diff --git a/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java b/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java
index 627c016..0866eb4 100644
--- a/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java
+++ b/bonus-common-biz/src/main/java/com/bonus/common/houqin/constant/GlobalConstants.java
@@ -83,4 +83,6 @@ public class GlobalConstants {
      */
     public static final String STRING_TRUE = "true";
 
+    public static final String JYY = "jyy:";
+
 }
diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/DateUtil.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/DateUtil.java
index 13aeabc..f57b794 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/DateUtil.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/DateUtil.java
@@ -66,6 +66,13 @@ public class DateUtil {
         for (LocalDate date : weekDates) {
             System.out.println(date.format(formatter) + " (" + date.getDayOfWeek() + ")");
         }
+        System.out.println("====================");
+        System.out.println(getCurrentDateStr());
     }
 
+    public static String getCurrentDateStr() {
+        LocalDate currentDate = LocalDate.now();
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
+        return currentDate.format(formatter);
+    }
 }
diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/HeaderFetchUtil.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/HeaderFetchUtil.java
new file mode 100644
index 0000000..7218e20
--- /dev/null
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/common/utils/HeaderFetchUtil.java
@@ -0,0 +1,60 @@
+package com.bonus.canteen.core.common.utils;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.text.CharSequenceUtil;
+import cn.hutool.core.util.NumberUtil;
+import java.util.Iterator;
+import java.util.Map;
+
+public class HeaderFetchUtil {
+   public static String getMachineSn(Map<String, String> headers) {
+      String value = getValueFromHeadersIgnoreCase(headers, "machine-sn");
+      if (value == null) {
+         value = getValueFromHeadersIgnoreCase(headers, "machineSn");
+      }
+
+      return value;
+   }
+
+   public static String getMachineNum(Map<String, String> headers) {
+      String value = getValueFromHeadersIgnoreCase(headers, "machine-num");
+      if (value == null) {
+         value = getValueFromHeadersIgnoreCase(headers, "machineNum");
+      }
+
+      return value;
+   }
+
+   public static String getFaceVer(Map<String, String> headers) {
+      return getValueFromHeadersIgnoreCase(headers, "face-ver");
+   }
+
+   public static Long getMerchant(Map<String, String> headers) {
+      String value = getValueFromHeadersIgnoreCase(headers, "MERCHANT-ID");
+      return NumberUtil.isNumber(value) ? Long.valueOf(value) : null;
+   }
+
+   public static String getSign(Map<String, String> headers) {
+      String value = getValueFromHeadersIgnoreCase(headers, "sign");
+      return value;
+   }
+
+   public static String getValueFromHeadersIgnoreCase(Map<String, String> headers, String targetKey) {
+      if (CollUtil.isEmpty(headers)) {
+         return null;
+      } else {
+         Iterator var2 = headers.keySet().iterator();
+
+         String key;
+         do {
+            if (!var2.hasNext()) {
+               return null;
+            }
+
+            key = (String)var2.next();
+         } while(!CharSequenceUtil.equalsAnyIgnoreCase(targetKey, new CharSequence[]{key}));
+
+         return (String)headers.get(key);
+      }
+   }
+}
diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java
index ebf0a3c..8ff6991 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqAccountInfoController.java
@@ -5,24 +5,28 @@ import com.bonus.canteen.core.account.constants.AccStatusEnum;
 import com.bonus.canteen.core.account.domain.param.AccountInfoQueryParam;
 import com.bonus.canteen.core.account.domain.vo.AccInfoDetailsVO;
 import com.bonus.canteen.core.account.service.IAccInfoService;
+import com.bonus.canteen.core.common.utils.HeaderFetchUtil;
 import com.bonus.canteen.core.zhhq.domain.AccountInfoDTO;
 import com.bonus.canteen.core.zhhq.domain.AccountInfoVO;
 import com.bonus.canteen.core.zhhq.domain.WeekRecipeDTO;
 import com.bonus.canteen.core.zhhq.service.IZhhqCookRecipeService;
+import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.common.core.web.controller.BaseController;
 import com.bonus.common.core.web.domain.AjaxResult;
+import com.bonus.common.houqin.constant.GlobalConstants;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
 import java.math.BigDecimal;
 import java.util.List;
+import java.util.Map;
+
+import static com.bonus.canteen.core.common.utils.DateUtil.getCurrentDateStr;
 
 /**
  * 账户信息Controller
@@ -40,7 +44,10 @@ public class ZhhqAccountInfoController extends BaseController {
 
     @ApiOperation("获取员工账户信息")
     @PostMapping({"/getBalance"})
-    public AjaxResult getBalance(@RequestBody @Valid AccountInfoDTO dto) {
+    public AjaxResult getBalance(@RequestHeader Map<String, String> requestHeader, @RequestBody @Valid AccountInfoDTO dto) {
+        if (!(GlobalConstants.JYY + getCurrentDateStr()).equals(Sm4Utils.decrypt(HeaderFetchUtil.getSign(requestHeader)))) {
+            throw new ServiceException("访问缺少认证信息");
+        }
         try {
             AccountInfoQueryParam param = new AccountInfoQueryParam();
             param.setUserCode(dto.getEmpCode());
diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqCookRecipeController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqCookRecipeController.java
index 7ad85fd..e75fa9a 100644
--- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqCookRecipeController.java
+++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/zhhq/controller/ZhhqCookRecipeController.java
@@ -1,15 +1,22 @@
 package com.bonus.canteen.core.zhhq.controller;
 
+import com.bonus.canteen.core.common.utils.HeaderFetchUtil;
 import com.bonus.canteen.core.zhhq.domain.WeekRecipeDTO;
 import com.bonus.canteen.core.zhhq.service.IZhhqCookRecipeService;
+import com.bonus.common.core.exception.ServiceException;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.common.core.web.controller.BaseController;
 import com.bonus.common.core.web.domain.AjaxResult;
+import com.bonus.common.houqin.constant.GlobalConstants;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
+import java.time.LocalDate;
+import java.util.Map;
+import static com.bonus.canteen.core.common.utils.DateUtil.getCurrentDateStr;
 
 /**
  * 菜品计划信息Controller
@@ -27,7 +34,10 @@ public class ZhhqCookRecipeController extends BaseController {
 
     @ApiOperation("获取一周菜谱详情")
     @PostMapping({"/getWeekRecipe"})
-    public AjaxResult getWeekRecipeDetailList(@RequestBody @Valid WeekRecipeDTO dto) {
+    public AjaxResult getWeekRecipeDetailList(@RequestHeader Map<String, String> requestHeader, @RequestBody @Valid WeekRecipeDTO dto) {
+        if (!(GlobalConstants.JYY + getCurrentDateStr()).equals(Sm4Utils.decrypt(HeaderFetchUtil.getSign(requestHeader)))) {
+            throw new ServiceException("访问缺少认证信息");
+        }
         try {
             return AjaxResult.success(this.zhhqCookRecipeService.getWeekRecipeDetailList(dto));
         } catch (Exception e) {