diff --git a/app/controller/api/InvoiceIssuance.php b/app/controller/api/InvoiceIssuance.php
index f4c35e7..87f9e65 100644
--- a/app/controller/api/InvoiceIssuance.php
+++ b/app/controller/api/InvoiceIssuance.php
@@ -7,6 +7,7 @@ use app\model\InvoiceIssuance as InvoiceIssuanceModel;
 use app\model\InvoiceIssuanceData;
 use app\model\WechatPucode;
 use app\service\invoice\InvoiceIssuanceService;
+use app\service\invoice\InvoiceQrCode;
 use app\util\ReturnCode;
 use app\validate\InvoiceHeadValidate;
 use app\validate\InvoiceIssuanceValidate;
@@ -259,7 +260,7 @@ class InvoiceIssuance extends Base
         }
 
         // 生成
-        $qrCodeImage = InvoiceIssuanceService::getQrCode($id);
+        $qrCodeImage = InvoiceQrCode::getQrCode($id);
 
         // 返回
         return $this->buildSuccess(['qrCodeImage' => $qrCodeImage]);
@@ -268,7 +269,17 @@ class InvoiceIssuance extends Base
     public function downFile()
     {
         try {
-            $id = $this->request->get('id', '');
+            // 验证令牌
+            $token = $this->request->get('token', '');
+            if (empty($token)) {
+                throw new \Exception('缺少必传参数');
+            }
+            $checkRes = InvoiceQrCode::checkToken($token);
+            if ($checkRes['code'] != 1) {
+                throw new FuncException($checkRes['msg']);
+            }
+            // 获取文件id
+            $id = $checkRes['data']['invoice_issuance_id'];
             if (empty($id)) {
                 throw new \Exception('缺少必传参数');
             }
diff --git a/app/controller/task/InvoiceIssuanceTask.php b/app/controller/task/InvoiceIssuanceTask.php
index f6beebd..a70eabb 100644
--- a/app/controller/task/InvoiceIssuanceTask.php
+++ b/app/controller/task/InvoiceIssuanceTask.php
@@ -4,6 +4,7 @@ namespace app\controller\task;
 
 use app\model\InvoiceIssuance as InvoiceIssuanceModel;
 use app\service\invoice\InvoiceIssuanceService;
+use app\service\invoice\InvoiceQrCode;
 use app\service\user\EmailService;
 use app\service\user\SmsService;
 use think\Response;
@@ -78,7 +79,7 @@ class InvoiceIssuanceTask extends Base
         if ($InvoiceIssuanceValue['email']) {
 
             // 发送发票到邮箱
-            $path = InvoiceIssuanceService::getDownFileUrl($InvoiceIssuanceValue['id']);
+            $path = InvoiceQrCode::getDownFileUrl($InvoiceIssuanceValue['id']);
             $emailResult = (new EmailService())->sendInvoice($InvoiceIssuanceValue['email'], '发票', $path);
             if ($emailResult === true && $InvoiceIssuanceValue['mobile']) {
                 // 发送短信
diff --git a/app/service/invoice/InvoiceIssuanceService.php b/app/service/invoice/InvoiceIssuanceService.php
index f9179a0..d02d4bc 100644
--- a/app/service/invoice/InvoiceIssuanceService.php
+++ b/app/service/invoice/InvoiceIssuanceService.php
@@ -9,16 +9,9 @@ use app\model\InvoiceIssuance;
 use app\model\InvoiceIssuanceData;
 use app\service\webService\ChinaTaxes;
 use app\service\webService\FeeService;
-use Endroid\QrCode\Builder\Builder;
-use Endroid\QrCode\Encoding\Encoding;
-use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
-use Endroid\QrCode\Label\Alignment\LabelAlignmentCenter;
-use Endroid\QrCode\Label\Font\NotoSans;
-use Endroid\QrCode\Writer\PngWriter;
 use fast\FuncException;
 use think\App;
 use think\facade\Log;
-use think\facade\Request;
 
 class InvoiceIssuanceService
 {
@@ -132,43 +125,6 @@ class InvoiceIssuanceService
         return $FeeService->getComputeDetail($param);
     }
 
-    /**
-     *
-     * @param $id
-     * @return string
-     */
-    public static function getDownFileUrl($id): string
-    {
-        $url = Request::domain();
-        return $url . '/api/InvoiceIssuance/downFile?id='.$id;
-    }
-
-    /**
-     * 获取二维码
-     * @param $id
-     * @return string
-     */
-    public static function getQrCode($id): string
-    {
-        $codeUrl = self::getDownFileUrl($id);
-
-        $result = Builder::create()
-                         ->writer(new PngWriter())
-                         ->writerOptions([])
-                         ->data($codeUrl)
-                         ->encoding(new Encoding('UTF-8'))
-                         ->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
-                         ->size(300)
-                         ->margin(10)
-                         ->labelText('')// 发票已开具，请扫描二维码获取发票！
-                         ->labelFont(new NotoSans(20))
-                         ->labelAlignment(new LabelAlignmentCenter())
-                         ->validateResult(false)
-                         ->build();
-
-        return $result->getDataUri();
-    }
-
     /**
      * 处理申请日期
      * @param $expire_time
@@ -549,40 +505,4 @@ class InvoiceIssuanceService
         return json_decode($response, true);
     }
 
-    /**
-     * get请求
-     * @param $url
-     * @return mixed
-     * @throws FuncException
-     */
-    public function curlGet($url)
-    {
-        // 初始化cURL会话
-        $ch = curl_init();
-
-        // 设置cURL选项
-        curl_setopt($ch, CURLOPT_URL, $url); // 目标URL
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // 返回结果而不是输出
-        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET"); // 发送GET请求
-
-        // 跳过证书验证（不推荐在生产环境使用）
-        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-
-        // 跳过主机名验证
-        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
-
-        // 执行cURL会话
-        $response = curl_exec($ch);
-
-        // 检查是否有错误发生
-        if (curl_errno($ch)) {
-            throw new FuncException('请求失败');
-        }
-
-        // 关闭cURL会话
-        curl_close($ch);
-
-        return json_decode($response, true);
-    }
-
 }
diff --git a/app/service/invoice/InvoiceQrCode.php b/app/service/invoice/InvoiceQrCode.php
new file mode 100644
index 0000000..7f8c59f
--- /dev/null
+++ b/app/service/invoice/InvoiceQrCode.php
@@ -0,0 +1,110 @@
+<?php
+
+namespace app\service\invoice;
+
+use Endroid\QrCode\Builder\Builder;
+use Endroid\QrCode\Encoding\Encoding;
+use Endroid\QrCode\ErrorCorrectionLevel\ErrorCorrectionLevelHigh;
+use Endroid\QrCode\Label\Alignment\LabelAlignmentCenter;
+use Endroid\QrCode\Label\Font\NotoSans;
+use Endroid\QrCode\Writer\PngWriter;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use think\facade\Request;
+
+class InvoiceQrCode
+{
+    /**
+     * 组合 url
+     * @param $id
+     * @return string
+     */
+    public static function getDownFileUrl($id): string
+    {
+        $url   = Request::domain(true);
+        $token = self::signToken($id);
+        return $url . '/api/InvoiceIssuance/downFile?token=' . $token;
+    }
+
+    /**
+     * 获取二维码
+     * @param $id
+     * @return string
+     */
+    public static function getQrCode($id): string
+    {
+        $codeUrl = self::getDownFileUrl($id);
+
+        $result = Builder::create()
+                         ->writer(new PngWriter())
+                         ->writerOptions([])
+                         ->data($codeUrl)
+                         ->encoding(new Encoding('UTF-8'))
+                         ->errorCorrectionLevel(new ErrorCorrectionLevelHigh())
+                         ->size(300)
+                         ->margin(10)
+                         ->labelText('')// 发票已开具，请扫描二维码获取发票！
+                         ->labelFont(new NotoSans(20))
+                         ->labelAlignment(new LabelAlignmentCenter())
+                         ->validateResult(false)
+                         ->build();
+
+        return $result->getDataUri();
+    }
+
+    /**
+     * 生成token
+     * @param $id
+     * @return string
+     */
+    protected static function signToken($id): string
+    {
+        $data  = [
+            'invoice_issuance_id' => $id,
+            'now_time'            => time()
+        ];
+        $key   = config('jwt.key');         //这里是自定义的一个随机字串，应该写在config文件中的，解密时也会用，相当于加密中常用的 盐-salt
+        $token = array(
+            "iss"  => $key,        //签发者 可以为空
+            "aud"  => '',          //面象的用户，可以为空
+            "iat"  => time(),      //签发时间
+            "nbf"  => time() + 3,    //在什么时候jwt开始生效  （这里表示生成100秒后才生效）
+            "exp"  => time() + 7200, //token 过期时间
+            "data" => $data           //记录的userid的信息，这里是自已添加上去的，如果有其它信息，可以再添加数组的键值对
+        );
+        return JWT::encode($token, $key, "HS384");  //根据参数生成了token，可选：HS256、HS384、HS512、RS256、ES256等
+    }
+
+    /**
+     * 验证token
+     * @param $token
+     * @return array|int[]
+     */
+    public static function checkToken($token): array
+    {
+        $key    = config('jwt.key');
+        $status = array("code" => 0);
+        try {
+            JWT::$leeway = 60;                                          //当前时间减去60，把时间留点余地
+            $decoded     = JWT::decode($token, new Key($key, 'HS384')); //同上的方式，这里要和签发的时候对应
+            $arr         = (array)$decoded;
+            $res['code'] = 1;
+            $res['data'] = $arr['data'];
+            $res['data'] = json_decode(json_encode($res['data']), true);//将stdObj类型转换为array
+            return $res;
+
+        } catch (\Firebase\JWT\SignatureInvalidException $e) { //签名不正确
+            $status['msg'] = "验证失败";                           //"签名不正确";
+            return $status;
+        } catch (\Firebase\JWT\BeforeValidException $e) { // 签名在某个时间点之后才能用
+            $status['msg'] = "验证失败";                      //"token失效";
+            return $status;
+        } catch (\Firebase\JWT\ExpiredException $e) { // token过期
+            $status['msg'] = "验证失败";                  //"token失效";
+            return $status;
+        } catch (\Exception $e) {   //其他错误
+            $status['msg'] = "验证失败";//"未知错误";
+            return $status;
+        }
+    }
+}