diff --git a/api/src/router.rs b/api/src/router.rs
index 74de224..27b5249 100644
--- a/api/src/router.rs
+++ b/api/src/router.rs
@@ -8,9 +8,10 @@ use tower_http::trace::TraceLayer;
 pub(crate) fn init() -> Router {
     let open = Router::new().route("/", get(|| async { "hello" }));
 
-    let auth = Router::new()
+    let auth: Router = Router::new()
         .route("/account/google", post(controller::account::authenticate_google))
-        .route("/feedback", post(controller::feedback::add_feedback).get(controller::feedback::get_feedback_list_by_page));
+        .route("/feedback", post(controller::feedback::add_feedback).get(controller::feedback::get_feedback_list_by_page))
+        .layer(axum::middleware::from_fn(library::middleware::req_token::authenticate_access_token));
 
     Router::new()
         .nest("/", open)
diff --git a/library/src/middleware/req_token.rs b/library/src/middleware/req_token.rs
index 9bcbc50..ea6f770 100644
--- a/library/src/middleware/req_token.rs
+++ b/library/src/middleware/req_token.rs
@@ -4,8 +4,22 @@ use jsonwebtoken::{decode, DecodingKey, Validation};
 
 use crate::{cache::login_cache::LOGIN_CACHE, config, token::Claims};
 
+const WHITE_LIST: &[(&str, &str)] = &[
+    ("GET", "/api/v1/users/:id"),
+    ("POST", "/api/v1/orders"),
+    ("GET", "/feedback")
+];
 
 pub async fn authenticate_access_token(mut req: Request, next: Next) -> Response {
+    // 获取请求的url和method，然后判断是否在白名单中，如果在白名单中，则直接返回next(req)，否则继续执行下面的代码
+    let method = req.method().clone().to_string();
+    let uri = req.uri().path_and_query().unwrap().to_string();
+    if WHITE_LIST.into_iter().find(|item| {
+        return item.0 == method && item.1 == uri;
+    }).is_some() {
+        return next.run(req).await;
+    }
+
     let auth_header = req.headers().get(header::AUTHORIZATION);
     let token = match auth_header {
         Some(header_value) => {