diff --git a/source/application/api/controller/library/Pass.php b/source/application/api/controller/library/Pass.php
index 6c34190..72d4483 100644
--- a/source/application/api/controller/library/Pass.php
+++ b/source/application/api/controller/library/Pass.php
@@ -3,13 +3,22 @@ namespace app\api\controller\library;
 
 use app\api\controller\Controller;
 use app\common\dm\Dm;
+use app\common\exception\BaseException;
 use app\common\logic\PassFlow;
+use think\Session;
 
 class Pass extends Controller
 {
 
     protected $url = 'http://balib.cn:8999';
 
+    public function requestValiDate()
+    {
+        $token = $this->request->param('token');
+        if (empty($token)) throw new BaseException(['msg' => '缺少token参数']);
+        if ($token != Session::pull('__token__')) throw new BaseException(['msg' => 'token验证失败']);
+    }
+
     /**
      * 图书管数据接口
      * @return array
@@ -19,6 +28,7 @@ class Pass extends Controller
      */
     public function allFlowTrends()
     {
+        $this->requestValiDate();
         $data = PassFlow::allFlowTrends();
         return $this->renderSuccess(compact('data'));
     }
@@ -204,6 +214,7 @@ class Pass extends Controller
      */
     public function getLibraryHours24List()
     {
+        $this->requestValiDate();
         $data = PassFlow::getLibraryHours24List();
         return $this->renderSuccess(compact('data'));
     }
@@ -217,6 +228,7 @@ class Pass extends Controller
      */
     public function getLibraryGroupHoursList()
     {
+        $this->requestValiDate();
         $data = PassFlow::getLibraryGroupHoursList();
         return $this->renderSuccess(compact('data'));
     }
@@ -264,6 +276,7 @@ class Pass extends Controller
      */
     public function getLibraryLeaseData()
     {
+        $this->requestValiDate();
         $data = PassFlow::getLibraryLeaseData();
         return $this->renderSuccess(compact('data'));
     }
diff --git a/source/application/api/controller/pass/Passcc.php b/source/application/api/controller/pass/Passcc.php
index b68eb14..f243347 100644
--- a/source/application/api/controller/pass/Passcc.php
+++ b/source/application/api/controller/pass/Passcc.php
@@ -9,6 +9,7 @@ use app\common\exception\BaseException;
 use app\common\logic\PassFlow;
 use app\common\model\Pass;
 use think\Db;
+use think\Session;
 
 class Passcc extends Controller
 {
@@ -19,6 +20,9 @@ class Passcc extends Controller
 
     public function _initialize()
     {
+        $token = $this->request->param('token');
+        if (empty($token)) throw new BaseException(['msg' => '缺少token参数']);
+        if ($token != Session::pull('__token__')) throw new BaseException(['msg' => 'token验证失败']);
         $type = $this->request->param('type');
         if (!empty($type) || is_numeric($type)) {
             if (!preg_match('/^[1-2]$/',$type)) throw new BaseException(['msg' => 'type字段参数错误']);
diff --git a/source/application/api/controller/xtool/Token.php b/source/application/api/controller/xtool/Token.php
new file mode 100644
index 0000000..02357af
--- /dev/null
+++ b/source/application/api/controller/xtool/Token.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace app\api\controller\xtool;
+
+use app\api\controller\Controller;
+
+class Token extends Controller
+{
+    public function getToken()
+    {
+        return $this->renderSuccess(['token' => $this->request->token()]);
+    }
+}
\ No newline at end of file