diff --git a/auth/middleware.go b/auth/middleware.go
index ac5a7a2..d5e6237 100644
--- a/auth/middleware.go
+++ b/auth/middleware.go
@@ -3,27 +3,31 @@ package auth
 
 import (
     "crypto/subtle"
+    "html/template"
     "net/http"
     "time"
 )
 
 type AuthMiddleware struct {
-    username string
-    password string
-    sessions *SessionManager
+    username  string
+    password  string
+    sessions  *SessionManager
+    templates *template.Template
 }
 
-func NewAuthMiddleware(username, password string, sessions *SessionManager) *AuthMiddleware {
+func NewAuthMiddleware(username, password string, sessions *SessionManager, templates *template.Template) *AuthMiddleware {
     return &AuthMiddleware{
-        username: username,
-        password: password,
-        sessions: sessions,
+        username:  username,
+        password:  password,
+        sessions:  sessions,
+        templates: templates,
     }
 }
 
 func (a *AuthMiddleware) Login(w http.ResponseWriter, r *http.Request) {
     if r.Method == "GET" {
-        a.serveLoginPage(w)
+        showError := r.URL.Query().Get("error") == "1"
+        a.serveLoginPage(w, showError)
         return
     }
     
@@ -47,7 +51,7 @@ func (a *AuthMiddleware) Login(w http.ResponseWriter, r *http.Request) {
             Value:    sessionID,
             Path:     "/",
             HttpOnly: true,
-            Secure:   true,
+            Secure:   r.TLS != nil, // 只在 HTTPS 时设置 Secure
             SameSite: http.SameSiteStrictMode,
             MaxAge:   1800,
         })
@@ -72,7 +76,7 @@ func (a *AuthMiddleware) Logout(w http.ResponseWriter, r *http.Request) {
         Value:    "",
         Path:     "/",
         HttpOnly: true,
-        Secure:   true,
+        Secure:   r.TLS != nil,
         MaxAge:   -1,
     })
     
@@ -90,98 +94,15 @@ func (a *AuthMiddleware) Require(next http.Handler) http.Handler {
     })
 }
 
-func (a *AuthMiddleware) serveLoginPage(w http.ResponseWriter) {
-    html := `<!DOCTYPE html>
-<html>
-<head>
-    <meta charset="UTF-8">
-    <title>Login - Secure Site Proxy</title>
-    <style>
-        * { margin: 0; padding: 0; box-sizing: border-box; }
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-            min-height: 100vh;
-            display: flex;
-            align-items: center;
-            justify-content: center;
-        }
-        .login-container {
-            background: white;
-            padding: 40px;
-            border-radius: 10px;
-            box-shadow: 0 10px 40px rgba(0,0,0,0.2);
-            width: 100%;
-            max-width: 400px;
-        }
-        h1 {
-            text-align: center;
-            margin-bottom: 30px;
-            color: #333;
-        }
-        .form-group {
-            margin-bottom: 20px;
-        }
-        label {
-            display: block;
-            margin-bottom: 5px;
-            color: #555;
-            font-weight: 500;
-        }
-        input {
-            width: 100%;
-            padding: 12px;
-            border: 2px solid #e0e0e0;
-            border-radius: 5px;
-            font-size: 14px;
-            transition: border-color 0.3s;
-        }
-        input:focus {
-            outline: none;
-            border-color: #667eea;
-        }
-        button {
-            width: 100%;
-            padding: 12px;
-            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-            color: white;
-            border: none;
-            border-radius: 5px;
-            font-size: 16px;
-            font-weight: 600;
-            cursor: pointer;
-            transition: transform 0.2s;
-        }
-        button:hover {
-            transform: translateY(-2px);
-        }
-        .error {
-            background: #fee;
-            color: #c33;
-            padding: 10px;
-            border-radius: 5px;
-            margin-bottom: 20px;
-            text-align: center;
-        }
-    </style>
-</head>
-<body>
-    <div class="login-container">
-        <h1>🔒 Secure Login</h1>
-        <form method="POST" action="/login">
-            <div class="form-group">
-                <label for="username">Username</label>
-                <input type="text" id="username" name="username" required autofocus>
-            </div>
-            <div class="form-group">
-                <label for="password">Password</label>
-                <input type="password" id="password" name="password" required>
-            </div>
-            <button type="submit">Login</button>
-        </form>
-    </div>
-</body>
-</html>`
+func (a *AuthMiddleware) serveLoginPage(w http.ResponseWriter, showError bool) {
+    data := struct {
+        Error bool
+    }{
+        Error: showError,
+    }
+    
     w.Header().Set("Content-Type", "text/html; charset=utf-8")
-    w.Write([]byte(html))
+    if err := a.templates.ExecuteTemplate(w, "login.html", data); err != nil {
+        http.Error(w, "Internal server error", http.StatusInternalServerError)
+    }
 }
