diff --git a/app/main/api/desc/front/query.api b/app/main/api/desc/front/query.api
index 4bcd368..6cb6e13 100644
--- a/app/main/api/desc/front/query.api
+++ b/app/main/api/desc/front/query.api
@@ -51,10 +51,11 @@ type (
 
 type (
 	QueryServiceReq {
-		Product         string `path:"product"`
-		Data            string `json:"data" validate:"required"`
-		AgentIdentifier string `json:"agent_identifier,optional"`
-		App             bool   `json:"app,optional"`
+		Product            string `path:"product"`
+		Data               string `json:"data" validate:"required"`
+		AgentIdentifier    string `json:"agent_identifier,optional"`
+		App                bool   `json:"app,optional"`
+		CaptchaVerifyParam string `json:"captchaVerifyParam"`
 	}
 	QueryServiceResp {
 		Id           string `json:"id"`
diff --git a/app/main/api/desc/front/user.api b/app/main/api/desc/front/user.api
index aa750f5..61093fa 100644
--- a/app/main/api/desc/front/user.api
+++ b/app/main/api/desc/front/user.api
@@ -95,6 +95,16 @@ service main {
 }
 
 //need login
+@server (
+	prefix: api/v1
+	group:  captcha
+)
+service main {
+	@doc "get encrypted scene id for aliyun captcha"
+	@handler getEncryptedSceneId
+	post /captcha/encryptedSceneId returns (GetEncryptedSceneIdResp)
+}
+
 @server (
 	prefix: api/v1
 	group:  user
@@ -114,6 +124,9 @@ service main {
 }
 
 type (
+	GetEncryptedSceneIdResp {
+		EncryptedSceneId string `json:"encryptedSceneId"`
+	}
 	UserInfoResp {
 		UserInfo User `json:"userInfo"`
 	}
@@ -141,8 +154,9 @@ service main {
 
 type (
 	sendSmsReq {
-		Mobile     string `json:"mobile" validate:"required,mobile"`
-		ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		Mobile             string `json:"mobile" validate:"required,mobile"`
+		ActionType         string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		CaptchaVerifyParam string `json:"captchaVerifyParam"`
 	}
 )
 
diff --git a/app/main/api/etc/main.dev.yaml b/app/main/api/etc/main.dev.yaml
index d53bb17..0532d89 100644
--- a/app/main/api/etc/main.dev.yaml
+++ b/app/main/api/etc/main.dev.yaml
@@ -19,6 +19,18 @@ VerifyCode:
     SignName: "海南海宇大数据"
     TemplateCode: "SMS_302641455"
     ValidTime: 300
+    
+Captcha:
+    # 建议与短信相同的 AccessKey，或单独为验证码创建子账号
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    # 验证码服务 Endpoint，国内一般为 captcha.cn-shanghai.aliyuncs.com
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    # 阿里云控制台中该场景的 SceneId，请替换为真实值
+    SceneID: "wynt39to"
+    # 验证码控制台中的 ekey（通常为 Base64 字符串），用于生成 EncryptedSceneId
+    EKey: ""
+    
 Encrypt:
     SecretKey: "ff83609b2b24fc73196aac3d3dfb874f"
 WestConfig:
diff --git a/app/main/api/etc/main.yaml b/app/main/api/etc/main.yaml
index 8309dbb..912ec34 100644
--- a/app/main/api/etc/main.yaml
+++ b/app/main/api/etc/main.yaml
@@ -21,6 +21,18 @@ VerifyCode:
     SignName: "海南海宇大数据"
     TemplateCode: "SMS_302641455"
     ValidTime: 300
+    
+Captcha:
+    # 建议与短信相同的 AccessKey，或单独为验证码创建子账号
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    # 验证码服务 Endpoint，国内一般为 captcha.cn-shanghai.aliyuncs.com
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    # 阿里云控制台中该场景的 SceneId，请替换为真实值
+    SceneID: "wynt39to"
+    # 验证码控制台中的 ekey（通常为 Base64 字符串），用于生成 EncryptedSceneId
+    EKey: ""
+    
 Encrypt:
     SecretKey: "ff83609b2b24fc73196aac3d3dfb874f"
 WestConfig:
diff --git a/app/main/api/internal/config/config.go b/app/main/api/internal/config/config.go
index b8fac11..3640136 100644
--- a/app/main/api/internal/config/config.go
+++ b/app/main/api/internal/config/config.go
@@ -26,6 +26,7 @@ type Config struct {
 	AdminPromotion AdminPromotion
 	TaxConfig      TaxConfig
 	ExtensionTime  int64
+	Captcha        CaptchaConfig // 阿里云验证码配置
 }
 
 // JwtAuth 用于 JWT 鉴权配置
@@ -129,3 +130,12 @@ type TianyuanapiConfig struct {
 type AuthorizationConfig struct {
 	FileBaseURL string // 授权书文件访问基础URL
 }
+
+// CaptchaConfig 阿里云验证码配置
+type CaptchaConfig struct {
+	AccessKeyID     string // 阿里云 AccessKey ID
+	AccessKeySecret string // 阿里云 AccessKey Secret
+	EndpointURL     string // 验证码服务端点URL
+	SceneID         string // 业务场景ID
+	EKey            string // 网页验证码业务密钥
+}
diff --git a/app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go b/app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go
new file mode 100644
index 0000000..a69f2ba
--- /dev/null
+++ b/app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go
@@ -0,0 +1,17 @@
+package captcha
+
+import (
+	"net/http"
+
+	"tydata-server/app/main/api/internal/logic/captcha"
+	"tydata-server/app/main/api/internal/svc"
+	"tydata-server/common/result"
+)
+
+func GetEncryptedSceneIdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		l := captcha.NewGetEncryptedSceneIdLogic(r.Context(), svcCtx)
+		resp, err := l.GetEncryptedSceneId()
+		result.HttpResult(r, w, resp, err)
+	}
+}
diff --git a/app/main/api/internal/handler/routes.go b/app/main/api/internal/handler/routes.go
index 2f0d804..2f236a9 100644
--- a/app/main/api/internal/handler/routes.go
+++ b/app/main/api/internal/handler/routes.go
@@ -22,6 +22,7 @@ import (
 	app "tydata-server/app/main/api/internal/handler/app"
 	auth "tydata-server/app/main/api/internal/handler/auth"
 	authorization "tydata-server/app/main/api/internal/handler/authorization"
+	captcha "tydata-server/app/main/api/internal/handler/captcha"
 	notification "tydata-server/app/main/api/internal/handler/notification"
 	pay "tydata-server/app/main/api/internal/handler/pay"
 	product "tydata-server/app/main/api/internal/handler/product"
@@ -952,6 +953,18 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1"),
 	)
 
+	server.AddRoutes(
+		[]rest.Route{
+			{
+				// get encrypted scene id for aliyun captcha
+				Method:  http.MethodPost,
+				Path:    "/captcha/encryptedSceneId",
+				Handler: captcha.GetEncryptedSceneIdHandler(serverCtx),
+			},
+		},
+		rest.WithPrefix("/api/v1"),
+	)
+
 	server.AddRoutes(
 		[]rest.Route{
 			{
diff --git a/app/main/api/internal/logic/auth/sendsmslogic.go b/app/main/api/internal/logic/auth/sendsmslogic.go
index e971c9b..083e769 100644
--- a/app/main/api/internal/logic/auth/sendsmslogic.go
+++ b/app/main/api/internal/logic/auth/sendsmslogic.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"time"
 	"tydata-server/common/xerr"
+	"tydata-server/pkg/captcha"
 	"tydata-server/pkg/lzkit/crypto"
 
 	"github.com/pkg/errors"
@@ -53,6 +54,23 @@ func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error {
 		return errors.Wrapf(xerr.NewErrMsg("一分钟内不能重复发送验证码"), "短信发送, 手机号1分钟内重复请求发送验证码: %s", encryptedMobile)
 	}
 
+	// 验证码校验
+	if os.Getenv("ENV") != "development" {
+		if req.CaptchaVerifyParam == "" {
+			return errors.Wrapf(xerr.NewErrMsg("图形验证码校验失败"), "短信发送, 验证码参数为空: %s", encryptedMobile)
+		}
+		captchaCfg := l.svcCtx.Config.Captcha
+		err = captcha.Verify(captcha.Config{
+			AccessKeyID:     captchaCfg.AccessKeyID,
+			AccessKeySecret: captchaCfg.AccessKeySecret,
+			EndpointURL:     captchaCfg.EndpointURL,
+			SceneID:         captchaCfg.SceneID,
+		}, req.CaptchaVerifyParam)
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrMsg("图形验证码校验失败"), "短信发送, 验证码校验失败: %s", encryptedMobile)
+		}
+	}
+
 	// 开发环境固定验证码为138888
 	env := os.Getenv("ENV")
 	var code string
diff --git a/app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go b/app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go
new file mode 100644
index 0000000..f620dc5
--- /dev/null
+++ b/app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go
@@ -0,0 +1,38 @@
+package captcha
+
+import (
+	"context"
+
+	"tydata-server/app/main/api/internal/svc"
+	"tydata-server/app/main/api/internal/types"
+	"tydata-server/pkg/captcha"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GetEncryptedSceneIdLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGetEncryptedSceneIdLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetEncryptedSceneIdLogic {
+	return &GetEncryptedSceneIdLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *GetEncryptedSceneIdLogic) GetEncryptedSceneId() (resp *types.GetEncryptedSceneIdResp, err error) {
+	captchaCfg := l.svcCtx.Config.Captcha
+
+	encryptedSceneId, err := captcha.GenerateEncryptedSceneID(captchaCfg.SceneID, captchaCfg.EKey, 3600)
+	if err != nil {
+		return nil, err
+	}
+
+	return &types.GetEncryptedSceneIdResp{
+		EncryptedSceneId: encryptedSceneId,
+	}, nil
+}
diff --git a/app/main/api/internal/logic/query/queryservicelogic.go b/app/main/api/internal/logic/query/queryservicelogic.go
index a5cfbe7..b5aec78 100644
--- a/app/main/api/internal/logic/query/queryservicelogic.go
+++ b/app/main/api/internal/logic/query/queryservicelogic.go
@@ -12,6 +12,7 @@ import (
 	"tydata-server/app/main/model"
 	"tydata-server/common/ctxdata"
 	"tydata-server/common/xerr"
+	"tydata-server/pkg/captcha"
 	"tydata-server/pkg/lzkit/crypto"
 	"tydata-server/pkg/lzkit/validator"
 
@@ -60,8 +61,23 @@ var productProcessors = map[string]func(*QueryServiceLogic, *types.QueryServiceR
 }
 
 func (l *QueryServiceLogic) PreprocessLogic(req *types.QueryServiceReq, product string) (*types.QueryServiceResp, error) {
+	if os.Getenv("ENV") != "development" {
+		if req.CaptchaVerifyParam == "" {
+			return nil, errors.Wrapf(xerr.NewErrMsg("图形验证码校验失败"), "查询服务, 验证码参数为空: %s", req.Product)
+		}
+		captchaCfg := l.svcCtx.Config.Captcha
+		err := captcha.Verify(captcha.Config{
+			AccessKeyID:     captchaCfg.AccessKeyID,
+			AccessKeySecret: captchaCfg.AccessKeySecret,
+			EndpointURL:     captchaCfg.EndpointURL,
+			SceneID:         captchaCfg.SceneID,
+		}, req.CaptchaVerifyParam)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrMsg("图形验证码校验失败"), "查询服务, 验证码校验失败: %s", req.Product)
+		}
+	}
 	if processor, exists := productProcessors[product]; exists {
-		return processor(l, req) // 调用对应的处理函数
+		return processor(l, req)
 	}
 	return nil, errors.New("未找到相应的处理程序")
 }
diff --git a/app/main/api/internal/types/types.go b/app/main/api/internal/types/types.go
index dc7aa6c..2d55b9e 100644
--- a/app/main/api/internal/types/types.go
+++ b/app/main/api/internal/types/types.go
@@ -1540,6 +1540,10 @@ type GetCommissionResp struct {
 	List  []Commission `json:"list"`  // 查询列表
 }
 
+type GetEncryptedSceneIdResp struct {
+	EncryptedSceneId string `json:"encryptedSceneId"`
+}
+
 type GetLinkDataReq struct {
 	LinkIdentifier string `form:"link_identifier"`
 }
@@ -2043,10 +2047,11 @@ type QueryRetryResp struct {
 }
 
 type QueryServiceReq struct {
-	Product         string `path:"product"`
-	Data            string `json:"data" validate:"required"`
-	AgentIdentifier string `json:"agent_identifier,optional"`
-	App             bool   `json:"app,optional"`
+	Product            string `path:"product"`
+	Data               string `json:"data" validate:"required"`
+	AgentIdentifier    string `json:"agent_identifier,optional"`
+	App                bool   `json:"app,optional"`
+	CaptchaVerifyParam string `json:"captchaVerifyParam"`
 }
 
 type QueryServiceResp struct {
@@ -2220,6 +2225,7 @@ type GetAppVersionResp struct {
 }
 
 type SendSmsReq struct {
-	Mobile     string `json:"mobile" validate:"required,mobile"`
-	ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+	Mobile             string `json:"mobile" validate:"required,mobile"`
+	ActionType         string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+	CaptchaVerifyParam string `json:"captchaVerifyParam"`
 }
diff --git a/go.mod b/go.mod
index 60b1a55..80ab49f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,9 +6,9 @@ toolchain go1.23.4
 
 require (
 	github.com/Masterminds/squirrel v1.5.4
-	github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10
+	github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13
 	github.com/alibabacloud-go/dysmsapi-20170525/v3 v3.0.6
-	github.com/alibabacloud-go/tea v1.2.2
+	github.com/alibabacloud-go/tea v1.3.13
 	github.com/alibabacloud-go/tea-utils/v2 v2.0.7
 	github.com/bytedance/sonic v1.13.0
 	github.com/cenkalti/backoff/v4 v4.3.0
@@ -37,16 +37,17 @@ require (
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
+	github.com/alibabacloud-go/captcha-20230305 v1.1.3 // indirect
 	github.com/alibabacloud-go/debug v1.0.1 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.0 // indirect
 	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
 	github.com/alibabacloud-go/tea-utils v1.3.1 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
-	github.com/aliyun/credentials-go v1.3.10 // indirect
+	github.com/aliyun/credentials-go v1.4.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bytedance/sonic/loader v0.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/clbanning/mxj/v2 v2.5.5 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
diff --git a/go.sum b/go.sum
index d94c2f9..cfc6477 100644
--- a/go.sum
+++ b/go.sum
@@ -13,6 +13,8 @@ github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do2
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8=
 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g=
+github.com/alibabacloud-go/captcha-20230305 v1.1.3 h1:0Aobw12m3x28aeDMPjwjXsfF8MuLvRjlQ4Hhoy5hFOY=
+github.com/alibabacloud-go/captcha-20230305 v1.1.3/go.mod h1:ydzBIN2OiM7eeQPpAFyBrv1H5TY1MtUP2rQig44C4UQ=
 github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY=
 github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI=
 github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE=
@@ -22,6 +24,8 @@ github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+M
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.2/go.mod h1:5JHVmnHvGzR2wNdgaW1zDLQG8kOC4Uec8ubkMogW7OQ=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak=
 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13 h1:Q00FU3H94Ts0ZIHDmY+fYGgB7dV9D/YX6FGsgorQPgw=
+github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13/go.mod h1:lxFGfobinVsQ49ntjpgWghXmIF0/Sm4+wvBJ1h5RtaE=
 github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
 github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ=
 github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo=
@@ -46,6 +50,8 @@ github.com/alibabacloud-go/tea v1.1.19/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy
 github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
 github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU=
 github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
+github.com/alibabacloud-go/tea v1.3.13 h1:WhGy6LIXaMbBM6VBYcsDCz6K/TPsT1Ri2hPmmZffZ94=
+github.com/alibabacloud-go/tea v1.3.13/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
 github.com/alibabacloud-go/tea-utils v1.3.1 h1:iWQeRzRheqCMuiF3+XkfybB3kTgUXkXX+JMrqfLeB2I=
 github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
 github.com/alibabacloud-go/tea-utils/v2 v2.0.0/go.mod h1:U5MTY10WwlquGPS34DOeomUGBB0gXbLueiq5Trwu0C4=
@@ -64,6 +70,8 @@ github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTs
 github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM=
 github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA=
 github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
+github.com/aliyun/credentials-go v1.4.5 h1:O76WYKgdy1oQYYiJkERjlA2dxGuvLRrzuO2ScrtGWSk=
+github.com/aliyun/credentials-go v1.4.5/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
@@ -83,6 +91,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/clbanning/mxj/v2 v2.5.5 h1:oT81vUeEiQQ/DcHbzSytRngP6Ky9O+L+0Bw0zSJag9E=
 github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
+github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME=
+github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
 github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
@@ -326,10 +336,13 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -342,6 +355,9 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -356,10 +372,13 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
 golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -370,6 +389,9 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -384,20 +406,27 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -406,6 +435,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
 golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
@@ -420,6 +451,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/pkg/captcha/aliyun.go b/pkg/captcha/aliyun.go
new file mode 100644
index 0000000..0308682
--- /dev/null
+++ b/pkg/captcha/aliyun.go
@@ -0,0 +1,53 @@
+package captcha
+
+import (
+	"errors"
+	"os"
+
+	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+
+	"github.com/alibabacloud-go/captcha-20230305/client"
+	"github.com/alibabacloud-go/tea/tea"
+)
+
+type Config struct {
+	AccessKeyID     string
+	AccessKeySecret string
+	EndpointURL     string
+	SceneID         string
+}
+
+func Verify(cfg Config, captchaVerifyParam string) error {
+	if os.Getenv("ENV") == "development" {
+		return nil
+	}
+	if captchaVerifyParam == "" {
+		return errors.New("图形验证码校验失败")
+	}
+
+	clientCfg := &openapi.Config{
+		AccessKeyId:     tea.String(cfg.AccessKeyID),
+		AccessKeySecret: tea.String(cfg.AccessKeySecret),
+		Endpoint:        tea.String(cfg.EndpointURL),
+	}
+	captchaClient, err := client.NewClient(clientCfg)
+	if err != nil {
+		return errors.New("图形验证码校验失败")
+	}
+
+	req := &client.VerifyIntelligentCaptchaRequest{
+		SceneId:            tea.String(cfg.SceneID),
+		CaptchaVerifyParam: tea.String(captchaVerifyParam),
+	}
+
+	resp, err := captchaClient.VerifyIntelligentCaptcha(req)
+	if err != nil {
+		return errors.New("图形验证码校验失败")
+	}
+
+	if resp.Body == nil || !tea.BoolValue(resp.Body.Result.VerifyResult) {
+		return errors.New("图形验证码校验失败")
+	}
+
+	return nil
+}
diff --git a/pkg/captcha/encrypt_scene.go b/pkg/captcha/encrypt_scene.go
new file mode 100644
index 0000000..8a918f6
--- /dev/null
+++ b/pkg/captcha/encrypt_scene.go
@@ -0,0 +1,35 @@
+package captcha
+
+import (
+	"encoding/base64"
+	"fmt"
+	"time"
+
+	lzcrypto "tydata-server/pkg/lzkit/crypto"
+)
+
+type EncryptedSceneID struct {
+	SceneID     string
+	Timestamp   int64
+	ExpireTime  int
+	EncryptedID string
+}
+
+func GenerateEncryptedSceneID(sceneId, ekey string, expireSeconds int) (string, error) {
+	if expireSeconds <= 0 || expireSeconds > 86400 {
+		expireSeconds = 3600
+	}
+
+	ts := time.Now().Unix()
+	plaintext := fmt.Sprintf("%s&%d&%d", sceneId, ts, expireSeconds)
+
+	keyBytes, err := base64.StdEncoding.DecodeString(ekey)
+	if err != nil {
+		return "", fmt.Errorf("decode ekey error: %w", err)
+	}
+	if len(keyBytes) != 32 {
+		return "", fmt.Errorf("invalid ekey length, need 32 bytes after base64 decode, got %d", len(keyBytes))
+	}
+
+	return lzcrypto.AesEncrypt([]byte(plaintext), keyBytes)
+}