diff --git a/server/controller/pay.go b/server/controller/pay.go
index 90fe044..3c03abf 100644
--- a/server/controller/pay.go
+++ b/server/controller/pay.go
@@ -1,6 +1,7 @@
 package controller
 
 import (
+	"enterprise/common/config"
 	"enterprise/common/dao"
 	"enterprise/server/api"
 	"enterprise/server/service"
@@ -24,6 +25,10 @@ func (q *Pay) Pay(ctx *gin.Context) {
 	var req api.PayReq
 	session.CheckParamError(ctx.ShouldBindJSON(&req))
 
+	if req.Password != corp.GetConfig().Password {
+		panic(config.ErrParam.New().Append("密码错误"))
+	}
+
 	service.NewPay().Pay(corp, &req)
 	ctx.JSON(http.StatusOK, session.NewRspOk())
 }