diff --git a/internal/api/app/product.go b/internal/api/app/product.go
index e579ab0..574c1f1 100755
--- a/internal/api/app/product.go
+++ b/internal/api/app/product.go
@@ -121,7 +121,11 @@ type getAppProductDetailResponse struct {
 func (h *productHandler) GetProductDetailForApp() core.HandlerFunc {
 	return func(ctx core.Context) {
 		idStr := ctx.Param("id")
-		id, _ := strconv.ParseInt(idStr, 10, 64)
+		id, err := strconv.ParseInt(idStr, 10, 64)
+		if err != nil || id <= 0 {
+			ctx.AbortWithError(core.Error(http.StatusBadRequest, code.ParamBindError, "无效的商品ID"))
+			return
+		}
 		d, err := h.product.GetDetailForApp(ctx.RequestContext(), id)
 		if err != nil {
 			if err.Error() == "PRODUCT_OFFSHELF" {
@@ -132,7 +136,7 @@ func (h *productHandler) GetProductDetailForApp() core.HandlerFunc {
 				ctx.AbortWithError(core.Error(http.StatusOK, 20002, "商品缺货"))
 				return
 			}
-			ctx.AbortWithError(core.Error(http.StatusBadRequest, code.ServerError, validation.Error(err)))
+			ctx.AbortWithError(core.Error(http.StatusInternalServerError, code.ServerError, "商品信息获取失败"))
 			return
 		}
 		ptsDetail := h.user.CentsToPointsFloat(ctx.RequestContext(), d.Price)
diff --git a/internal/router/router.go b/internal/router/router.go
index ff7e65d..eaf8c41 100755
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -462,6 +462,7 @@ func NewHTTPMux(logger logger.CustomLogger, db mysql.Repo) (core.Mux, func(), er
 		// 商城浏览（无需登录）
 		appPublicApiRouter.GET("/store/items", appapi.NewStore(logger, db, userSvc).ListStoreItemsForApp())
 		appPublicApiRouter.GET("/product_categories", appapi.NewProductCategory(logger, db).ListProductCategoriesForApp())
+		appPublicApiRouter.GET("/products/:id", appapi.NewProduct(logger, db, userSvc).GetProductDetailForApp())
 	}
 
 	// 公开接口路由组 (无需登录)
@@ -514,7 +515,6 @@ func NewHTTPMux(logger logger.CustomLogger, db mysql.Repo) (core.Mux, func(), er
 		appAuthApiRouter.GET("/orders/:order_id", userHandler.GetOrderDetail())
 		appAuthApiRouter.POST("/orders/:order_id/cancel", userHandler.CancelOrder())
 		appAuthApiRouter.GET("/products", appapi.NewProduct(logger, db, userSvc).ListProductsForApp())
-		appAuthApiRouter.GET("/products/:id", appapi.NewProduct(logger, db, userSvc).GetProductDetailForApp())
 		appAuthApiRouter.GET("/lottery/result", activityHandler.LotteryResultByOrder())
 
 		// 需要黑名单检查的抽奖接口组