diff --git a/web-server/app/router.ts b/web-server/app/router.ts
index 2bfd5bb2b..2d0533196 100644
--- a/web-server/app/router.ts
+++ b/web-server/app/router.ts
@@ -23,8 +23,8 @@ export default (app: Application) => {
   router.post('/user/checkversion', tokenParser, controller.game.checkVersion);
   router.post('/user/checkv', tokenParser, controller.game.checkVersion); // 增加一个接口，规避 iOS 敏感词
   router.post('/user/deleterole', controller.account.deleteRole);
-  router.post('/user/closeaccount', controller.account.closeAccount);
-  router.post('/user/cancelcloseaccount', controller.account.cancelCloseAccount);
+  router.post('/user/closeaccount', tokenParser, controller.account.closeAccount);
+  router.post('/user/cancelcloseaccount', tokenParser, controller.account.cancelCloseAccount);
   router.post('/game/getserverlist', tokenParser, controller.game.getServerList);
   router.post('/game/getnotice', tokenParser, controller.game.getnotice);
   router.post('/gate/queryenter', tokenParser, controller.game.queryEnter);
diff --git a/web-server/app/service/Auth.ts b/web-server/app/service/Auth.ts
index 9dd4a623e..e7835662f 100644
--- a/web-server/app/service/Auth.ts
+++ b/web-server/app/service/Auth.ts
@@ -486,11 +486,11 @@ export default class Auth extends Service {
     
     public async closeAccount(roleId: string) {
         const ctx = this.ctx;
-        let role = await RoleModel.findByRoleId(roleId, '+cancelCloseTime');
-        if(!role) return ctx.service.utils.resResult(STATUS.ROLE_NOT_FOUND);
+        let role = await RoleModel.findByRoleId(roleId, '+closeTime +cancelCloseTime userInfo');
+        if(!role || role.userInfo.uid != ctx.uid ) return ctx.service.utils.resResult(STATUS.ROLE_NOT_FOUND);
         if(role.cancelCloseTime > 0 && role.cancelCloseTime + 24 * 60 * 60 > nowSeconds() )
             return ctx.service.utils.resResult(STATUS.ROLE_CLOSE_COOL_DOWN, `注销冷却中，请${this.getCdTimeStr(role.cancelCloseTime)}后再试`);
-        
+        if(role.closeTime > 0) return ctx.service.utils.resResult(STATUS.ROLE_CLOSED);
         role = await RoleModel.closeAccount(roleId, nowSeconds() + 15 * 24 * 60 * 60);
         return ctx.service.utils.resResult(STATUS.SUCCESS, { closeTime: role.closeTime });
     }
@@ -505,7 +505,10 @@ export default class Auth extends Service {
 
     public async cancelCloseAccount(roleId: string) {
         const ctx = this.ctx;
-        let role = await RoleModel.cancelCloseAccount(roleId, nowSeconds());
+        let role = await RoleModel.findByRoleId(roleId, '+cancelCloseTime userInfo');
+        if(!role || role.userInfo.uid != ctx.uid ) return ctx.service.utils.resResult(STATUS.ROLE_NOT_FOUND);
+
+        role = await RoleModel.cancelCloseAccount(roleId, nowSeconds());
         if(!role) return ctx.service.utils.resResult(STATUS.ROLE_CLOSE_TIME_OVER);
         return ctx.service.utils.resResult(STATUS.SUCCESS, { closeTime: role.closeTime });
     }