diff --git a/controller/misc.go b/controller/misc.go
index cf324b7..b1965a3 100644
--- a/controller/misc.go
+++ b/controller/misc.go
@@ -27,9 +27,6 @@ func GetStatus(c *gin.Context) {
 			"wechat_qrcode":       common.WeChatAccountQRCodeImageURL,
 			"wechat_login":        common.WeChatAuthEnabled,
 			"server_address":      common.ServerAddress,
-			"pay_address":         common.PayAddress,
-			"epay_id":             common.EpayId,
-			"epay_key":            common.EpayKey,
 			"price":               common.Price,
 			"turnstile_check":     common.TurnstileCheckEnabled,
 			"turnstile_site_key":  common.TurnstileSiteKey,
diff --git a/router/api-router.go b/router/api-router.go
index e3a2567..17758b0 100644
--- a/router/api-router.go
+++ b/router/api-router.go
@@ -30,7 +30,7 @@ func SetApiRouter(router *gin.Engine) {
 		userRoute := apiRouter.Group("/user")
 		{
 			userRoute.POST("/register", middleware.CriticalRateLimit(), middleware.TurnstileCheck(), controller.Register)
-			userRoute.POST("/login", middleware.CriticalRateLimit(), controller.Login)
+			userRoute.POST("/login", middleware.CriticalRateLimit(), middleware.TurnstileCheck(), controller.Login)
 			//userRoute.POST("/tokenlog", middleware.CriticalRateLimit(), controller.TokenLog)
 			userRoute.GET("/logout", controller.Logout)
 			userRoute.GET("/epay/notify", controller.EpayNotify)
diff --git a/web/package.json b/web/package.json
index a776a82..30bdd12 100644
--- a/web/package.json
+++ b/web/package.json
@@ -49,5 +49,5 @@
     "singleQuote": true,
     "jsxSingleQuote": true
   },
-  "proxy": "https://nekoapi.com"
+  "proxy": "http://localhost:3000"
 }
diff --git a/web/src/components/LoginForm.js b/web/src/components/LoginForm.js
index a391322..1980c55 100644
--- a/web/src/components/LoginForm.js
+++ b/web/src/components/LoginForm.js
@@ -2,8 +2,9 @@ import React, { useContext, useEffect, useState } from 'react';
 import { Button, Divider, Form, Grid, Header, Image, Message, Modal, Segment } from 'semantic-ui-react';
 import { Link, useNavigate, useSearchParams } from 'react-router-dom';
 import { UserContext } from '../context/User';
-import { API, getLogo, showError, showSuccess, showWarning } from '../helpers';
+import {API, getLogo, showError, showInfo, showSuccess, showWarning} from '../helpers';
 import { onGitHubOAuthClicked } from './utils';
+import Turnstile from "react-turnstile";
 
 const LoginForm = () => {
   const [inputs, setInputs] = useState({
@@ -15,6 +16,9 @@ const LoginForm = () => {
   const [submitted, setSubmitted] = useState(false);
   const { username, password } = inputs;
   const [userState, userDispatch] = useContext(UserContext);
+  const [turnstileEnabled, setTurnstileEnabled] = useState(false);
+  const [turnstileSiteKey, setTurnstileSiteKey] = useState('');
+  const [turnstileToken, setTurnstileToken] = useState('');
   let navigate = useNavigate();
   const [status, setStatus] = useState({});
   const logo = getLogo();
@@ -27,6 +31,10 @@ const LoginForm = () => {
     if (status) {
       status = JSON.parse(status);
       setStatus(status);
+      if (status.turnstile_check) {
+        setTurnstileEnabled(true);
+        setTurnstileSiteKey(status.turnstile_site_key);
+      }
     }
   }, []);
 
@@ -37,6 +45,10 @@ const LoginForm = () => {
   };
 
   const onSubmitWeChatVerificationCode = async () => {
+    if (turnstileEnabled && turnstileToken === '') {
+      showInfo('请稍后几秒重试，Turnstile 正在检查用户环境！');
+      return;
+    }
     const res = await API.get(
       `/api/oauth/wechat?code=${inputs.wechat_verification_code}`
     );
@@ -58,9 +70,13 @@ const LoginForm = () => {
   }
 
   async function handleSubmit(e) {
+    if (turnstileEnabled && turnstileToken === '') {
+      showInfo('请稍后几秒重试，Turnstile 正在检查用户环境！');
+      return;
+    }
     setSubmitted(true);
     if (username && password) {
-      const res = await API.post(`/api/user/login`, {
+      const res = await API.post(`/api/user/login?turnstile=${turnstileToken}`, {
         username,
         password
       });
@@ -109,6 +125,16 @@ const LoginForm = () => {
               value={password}
               onChange={handleChange}
             />
+            {turnstileEnabled ? (
+                <Turnstile
+                    sitekey={turnstileSiteKey}
+                    onVerify={(token) => {
+                      setTurnstileToken(token);
+                    }}
+                />
+            ) : (
+                <></>
+            )}
             <Button color='green' fluid size='large' onClick={handleSubmit}>
               登录
             </Button>
diff --git a/web/src/components/SystemSetting.js b/web/src/components/SystemSetting.js
index 2197f3f..197050e 100644
--- a/web/src/components/SystemSetting.js
+++ b/web/src/components/SystemSetting.js
@@ -155,8 +155,12 @@ const SystemSetting = () => {
         }
         let PayAddress = removeTrailingSlash(inputs.PayAddress);
         await updateOption('PayAddress', PayAddress);
-        await updateOption('EpayId', inputs.EpayId);
-        await updateOption('EpayKey', inputs.EpayKey);
+        if (inputs.EpayId !== '') {
+            await updateOption('EpayId', inputs.EpayId);
+        }
+        if (inputs.EpayKey !== '') {
+            await updateOption('EpayKey', inputs.EpayKey);
+        }
         await updateOption('Price', "" + inputs.Price);
     };