diff --git a/backend/app/http/pays.go b/backend/app/http/pays.go
index d4279aa..b0c5666 100644
--- a/backend/app/http/pays.go
+++ b/backend/app/http/pays.go
@@ -23,7 +23,7 @@ type pays struct {
 
 // Callback
 //
-//	@Router	/pay/callback/:channel [get]
+//	@Router	/pay/callback/:channel [post]
 //	@Bind	channel path
 func (ctl *pays) Callback(ctx fiber.Ctx, channel string) error {
 	log := log.WithField("method", "pays.Callback")
diff --git a/backend/app/http/posts.go b/backend/app/http/posts.go
index 9ccb2b5..6a5d1be 100644
--- a/backend/app/http/posts.go
+++ b/backend/app/http/posts.go
@@ -241,7 +241,7 @@ func (ctl *posts) Mine(ctx fiber.Ctx, pagination *requests.Pagination, query *Li
 
 // Buy
 //
-//	@Router	/posts/:id/buy [get]
+//	@Router	/posts/:id/buy [post]
 //	@Bind	id path
 //	@Bind	user local
 func (ctl *posts) Buy(ctx fiber.Ctx, id int64, user *model.Users) (*wechat.JSAPIPayParams, error) {
diff --git a/backend/app/http/routes.gen.go b/backend/app/http/routes.gen.go
index 303650b..041e8a8 100644
--- a/backend/app/http/routes.gen.go
+++ b/backend/app/http/routes.gen.go
@@ -46,7 +46,7 @@ func (r *Routes) Register(router fiber.Router) {
 	))
 
 	// 注册路由组: pays
-	router.Get("/pay/callback/:channel", Func1(
+	router.Post("/pay/callback/:channel", Func1(
 		r.pays.Callback,
 		PathParam[string]("channel"),
 	))
@@ -78,7 +78,7 @@ func (r *Routes) Register(router fiber.Router) {
 		Local[*model.Users]("user"),
 	))
 
-	router.Get("/posts/:id/buy", DataFunc2(
+	router.Post("/posts/:id/buy", DataFunc2(
 		r.posts.Buy,
 		PathParam[int64]("id"),
 		Local[*model.Users]("user"),
diff --git a/backend/app/http/wechats.go b/backend/app/http/wechats.go
index 2caee0f..b1e3e43 100644
--- a/backend/app/http/wechats.go
+++ b/backend/app/http/wechats.go
@@ -21,7 +21,7 @@ type wechats struct {
 // @Bind url query
 // @Bind user local
 func (ctl *wechats) GetJsSDK(ctx fiber.Ctx, url string, user *model.Users) (*wechat.JsSDK, error) {
-	if user.AuthToken.Data.StableExpiresAt.After(time.Now()) {
+	if user.AuthToken.Data.StableExpiresAt.Before(time.Now()) {
 		token, err := ctl.wechat.RefreshAccessToken(user.AuthToken.Data.RefreshToken)
 		if err != nil {
 			return nil, err
diff --git a/backend/app/middlewares/mid_auth.go b/backend/app/middlewares/mid_auth.go
index ef38b58..5744fac 100644
--- a/backend/app/middlewares/mid_auth.go
+++ b/backend/app/middlewares/mid_auth.go
@@ -13,6 +13,10 @@ import (
 )
 
 func (f *Middlewares) Auth(ctx fiber.Ctx) error {
+	if strings.HasPrefix(ctx.Path(), "/v1/pay/callback/") {
+		return ctx.Next()
+	}
+
 	if strings.HasPrefix(ctx.Path(), "/v1/auth/") {
 		return ctx.Next()
 	}
diff --git a/backend/config.prod.toml b/backend/config.prod.toml
index c755f57..641717b 100644
--- a/backend/config.prod.toml
+++ b/backend/config.prod.toml
@@ -41,7 +41,7 @@ EncodingAesKey = "OlgPgMvsl92zy5oErtEzRcziRT2txoN3jgEHV6RQZMY"
 DevMode = false
 
 [WeChat.Pay]
-NotifyURL="https://www.baidu.com/go.php"
+NotifyURL="https://mp.jdwan.com/v1/pay/callback/wechat"
 MchID = "1702644947"
 SerialNo = "4563EC584A35BC84FB27AA4100C934C9A91D59CA"
 MechName = "佳芃（北京）企业管理咨询有限公司"
@@ -75,6 +75,12 @@ im8aIZZ9jDKUFxtjVUL0l9fjRsCLAvaBbWw3z4EdtOGuYlnhNCheeSd+/Lzqrb1q
 pnTiwBHnQCMFFL/rNcz/Mmk=
 -----END PRIVATE KEY-----"""
 PublicKeyID="PUB_KEY_ID_0117026449472025041400331572000400"
-# JS pay domain
-# mp.jdwan.com
-# quyun.mp.jdwan.com
+PublicKey="""-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcBzCAfddF4y/e3aT92g
+z/DWNNFFdoKUxxSAjBFdq+7cHGL/b6VmHLfbZqUF2JvlGYoVxE/vHWrrtDYzPctN
++IaGqwiPSAjvJTHTlxpxZkLz+9YGynrj9jbl12gY73mo/M1jJqmrERN6ZA5P8oNl
+tjNmYNK/H5FLuZVVUilEiWn8XskxGEKiGh0KhMEl3YRPPzguADPck9Ip4tgn4UDt
+fUs5UFrzH3A4cpuc1Je3wJ3vqztu3sr+G3LBSXCvYD7EkDhXMHCv01cJBxBN876T
+442YAFX94VJ79/xwwmXOgCLz1QegDd6M+Um0l5BkQoOIqDlEkWsOvRo9iOsZ25H9
+kQIDAQAB
+-----END PUBLIC KEY-----"""
diff --git a/backend/config.toml b/backend/config.toml
index d4db25a..bbc5890 100644
--- a/backend/config.toml
+++ b/backend/config.toml
@@ -42,7 +42,7 @@ Token = "W8Xhw5TivYBgY"
 EncodingAesKey = "OlgPgMvsl92zy5oErtEzRcziRT2txoN3jgEHV6RQZMY"
 
 [WeChat.Pay]
-NotifyURL="https://www.baidu.com/go.php"
+NotifyURL="https://mp.jdwan.com/v1/pay/callback/wechat"
 MchID = "1702644947"
 SerialNo = "4563EC584A35BC84FB27AA4100C934C9A91D59CA"
 MechName = "佳芃（北京）企业管理咨询有限公司"
@@ -76,6 +76,12 @@ im8aIZZ9jDKUFxtjVUL0l9fjRsCLAvaBbWw3z4EdtOGuYlnhNCheeSd+/Lzqrb1q
 pnTiwBHnQCMFFL/rNcz/Mmk=
 -----END PRIVATE KEY-----"""
 PublicKeyID="PUB_KEY_ID_0117026449472025041400331572000400"
-# JS pay domain
-# mp.jdwan.com
-# quyun.mp.jdwan.com
+PublicKey="""-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcBzCAfddF4y/e3aT92g
+z/DWNNFFdoKUxxSAjBFdq+7cHGL/b6VmHLfbZqUF2JvlGYoVxE/vHWrrtDYzPctN
++IaGqwiPSAjvJTHTlxpxZkLz+9YGynrj9jbl12gY73mo/M1jJqmrERN6ZA5P8oNl
+tjNmYNK/H5FLuZVVUilEiWn8XskxGEKiGh0KhMEl3YRPPzguADPck9Ip4tgn4UDt
+fUs5UFrzH3A4cpuc1Je3wJ3vqztu3sr+G3LBSXCvYD7EkDhXMHCv01cJBxBN876T
+442YAFX94VJ79/xwwmXOgCLz1QegDd6M+Um0l5BkQoOIqDlEkWsOvRo9iOsZ25H9
+kQIDAQAB
+-----END PUBLIC KEY-----"""
\ No newline at end of file
diff --git a/backend/providers/wechat/config.go b/backend/providers/wechat/config.go
index 58691f4..01d3043 100644
--- a/backend/providers/wechat/config.go
+++ b/backend/providers/wechat/config.go
@@ -48,10 +48,12 @@ type Config struct {
 }
 
 type Pay struct {
-	MchID      string
-	SerialNo   string
-	MechName   string
-	NotifyURL  string
-	ApiV3Key   string
-	PrivateKey string
+	MchID       string
+	SerialNo    string
+	MechName    string
+	NotifyURL   string
+	ApiV3Key    string
+	PrivateKey  string
+	PublicKeyID string
+	PublicKey   string
 }
diff --git a/backend/providers/wepay/pay.go b/backend/providers/wepay/pay.go
index 8e18479..6378523 100644
--- a/backend/providers/wepay/pay.go
+++ b/backend/providers/wepay/pay.go
@@ -4,13 +4,13 @@ import (
 	"context"
 	"crypto/rsa"
 	"encoding/json"
-	"errors"
 	"time"
 
 	w "quyun/providers/wechat"
 
 	"github.com/go-pay/gopay"
 	"github.com/go-pay/gopay/wechat/v3"
+	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"go.ipao.vip/atom/container"
 	"go.ipao.vip/atom/opt"
@@ -40,6 +40,11 @@ func Provide(opts ...opt.Option) error {
 			client.DebugSwitch = gopay.DebugOn
 		}
 
+		err = client.AutoVerifySignByPublicKey([]byte(wechatConfig.Pay.PublicKey), wechatConfig.Pay.PublicKeyID)
+		if err != nil {
+			return nil, errors.Wrap(err, "AutoVerifySignByPublicKey")
+		}
+
 		return &Client{
 			payClient: client,
 			config:    wechatConfig,
diff --git a/frontend/wechat/src/api/postApi.js b/frontend/wechat/src/api/postApi.js
index 6395ce4..7a1d18c 100644
--- a/frontend/wechat/src/api/postApi.js
+++ b/frontend/wechat/src/api/postApi.js
@@ -26,6 +26,6 @@ export const postApi = {
         });
     },
     buy(id) {
-        return client.post(`/posts/buy/${id}`);
+        return client.post(`/posts/${id}/buy`);
     }
 }
\ No newline at end of file