diff --git a/controllers/goods.js b/controllers/goods.js
index 3aaceb9..fa5b6b7 100644
--- a/controllers/goods.js
+++ b/controllers/goods.js
@@ -3,29 +3,46 @@ const { query } = require('../config/database')
 async function getGoods(ctx) {
   let sql = 'SELECT * FROM goods WHERE 1=1'
   const params = []
-  
+
   if (ctx.query.hot === '1') {
     sql += ' AND is_hot = 1'
   }
-  
+
   if (ctx.query.isNew === '1') {
     sql += ' AND is_new = 1'
   }
-  
+
   if (ctx.query.category_id) {
     sql += ' AND category_id = ?'
     params.push(parseInt(ctx.query.category_id))
   }
-  
+
   if (ctx.query.keyword) {
-    sql += ' AND name LIKE ?'
-    params.push(`%${ctx.query.keyword}%`)
+    sql += ' AND (name LIKE ? OR barcode LIKE ?)'
+    params.push(`%${ctx.query.keyword}%`, `%${ctx.query.keyword}%`)
   }
-  
-  sql += ' ORDER BY id DESC'
-  
+
+  if (ctx.query.inStock === '1') {
+    sql += ' AND stock > 0'
+  }
+
+  const sortField = ctx.query.sortBy || 'id'
+  const sortOrder = ctx.query.sortOrder === 'asc' ? 'ASC' : 'DESC'
+  const validSortFields = ['id', 'price', 'sales', 'stock', 'created_at']
+
+  if (validSortFields.includes(sortField)) {
+    sql += ` ORDER BY ${sortField} ${sortOrder}`
+  } else {
+    sql += ' ORDER BY id DESC'
+  }
+
+  if (ctx.query.limit) {
+    sql += ' LIMIT ?'
+    params.push(parseInt(ctx.query.limit))
+  }
+
   const goods = await query(sql, params)
-  
+
   ctx.body = {
     code: 200,
     data: goods
diff --git a/routes/upload.js b/routes/upload.js
index d1b7c21..b81ee66 100644
--- a/routes/upload.js
+++ b/routes/upload.js
@@ -39,7 +39,7 @@ router.post('/', upload.single('file'), async (ctx) => {
   const fileUrl = `https://donghy.top/img/${ctx.file.filename}`
   ctx.body = {
     code: 200,
-    message: '上传成功**',
+    message: '上传成功',
     url: fileUrl
   }
 })