diff --git a/Laravel/app/Http/Controllers/API/H5/PayController.php b/Laravel/app/Http/Controllers/API/H5/PayController.php
index a84881a..b9c3d81 100644
--- a/Laravel/app/Http/Controllers/API/H5/PayController.php
+++ b/Laravel/app/Http/Controllers/API/H5/PayController.php
@@ -111,12 +111,27 @@ class PayController extends Controller
     $openid = request('openid');
     $id = request('id');
     if(!isset($id)) return \Yz::echoError1("id不能为空");
+    $orderInfo = DB::table('orders')->where(['id' => $id,])->first();
+    if(!$orderInfo) return \Yz::echoError1("未找到有效订单");
+    $userInfo = DB::table('web_users')->where(['id' => $orderInfo->web_user_id])->first();
+    if($openid != $userInfo->openid) return \Yz::echoError1("无权操作此订单");
     $service = new OrderService();
     $res=$service->Refund($id);
     if(!$res['status']) return \Yz::echoError1($res['msg']);
     if($res['status']) return \Yz::Return(true, "退款成功", []);
 
   }
+  //机器人退款
+  public function AutoRefund(){
+    $id = request('id');
+    $key = request('key');
+    if($key != "dfsd2Ajd256SDI02") return \Yz::echoError1("权限校验错误");
+    if(!isset($id)) return \Yz::echoError1("id不能为空");
+    $service = new OrderService();
+    $res=$service->Refund($id);
+    if(!$res['status']) return \Yz::echoError1($res['msg']);
+    if($res['status']) return \Yz::Return(true, "自动退款成功", []);
+  }
 
   public static function nonce($l = 16)
   {