diff --git a/server/internal/api/middleware.go b/server/internal/api/middleware.go
index bf45b2c..529936f 100644
--- a/server/internal/api/middleware.go
+++ b/server/internal/api/middleware.go
@@ -138,10 +138,18 @@ func withAuth(apiDomain string) func(http.Handler) http.Handler {
 				return
 			}
 
-			// 检查认证是否成功
-			if authResp.Code != 200 {
-				errorMsg := fmt.Sprintf("{\"code\":%d,\"message\":\"%s\",\"data\":null}", authResp.Code, authResp.Message)
-				http.Error(w, errorMsg, http.StatusUnauthorized)
+			// 检查认证是否成功（支持 HTTP 状态码和业务 code）
+			if resp.StatusCode != http.StatusOK || authResp.Code != 200 {
+				// 优先使用业务返回的错误信息
+				errorMsg := authResp.Message
+				if errorMsg == "" {
+					errorMsg = "认证失败"
+				}
+				// 返回原始的业务错误码和消息
+				responseBody := fmt.Sprintf("{\"code\":%d,\"message\":\"%s\",\"data\":null}", authResp.Code, errorMsg)
+				w.Header().Set("Content-Type", "application/json")
+				w.WriteHeader(http.StatusUnauthorized)
+				w.Write([]byte(responseBody))
 				return
 			}
 
diff --git a/server/internal/api/resellers.go b/server/internal/api/resellers.go
index e3cff6b..4a32e9e 100644
--- a/server/internal/api/resellers.go
+++ b/server/internal/api/resellers.go
@@ -2,6 +2,7 @@ package api
 
 import (
 	"database/sql"
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -25,6 +26,7 @@ func ResellersHandler(resellerDB *sql.DB) http.Handler {
 
 func (a *ResellersAPI) list(w http.ResponseWriter, r *http.Request) {
 	q := r.URL.Query().Get("q")
+	creatorParam := r.URL.Query().Get("creator")
 	limitStr := r.URL.Query().Get("limit")
 	limit := 2000
 	if limitStr != "" {
@@ -32,16 +34,58 @@ func (a *ResellersAPI) list(w http.ResponseWriter, r *http.Request) {
 			limit = n
 		}
 	}
-	// 不再过滤 creator，返回所有分销商
+
+	// 从 context 中获取创建者 ID 列表
+	creatorIDs := CreatorIDsFrom(r)
+
+	// 构建 SQL 查询
 	sql1 := "SELECT id, COALESCE(name,'') AS name FROM reseller"
 	args := []interface{}{}
+	whereClauses := []string{}
+
+	// 构建 creator 过滤条件（URL 参数 OR context 中的创建者 ID）
+	if creatorParam != "" || len(creatorIDs) > 0 {
+		creatorConditions := []string{}
+
+		// 添加 URL 参数的 creator 条件
+		if creatorParam != "" {
+			if creatorID, err := strconv.Atoi(creatorParam); err == nil {
+				creatorConditions = append(creatorConditions, "creator = ?")
+				args = append(args, creatorID)
+			}
+		}
+
+		// 添加 context 中的创建者 ID IN 条件
+		if len(creatorIDs) > 0 {
+			placeholders := []string{}
+			for _, id := range creatorIDs {
+				placeholders = append(placeholders, "?")
+				args = append(args, id)
+			}
+			creatorConditions = append(creatorConditions, fmt.Sprintf("creator IN (%s)", strings.Join(placeholders, ",")))
+		}
+
+		// 使用 OR 连接两个条件
+		if len(creatorConditions) > 0 {
+			whereClauses = append(whereClauses, fmt.Sprintf("(%s)", strings.Join(creatorConditions, " OR ")))
+		}
+	}
+
+	// 添加搜索条件
 	if q != "" {
-		sql1 += " WHERE CAST(id AS CHAR) LIKE ? OR name LIKE ?"
+		whereClauses = append(whereClauses, "(CAST(id AS CHAR) LIKE ? OR name LIKE ?)")
 		like := "%" + q + "%"
 		args = append(args, like, like)
 	}
+
+	// 组装 WHERE 子句
+	if len(whereClauses) > 0 {
+		sql1 += " WHERE " + strings.Join(whereClauses, " AND ")
+	}
+
 	sql1 += " ORDER BY id ASC LIMIT ?"
 	args = append(args, limit)
+
 	rows, err := a.resellerDB.Query(sql1, args...)
 	if err != nil {
 		fail(w, r, http.StatusInternalServerError, err.Error())