {
 	if err = AddAuthBind(user, inauthInfo); err == nil {
diff --git a/controllers/auth2.go b/controllers/auth2.go
index 259566d6d..945fc23f3 100644
--- a/controllers/auth2.go
+++ b/controllers/auth2.go
@@ -90,6 +90,21 @@ func (c *Auth2Controller) SendVerifyCode() {
 	})
 }
 
+// @Title 抖音解密接口，获取用户电话
+// @Description 抖音解密接口，获取用户电话
+// @Param	iv			formData		string		true 	"加密字符偏移量"
+// @Param	sessionKey	formData		string		true	"加密key"
+// @Param	msg			formData		string		true	"加密消息"
+// @Success 200 {object} controllers.CallResult
+// @Failure 200 {object} controllers.CallResult
+// @router /TiktokDecrypt [post]
+func (c *Auth2Controller) TiktokDecrypt() {
+	c.callTiktokDecrypt(func(params *tAuth2TiktokDecryptParams) (interface{}, string, error) {
+		phone, err := auth2.DecryptUserMsg(params.SessionKey, params.Iv, params.Msg)
+		return phone, "", err
+	})
+}
+
 // @Title 登录接口
 // @Description 登录接口（微信与公众号登录不能直接调用此接口）
 // @Param	authType	formData		string		true	"登录类型，当前支持[localpass：本地账号密码，mobile：手机短信，wxqrcode:微信登录，weixinsns：微信公众号，weixinmini；小程序，wxnative：微信APP，ddstaff：钉钉企业，ddqrcode：钉钉扫码，alipaycode：支付宝小程序]"
diff --git a/routers/commentsRouter_controllers.go b/routers/commentsRouter_controllers.go
index a3b601397..cd65d2ede 100644
--- a/routers/commentsRouter_controllers.go
+++ b/routers/commentsRouter_controllers.go
@@ -268,6 +268,15 @@ func init() {
 			Filters:          nil,
 			Params:           nil})
 
+	web.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:Auth2Controller"] = append(web.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:Auth2Controller"],
+		web.ControllerComments{
+			Method:           "TiktokDecrypt",
+			Router:           `/TiktokDecrypt`,
+			AllowHTTPMethods: []string{"post"},
+			MethodParams:     param.Make(),
+			Filters:          nil,
+			Params:           nil})
+
 	web.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:Auth2Controller"] = append(web.GlobalControllerRouter["git.rosy.net.cn/jx-callback/controllers:Auth2Controller"],
 		web.ControllerComments{
 			Method:           "Logout",